To create a network profile with security groups, you make a POST request and provide security group IDs.
You create a network profile with security groups so that you can add firewall rules to all machines provisioned with that network profile.
Prerequisites
- Verify that all general prerequisites and prerequisites for the Cloud Assembly Infrastructure as a Service (IaaS) service have been satisfied. See Prerequisites for API Use Case Examples.
- Verify that you have the cloud account ID for the new cloud account that you added. See Adding Cloud Accounts.
- Verify that you have the region ID for the regions you want to include in the profile. See the procedure in Create Network Profiles.
- Verify that you have the IDs for the networks you want to include in the profile. See the procedure in Create Network Profiles.
Procedure
Example: Create a network profile with security groups
Assign the required variables including a cloud account ID and a region ID.
$ url='https://appliance.domain.com'
$ api_version='2021-07-15'
$ cloud_account_id='c8c3c9bfdb449475-7f703c5265a63d87-5fa34c478df36b060e1ca3551254c4033013bf3283908e4661cd1c6fb2f8b9ae-ce5aad01092b47558644f6b6615d'
$ region_id='37d6c1acf4a8275586468873c739'
Filter for security groups associated with the cloud account ID and in the external region ID us-east-1.
curl -X GET -H 'Content-Type: application/json' -H "Authorization: Bearer $access_token" "$url/iaas/api/security-groups?apiVersion=$api_version&"'$filter='"externalRegionId%20eq%20'us-east-1'%20and%20cloudAccountId%20eq%20'$cloud_account_id'" | jq "."
A snippet of the response shows the ID for a security group that you can include in your network profile.
... "externalId": "sg-0305bc072a9f2727b", "name": "OC-LB-mcm681186-113024780265_SG", "id": "bdab0d4c28af6e7558f061f772518", "createdAt": "2022-04-02", "updatedAt": "2022-04-02", "organizationId": "8327d53f-91ea-420a-8613-ba8f3149db95", "orgId": "8327d53f-91ea-420a-8613-ba8f3149db95", "_links": { "cloud-accounts": { "hrefs": [ "/iaas/api/cloud-accounts/c8c3c9bfdb449475-7f703c5265a63d87-5fa34c478df36b060e1ca3551254c4033013bf3283908e4661cd1c6fb2f8b9ae-ce5aad01092b47558644f6b6615d" ] }, "self": { "href": "/iaas/api/security-groups/bdab0d4c28af6e7558f061f772518" ...
With the IDs of fabric networks that you want to include in your profile and and the security group IDs you want to include, create a network profile named example-network-profile-with-security-groups.
$ curl -X POST \ $url/iaas/api/network-profiles?apiVersion=$api_version \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $access_token" \ -d '{ "name":"example-network-profile-with-security-groups", "description":"Example Network Profile", "regionId":"'$region_id'", "fabricNetworkIds": [ "d43efed364ef18755759316540e3d", "d43efed364ef18755759316540e3f" ], "securityGroupIds": [ "bdab0d4c28af6e7558f061f772518", "ebdab0d4c28af6e7558efe6edd71c9" ], "tags": [ { "key": "env", "value": "prod" } ] }' | jq "."
A snippet of the response shows the network profile ID.
...
"name": "example-network-profile-with-security-groups",
"description": "Example Network Profile",
"id": "9cb2d111c768927558f1799bf9e48",
"updatedAt": "2022-04-02",
...