There are more AWS SDK examples available in the AWS Doc SDK Examples
Use CreateSecurityGroup with an AWS SDK or CLI
The following code examples show how to use CreateSecurityGroup.
Action examples are code excerpts from larger programs and must be run in context. You can see this action in context in the following code example:
- .NET
-
- AWS SDK for .NET
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. /// <summary> /// Create an Amazon EC2 security group. /// </summary> /// <param name="groupName">The name for the new security group.</param> /// <param name="groupDescription">A description of the new security group.</param> /// <returns>The group Id of the new security group.</returns> public async Task<string> CreateSecurityGroup(string groupName, string groupDescription) { var response = await _amazonEC2.CreateSecurityGroupAsync( new CreateSecurityGroupRequest(groupName, groupDescription)); return response.GroupId; }-
For API details, see CreateSecurityGroup in AWS SDK for .NET API Reference.
-
- Bash
-
- AWS CLI with Bash script
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. ############################################################################### # function ec2_create_security_group # # This function creates an Amazon Elastic Compute Cloud (Amazon EC2) security group. # # Parameters: # -n security_group_name - The name of the security group. # -d security_group_description - The description of the security group. # # Returns: # The ID of the created security group, or an error message if the operation fails. # And: # 0 - If successful. # 1 - If it fails. # ############################################################################### function ec2_create_security_group() { local security_group_name security_group_description response # Function to display usage information function usage() { echo "function ec2_create_security_group" echo "Creates an Amazon Elastic Compute Cloud (Amazon EC2) security group." echo " -n security_group_name - The name of the security group." echo " -d security_group_description - The description of the security group." echo "" } # Parse the command-line arguments while getopts "n:d:h" option; do case "${option}" in n) security_group_name="${OPTARG}" ;; d) security_group_description="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 # Validate the input parameters if [[ -z "$security_group_name" ]]; then errecho "ERROR: You must provide a security group name with the -n parameter." return 1 fi if [[ -z "$security_group_description" ]]; then errecho "ERROR: You must provide a security group description with the -d parameter." return 1 fi # Create the security group response=$(aws ec2 create-security-group \ --group-name "$security_group_name" \ --description "$security_group_description" \ --query "GroupId" \ --output text) || { aws_cli_error_log ${?} errecho "ERROR: AWS reports create-security-group operation failed." errecho "$response" return 1 } echo "$response" return 0 }The utility functions used in this example.
############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 }-
For API details, see CreateSecurityGroup in AWS CLI Command Reference.
-
- C++
-
- SDK for C++
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. //! Create a security group. /*! \param groupName: A security group name. \param description: A description. \param vpcID: A virtual private cloud (VPC) ID. \param[out] groupIDResult: A string to receive the group ID. \param clientConfiguration: AWS client configuration. \return bool: Function succeeded. */ bool AwsDoc::EC2::createSecurityGroup(const Aws::String &groupName, const Aws::String &description, const Aws::String &vpcID, Aws::String &groupIDResult, const Aws::Client::ClientConfiguration &clientConfiguration) { Aws::EC2::EC2Client ec2Client(clientConfiguration); Aws::EC2::Model::CreateSecurityGroupRequest request; request.SetGroupName(groupName); request.SetDescription(description); request.SetVpcId(vpcID); const Aws::EC2::Model::CreateSecurityGroupOutcome outcome = ec2Client.CreateSecurityGroup(request); if (!outcome.IsSuccess()) { std::cerr << "Failed to create security group:" << outcome.GetError().GetMessage() << std::endl; return false; } std::cout << "Successfully created security group named " << groupName << std::endl; groupIDResult = outcome.GetResult().GetGroupId(); return true; }-
For API details, see CreateSecurityGroup in AWS SDK for C++ API Reference.
-
- CLI
-
- AWS CLI
-
To create a security group for EC2-Classic
This example creates a security group named
MySecurityGroup.Command:
aws ec2 create-security-group --group-nameMySecurityGroup--description"My security group"Output:
{ "GroupId": "sg-903004f8" }To create a security group for EC2-VPC
This example creates a security group named
MySecurityGroupfor the specified VPC.Command:
aws ec2 create-security-group --group-nameMySecurityGroup--description"My security group"--vpc-idvpc-1a2b3c4dOutput:
{ "GroupId": "sg-903004f8" }For more information, see Using Security Groups in the AWS Command Line Interface User Guide.
-
For API details, see CreateSecurityGroup
in AWS CLI Command Reference.
-
- Java
-
- SDK for Java 2.x
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. /** * Creates a new security group asynchronously with the specified group name, description, and VPC ID. It also * authorizes inbound traffic on ports 80 and 22 from the specified IP address. * * @param groupName the name of the security group to create * @param groupDesc the description of the security group * @param vpcId the ID of the VPC in which to create the security group * @param myIpAddress the IP address from which to allow inbound traffic (e.g., "192.168.1.1/0" to allow traffic from * any IP address in the 192.168.1.0/24 subnet) * @return a CompletableFuture that, when completed, returns the ID of the created security group * @throws RuntimeException if there was a failure creating the security group or authorizing the inbound traffic */ public CompletableFuture<String> createSecurityGroupAsync(String groupName, String groupDesc, String vpcId, String myIpAddress) { CreateSecurityGroupRequest createRequest = CreateSecurityGroupRequest.builder() .groupName(groupName) .description(groupDesc) .vpcId(vpcId) .build(); return getAsyncClient().createSecurityGroup(createRequest) .thenCompose(createResponse -> { String groupId = createResponse.groupId(); IpRange ipRange = IpRange.builder() .cidrIp(myIpAddress + "/32") .build(); IpPermission ipPerm = IpPermission.builder() .ipProtocol("tcp") .toPort(80) .fromPort(80) .ipRanges(ipRange) .build(); IpPermission ipPerm2 = IpPermission.builder() .ipProtocol("tcp") .toPort(22) .fromPort(22) .ipRanges(ipRange) .build(); AuthorizeSecurityGroupIngressRequest authRequest = AuthorizeSecurityGroupIngressRequest.builder() .groupName(groupName) .ipPermissions(ipPerm, ipPerm2) .build(); return getAsyncClient().authorizeSecurityGroupIngress(authRequest) .thenApply(authResponse -> groupId); }) .whenComplete((result, exception) -> { if (exception != null) { if (exception instanceof CompletionException && exception.getCause() instanceof Ec2Exception) { throw (Ec2Exception) exception.getCause(); } else { throw new RuntimeException("Failed to create security group: " + exception.getMessage(), exception); } } }); }-
For API details, see CreateSecurityGroup in AWS SDK for Java 2.x API Reference.
-
- JavaScript
-
- SDK for JavaScript (v3)
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. import { CreateSecurityGroupCommand, EC2Client } from "@aws-sdk/client-ec2"; /** * Creates a security group. * @param {{ groupName: string, description: string }} options */ export const main = async ({ groupName, description }) => { const client = new EC2Client({}); const command = new CreateSecurityGroupCommand({ // Up to 255 characters in length. Cannot start with sg-. GroupName: groupName, // Up to 255 characters in length. Description: description, }); try { const { GroupId } = await client.send(command); console.log(GroupId); } catch (caught) { if (caught instanceof Error && caught.name === "InvalidParameterValue") { console.warn(`${caught.message}.`); } else { throw caught; } } };-
For API details, see CreateSecurityGroup in AWS SDK for JavaScript API Reference.
-
- Kotlin
-
- SDK for Kotlin
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. suspend fun createEC2SecurityGroup( groupNameVal: String?, groupDescVal: String?, vpcIdVal: String?, ): String? { val request = CreateSecurityGroupRequest { groupName = groupNameVal description = groupDescVal vpcId = vpcIdVal } Ec2Client { region = "us-west-2" }.use { ec2 -> val resp = ec2.createSecurityGroup(request) val ipRange = IpRange { cidrIp = "0.0.0.0/0" } val ipPerm = IpPermission { ipProtocol = "tcp" toPort = 80 fromPort = 80 ipRanges = listOf(ipRange) } val ipPerm2 = IpPermission { ipProtocol = "tcp" toPort = 22 fromPort = 22 ipRanges = listOf(ipRange) } val authRequest = AuthorizeSecurityGroupIngressRequest { groupName = groupNameVal ipPermissions = listOf(ipPerm, ipPerm2) } ec2.authorizeSecurityGroupIngress(authRequest) println("Successfully added ingress policy to Security Group $groupNameVal") return resp.groupId } }-
For API details, see CreateSecurityGroup
in AWS SDK for Kotlin API reference.
-
- PowerShell
-
- Tools for PowerShell
-
Example 1: This example creates a security group for the specified VPC.
New-EC2SecurityGroup -GroupName my-security-group -Description "my security group" -VpcId vpc-12345678Output:
sg-12345678Example 2: This example creates a security group for EC2-Classic.
New-EC2SecurityGroup -GroupName my-security-group -Description "my security group"Output:
sg-45678901-
For API details, see CreateSecurityGroup in AWS Tools for PowerShell Cmdlet Reference.
-
- Python
-
- SDK for Python (Boto3)
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. class SecurityGroupWrapper: """Encapsulates Amazon Elastic Compute Cloud (Amazon EC2) security group actions.""" def __init__(self, ec2_client: boto3.client, security_group: Optional[str] = None): """ Initializes the SecurityGroupWrapper with an EC2 client and an optional security group ID. :param ec2_client: A Boto3 Amazon EC2 client. This client provides low-level access to AWS EC2 services. :param security_group: The ID of a security group to manage. This is a high-level identifier that represents the security group. """ self.ec2_client = ec2_client self.security_group = security_group @classmethod def from_client(cls) -> "SecurityGroupWrapper": """ Creates a SecurityGroupWrapper instance with a default EC2 client. :return: An instance of SecurityGroupWrapper initialized with the default EC2 client. """ ec2_client = boto3.client("ec2") return cls(ec2_client) def create(self, group_name: str, group_description: str) -> str: """ Creates a security group in the default virtual private cloud (VPC) of the current account. :param group_name: The name of the security group to create. :param group_description: The description of the security group to create. :return: The ID of the newly created security group. :raise Handles AWS SDK service-level ClientError, with special handling for ResourceAlreadyExists """ try: response = self.ec2_client.create_security_group( GroupName=group_name, Description=group_description ) self.security_group = response["GroupId"] except ClientError as err: if err.response["Error"]["Code"] == "ResourceAlreadyExists": logger.error( f"Security group '{group_name}' already exists. Please choose a different name." ) raise else: return self.security_group-
For API details, see CreateSecurityGroup in AWS SDK for Python (Boto3) API Reference.
-
- Ruby
-
- SDK for Ruby
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. # This code example does the following: # 1. Creates an Amazon Elastic Compute Cloud (Amazon EC2) security group. # 2. Adds inbound rules to the security group. # 3. Displays information about available security groups. # 4. Deletes the security group. require 'aws-sdk-ec2' # Creates an Amazon Elastic Compute Cloud (Amazon EC2) security group. # # Prerequisites: # # - A VPC in Amazon Virtual Private Cloud (Amazon VPC). # # @param ec2_client [Aws::EC2::Client] An initialized # Amazon EC2 client. # @param group_name [String] A name for the security group. # @param description [String] A description for the security group. # @param vpc_id [String] The ID of the VPC for the security group. # @return [String] The ID of security group that was created. # @example # puts create_security_group( # Aws::EC2::Client.new(region: 'us-west-2'), # 'my-security-group', # 'This is my security group.', # 'vpc-6713dfEX' # ) def create_security_group(ec2_client, group_name, description, vpc_id) security_group = ec2_client.create_security_group( group_name: group_name, description: description, vpc_id: vpc_id ) puts "Created security group '#{group_name}' with ID " \ "'#{security_group.group_id}' in VPC with ID '#{vpc_id}'." security_group.group_id rescue StandardError => e puts "Error creating security group: #{e.message}" 'Error' end # Adds an inbound rule to an Amazon Elastic Compute Cloud (Amazon EC2) # security group. # # Prerequisites: # # - The security group. # # @param ec2_client [Aws::EC2::Client] An initialized Amazon EC2 client. # @param security_group_id [String] The ID of the security group. # @param ip_protocol [String] The network protocol for the inbound rule. # @param from_port [String] The originating port for the inbound rule. # @param to_port [String] The destination port for the inbound rule. # @param cidr_ip_range [String] The CIDR IP range for the inbound rule. # @return # @example # exit 1 unless security_group_ingress_authorized?( # Aws::EC2::Client.new(region: 'us-west-2'), # 'sg-030a858e078f1b9EX', # 'tcp', # '80', # '80', # '0.0.0.0/0' # ) def security_group_ingress_authorized?( ec2_client, security_group_id, ip_protocol, from_port, to_port, cidr_ip_range ) ec2_client.authorize_security_group_ingress( group_id: security_group_id, ip_permissions: [ { ip_protocol: ip_protocol, from_port: from_port, to_port: to_port, ip_ranges: [ { cidr_ip: cidr_ip_range } ] } ] ) puts "Added inbound rule to security group '#{security_group_id}' for protocol " \ "'#{ip_protocol}' from port '#{from_port}' to port '#{to_port}' " \ "with CIDR IP range '#{cidr_ip_range}'." true rescue StandardError => e puts "Error adding inbound rule to security group: #{e.message}" false end # Refactored method to simplify complexity for describing security group permissions def format_port_information(perm) from_port_str = perm.from_port == '-1' || perm.from_port == -1 ? 'All' : perm.from_port.to_s to_port_str = perm.to_port == '-1' || perm.to_port == -1 ? 'All' : perm.to_port.to_s { from_port: from_port_str, to_port: to_port_str } end # Displays information about a security group's IP permissions set in # Amazon Elastic Compute Cloud (Amazon EC2). def describe_security_group_permissions(perm) ports = format_port_information(perm) print " Protocol: #{perm.ip_protocol == '-1' ? 'All' : perm.ip_protocol}" print ", From: #{ports[:from_port]}, To: #{ports[:to_port]}" print ", CIDR IPv6: #{perm.ipv_6_ranges[0].cidr_ipv_6}" if perm.key?(:ipv_6_ranges) && perm.ipv_6_ranges.count.positive? print ", CIDR IPv4: #{perm.ip_ranges[0].cidr_ip}" if perm.key?(:ip_ranges) && perm.ip_ranges.count.positive? print "\n" end # Displays information about available security groups in # Amazon Elastic Compute Cloud (Amazon EC2). def describe_security_groups(ec2_client) response = ec2_client.describe_security_groups if response.security_groups.count.positive? response.security_groups.each do |sg| display_group_details(sg) end else puts 'No security groups found.' end rescue StandardError => e puts "Error getting information about security groups: #{e.message}" end # Helper method to display the details of security groups def display_group_details(sg) puts '-' * (sg.group_name.length + 13) puts "Name: #{sg.group_name}" puts "Description: #{sg.description}" puts "Group ID: #{sg.group_id}" puts "Owner ID: #{sg.owner_id}" puts "VPC ID: #{sg.vpc_id}" display_group_tags(sg.tags) if sg.tags.count.positive? display_group_permissions(sg) end def display_group_tags(tags) puts 'Tags:' tags.each do |tag| puts " Key: #{tag.key}, Value: #{tag.value}" end end def display_group_permissions(sg) if sg.ip_permissions.count.positive? puts 'Inbound rules:' sg.ip_permissions.each do |p| describe_security_group_permissions(p) end end return if sg.ip_permissions_egress.empty? puts 'Outbound rules:' sg.ip_permissions_egress.each do |p| describe_security_group_permissions(p) end end # Deletes an Amazon Elastic Compute Cloud (Amazon EC2) # security group. def security_group_deleted?(ec2_client, security_group_id) ec2_client.delete_security_group(group_id: security_group_id) puts "Deleted security group '#{security_group_id}'." true rescue StandardError => e puts "Error deleting security group: #{e.message}" false end # Example usage with refactored run_me to reduce complexity def run_me group_name, description, vpc_id, ip_protocol_http, from_port_http, to_port_http, \ cidr_ip_range_http, ip_protocol_ssh, from_port_ssh, to_port_ssh, \ cidr_ip_range_ssh, region = process_arguments ec2_client = Aws::EC2::Client.new(region: region) security_group_id = attempt_create_security_group(ec2_client, group_name, description, vpc_id) security_group_exists = security_group_id != 'Error' if security_group_exists add_inbound_rules(ec2_client, security_group_id, ip_protocol_http, from_port_http, to_port_http, cidr_ip_range_http) add_inbound_rules(ec2_client, security_group_id, ip_protocol_ssh, from_port_ssh, to_port_ssh, cidr_ip_range_ssh) end describe_security_groups(ec2_client) attempt_delete_security_group(ec2_client, security_group_id) if security_group_exists end def process_arguments if ARGV[0] == '--help' || ARGV[0] == '-h' display_help exit 1 elsif ARGV.count.zero? default_values else ARGV end end def attempt_create_security_group(ec2_client, group_name, description, vpc_id) puts 'Attempting to create security group...' security_group_id = create_security_group(ec2_client, group_name, description, vpc_id) puts 'Could not create security group. Skipping this step.' if security_group_id == 'Error' security_group_id end def add_inbound_rules(ec2_client, security_group_id, ip_protocol, from_port, to_port, cidr_ip_range) puts 'Attempting to add inbound rules to security group...' return if security_group_ingress_authorized?(ec2_client, security_group_id, ip_protocol, from_port, to_port, cidr_ip_range) puts 'Could not add inbound rule to security group. Skipping this step.' end def attempt_delete_security_group(ec2_client, security_group_id) puts "\nAttempting to delete security group..." return if security_group_deleted?(ec2_client, security_group_id) puts 'Could not delete security group. You must delete it yourself.' end def display_help puts 'Usage: ruby ec2-ruby-example-security-group.rb ' \ 'GROUP_NAME DESCRIPTION VPC_ID IP_PROTOCOL_1 FROM_PORT_1 TO_PORT_1 ' \ 'CIDR_IP_RANGE_1 IP_PROTOCOL_2 FROM_PORT_2 TO_PORT_2 ' \ 'CIDR_IP_RANGE_2 REGION' puts 'Example: ruby ec2-ruby-example-security-group.rb ' \ "my-security-group 'This is my security group.' vpc-6713dfEX " \ "tcp 80 80 '0.0.0.0/0' tcp 22 22 '0.0.0.0/0' us-west-2" end def default_values [ 'my-security-group', 'This is my security group.', 'vpc-6713dfEX', 'tcp', '80', '80', '0.0.0.0/0', 'tcp', '22', '22', '0.0.0.0/0', 'us-west-2' ] end run_me if $PROGRAM_NAME == __FILE__-
For API details, see CreateSecurityGroup in AWS SDK for Ruby API Reference.
-
- Rust
-
- SDK for Rust
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. pub async fn create_security_group( &self, name: &str, description: &str, ) -> Result<SecurityGroup, EC2Error> { tracing::info!("Creating security group {name}"); let create_output = self .client .create_security_group() .group_name(name) .description(description) .send() .await .map_err(EC2Error::from)?; let group_id = create_output .group_id .ok_or_else(|| EC2Error::new("Missing security group id after creation"))?; let group = self .describe_security_group(&group_id) .await? .ok_or_else(|| { EC2Error::new(format!("Could not find security group with id {group_id}")) })?; tracing::info!("Created security group {name} as {group_id}"); Ok(group) }-
For API details, see CreateSecurityGroup
in AWS SDK for Rust API reference.
-
- SAP ABAP
-
- SDK for SAP ABAP
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. TRY. oo_result = lo_ec2->createsecuritygroup( " oo_result is returned for testing purposes. " iv_description = 'Security group example' iv_groupname = iv_security_group_name iv_vpcid = iv_vpc_id ). MESSAGE 'Security group created.' TYPE 'I'. CATCH /aws1/cx_rt_service_generic INTO DATA(lo_exception). DATA(lv_error) = |"{ lo_exception->av_err_code }" - { lo_exception->av_err_msg }|. MESSAGE lv_error TYPE 'E'. ENDTRY.-
For API details, see CreateSecurityGroup in AWS SDK for SAP ABAP API reference.
-
CreateRouteTable
CreateSnapshot