AWS CloudFormation
User Guide (Version )


Specifies a new Amazon Redshift security group. You use security groups to control access to non-VPC clusters.

For information about managing security groups, go to Amazon Redshift Cluster Security Groups in the Amazon Redshift Cluster Management Guide.


To declare this entity in your AWS CloudFormation template, use the following syntax:


{ "Type" : "AWS::Redshift::ClusterSecurityGroup", "Properties" : { "Description" : String, "Tags" : [ Tag, ... ] } }


Type: AWS::Redshift::ClusterSecurityGroup Properties: Description: String Tags: - Tag



A description for the security group.

Required: Yes

Type: String

Update requires: Replacement


Specifies an arbitrary set of tags (key–value pairs) to associate with this security group. Use tags to manage your resources.

Required: No

Type: List of Tag

Update requires: No interruption

Return Values


When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the resource name. For example:

{ "Ref": "myClusterSecurityGroup" }

For the Amazon Redshift cluster security group myClusterSecurityGroup, Ref returns the name of the cluster security group.

For more information about using the Ref function, see Ref.


Specify a Cluster Security Group

The following example describes an Amazon Redshift cluster security group that you can associate cluster security group ingress rules with.


"myClusterSecurityGroup": { "Type": "AWS::Redshift::ClusterSecurityGroup", "Properties": { "Description": "Security group to determine where connections to the Amazon Redshift cluster can come from", "Tags": [ { "Key": "foo", "Value": "bar" } ] } }


myClusterSecurityGroup: Type: "AWS::Redshift::ClusterSecurityGroup" Properties: Description: "Security group to determine where connections to the Amazon Redshift cluster can come from" Tags: - Key: foo Value: bar