Amazon Relational Database Service
Command Line Interface Reference (API Version 2014-10-31)


The Amazon RDS Command Line Interface (RDS CLI) has been deprecated. Instead, use the AWS CLI for RDS. To learn how to download and use the AWS CLI, see AWS Command Line Interface User Guide. For RDS commands available in the AWS CLI, see AWS CLI Reference for Amazon RDS.

The AWS CLI does not currently support the DownloadCompleteDBLogFile REST API action. To download an entire log file at once, rather than in parts using the download-db-log-file-portion command, use the last published RDS CLI and the rds-download-db-logfile command.


Creates a new DB security group.


rds-create-db-security-group db-security-group-name

-d (--db-security-group-description) value

-v (--ec2-vpc-id)value

[-tk (--tag-key) value ]

[-tv (--tag-value) value ]

[General Options]


Name Description Required

--db-security-group-name value

-n value

The name for the DB security group. This value is store as a lowercase string.

This parameter is the default parameter and can be passed as the first value in the command and without a parameter name, for example: rds-create-db-security-group my-db-security-group-name.

Type: String

Default: None

Constraints: Must contain visible characters only; cannot contain spaces. Must contain no more than 255 alphanumeric characters or hyphens. Must not begin with a number, and cannot be named "default."

Example: --db-security-group-name mysecuritygroup


-d value

--db-security-group-description value

The description for the database security group.

Type: String

Default: None

Constraints: Must not exceed 255 characters.

Example: -d "This is my DB Security group"




The name of a tag to add for the new DB security group.




The value of the tag to add for the new DB security group.



The command returns the following information:


Output values list the possible values returned by CLI commands. Not all values are returned for every call to a command. If a value is null or empty, it will not be included in the command output. For example, CLI commands to create or restore a DB instance will not return the Endpoint Address value because that value is null until the DB instance has finished being created or restored.

  • Name—DB security group name

  • Description—DB security group description

  • VpcId—Identifier of the VPC to which this DB security group belongs

  • EC2 Group Name—EC2 security group name

  • EC2 Owner ID—EC2 security group owner

  • Status—Status of authorization. Valid values: authorizing | authorized | revoking

  • IP Range—CIDR range for the security group


Create a Database Security Group

This example creates a new database security group.

PROMPT> rds-create-db-security-group --db-security-group-name mygroup --db-security-group-description "My Security Group"