> ## Documentation Index > Fetch the complete documentation index at: https://gcore.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Update security group > Updates the specified security group with the provided changes. **Behavior:** - Simple fields (name, description) will be updated if provided - Undefined fields will remain unchanged - If no change is detected for a specific field compared to the current security group state, that field will be skipped - If no changes are detected at all across all fields, no task will be created and an empty task list will be returned **Important - Security Group Rules:** - Rules must be specified completely as the desired final state - The system compares the provided rules against the current state - Rules that exist in the request but not in the current state will be added - Rules that exist in the current state but not in the request will be removed - To keep existing rules, they must be included in the request alongside any new rules ## OpenAPI ````yaml /api-reference/services_documented/cloud_api.yaml patch /cloud/v2/security_groups/{project_id}/{region_id}/{group_id} openapi: 3.1.0 info: title: Gcore OpenAPI – Cloud API description: >- This OpenAPI is an aggregated OpenAPI specification that unifies all Gcore products into a single file. It covers Cloud, CDN, DNS, WAAP, DDoS Protection, Object Storage, Streaming, and FastEdge services. version: '2026-05-14T07:00:22.640261+00:00' servers: - url: https://api.gcore.com security: - APIKey: [] tags: - name: Bare Metal x-displayName: Bare Metal - name: Container as a Service x-displayName: Container as a Service - name: Cost Reports x-displayName: Cost Reports - name: DDoS Protection x-displayName: DDoS Protection - name: Everywhere Inference x-displayName: Everywhere Inference - name: Everywhere Inference Apps x-displayName: Everywhere Inference Apps - name: File Shares x-displayName: File Shares - name: Floating IPs x-displayName: Floating IPs - name: Function as a Service x-displayName: Function as a Service - name: GPU Bare Metal x-displayName: GPU Bare Metal - name: GPU Virtual x-displayName: GPU Virtual - name: IP Ranges x-displayName: IP Ranges - name: Images x-displayName: Images - name: Instances x-displayName: Instances - name: Load Balancers x-displayName: Load Balancers - name: Logging x-displayName: Logging - name: Managed Kubernetes x-displayName: Managed Kubernetes - name: Managed PostgreSQL x-displayName: Managed PostgreSQL - name: Networks x-displayName: Networks - name: Placement Groups x-displayName: Placement Groups - name: Projects x-displayName: Projects - name: Quotas x-displayName: Quotas - name: Regions x-displayName: Regions - name: Registry x-displayName: Registry - name: Reservations x-displayName: Reservations - name: Reserved IPs x-displayName: Reserved IPs - name: Routers x-displayName: Routers - name: SSH Keys x-displayName: SSH Keys - name: Secrets x-displayName: Secrets - name: Security Groups x-displayName: Security Groups - name: Snapshot Schedules x-displayName: Snapshot Schedules - name: Snapshots x-displayName: Snapshots - name: Tasks x-displayName: Tasks - name: User Actions x-displayName: User Actions - name: User Role Assignments x-displayName: User Role Assignments - name: Volumes x-displayName: Volumes paths: /cloud/v2/security_groups/{project_id}/{region_id}/{group_id}: patch: tags: - Security Groups summary: Update security group description: >- Updates the specified security group with the provided changes. **Behavior:** - Simple fields (name, description) will be updated if provided - Undefined fields will remain unchanged - If no change is detected for a specific field compared to the current security group state, that field will be skipped - If no changes are detected at all across all fields, no task will be created and an empty task list will be returned **Important - Security Group Rules:** - Rules must be specified completely as the desired final state - The system compares the provided rules against the current state - Rules that exist in the request but not in the current state will be added - Rules that exist in the current state but not in the request will be removed - To keep existing rules, they must be included in the request alongside any new rules operationId: SecurityGroupInstanceViewSetV2.patch parameters: - in: path name: project_id required: true description: Project ID schema: description: Project ID example: 1 examples: - 1 title: Project Id type: integer - in: path name: region_id required: true description: Region ID schema: description: Region ID example: 1 examples: - 1 title: Region Id type: integer - in: path name: group_id required: true description: Security group ID schema: description: Security group ID example: 00000000-0000-4000-8000-000000000000 examples: - 00000000-0000-4000-8000-000000000000 format: uuid4 title: Group Id type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateSecurityGroupSerializerV2' responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/TaskIDsSerializer' x-codeSamples: - lang: Python source: |- import os from gcore import Gcore client = Gcore( api_key=os.environ.get("GCORE_API_KEY"), # This is the default and can be omitted ) task_id_list = client.cloud.security_groups.update( group_id="00000000-0000-4000-8000-000000000000", project_id=1, region_id=1, ) print(task_id_list.tasks) - lang: Go source: "package main\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\n\t\"github.com/G-Core/gcore-go\"\n\t\"github.com/G-Core/gcore-go/cloud\"\n\t\"github.com/G-Core/gcore-go/option\"\n)\n\nfunc main() {\n\tclient := gcore.NewClient(\n\t\toption.WithAPIKey(\"My API Key\"),\n\t)\n\ttaskIDList, err := client.Cloud.SecurityGroups.Update(\n\t\tcontext.TODO(),\n\t\t\"00000000-0000-4000-8000-000000000000\",\n\t\tcloud.SecurityGroupUpdateParams{\n\t\t\tProjectID: gcore.Int(1),\n\t\t\tRegionID: gcore.Int(1),\n\t\t},\n\t)\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n\tfmt.Printf(\"%+v\\n\", taskIDList.Tasks)\n}\n" components: schemas: UpdateSecurityGroupSerializerV2: properties: description: description: Security group description example: Some description examples: - Some description title: Description type: string name: description: Name example: some_name examples: - some_name pattern: ^[a-zA-Z0-9][a-zA-Z 0-9._\-]{1,61}[a-zA-Z0-9._]$ title: Name type: string rules: description: Security group rules items: $ref: '#/components/schemas/UpdateSecurityGroupRuleSerializerV2' title: Rules type: array tags: anyOf: - $ref: '#/components/schemas/UpdateTagsSerializer' - type: 'null' description: >- Update key-value tags using JSON Merge Patch semantics (RFC 7386). Provide key-value pairs to add or update tags. Set tag values to `null` to remove tags. Unspecified tags remain unchanged. Read-only tags are always preserved and cannot be modified. **Examples:** - **Add/update tags:** `{'tags': {'environment': 'production', 'team': 'backend'}}` adds new tags or updates existing ones. - **Delete tags:** `{'tags': {'old_tag': null}}` removes specific tags. - **Remove all tags:** `{'tags': null}` removes all user-managed tags (read-only tags are preserved). - **Partial update:** `{'tags': {'environment': 'staging'}}` only updates specified tags. - **Mixed operations:** `{'tags': {'environment': 'production', 'cost_center': 'engineering', 'deprecated_tag': null}}` adds/updates 'environment' and 'cost_center' while removing 'deprecated_tag', preserving other existing tags. - **Replace all:** first delete existing tags with null values, then add new ones in the same request. examples: - my-tag: my-tag-value my-tag-to-remove: null title: UpdateSecurityGroupSerializerV2 type: object TaskIDsSerializer: properties: tasks: description: >- List of task IDs representing asynchronous operations. Use these IDs to monitor operation progress: - `GET /v1/tasks/{task_id}` - Check individual task status and details Poll task status until completion (`FINISHED`/`ERROR`) before proceeding with dependent operations. example: - d478ae29-dedc-4869-82f0-96104425f565 examples: - - d478ae29-dedc-4869-82f0-96104425f565 items: type: string title: Tasks type: array required: - tasks title: TaskIDsSerializer type: object UpdateSecurityGroupRuleSerializerV2: properties: description: description: Security grpup rule description example: Some description examples: - Some description maxLength: 255 title: Description type: string direction: description: >- Ingress or egress, which is the direction in which the security group rule is applied enum: - egress - ingress title: Direction type: string ethertype: description: >- Must be IPv4 or IPv6, and addresses represented in CIDR must match the ingress or egress rules. enum: - IPv4 - IPv6 example: IPv4 examples: - IPv4 title: Ethertype type: string port_range_max: description: >- The maximum port number in the range that is matched by the security group rule example: 80 examples: - 80 maximum: 65535 minimum: 0 title: Port Range Max type: integer port_range_min: description: >- The minimum port number in the range that is matched by the security group rule example: 80 examples: - 80 maximum: 65535 minimum: 0 title: Port Range Min type: integer protocol: anyOf: - $ref: '#/components/schemas/SecurityGroupProtocolEnumV2' - type: 'null' description: Protocol. Use null for all protocols. examples: - tcp remote_group_id: description: The remote group UUID to associate with this security group rule example: 00000000-0000-4000-8000-000000000000 examples: - 00000000-0000-4000-8000-000000000000 format: uuid4 title: Remote Group Id type: string remote_ip_prefix: description: The remote IP prefix that is matched by this security group rule example: 10.0.0.0/8 examples: - 10.0.0.0/8 format: ipvanynetwork title: Remote Ip Prefix type: string title: UpdateSecurityGroupRuleSerializerV2 type: object UpdateTagsSerializer: patternProperties: ^[^\s=]+$: anyOf: - maxLength: 255 minLength: 1 pattern: ^[^ \t\n\r\f\v]([^\t\n\r\f\v]*[^ \t\n\r\f\v])?$ type: string - type: 'null' description: >- Tag value. Maximum 255 characters. Cannot contain tabs, newlines, empty string or start/end with whitespace. Set to `null` in order to delete this tag. examples: - my-tag-value propertyNames: description: >- Tag key. Maximum 255 characters. Cannot contain spaces, tabs, newlines, empty string or '=' character. examples: - my-tag maxLength: 255 minLength: 1 title: UpdateTagsSerializer type: object SecurityGroupProtocolEnumV2: description: V2 protocol enum without 'any'. Use null for all protocols instead. enum: - ah - dccp - egp - esp - gre - icmp - igmp - ipencap - ipip - ipv6-encap - ipv6-frag - ipv6-icmp - ipv6-nonxt - ipv6-opts - ipv6-route - ospf - pgm - rsvp - sctp - tcp - udp - udplite - vrrp title: SecurityGroupProtocolEnumV2 type: string securitySchemes: APIKey: description: >- API key for authentication. Make sure to include the word `apikey`, followed by a single space and then your token. Example: `apikey 1234$abcdef` type: apiKey in: header name: Authorization ````