API: Security Groups
The securitygroup category allows you to manage security groups.
| Action | Required Parameters | Optional Parameters |
|---|---|---|
| securitygroup/list | None | None |
| securitygroup/create | region, name | None |
| securitygroup/delete | region, group_id | None |
| securitygroup/rename | region, group_id, name | None |
| securitygroup/rule-list | region, group_id | None |
| securitygroup/rule-insert | region, group_id, direction, type, protocol, remote_type, remote_value | port_min, port_max, label |
| securitygroup/rule-delete | region, group_id, rule_id | None |
securitygroup/list
Endpoint: securitygroup/list
{
"securitygroups": [
{
"name": "default",
"region": "toronto",
"securitygroup_id": "4"
}
]
}
securitygroup/create
Required parameters:
- region - region ('toronto', 'montreal', 'roubaix')
- name - a label for this security group.
Endpoint: securitygroup/create
region=toronto
name=mygroup
{
"group_id": "1226",
"success": "yes"
}
securitygroup/delete
Required parameters:
- region - the region of the security group
- group_id - the security group ID.
Endpoint: securitygroup/delete
region=toronto
group_id=1226
{"success": "yes"}
securitygroup/rename
Required parameters:
- region - the region of the security group
- group_id - the security group ID
- name - the new name
Endpoint: securitygroup/rename
region=toronto
group_id=1226
name=mygroup2
{"success": "yes"}
securitygroup/rule-list
List the rules in a security group.
Required parameters:
- region - the region of the security group
- group_id - the security group ID
Endpoint: securitygroup/rule-list
region=toronto
group_id=1226
{
"0": {
"direction": "egress",
"ethertype": "IPv6",
"id": "9b7aecb7-e060-4ead-a658-4a45c78af7e2",
"label": "",
"port_range": "*",
"protocol": "*",
"remote": "*"
},
"1": {
"direction": "egress",
"ethertype": "IPv4",
"id": "c1c7f395-cf76-4725-826e-97cfadc6881f",
"label": "",
"port_range": "*",
"protocol": "*",
"remote": "*"
},
"success": "yes"
}
securitygroup/rule-insert
Add a new rule into a security group. Each rule allows certain types of traffic between VMs in this security group and remote hosts defined by remote_type and remote_value.
Required parameters:
- region - the region of the security group
- group_id - the security group ID
- direction - either 'ingress' for rules permitting incoming traffic, or 'egress' for rules permitting outgoing traffic
- type - IP version, either '4' or '6'
- protocol - '*' to allow all protocols, or 'tcp', 'udp', or 'icmp'
- remote_type - either 'cidr' or 'group'
- remote_value - if remote_type=cidr, a CIDR like '1.2.3.4/32'; if remote_type=group, a security group ID
Optional parameters:
- port_min - if protocol=tcp or protocol=udp, the lower bound of a port range
- port_max - if protocol=tcp or protocol=udp, the upper bound of a port range
- label - an optional label for this rule
Notes:
- To authorize traffic for any remote host, set remote_type=cidr and remote_value=0.0.0.0/0 (repeat similarly for IPv6 if desired).
- You can optionally set a port range for a TCP/UDP rule by setting both port_min and port_max. To authorize traffic for a single port, set port_min equal to port_max.
Here is an example where we allow traffic between the VMs that are members of security group 1226 on port 3306:
Endpoint: securitygroup/rule-create
region=toronto
group_id=1226
direction=ingress
type=4
protocol=tcp
remote_type=group
remote_value=1226
port_min=3306
port_max=3306
label=mysql
{
"rule_id": "92077972-3140-4907-86d8-58594195ac5e",
"success": "yes"
}
securitygroup/rule-delete
Required parameters:
- region - the region of the security group
- group_id - the security group ID
- rule_id - the rule ID to delete
Endpoint: securitygroup/rule-delete
region=toronto
group_id=1226
rule_id=92077972-3140-4907-86d8-58594195ac5e
{"success": "yes"}