Altostrat Studio is here — the AI-native network operations IDE for engineers running production. Terminal, diagrams, runbooks, and Copilot in one workspace. Get started →
Getting Started
Platform & Identity
Device Management & Orchestration
Automation & AI
Network Services & Connectivity
Security & Threat Management
Monitoring & Analytics
Core Services & Utilities
curl --request POST \
--url https://v1.api.altostrat.io/vpc/security-groups \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"name": "Web Application Servers",
"description": "Allows HTTP/S from the world and SSH from the office.",
"rules": [
{
"direction": "inbound",
"order": 10,
"protocol": 6,
"port": "443",
"address": "0.0.0.0/0",
"description": "Allow HTTPS"
},
{
"direction": "inbound",
"order": 20,
"protocol": 6,
"port": "80",
"address": "0.0.0.0/0",
"description": "Allow HTTP"
},
{
"direction": "inbound",
"order": 30,
"protocol": 6,
"port": "22",
"address": "prfx_lst_0ujsswThIGTUYm2K8FjOOfxcYpw",
"description": "Allow SSH from Office"
}
],
"sites": [
"site_0ujsswThIGTUYm2K8FjOOfxcYpw",
"site_0ujsswThIGTUYm2K8FjOOfxcYpz"
]
}
'{
"id": "sec_grp_0ujsswThIGTUYm2K8FjOOfxcYpw",
"name": "Default Web Servers",
"description": "Allows inbound HTTP/HTTPS traffic from anywhere.",
"status": "active",
"sites": [
"site_12345"
],
"rules": [
{
"id": "fltr_0ujsswThIGTUYm2K8FjOOfxcYpw",
"direction": "inbound",
"order": 10,
"protocol": 6,
"port": "443",
"address": "0.0.0.0/0",
"description": "Allow inbound HTTPS traffic"
}
]
}Create a security group
Creates a new security group with a defined set of firewall rules and initial site associations. The group is created atomically. Site associations and rule deployments are handled asynchronously. The response will indicate a syncing status if there are sites to update.
curl --request POST \
--url https://v1.api.altostrat.io/vpc/security-groups \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"name": "Web Application Servers",
"description": "Allows HTTP/S from the world and SSH from the office.",
"rules": [
{
"direction": "inbound",
"order": 10,
"protocol": 6,
"port": "443",
"address": "0.0.0.0/0",
"description": "Allow HTTPS"
},
{
"direction": "inbound",
"order": 20,
"protocol": 6,
"port": "80",
"address": "0.0.0.0/0",
"description": "Allow HTTP"
},
{
"direction": "inbound",
"order": 30,
"protocol": 6,
"port": "22",
"address": "prfx_lst_0ujsswThIGTUYm2K8FjOOfxcYpw",
"description": "Allow SSH from Office"
}
],
"sites": [
"site_0ujsswThIGTUYm2K8FjOOfxcYpw",
"site_0ujsswThIGTUYm2K8FjOOfxcYpz"
]
}
'{
"id": "sec_grp_0ujsswThIGTUYm2K8FjOOfxcYpw",
"name": "Default Web Servers",
"description": "Allows inbound HTTP/HTTPS traffic from anywhere.",
"status": "active",
"sites": [
"site_12345"
],
"rules": [
{
"id": "fltr_0ujsswThIGTUYm2K8FjOOfxcYpw",
"direction": "inbound",
"order": 10,
"protocol": 6,
"port": "443",
"address": "0.0.0.0/0",
"description": "Allow inbound HTTPS traffic"
}
]
}Documentation Index
Fetch the complete documentation index at: https://altostrat.io/docs/llms.txt
Use this file to discover all available pages before exploring further.
Authorizations
Authentication is performed via an Auth0-issued JSON Web Token (JWT). Provide the token in the Authorization header with the Bearer scheme.
Body
The details of the new security group.
Defines the writable properties for creating or updating a security group.
A human-readable name for the security group.
3 - 255"Web Application Firewall"
A list of firewall rules. The order of rules is determined by the order property within each rule object. The entire list of rules is replaced on update.
250Show child attributes
Show child attributes
A list of site IDs to which this security group should be applied. The entire list of sites is replaced on update.
An optional description for the security group.
1024"Allows inbound HTTP/S and blocks common attack vectors."
Response
The security group was created successfully.
Represents a container for a stateful firewall ruleset.
The unique identifier for the security group, prefixed with sec_grp_.
"sec_grp_0ujsswThIGTUYm2K8FjOOfxcYpw"
A human-readable name for the security group.
"Default Web Servers"
An optional description for the security group, providing more context.
"Allows inbound HTTP/HTTPS traffic from anywhere."
The current synchronization status of the security group. syncing means changes are being deployed and the resource is locked from modification.
active, syncing, failed "active"
A list of site IDs to which this security group is currently applied.
An ordered list of firewall rules that define the security policy.
Show child attributes
Show child attributes
Was this page helpful?