Security Groups API

Creating a Security Group

POST /v2/security_groups/

Request

Route

POST /v2/security_groups

Body

Name Description Default Valid Values Example Values
name The name of the security group.
  • my_super_sec_group
rules The egress rules for apps that belong to this security group. A rule consists of a protocol (tcp,icmp,udp,all), destination CIDR or destination range, port or port range (tcp,udp,all), type (control signal for icmp, where -1 allows all), code (control signal for icmp, where -1 allows all), log (enables logging for the egress rule, only valid for tcp rules), description (optional description of the rule). This field is limited to 16MB. [] 
  • [
  {
    "protocol": "tcp",
    "destination": "10.10.10.0/24",
    "ports": "443,80,8080"
  },
  {
    "protocol": "icmp",
    "destination": "10.10.10.0/24",
    "type": 8,
    "code": 0,
    "description": "Allow ping requests to private services"
  },
  {
    "protocol": "udp",
    "destination": "10.68.192.11-10.68.192.12",
    "ports": "123",
    "description": "Allow syncing with time server"
  },
  {
    "protocol": "tcp",
    "destination": "10.68.192.13",
    "ports": "4000-5000",
    "description": "Allow tcp requests using our custom protocol",
    "log": true
  },
  {
    "protocol": "all",
    "destination": "192.168.10.2-192.168.10.5",
    "log": true
  }
]
space_guids The list of associated spaces. [] 
{
  "name": "my_super_sec_group",
  "rules": [
    {
      "protocol": "tcp",
      "destination": "10.10.10.0/24",
      "ports": "443,80,8080"
    },
    {
      "protocol": "icmp",
      "destination": "10.10.10.0/24",
      "type": 8,
      "code": 0,
      "description": "Allow ping requests to private services"
    },
    {
      "protocol": "udp",
      "destination": "10.68.192.11-10.68.192.12",
      "ports": "123",
      "description": "Allow syncing with time server"
    },
    {
      "protocol": "tcp",
      "destination": "10.68.192.13",
      "ports": "4000-5000",
      "description": "Allow tcp requests using our custom protocol",
      "log": true
    },
    {
      "protocol": "all",
      "destination": "192.168.10.2-192.168.10.5",
      "log": true
    }
  ]
}

Headers

Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoidWFhLWlkLTEyIiwiZW1haWwiOiJlbWFpbC0xMkBzb21lZG9tYWluLmNvbSIsInNjb3BlIjpbImNsb3VkX2NvbnRyb2xsZXIuYWRtaW4iXSwiYXVkIjpbImNsb3VkX2NvbnRyb2xsZXIiXSwiZXhwIjoxNDY2MDA4ODgyfQ.uHks09UfsuMMvSHWeSpsZ02dO-5CNcsBm5S6hCx5mgM
Host: example.org
Content-Type: application/json
Cookie:

cURL

curl "https://api.[your-domain.com]/v2/security_groups" -d '{
  "name": "my_super_sec_group",
  "rules": [
    {
      "protocol": "tcp",
      "destination": "10.10.10.0/24",
      "ports": "443,80,8080"
    },
    {
      "protocol": "icmp",
      "destination": "10.10.10.0/24",
      "type": 8,
      "code": 0,
      "description": "Allow ping requests to private services"
    },
    {
      "protocol": "udp",
      "destination": "10.68.192.11-10.68.192.12",
      "ports": "123",
      "description": "Allow syncing with time server"
    },
    {
      "protocol": "tcp",
      "destination": "10.68.192.13",
      "ports": "4000-5000",
      "description": "Allow tcp requests using our custom protocol",
      "log": true
    },
    {
      "protocol": "all",
      "destination": "192.168.10.2-192.168.10.5",
      "log": true
    }
  ]
}' -X POST \
	-H "Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoidWFhLWlkLTEyIiwiZW1haWwiOiJlbWFpbC0xMkBzb21lZG9tYWluLmNvbSIsInNjb3BlIjpbImNsb3VkX2NvbnRyb2xsZXIuYWRtaW4iXSwiYXVkIjpbImNsb3VkX2NvbnRyb2xsZXIiXSwiZXhwIjoxNDY2MDA4ODgyfQ.uHks09UfsuMMvSHWeSpsZ02dO-5CNcsBm5S6hCx5mgM" \
	-H "Host: example.org" \
	-H "Content-Type: application/json" \
	-H "Cookie: "

Response

Status

201 Created

Body

{
  "metadata": {
    "guid": "b4bdfa5a-83b0-423d-b979-4b51218d0ca8",
    "url": "/v2/security_groups/b4bdfa5a-83b0-423d-b979-4b51218d0ca8",
    "created_at": "2016-06-08T16:41:22Z",
    "updated_at": "2016-06-08T16:41:26Z"
  },
  "entity": {
    "name": "my_super_sec_group",
    "rules": [
       {
	  "protocol": "tcp",
	  "destination": "10.10.10.0/24",
	  "ports": "443,80,8080"
       },
       {
	  "protocol": "icmp",
	  "destination": "10.10.10.0/24",
	  "type": 8,
	  "code": 0,
	  "description": "Allow ping requests to private services"
       },
       {
	  "protocol": "udp",
	  "destination": "10.68.192.11-10.68.192.12",
	  "ports": "123",
	  "description": "Allow syncing with time server"
       },
       {
	  "protocol": "tcp",
	  "destination": "10.68.192.13",
	  "ports": "4000-5000",
	  "description": "Allow tcp requests using our custom protocol",
	  "log": true
       },
       {
	  "protocol": "all",
	  "destination": "192.168.10.2-192.168.10.5",
	  "log": true
       }
    ],
    "running_default": false,
    "staging_default": false,
    "spaces_url": "/v2/security_groups/b4bdfa5a-83b0-423d-b979-4b51218d0ca8/spaces",
    "staging_spaces_url": "/v2/security_groups/b4bdfa5a-83b0-423d-b979-4b51218d0ca8/staging_spaces"
  }
}

Headers

Content-Type: application/json;charset=utf-8
Location: /v2/security_groups/b4bdfa5a-83b0-423d-b979-4b51218d0ca8
X-VCAP-Request-ID: b5065f03-851b-4f28-a220-0f3468e4443b
Content-Length: 939
X-Content-Type-Options: nosniff