Security group
Security group management
Initialization
Confirm Endpoint
When confirming SDK usage and configuring endpoint, understand the related concepts of endpoint. Baidu AI Cloud currently supports multiple regions. Please refer toRegion Selection Guide. North China - Beijing, South China-Guangzhou, East China - Suzhou, Hong Kong, Central China-Wuhan (Financial) and North China - Baoding are supported currently. Corresponding endpoint details are as follows:
| Access region | Endpoint |
|---|---|
| North China-Beijing | bcc.bj.baidubce.com |
| South China-Guangzhou | bcc.gz.baidubce.com |
| East China-Suzhou | bcc.su.baidubce.com |
| Hong Kong | bcc.hkg.baidubce.com |
| Central China-Wuhan (Financial) | bcc.fwh.baidubce.com |
| North China-Baoding | bcc.bd.baidubce.com |
Retrieve access key
To use the security group of Baidu AI Cloud, you need a valid AK (Access Key ID) and SK (Secret Access Key) for signature certification. AK/SK are system-assigned strings used to identify users and perform signature certification for security group access. Your AK/SK information can be obtained and understood through the following steps: Register a Baidu AI Cloud account Create AK/SK
Create BccClient
The BccClient enables developers to interact with the security group service by providing a variety of methods.
Access BccClient via AK/SK method
- Before creating BccClient, a configuration file must be created to configure BccClient. Below, this configuration file is named sg_sample_conf.py, with the following specific configuration information:
1#!/usr/bin/env python
2#coding=utf-8
3 #Import Python standard logging module
4import logging
5 #Import BCC configuration management module and security certification module from Python SDK
6from baidubce.bce_client_configuration import BceClientConfiguration
7from baidubce.auth.bce_credentials import BceCredentials
8import baidubce
9 #Set BccClient Host, Access Key ID, and Secret Access Key
10sg_host = ""bcc.bj.baidubce.com"
11access_key_id = "AK"
12secret_access_key = "SK"
13 #Set log file handles and log levels
14logger = logging.getLogger('baidubce.http.bce_http_client')
15fh = logging.FileHandler("sample.log")
16fh.setLevel(logging.DEBUG)
17 #Set the order, structure and content of log file output
18formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
19fh.setFormatter(formatter)
20logger.setLevel(logging.DEBUG)
21logger.addHandler(fh)
22 #Create BceClientConfiguration instance
23config = BceClientConfiguration(credentials=BceCredentials(access_key_id, secret_access_key), endpoint = sg_host)Note: For log files, logging has the following levels: DEBUG, INFOm WARNINGm ERROR and CRITICAL.
In the code above, access_key_id corresponds to “Access Key ID” in the console. secret_access_key corresponds to “Access Key Secret” in the console. For the method to retrieve them, refer to Guide - Manage ACCESSKEY.
The above method requires users to manually specify the security group service domain name by assigning it to the sg_host variable. If not specified, the endpoint parameter is not required to be passed, and the default is the Beijing Region http://bcc.bj.baidubce.com.
- Upon completion of the configurations above, refer to the following code to create a BccClient.
1#Import BccClient configuration file
2import sg_sample_conf
3
4 #Import related Bcc modules
5from baidubce import exception
6from baidubce.services import bcc
7from baidubce.services.bcc.bcc_client import BccClient
8from baidubce.services.bcc.bcc_model import SecurityGroupRuleModel
9
10 #Create BccClient
11sg_client = BccClient(sg_sample_conf.config)Security group management
- When creating a BCC instance, you have the option to use either the default security group or a custom security group.
- Every BCC instance must be associated with a security group.
- Each BCC instance can associate with up to 10 security groups. When associated with multiple groups, the effective rules for the instance will be the combined rules from all associated groups.
- Users can allow communication between all BCC instances associated with the same security group or between instances belonging to different security groups. By default, all BCC instances in the same security group can communicate with each other.
- Security group association for BCC instances at the group level is not supported; instances can only be added to security groups.
- Default security groups cannot be deleted, but their rules can be added, removed, or modified. Only the default security group includes a "One-click Restoration to Initial Setting" option.
Default security group rules:
- Ingress: Allows unrestricted access to all ports, permitting traffic from all external IPs to enter all ports associated with the BCC.
- Egress: Grants access to all ports, allowing all ports associated with BCC to connect to any external IP ports.
Create security group
Function declaration
1def create_security_group(self, name, rules, vpc_id=None, desc=None, client_token=None, tags=None, config=None):Parameter meaning
Refer to the OpenAPI documentation: https://cloud.baidu.com/doc/VPC/s/Gkmd207ou
Response value
Operation succeeded:
1{
2 "securityGroupId": "g-nky7qeom"
3}Operation failed:
Throw an exception. For the exception list, refer to: https://cloud.baidu.com/doc/VPC/s/sjwvyuhe7
Code example
For specific code examples, refer to: example_create_security_group.py
List security groups
Function declaration
1def list_security_groups(self, instance_id=None, vpc_id=None, marker=None, max_keys=None, config=None):Parameter meaning
Refer to the OpenAPI documentation: https://cloud.baidu.com/doc/VPC/s/Okmd24kom
Response value
Operation succeeded:
1{
2 "nextMarker": "",
3 "marker": "",
4 "maxKeys": 1000,
5 "securityGroups": [
6 {
7 "desc": "",
8 "id": "g-4NxWoxeq",
9 "name": "common2",
10 "vpcId":"vpc-9xuevtmc6u",
11 "createdTime":"2019-09-24T08:25:59Z",
12 "sgVersion": 0,
13 "rules": [
14 {
15 "destGroupId": "",
16 "destIp": "all",
17 "direction": "egress",
18 "ethertype": "IPv4",
19 "portRange": "1-65535",
20 "protocol": "all",
21 "remark": "bae",
22 "securityGroupId": "g-4NxWoxeq",
23 "securityGroupRuleId": "r-gkv8yupumvx2",
24 "createdTime": "2020-07-27T13:00:52Z",
25 "updatedTime": "2020-07-27T13:00:52Z"
26 }
27 ],
28 "tags":[
29 {
30 "tagKey": tagKey,
31 "tagValue": tagValue
32 }
33 ]
34 }
35 ],
36 "isTruncated": false
37}Operation failed:
Throw an exception. For the exception list, refer to: https://cloud.baidu.com/doc/VPC/s/sjwvyuhe7
Code example
For specific code examples, refer to: example_get_security_group_list.py
Delete a security group
Function declaration
1def delete_security_group(self, security_group_id, config=None):Parameter meaning
Refer to the OpenAPI documentation: https://cloud.baidu.com/doc/VPC/s/Dkmd22the
Response value
Operation succeeded:
1{}Operation failed:
Throw an exception. For the exception list, refer to: https://cloud.baidu.com/doc/VPC/s/sjwvyuhe7
Code example
For specific code examples, refer to: example_delete_security_group.py
Authorize security group rules
Function declaration
1def authorize_security_group_rule(self, security_group_id, rule, client_token=None, config=None):Parameter meaning
Refer to the OpenAPI documentation: https://cloud.baidu.com/doc/VPC/s/Mkmd2b0na
Response value
Operation succeeded:
1{}Operation failed:
Throw an exception. For the exception list, refer to: https://cloud.baidu.com/doc/VPC/s/sjwvyuhe7
Code example
For specific code examples, refer to: example_authorize_security_group_rule.py
Revoke security group rules
Function declaration
1def revoke_security_group_rule(self, security_group_id, rule, client_token=None, config=None):Parameter meaning
Refer to the OpenAPI documentation: https://cloud.baidu.com/doc/VPC/s/jkmd281hj
Response value
Operation succeeded:
1{}Operation failed:
Throw an exception. For the exception list, refer to: https://cloud.baidu.com/doc/VPC/s/sjwvyuhe7
Code example
For specific code examples, refer to: example_revoke_security_group_rule.py
Update security group rules
Function declaration
1def update_security_group_rule(self, security_group_rule_id, remark=None, direction=None,
2 protocol=None, portrange=None, source_ip=None,
3 sourcegroup_id=None, dest_ip=None, destgroup_id=None,
4 config=None):Parameter meaning
Refer to the OpenAPI documentation: https://cloud.baidu.com/doc/VPC/s/Hkmd2fk5t
Response value
Operation succeeded:
1{}Operation failed:
Throw an exception. For the exception list, refer to: https://cloud.baidu.com/doc/VPC/s/sjwvyuhe7
Code example
For specific code examples, refer to: example_update_security_group_rule.py
Delete security group rules
Function declaration
1def delete_security_group_rule(self, security_group_rule_id, config=None):Parameter meaning
Refer to the OpenAPI documentation: https://cloud.baidu.com/doc/VPC/s/0kmd2duok
Response value
Operation succeeded:
1{}Operation failed:
Throw an exception. For the exception list, refer to: https://cloud.baidu.com/doc/VPC/s/sjwvyuhe7
Code example
For specific code examples, refer to: example_delete_security_group_rule.py