To create a network profile with security groups, you make a POST request and provide security group IDs.

You create a network profile with security groups so that you can add firewall rules to all machines provisioned with that network profile.

Prerequisites

  • Verify that all general prerequisites and prerequisites for the Automation Assembler Infrastructure as a Service (IaaS) service have been satisfied. See Prerequisites for API Use Case Examples.
  • Verify that you have the cloud account ID for the new cloud account that you added. See Adding Cloud Accounts.
  • Verify that you have the region ID for the regions you want to include in the profile. See the procedure in Create Network Profiles.
  • Verify that you have the IDs for the networks you want to include in the profile. See the procedure in Create Network Profiles.

Procedure

  1. Assign the region ID variable.
    region_id='<your_region_id>'
  2. Filter for security groups associated with the cloud account ID and in the external region ID us-east-1.
    curl -X GET -H 'Content-Type: application/json' -H "Authorization: Bearer $access_token" "$url/iaas/api/security-groups?apiVersion=$api_version&"'$filter='"externalRegionId%20eq%20'us-east-1'%20and%20cloudAccountId%20eq%20'$cloud_account_id'" | jq "."
  3. Examine the response to find the IDs for the security groups that you want to include in your network profile.
  4. Create a network profile with security groups using network IDs for a non-public network.
    curl -X POST \
      $url/iaas/api/network-profiles?apiVersion=$api_version \
      -H 'Content-Type: application/json' \
      -H "Authorization: Bearer $access_token" \
       -d '{ 
        "name":"example-network-profile-with-security-groups", 
        "description":"Example Network Profile", 
        "regionId":"'$region_id'", 
        "fabricNetworkIds": [ 
          "<network_id1>", 
          "<network_id1>" 
        ], 
        "securityGroupIds": [ 
          "<security_group_id1_from_response>", 
          "<security_group_id2_from_response>" 
        ], 
        "tags": [ { "key": "env", "value": "prod" } ]
      }' | jq "."
    The response shows the name and ID for the network profile you created.

Example: Create a network profile with security groups

Assign the required variables including a cloud account ID and a region ID.
Note: If your organization uses an API service that is hosted outside of the United States, your URL variable must include a country abbreviation. See Regional Endpoints for VMware Aria Automation APIs.
$ url='https://api.mgmt.cloud.vmware.com'
$ api_version='2021-07-15'
$ cloud_account_id='c8c3c9bfdb449475-7f703c5265a63d87-5fa34c478df36b060e1ca3551254c403301
3bf3283908e4661cd1c6fb2f8b9ae-ce5aad01092b47558644f6b6615d'
$ region_id='37d6c1acf4a8275586468873c739'

Filter for security groups associated with the cloud account ID and in the external region ID us-east-1.

curl -X GET -H 'Content-Type: application/json' -H "Authorization: Bearer $access_token" "$url/iaas/api/security-groups?apiVersion=$api_version&"'$filter='"externalRegionId%20eq%20'us-east-1'%20and%20cloudAccountId%20eq%20'$cloud_account_id'" | jq "."

A snippet of the response shows the ID for a security group that you can include in your network profile.

...            
     "externalId": "sg-0305bc072a9f2727b",
      "name": "OC-LB-mcm681186-113024780265_SG",
      "id": "bdab0d4c28af6e7558f061f772518",
      "createdAt": "2022-04-02",
      "updatedAt": "2022-04-02",
      "organizationId": "8327d53f-91ea-420a-8613-ba8f3149db95",
      "orgId": "8327d53f-91ea-420a-8613-ba8f3149db95",
      "_links": {
        "cloud-accounts": {
          "hrefs": [
            "/iaas/api/cloud-accounts/c8c3c9bfdb449475-7f703c5265a63d87-5fa34c478df36b060e1ca3551254c4033013bf3283908e4661cd1c6fb2f8b9ae-ce5aad01092b47558644f6b6615d"
          ]
        },
        "self": {
          "href": "/iaas/api/security-groups/bdab0d4c28af6e7558f061f772518"
...

With the IDs of fabric networks that you want to include in your profile and and the security group IDs you want to include, create a network profile named example-network-profile-with-security-groups.

$ curl -X POST  \
  $url/iaas/api/network-profiles?apiVersion=$api_version  \
  -H 'Content-Type: application/json'  \
  -H "Authorization: Bearer $access_token"  \
  -d '{ 
    "name":"example-network-profile-with-security-groups", 
    "description":"Example Network Profile", 
    "regionId":"'$region_id'", 
    "fabricNetworkIds": [ 
      "d43efed364ef18755759316540e3d", 
      "d43efed364ef18755759316540e3f" 
    ], 
    "securityGroupIds": [ 
      "bdab0d4c28af6e7558f061f772518", 
      "ebdab0d4c28af6e7558efe6edd71c9" 
    ], 
    "tags": [ { "key": "env", "value": "prod" } ] 
}' | jq "."

A snippet of the response shows the network profile ID.

...            
 "name": "example-network-profile-with-security-groups",
  "description": "Example Network Profile",
  "id": "9cb2d111c768927558f1799bf9e48",
  "updatedAt": "2022-04-02",
...