# Create a Default Network Security Group

{% hint style="info" %}
**Note:** Only contract administrators, owners, and users with both permissions to the VDC concerned and `createNetworkSecurityGroups` privilege can create NSGs via API.
{% endhint %}

{% hint style="info" %}
**Prerequisite:** You need an <code class="expression">space.vars.ionos\_cloud</code> account with API credentials configured with the appropriate permissions.
{% endhint %}

{% hint style="info" %}
**Note:** User-created Virtual Machines (VMs) automatically become members of a default NSG, while managed K8s nodes remain excluded.
{% endhint %}

You can create a Default NSG with predefined rules at the time of creation or during the update of a datacenter. You can use any of the following [<mark style="color:blue;">Cloud API</mark>](https://api.ionos.com/docs/cloud/v6/#tag/Data-centers) requests with the property `createDefaultSecurityGroup` set to `true` and the other required properties:

`POST /datacenters/`

`PUT /datacenters/{datacenterId}`

`PATCH /datacenters/{datacenterId}`

## Request

```bash
curl --location 'https://api.ionos.com/cloudapi/v6/datacenters/' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic YYXabCDeFmLMO0c2hyYUBpb25vcy5jb206I1Bha2lzdGFuXzE=' \
--data '{
  "properties": {
    "name": "Production Datacenter",
    "description": "My Production Datacenter",
    "location": "us/las",
    "createDefaultSecurityGroup": true
  }
}'
```

## Response

**202 Accepted**

```json
{
 "id": "15f67991-0f51-4efc-a8ad-ef1fb31a480c",
 "type": "datacenter",
 "href": "<RESOURCE-URI>",
 "metadata": {
  "etag": "45480eb3fbfc31f1d916c1eaa4abdcc3",
  "createdDate": "2015-12-04T14:34:09.809Z",
  "createdBy": "user@example.com",
  "createdByUserId": "user@example.com",
  "lastModifiedDate": "2015-12-04T14:34:09.809Z",
  "lastModifiedBy": "user@example.com",
  "lastModifiedByUserId": "63cef532-26fe-4a64-a4e0-de7c8a506c90",
  "state": "AVAILABLE"
 },
 "properties": {
  "name": "Production datacenter",
  "description": "My Production Datacenter",
  "location": "us/las",
  "version": 8,
  "features": [
   "SSD"
  ],
  "secAuthProtection": true,
  "cpuArchitecture": [
   {
    "cpuFamily": "INTEL_ICELAKE",
    "maxCores": 62,
    "maxRam": 245760,
    "vendor": "AuthenticAMD"
   }
  ],
  "ipv6CidrBlock": "2001:db8:b06d:8f00::/56",
  "defaultSecurityGroupId": "15f67991-0f51-4efc-a8ad-ef1fb31a480c"
 }
}
```

{% hint style="info" %}
**Note:** For CloudAPI, some resources are created asynchronously. You can check for the progress via the **Status URL** that is returned in the response header of the **POST** or **PUT** call.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ionos.com/cloud/security/network-security-groups/api-how-tos/create-default-nsg.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.