ec2-create-group

Description

Creates a new security group. You can create either an EC2 security group (which works only with EC2), or a VPC security group (which works only with Amazon Virtual Private Cloud). The two types of groups have different capabilities. For information about VPC security groups and how the two types of groups differ, go to Security Groups in the Amazon Virtual Private Cloud User Guide. For information about EC2 security groups, go to Using Security Groups in the Amazon Elastic Compute Cloud User Guide.

When you create a security group, you give it a friendly name of your choice. You can have an EC2 security group with the same name as a VPC security group (each group has a unique security group ID separate from the name). Two EC2 groups can't have the same name, and two VPC groups can't have the same name.

If you don't specify a security group when you launch an instance, the instance is launched into the default security group. This group (and only this group) includes a default rule that gives the instances in the group unrestricted network access to each other. You have a default EC2 security group for instances you launch with EC2 (i.e., outside a VPC), and a default VPC security group for instances you launch in your VPC.

You can add or remove rules from your security groups (i.e., authorize or revoke permissions) using ec2-authorize, and ec2-revoke commands.

For more information about EC2 security groups, go to Security Groups in the Amazon Elastic Compute Cloud User Guide.

	Important
For EC2 security groups: You can have up to 500 groups. For VPC security groups: You can have up to 50 groups per VPC.

Important

For EC2 security groups: You can have up to 500 groups.

For VPC security groups: You can have up to 50 groups per VPC.

The short version of this command is ec2addgrp.

Syntax

ec2-create-group group_name -d description [-c vpc_id]

Options

Name Description Required

Name	Description	Required
`group_name`	Name of the security group. Type: String Default: None Constraints: Accepts alphanumeric characters, spaces, dashes, and underscores. Example: websrv	Yes
`-d, --description` `description`	Description of the group. This is informational only. Type: String Default: None Constraints: Accepts alphanumeric characters, spaces, dashes, and underscores. Example: -d "Web servers"	Yes
`-c, --vpc` `vpc_id`	ID of the VPC. Type: String Default: None Condition: Required for VPC security groups Example: -c vpc-1a2b3c4d	Conditional

group_name

Name of the security group.

Type: String

Default: None

Constraints: Accepts alphanumeric characters, spaces, dashes, and underscores.

Example: websrv

Yes

-d, --description description

Description of the group. This is informational only.

Type: String

Default: None

Constraints: Accepts alphanumeric characters, spaces, dashes, and underscores.

Example: -d "Web servers"

Yes

-c, --vpc vpc_id

ID of the VPC.

Type: String

Default: None

Condition: Required for VPC security groups

Example: -c vpc-1a2b3c4d

Conditional

Common Options

Option	Description
`--region` `REGION`	Overrides the Region specified in the `EC2_URL` environment variable and the URL specified by the `-U` option. Default: The `EC2_URL` environment variable, or `us-east-1` if the environment variable is not set. Example: `--region eu-west-1`
`-U, --url` `URL`	`URL` is the uniform resource locator of the Amazon EC2 web service entry point. Default: The `EC2_URL` environment variable, or https://ec2.amazonaws.com if the environment variable is not set. Example: `-U https://ec2.amazonaws.com`
`-K, --private-key` `EC2-PRIVATE-KEY`	The private key to use when constructing requests to Amazon EC2. Default: The value of the `EC2_PRIVATE_KEY` environment variable. Example: `-K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem`
`-C, --cert` `EC2-CERT`	The X.509 certificate to use when constructing requests to Amazon EC2. Default: The value of the `EC2_CERT` environment variable. Example: `-C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem`
`--connection-timeout` `TIMEOUT`	Specifies a connection timeout (in seconds). Example: --connection-timeout 30
`--request-timeout` `TIMEOUT`	Specifies a request timeout (in seconds). Example: --request-timeout 45
`-v, --verbose`	Displays verbose output by showing the SOAP request and response on the command line. This is particularly useful if you are building tools to talk directly to our SOAP API.
`-H, --headers`	Displays column headers in the output.
`--show-empty-fields`	Shows empty columns as `(nil)`.
`--hide-tags`	Do not display tags for tagged resources.
`--debug`	Prints internal debugging information. This is useful to assist us when troubleshooting problems.
`-?, --help, -h`	Displays Help.
`-`	If `-` is specified as an argument to one of the parameters, a list of arguments is read from standard input. This is useful for piping the output of one command into the input of another. Example: `ec2-describe-instances \| grep stopped \| cut -f 2 \| ec2-start-instances -`

Output

The command returns a table that contains the following information:

"GROUP" identifier
AWS-assigned ID for the group
Group name
Group description

Amazon EC2 command line tools display errors on stderr.

Examples

Example Request

This example creates the websrv security group.

PROMPT> ec2-create-group websrv -d 'Web Servers'
GROUP  sg-4def22a5    websrv    Web Servers

Example Request

This example creates the MyVPCGroup security group in the VPC with ID vpc-3325caf2.

PROMPT> ec2-create-group MyVPCGroup -d 'Group in my VPC' -c vpc-3325caf2
GROUP  sg-0a42d66a    MyVPCGroup    Group in my VPC

Description

Syntax

Options

Common Options

Output

Examples

Example Request

Example Request

Related Operations