Creating a Custom Security Policy¶

Function¶

This API is used to create a custom security policy. If you need a custom security policy, you need to specify security_policy_id when you add an HTTPS listener to your load balancer.

URI¶

POST /v3/{project_id}/elb/security-policies

**Table 1** Path Parameters¶
Parameter	Mandatory	Type	Description
project_id	Yes	String	Specifies the project ID.

Request Parameters¶

**Table 2** Request header parameters¶
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Specifies the token used for IAM authentication.

**Table 3** Request body parameters¶
Parameter	Mandatory	Type	Description
security_policy	Yes	CreateSecurityPolicyOption object	Specifies the custom security policy.

**Table 4** CreateSecurityPolicyOption¶
Parameter	Mandatory	Type	Description
name	No	String	Specifies the name of the custom security policy. The default value is "". Minimum: 0 Maximum: 255
description	No	String	Provides supplementary information about the custom security policy. The default value is "". Minimum: 0 Maximum: 255
enterprise_project_id	No	String	Specifies the enterprise project ID. This parameter is unsupported. Please do not use it.
protocols	Yes	Array of strings	Lists the TLS protocols supported by the custom security policy. Value options: TLSv1, TLSv1.1, TLSv1.2, and TLSv1.3.
ciphers	Yes	Array of strings	Lists the cipher suites supported by the custom security policy. The following cipher suites are supported: ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128-GCM-SHA256,AES128-GCM-SHA256,AES256-GCM-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,AES128-SHA256,AES256-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA,AES128-SHA,AES256-SHA,CAMELLIA128-SHA,DES-CBC3-SHA,CAMELLIA256-SHA,ECDHE-RSA-CHACHA20-POLY1305,ECDHE-ECDSA-CHACHA20-POLY1305,TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256 Note: The protocol and cipher suite must match. At least one cipher suite must match the protocol. You can match the protocol and cipher suite based on system security policy.

Response Parameters¶

Status code: 201

**Table 5** Response body parameters¶
Parameter	Type	Description
security_policy	SecurityPolicy object	Lists the security policies.
request_id	String	Specifies the request ID. The value is automatically generated.

**Table 6** SecurityPolicy¶
Parameter	Type	Description
id	String	Specifies the ID of the custom security policy.
project_id	String	Specifies the project ID of the custom security policy.
name	String	Specifies the name of the custom security policy.
description	String	Provides supplementary information about the custom security policy.
listeners	Array of ListenerRef objects	Specifies the listeners that use the custom security policies.
protocols	Array of strings	Lists the TLS protocols supported by the custom security policy.
ciphers	Array of strings	Lists the cipher suites supported by the custom security policy.
created_at	String	Specifies the time when the custom security policy was created.
updated_at	String	Specifies the time when the custom security policy was updated.

**Table 7** ListenerRef¶
Parameter	Type	Description
id	String	Specifies the listener ID.

Example Requests¶

Creating a custom security policy

POST https://{ELB_Endpoint}/v3/7a9941d34fc1497d8d0797429ecfd354/elb/security-policies

{
  "security_policy" : {
    "name" : "test_1",
    "description" : "test1",
    "protocols" : [ "TLSv1.2", "TLSv1", "TLSv1.3" ],
    "ciphers" : [ "ECDHE-ECDSA-AES128-SHA", "TLS_AES_128_GCM_SHA256", "TLS_AES_128_CCM_8_SHA256" ]
  }
}

Example Responses¶

Status code: 201

Normal response to POST requests.

{
  "request_id" : "6b50d914-41f2-4e50-8929-e8a9837dbe75",
  "security_policy" : {
    "id" : "d74e27c9-4d60-427c-a11f-21142117c433",
    "name" : "test_1",
    "project_id" : "7a9941d34fc1497d8d0797429ecfd354",
    "description" : "test1",
    "protocols" : [ "TLSv1.2", "TLSv1", "TLSv1.3" ],
    "ciphers" : [ "ECDHE-ECDSA-AES128-SHA", "TLS_AES_128_GCM_SHA256", "TLS_AES_128_CCM_8_SHA256" ],
    "listeners" : [ ],
    "created_at" : "2021-03-26T01:33:12Z",
    "updated_at" : "2021-03-26T01:33:12Z"
  }
}

Status Codes¶

Status Code	Description
201	Normal response to POST requests.

Error Codes¶

See Error Codes.

last updated: 2024-05-18 01:17