To create a network profile with security groups, you make a POST request and provide security group IDs.
You create a network profile with security groups so that you can add firewall rules to all machines provisioned with that network profile.
Prerequisites
- Verify that all general prerequisites and prerequisites for the Cloud Assembly Infrastructure as a Service (IaaS) service have been satisfied. See Prerequisites for API Use Case Examples.
- Verify that you have the cloud account ID for the new cloud account that you added. See Adding Cloud Accounts.
- Verify that you have the region ID for the regions you want to include in the profile. See the procedure in Create Network Profiles.
- Verify that you have the IDs for the networks you want to include in the profile. See the procedure in Create Network Profiles.
Procedure
Example: Create a network profile with security groups
Assign the required variables including a cloud account ID and a region ID.
$ url='https://appliance.domain.com'
$ api_version='2021-07-15'
$ cloud_account_id='c8c3c9bfdb449475-7f703c5265a63d87-5fa34c478df36b060e1ca3551254c4033013bf3283908e4661cd1c6fb2f8b9ae-ce5aad01092b47558644f6b6615d'
$ region_id='37d6c1acf4a8275586468873c739'
Filter for security groups associated with the cloud account ID and in the external region ID us-east-1.
curl -X GET -H 'Content-Type: application/json' -H "Authorization: Bearer $access_token" "$url/iaas/api/security-groups?apiVersion=$api_version&"'$filter='"externalRegionId%20eq%20'us-east-1'%20and%20cloudAccountId%20eq%20'$cloud_account_id'" | jq "."
A snippet of the response shows the ID for a security group that you can include in your network profile.
...
"externalId": "sg-0305bc072a9f2727b",
"name": "OC-LB-mcm681186-113024780265_SG",
"id": "bdab0d4c28af6e7558f061f772518",
"createdAt": "2022-04-02",
"updatedAt": "2022-04-02",
"organizationId": "8327d53f-91ea-420a-8613-ba8f3149db95",
"orgId": "8327d53f-91ea-420a-8613-ba8f3149db95",
"_links": {
"cloud-accounts": {
"hrefs": [
"/iaas/api/cloud-accounts/c8c3c9bfdb449475-7f703c5265a63d87-5fa34c478df36b060e1ca3551254c4033013bf3283908e4661cd1c6fb2f8b9ae-ce5aad01092b47558644f6b6615d"
]
},
"self": {
"href": "/iaas/api/security-groups/bdab0d4c28af6e7558f061f772518"
...
With the IDs of fabric networks that you want to include in your profile and and the security group IDs you want to include, create a network profile named example-network-profile-with-security-groups.
$ curl -X POST \
$url/iaas/api/network-profiles?apiVersion=$api_version \
-H 'Content-Type: application/json' \
-H "Authorization: Bearer $access_token" \
-d '{
"name":"example-network-profile-with-security-groups",
"description":"Example Network Profile",
"regionId":"'$region_id'",
"fabricNetworkIds": [
"d43efed364ef18755759316540e3d",
"d43efed364ef18755759316540e3f"
],
"securityGroupIds": [
"bdab0d4c28af6e7558f061f772518",
"ebdab0d4c28af6e7558efe6edd71c9"
],
"tags": [ { "key": "env", "value": "prod" } ]
}' | jq "."
A snippet of the response shows the network profile ID.
...
"name": "example-network-profile-with-security-groups",
"description": "Example Network Profile",
"id": "9cb2d111c768927558f1799bf9e48",
"updatedAt": "2022-04-02",
...
