Alibaba Cloud MCP Server

Official

Overview Schema Related Servers Score Discussions

DescribeSecurityGroups

Query and retrieve detailed information about security groups in Alibaba Cloud, filtering by region, ID, type, or network to manage and inspect security configurations effectively.

Instructions

本接口用于查询安全组基本信息列表，支持您通过地域、安全组ID、安全组类型等不同参数查询。

Input Schema

TableJSON Schema

Name	Required	Description
`DryRun`	No	是否只预检此次请求。取值范围： - true：发送检查请求，不会查询资源状况。检查项包括AccessKey是否有效、RAM用户的授权情况和是否填写了必需参数。如果检查不通过，则返回对应错误。如果检查通过，会返回错误码DryRunOperation。 - false：发送正常请求，通过检查后返回2XX HTTP状态码并直接查询资源状况。默认值为false。请注意，提供参数要严格按照参数的类型和参数示例的提示，如果提到参数为String，且为一个 JSON 数组字符串，应在数组内使用单引号包裹对应的参数以避免转义问题，并在最外侧用双引号包裹以确保其是字符串，否则可能会导致参数解析错误。参数类型: boolean,参数示例：false
`FuzzyQuery`	No	>该参数已废弃。请注意，提供参数要严格按照参数的类型和参数示例的提示，如果提到参数为String，且为一个 JSON 数组字符串，应在数组内使用单引号包裹对应的参数以避免转义问题，并在最外侧用双引号包裹以确保其是字符串，否则可能会导致参数解析错误。参数类型: boolean,参数示例：null
`IsQueryEcsCount`	No	是否查询安全组的容量信息。传True时，返回值中的`EcsCount`和`AvailableInstanceAmount`有效。 >该参数已废弃。请注意，提供参数要严格按照参数的类型和参数示例的提示，如果提到参数为String，且为一个 JSON 数组字符串，应在数组内使用单引号包裹对应的参数以避免转义问题，并在最外侧用双引号包裹以确保其是字符串，否则可能会导致参数解析错误。参数类型: boolean,参数示例：null
`MaxResults`	No	分页查询时每页的最大条目数。一旦设置该参数，即表示使用`MaxResults`与`NextToken`组合参数的查询方式。最大值为100。默认值为10。请注意，提供参数要严格按照参数的类型和参数示例的提示，如果提到参数为String，且为一个 JSON 数组字符串，应在数组内使用单引号包裹对应的参数以避免转义问题，并在最外侧用双引号包裹以确保其是字符串，否则可能会导致参数解析错误。参数类型: integer,参数示例：10
`NetworkType`	No	安全组的网络类型。取值范围： - vpc：专有网络。 - classic：经典网络。请注意，提供参数要严格按照参数的类型和参数示例的提示，如果提到参数为String，且为一个 JSON 数组字符串，应在数组内使用单引号包裹对应的参数以避免转义问题，并在最外侧用双引号包裹以确保其是字符串，否则可能会导致参数解析错误。参数类型: string,参数示例：vpc
`NextToken`	No	查询凭证（Token）。取值为上一次调用该接口返回的NextToken参数值，初次调用接口时无需设置该参数。请注意，提供参数要严格按照参数的类型和参数示例的提示，如果提到参数为String，且为一个 JSON 数组字符串，应在数组内使用单引号包裹对应的参数以避免转义问题，并在最外侧用双引号包裹以确保其是字符串，否则可能会导致参数解析错误。参数类型: string,参数示例：e71d8a535bd9cc11
`PageNumber`	No	> 该参数即将下线，推荐您使用NextToken与MaxResults完成分页查询操作。请注意，提供参数要严格按照参数的类型和参数示例的提示，如果提到参数为String，且为一个 JSON 数组字符串，应在数组内使用单引号包裹对应的参数以避免转义问题，并在最外侧用双引号包裹以确保其是字符串，否则可能会导致参数解析错误。参数类型: integer,参数示例：1
`PageSize`	No	> 该参数即将下线，推荐您使用NextToken与MaxResults完成分页查询操作。请注意，提供参数要严格按照参数的类型和参数示例的提示，如果提到参数为String，且为一个 JSON 数组字符串，应在数组内使用单引号包裹对应的参数以避免转义问题，并在最外侧用双引号包裹以确保其是字符串，否则可能会导致参数解析错误。参数类型: integer,参数示例：10
`RegionId`	Yes	地域ID。您可以调用[DescribeRegions](~~25609~~)查看最新的阿里云地域列表。请注意，提供参数要严格按照参数的类型和参数示例的提示，如果提到参数为String，且为一个 JSON 数组字符串，应在数组内使用单引号包裹对应的参数以避免转义问题，并在最外侧用双引号包裹以确保其是字符串，否则可能会导致参数解析错误。参数类型: string,参数示例：cn-hangzhou
`ResourceGroupId`	No	安全组所在的企业资源组ID。使用该参数过滤资源时，资源数量不能超过1000个。您可以调用[ListResourceGroups](~~158855~~)查询资源组列表。 >不支持默认资源组过滤。请注意，提供参数要严格按照参数的类型和参数示例的提示，如果提到参数为String，且为一个 JSON 数组字符串，应在数组内使用单引号包裹对应的参数以避免转义问题，并在最外侧用双引号包裹以确保其是字符串，否则可能会导致参数解析错误。参数类型: string,参数示例：rg-bp67acfmxazb4p****
`SecurityGroupId`	No	安全组ID。请注意，提供参数要严格按照参数的类型和参数示例的提示，如果提到参数为String，且为一个 JSON 数组字符串，应在数组内使用单引号包裹对应的参数以避免转义问题，并在最外侧用双引号包裹以确保其是字符串，否则可能会导致参数解析错误。参数类型: string,参数示例：sg-bp67acfmxazb4p****
`SecurityGroupIds`	No	安全组ID列表。一次最多支持100个安全组ID，ID之间用半角逗号（,）隔开，格式为JSON数组。请注意，提供参数要严格按照参数的类型和参数示例的提示，如果提到参数为String，且为一个 JSON 数组字符串，应在数组内使用单引号包裹对应的参数以避免转义问题，并在最外侧用双引号包裹以确保其是字符串，否则可能会导致参数解析错误。参数类型: string,参数示例：["sg-bp67acfmxazb4p**", "sg-bp67acfmxazb4p", "sg-bp67acfmxazb4p**",....]
`SecurityGroupName`	No	安全组名称。请注意，提供参数要严格按照参数的类型和参数示例的提示，如果提到参数为String，且为一个 JSON 数组字符串，应在数组内使用单引号包裹对应的参数以避免转义问题，并在最外侧用双引号包裹以确保其是字符串，否则可能会导致参数解析错误。参数类型: string,参数示例：SGTestName
`SecurityGroupType`	No	安全组类型。取值范围： - normal：普通安全组。 - enterprise：企业安全组。 > 当不为该参数传值时，表示查询所有类型的安全组。请注意，提供参数要严格按照参数的类型和参数示例的提示，如果提到参数为String，且为一个 JSON 数组字符串，应在数组内使用单引号包裹对应的参数以避免转义问题，并在最外侧用双引号包裹以确保其是字符串，否则可能会导致参数解析错误。参数类型: string,参数示例：normal
`ServiceManaged`	No	是否为托管安全组。取值范围： - true：是托管安全组。 - false：不是托管安全组。请注意，提供参数要严格按照参数的类型和参数示例的提示，如果提到参数为String，且为一个 JSON 数组字符串，应在数组内使用单引号包裹对应的参数以避免转义问题，并在最外侧用双引号包裹以确保其是字符串，否则可能会导致参数解析错误。参数类型: boolean,参数示例：false
`Tag`	No	标签列表。请注意，提供参数要严格按照参数的类型和参数示例的提示，如果提到参数为String，且为一个 JSON 数组字符串，应在数组内使用单引号包裹对应的参数以避免转义问题，并在最外侧用双引号包裹以确保其是字符串，否则可能会导致参数解析错误。参数类型: array,参数示例：
`VpcId`	No	安全组所在的专有网络ID。请注意，提供参数要严格按照参数的类型和参数示例的提示，如果提到参数为String，且为一个 JSON 数组字符串，应在数组内使用单引号包裹对应的参数以避免转义问题，并在最外侧用双引号包裹以确保其是字符串，否则可能会导致参数解析错误。参数类型: string,参数示例：vpc-bp67acfmxazb4p****

Implementation Reference

src/alibaba_cloud_ops_mcp_server/config.py:8-17 (registration)

Configuration listing the 'DescribeSecurityGroups' tool under the 'ecs' service, which triggers its dynamic registration.

'ecs': [
    'DescribeInstances',
    'DescribeRegions',
    'DescribeZones',
    'DescribeAccountAttributes',
    'DescribeAvailableResource',
    'DescribeImages',
    'DescribeSecurityGroups',
    'DeleteInstances'
],

src/alibaba_cloud_ops_mcp_server/server.py:88-88 (registration)
Calls create_api_tools with the config to register all configured tools, including DescribeSecurityGroups.
```
api_tools.create_api_tools(mcp, config)
```

src/alibaba_cloud_ops_mcp_server/tools/api_tools.py:267-271 (registration)

Dynamically registers a tool for each API name listed in config, including 'DescribeSecurityGroups' for service 'ecs'.

def create_api_tools(mcp: FastMCP, config:dict):
    for service_code, apis in config.items():
        for api_name in apis:
            _create_and_decorate_tool(mcp, service_code, api_name)

src/alibaba_cloud_ops_mcp_server/tools/api_tools.py:100-135 (handler)

Core handler function executed by the dynamic tool for DescribeSecurityGroups, performing the Alibaba Cloud ECS API call.

def _tools_api_call(service: str, api: str, parameters: dict, ctx: Context):
    service = service.lower()
    api_meta, _ = ApiMetaClient.get_api_meta(service, api)
    version = ApiMetaClient.get_service_version(service)
    method = 'POST' if api_meta.get('methods', [])[0] == 'post' else 'GET'
    path = api_meta.get('path', '/')
    style = ApiMetaClient.get_service_style(service)
    
    # Handling special parameter formats
    processed_parameters = parameters.copy()
    processed_parameters = {k: v for k, v in processed_parameters.items() if v is not None}
    if service == 'ecs':
        for param_name, param_value in parameters.items():
            if param_name in ECS_LIST_PARAMETERS and isinstance(param_value, list):
                processed_parameters[param_name] = json.dumps(param_value)
    
    req = open_api_models.OpenApiRequest(
        query=OpenApiUtilClient.query(processed_parameters)
    )
    params = open_api_models.Params(
        action=api,
        version=version,
        protocol='HTTPS',
        pathname=path,
        method=method,
        auth_type='AK',
        style=style,
        req_body_type='formData',
        body_type='json'
    )
    logger.info(f'Call API Request: Service: {service} API: {api} Method: {method} Parameters: {processed_parameters}')
    client = create_client(service, processed_parameters.get('RegionId', 'cn-hangzhou'))
    runtime = util_models.RuntimeOptions()
    resp = client.call_api(params, req, runtime)
    logger.info(f'Call API Response: {resp}')
    return resp

src/alibaba_cloud_ops_mcp_server/tools/api_tools.py:256-266 (schema)

Creates the dynamic tool handler and input schema using API metadata for DescribeSecurityGroups, registers it with name 'ECS_DESCRIBESECURITYGROUPS'.

def _create_and_decorate_tool(mcp: FastMCP, service: str, api: str):
    """Create a tool function for an AlibabaCloud openapi."""
    api_meta, _ = ApiMetaClient.get_api_meta(service, api)
    fields = _create_function_schemas(service, api, api_meta).get(api, {})
    description = api_meta.get('summary', '')
    dynamic_lambda = _create_tool_function_with_signature(service, api, fields, description)
    function_name = f'{service.upper()}_{api}'
    decorated_function = mcp.tool(name=function_name)(dynamic_lambda)

    return decorated_function

Tool Definition Quality

C2.9/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden. It states it's a query operation, implying read-only behavior, but doesn't disclose critical traits like pagination handling (implied by parameters but not explained), rate limits, authentication needs, or error conditions. The description lacks behavioral context beyond the basic query intent.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence in Chinese that front-loads the purpose and briefly mentions parameter support. There's no wasted text, and it's appropriately sized for a tool with a well-documented schema.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity (17 parameters, no annotations, no output schema), the description is insufficient. It doesn't explain the return format, pagination behavior, or error handling. For a query tool with many parameters and no structured output, more context is needed to guide effective use.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so the schema fully documents all 17 parameters. The description adds minimal value by listing example parameters ('地域、安全组ID、安全组类型等'), but doesn't provide additional semantics beyond what's in the schema. Baseline is 3 as the schema does the heavy lifting.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: '查询安全组基本信息列表' (query security group basic information list). It specifies the verb ('查询') and resource ('安全组基本信息列表'), making it easy to understand. However, it doesn't explicitly distinguish this tool from potential siblings like 'DescribeInstances' or 'DescribeVpcs', though the resource specificity helps.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It mentions supported parameters but doesn't indicate scenarios, prerequisites, or comparisons with other tools. For example, it doesn't clarify if this is for listing all security groups versus filtered queries or how it relates to other describe tools.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Related Tools

DescribeSecurityGroupsC
@aliyun/alibaba-cloud-ops-mcp-server
list_security_groupsC
@phantosmax/cloudstack-mcp-server
DescribeRegionsB
@aliyun/alibabacloud-ecs-mcp-server
ListResourceGroups
@aliyun/alibabacloud-dataworks-mcp-server
DescribeInstancesC
@aliyun/alibabacloud-ecs-mcp-server
DescribeRegionsC
@aliyun/alibaba-cloud-ops-mcp-server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/aliyun/alibabacloud-ecs-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server