Authorization rule for creating an instance group.
Try it now
Test
RAM authorization
|
Action |
Access level |
Resource type |
Condition key |
Dependent action |
|
iotcc:CreateGroupAuthorizationRule |
create |
*CloudConnector
|
None | None |
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| IoTCloudConnectorGroupId |
string |
Yes |
ID of the IoT Cloud Connector group. |
iotccg-g00epppbi9di9y**** |
| AuthorizationRuleDescription |
string |
No |
Description of the authorization rule. The description must be 2 to 256 characters in length. It must start with a letter or Chinese character. It cannot start with |
rule |
| AuthorizationRuleName |
string |
No |
Name of the authorization rule. The name must be 2 to 128 characters in length. It must start with a letter or Chinese character. It can contain numbers, periods (.), underscores (_), and hyphens (-). |
ruletest |
| SourceCidrs |
array |
Yes |
Source CIDR blocks. You can specify up to 20 CIDR blocks. |
|
|
string |
No |
Source CIDR block. You can specify up to 20 CIDR blocks. |
192.168.0.1/24 |
|
| DestinationType |
string |
Yes |
Type of destination. Valid values:
|
Cidr |
| DestinationPort |
string |
No |
Destination port range. Valid values:
|
80/80 |
| Protocol |
string |
No |
Protocol type. Valid values:
|
tcp |
| Destination |
string |
Yes |
Destination address. |
47.0.XX.XX |
| ClientToken |
string |
No |
A client token that ensures the idempotence of the request. Generate a unique value on your client side for each request. The ClientToken parameter supports only ASCII characters. Note
If you do not specify this parameter, the system uses the RequestId of the API request as the ClientToken. Each API request may have a different RequestId. |
123e4567-e89b-12d3-a456-426655440000 |
| DryRun |
boolean |
No |
Indicates whether to perform a dry run. Valid values:
|
false |
| RegionId |
string |
Yes |
ID of the region where the IoT Cloud Connector group resides. You can call the DescribeRegions operation to query region IDs. |
cn-hangzhou |
| Policy |
string |
Yes |
Access policy. Valid values:
|
Permit |
| Type |
string |
No |
Type of authorization rule. Valid values:
|
System |
Response elements
|
Element |
Type |
Description |
Example |
|
object |
List of response items. |
||
| IoTCloudConnectorGroupId |
string |
ID of the IoT Cloud Connector group. |
iotccg-g00epppbi9di9y**** |
| RequestId |
string |
ID of the request. |
54B48E3D-DF70-471B-AA93-08E683A1B45 |
| AuthorizationRuleId |
string |
ID of the authorization rule. |
gar-ez91t41jvi6tr8**** |
Examples
Success response
JSON format
{
"IoTCloudConnectorGroupId": "iotccg-g00epppbi9di9y****",
"RequestId": "54B48E3D-DF70-471B-AA93-08E683A1B45",
"AuthorizationRuleId": "gar-ez91t41jvi6tr8****"
}
Error codes
|
HTTP status code |
Error code |
Error message |
Description |
|---|---|---|---|
| 400 | Forbidden.RAM | Ram user does not have permission to perform this operation. | The error message returned because the RAM user does not have the permissions to perform the operation. |
| 400 | QuotaExceeded.IoTCCGroupInstanceLimit | The quota of IoTCCGroupPerUser is exceeded | |
| 400 | ResourceAlreadyExist.AuthorizationRule | The specified resource of AuthorizationRule already exists. | The error message returned because the rule already exists. |
| 400 | OperationDenied.DomainInHumanNetwork | The operation is not allowed because of domain or CIDR in human network. | |
| 400 | OperationDenied.CIDRMaskTooLarge | The operation is not allowed because of CIDR too large. | The error message returned because the length of the subnet mask of the CIDR block exceeds the upper limit. |
| 400 | IllegalParam.Destination | The param of Destination is illegal. | The error message returned because the value of the Destination parameter is invalid. |
| 400 | OperationDenied.CC5GInstanceNotSupport | The operation is not allowed because of CC5G instance not support. |
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.