| Did this page help you? Yes No Tell us about it... |
Creates a new security group. You can create either an EC2 security group (which works only with EC2), or a VPC security group (which works only with Amazon Virtual Private Cloud). The two types of groups have different capabilities. For information about VPC security groups and how the two types of groups differ, go to Security Groups in the Amazon Virtual Private Cloud User Guide. For information about EC2 security groups, go to Using Security Groups in the Amazon Elastic Compute Cloud User Guide.
When you create a security group, you give it a friendly name of your choice. You can have an EC2 security group with the same name as a VPC security group (each group has a unique security group ID separate from the name). Two EC2 groups can't have the same name, and two VPC groups can't have the same name.
If you don't specify a security group when you launch an instance, the instance is launched into the default security group. This group (and only this group) includes a default rule that gives the instances in the group unrestricted network access to each other. You have a default EC2 security group for instances you launch with EC2 (i.e., outside a VPC), and a default VPC security group for instances you launch in your VPC.
You can add or remove rules from your security groups (i.e., authorize or revoke permissions) using
ec2-authorize, and ec2-revoke commands.
For more information about EC2 security groups, go to Security Groups in the Amazon Elastic Compute Cloud User Guide.
![]() | Important |
|---|---|
For EC2 security groups: You can have up to 500 groups. For VPC security groups: You can have up to 50 groups per VPC. |
The short version of this command is ec2addgrp.
ec2-create-group
group_name -d description [-c vpc_id]
| Name | Description | Required |
|---|---|---|
|
|
Name of the security group. Type: String Default: None Constraints: Accepts alphanumeric characters, spaces, dashes, and underscores. Example: websrv |
Yes |
|
|
Description of the group. This is informational only. Type: String Default: None Constraints: Accepts alphanumeric characters, spaces, dashes, and underscores. Example: -d "Web servers" |
Yes |
|
|
ID of the VPC. Type: String Default: None Condition: Required for VPC security groups Example: -c vpc-1a2b3c4d |
Conditional |
| Option | Description |
|---|---|
|
|
Overrides the Region specified in the Default: The Example: |
|
|
Default: The Example: |
|
|
The private key to use when constructing requests to Amazon EC2. Default: The value of the Example: |
|
|
The X.509 certificate to use when constructing requests to Amazon EC2. Default: The value of the Example: |
|
|
Specifies a connection timeout (in seconds). Example: --connection-timeout 30 |
|
|
Specifies a request timeout (in seconds). Example: --request-timeout 45 |
|
|
Displays verbose output by showing the SOAP request and response on the command line. This is particularly useful if you are building tools to talk directly to our SOAP API. |
|
|
Displays column headers in the output. |
|
|
Shows empty columns as |
|
|
Do not display tags for tagged resources. |
|
|
Prints internal debugging information. This is useful to assist us when troubleshooting problems. |
|
|
Displays Help. |
|
|
If Example: |
The command returns a table that contains the following information:
"GROUP" identifier
AWS-assigned ID for the group
Group name
Group description
Amazon EC2 command line tools display errors on stderr.
This example creates the websrv security group.
PROMPT>ec2-create-group websrv -d 'Web Servers'GROUP sg-4def22a5 websrv Web Servers
This example creates the MyVPCGroup security group in the VPC with ID vpc-3325caf2.
PROMPT>ec2-create-group MyVPCGroup -d 'Group in my VPC' -c vpc-3325caf2GROUP sg-0a42d66a MyVPCGroup Group in my VPC