Regular security group
Initialization
Confirm Endpoint
When confirming SDK usage and configuring endpoint, understand the related concepts of endpoint. Baidu AI Cloud currently supports multiple regions. Please refer toRegion Selection Guide. North China - Beijing, South China-Guangzhou, East China - Suzhou, Hong Kong, Central China-Wuhan (Financial) and North China - Baoding are supported currently. Corresponding endpoint details are as follows:
| Access region | Endpoint |
|---|---|
| North China-Beijing | bcc.bj.baidubce.com |
| South China-Guangzhou | bcc.gz.baidubce.com |
| East China-Suzhou | bcc.su.baidubce.com |
| Hong Kong | bcc.hkg.baidubce.com |
| Central China-Wuhan (Financial) | bcc.fwh.baidubce.com |
| North China-Baoding | bcc.bd.baidubce.com |
Retrieve access key
To use the security group of Baidu AI Cloud, you need a valid AK (Access Key ID) and SK (Secret Access Key) for signature certification. AK/SK are system-assigned strings used to identify users and perform signature certification for BOS. Your AK/SK information can be obtained and understood through the following steps: Register a Baidu AI Cloud account Create AK/SK
Create BccClient
The BccClient enables developers to interact with the security group service by providing a variety of methods.
When creating a BccClient, first configure a BccClientConfiguration-type config instance using Endpoint, AK and SK, and then use the config instance to configure the BccClient. The specific configuration method is as follows:
1 static final String HOST = "";
2 static final String AK = "";
3 static final String SK = "";
4 BccClientConfiguration config = new BccClientConfiguration();
5 config.setCredentials(new DefaultBceCredentials(AK, SK));
6 config.setEndpoint(HOST);
7 BccClient bccClient = new BccClient(config);Security group management
- When creating a BCC instance, you have the option to use either the default security group or a custom security group.
- Every BCC instance must be associated with a security group.
- Each BCC instance can associate with up to 10 security groups. When associated with multiple groups, the effective rules for the instance will be the combined rules from all associated groups.
- Users can allow communication between all BCC instances associated with the same security group or between instances belonging to different security groups. By default, all BCC instances in the same security group can communicate with each other.
- Security group association for BCC instances at the group level is not supported; instances can only be added to security groups.
- Default security groups cannot be deleted, but their rules can be added, removed, or modified. Only the default security group includes a "One-click Restoration to Initial Setting" option.
Default security group rules:
- Ingress: Allows unrestricted access to all ports, permitting traffic from all external IPs to enter all ports associated with the BCC.
- Egress: Grants access to all ports, allowing all ports associated with BCC to connect to any external IP ports.
Create security group
Function declaration
1public CreateSecurityGroupResponse createSecurityGroup(CreateSecurityGroupRequest request) {
2 }Parameter Meaning
Please refer to the OpenAPI documentation: Request Parameters for Creating Security Group
Response Value
- Operation succeeded
1{
2 "metadata": For details, refer to the metadata section in the appendix,
3 "securityGroupId":"g-p09p0ihp7498"
4}- Operation failed
For response exception list of operation failure, refer to the Security Group Exception List.
Code example
For specific code examples, refer to ExampleCreateSecurityGroup.java
List security groups
Function declaration
1 public ListSecurityGroupsResponse listSecurityGroups(ListSecurityGroupsRequest request) {
2 }Request parameters
Please refer to the OpenAPI documentation: Request Parameters for Listing Security Groups
Response value
- Operation succeeded
1{
2 "metadata": For details, refer to the metadata section in the appendix,
3 "marker": "",
4 "isTruncated": false,
5 "maxKeys": 1000,
6 "securityGroups": [
7 {
8 "id": "g-6r0ds9xbxwes",
9 “name": "default security group",
10 "vpcId": "vpc-hdq0mqg68si0",
11 "desc": "default",
12 "createdTime": "2020-03-10T20:01:12Z",
13 "updatedTime": "2022-06-21T06:48:33Z",
14 "sgVersion": 0,
15 "rules": [
16 {
17 "remark": "All protocols",
18 "direction": "ingress",
19 "ethertype": "IPv4",
20 "portRange": "1-65535",
21 "sourceGroupId": "",
22 "sourceIp": "180.76.1.0/24",
23 "securityGroupId": "g-6r0ds9xbxwes",
24 "securityGroupRuleId": "r-k5erXBuF",
25 "createdTime": "2020-07-20T22:58:07Z",
26 "updatedTime": "2022-06-21T06:48:33Z",
27 "protocol": "all"
28 }
29 ],
30 "tags": []
31 }
32 ]
33}- Operation failed
For response exception list of operation failure, refer to the Security Group Exception List.
Code example
For specific code examples, refer to ExampleListSecurityGroup.java
View security group details
Function declaration
1 public SecurityGroupModel getSecurityGroup(String securityGroupId) {
2 }Request parameters
Refer to OpenAPI documentation: View Security Group Details
Response Value
- Operation succeeded
1{
2 "metadata": For details, refer to the metadata section in the appendix,
3 "id": "g-7dyv27r6pnse",
4 “name": "default security group",
5 "vpcId": "vpc-nw3m9e8kcby6",
6 "desc": "default",
7 "createdTime": "2024-09-13T06:25:19Z",
8 "sgVersion": 0,
9 "bindInstanceNum": 1,
10 "rules": [
11 {
12 "id": "r-rv2gdcz8bzzj",
13 "securityGroupId": "g-rfdndhzju1f7",
14 "direction": "ingress",
15 "ethertype": "IPv4",
16 "protocol": "tcp",
17 "portRange": "1991-29982",
18 "sourceGroupId": "g-sv5y70z12b0e",
19 "remark": "test",
20 "createdTime": "2024-09-27T07:07:07Z",
21 "updatedTime": "2024-09-27T07:47:57Z"
22 }
23 ],
24 "tags":[
25 {
26 "tagKey": "tagKey",
27 "tagValue": "tagValue"
28 }
29 ]
30}- Operation failed
For response exception list of operation failure, refer to the Security Group Exception List.
Code example
For specific code examples, refer to ExampleGetSecurityGroup
Delete a security group
Function declaration
1public void deleteSecurityGroup(String securityGroupId) {
2}Parameter Meaning
Please refer to the OpenAPI documentation: Request Parameters for Deleting Security Groups
Response value
- Operation succeeded
No response value
- Operation failed
For response exception list of operation failure, refer to the Security Group Exception List.
Code example
For specific code examples, refer to ExampleDeleteSecurityGroup.java
Authorize security group rules
Function declaration
1public void authorizeSecurityGroupRule(SecurityGroupRuleOperateRequest request) {
2 }Parameter meaning
Please refer to the OpenAPI documentation: Request Parameters for Authorizing Security Groups
Response value
- Operation succeeded
1{
2 "metadata": For details, refer to the metadata section in the appendix,
3 "securityGroupId":"sg-p09p0ihp7498"
4}- Operation failed
For response exception list of operation failure, refer to the Security Group Exception List.
Code example
For specific code examples, refer to ExampleAddSecurityGroupRule.java
Revoke security group rules
Function declaration
1public void revokeSecurityGroupRule(SecurityGroupRuleOperateRequest request) {
2 }Parameter Meaning
Please refer to the OpenAPI documentation: Request Parameters for Revoking Security Groups
Response Value
- Operation succeeded
No response value
- Operation failed
For response exception list of operation failure, refer to the Security Group Exception List.
Code example
For specific code examples, refer to ExampleRevokeSecurityGroupRule.java
Delete security group rules
Function declaration
1 public void deleteSecurityGroupRule(String securityGroupRuleId) {
2 }Parameter Meaning
Please refer to the OpenAPI documentation: Request Parameters for Deleting Security Group Rules
Response Value
- Operation succeeded
No response value
- Operation failed
For response exception list of operation failure, refer to the Security Group Exception List.
Code example
For specific code examples, refer to ExampleDeleteSecurityGroupRule.java
Update security group rules
Function declaration
1public void updateSecurityGroupRule(UpdateSecurityGroupRuleRequest request) {
2 }Parameter Meaning
Please refer to the OpenAPI documentation: Request Parameters for Updating Security Group
Response Value
- Operation succeeded
No response value
- Operation failed
For response exception list of operation failure, refer to the Security Group Exception List.
Code example
For specific code examples, refer to ExampleUpdateSecurityGroupRule.java
Appendix
Public response information in Metadata format
1 {
2 "bceRequestId":"f5f0821d-45fe-439b-bbf4-fc48b639f84a",
3 "contentLength":28,
4 "contentType":"application/json;charset=UTF-8",
5 "date":1701917695000,
6 "server":"openresty/1.15.8.1"
7 }