# Create a Default Network Security Group

{% hint style="info" %}
**Note:** Only contract administrators, owners, and users with both permissions to the VDC concerned and `createNetworkSecurityGroups` privilege can create NSGs via API.
{% endhint %}

{% hint style="info" %}
**Prerequisite:** You need an IONOS Cloud account with API credentials configured with the appropriate permissions.
{% endhint %}

{% hint style="info" %}
**Note:** User-created Virtual Machines (VMs) automatically become members of a default NSG, while managed K8s nodes remain excluded.
{% endhint %}

You can create a Default NSG with predefined rules at the time of creation or during the update of a datacenter. You can use any of the following [<mark style="color:blue;">Cloud API</mark>](https://api.ionos.com/docs/cloud/) requests with the property `createDefaultSecurityGroup` set to `true`and the other required properties:

`POST /datacenters/`

`PUT /datacenters/{datacenterId}`

`PATCH /datacenters/{datacenterId}`

### Request

```bash
curl --location 'https://api.ionos.com/cloudapi/v6/datacenters/' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic YYXabCDeFmLMO0c2hyYUBpb25vcy5jb206I1Bha2lzdGFuXzE=' \
--data '{
  "properties": {
    "name": "Production Datacenter",
    "description": "My Production Datacenter",
    "location": "us/las",
    "createDefaultSecurityGroup": true
  }
}'
```

### Response

**202 Accepted**

```json
{
 "id": "15f67991-0f51-4efc-a8ad-ef1fb31a480c",
 "type": "datacenter",
 "href": "<RESOURCE-URI>",
 "metadata": {
  "etag": "45480eb3fbfc31f1d916c1eaa4abdcc3",
  "createdDate": "2015-12-04T14:34:09.809Z",
  "createdBy": "user@example.com",
  "createdByUserId": "user@example.com",
  "lastModifiedDate": "2015-12-04T14:34:09.809Z",
  "lastModifiedBy": "user@example.com",
  "lastModifiedByUserId": "63cef532-26fe-4a64-a4e0-de7c8a506c90",
  "state": "AVAILABLE"
 },
 "properties": {
  "name": "Production datacenter",
  "description": "My Production Datacenter",
  "location": "us/las",
  "version": 8,
  "features": [
   "SSD"
  ],
  "secAuthProtection": true,
  "cpuArchitecture": [
   {
    "cpuFamily": "INTEL_ICELAKE",
    "maxCores": 62,
    "maxRam": 245760,
    "vendor": "AuthenticAMD"
   }
  ],
  "ipv6CidrBlock": "2001:db8:b06d:8f00::/56",
  "defaultSecurityGroupId": "15f67991-0f51-4efc-a8ad-ef1fb31a480c"
 }
}
```

{% hint style="info" %}
**Note:** For CloudAPI, some resources are created asynchronously. You can check for the progress via the **Status URL** that is returned in the response header of the **POST** or **PUT** call.
{% endhint %}