AWS::EC2::SecurityGroup

EC2 SecurityGroup

Resource Type definition for AWS::EC2::SecurityGroup

Properties

6 configurable properties. 1 required. Click a row to see details.

Filter:

Property	Type	Flags
`GroupDescription`	`string`	RequiredCreate-only
`GroupName`	`string`	Create-only
`SecurityGroupEgress`	`Array<Egress>`
`SecurityGroupIngress`	`Array<Ingress>`
`Tags`	`Array<Tag>`
`VpcId`	`string`	Create-only

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

Attribute	Type	Description
`GroupId`	`string`	The group ID of the specified security group.
`Id`	`string`	The group name or group ID depending on whether the SG is created in default or specific VPC

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::EC2::SecurityGroup

Resources:
  MyResource:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: "value"
      Tags:
        - Key: Environment
          Value: Production

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

read

ec2:DescribeSecurityGroups

create

ec2:CreateSecurityGroupec2:DescribeSecurityGroupsec2:RevokeSecurityGroupEgressec2:AuthorizeSecurityGroupEgressec2:AuthorizeSecurityGroupIngressec2:CreateTags

update

ec2:RevokeSecurityGroupEgressec2:RevokeSecurityGroupIngressec2:DescribeSecurityGroupsec2:AuthorizeSecurityGroupEgressec2:AuthorizeSecurityGroupIngressec2:UpdateSecurityGroupRuleDescriptionsIngressec2:UpdateSecurityGroupRuleDescriptionsEgressec2:CreateTags

list

ec2:DescribeSecurityGroups

delete

ec2:DescribeSecurityGroupsec2:DeleteSecurityGroupec2:DescribeInstances

Get the EC2 Cheat Sheet

Everything you need to know about EC2 on one page. HD quality, print-friendly.

Download Free Infographic

Quick Facts

ServiceEC2

Properties8

Required1

TaggingSupported

Primary IDId

Supported Operations

ReadCreateUpdateListDelete

Immutable After Creation

These properties cannot be changed after the resource is created. Updating them triggers a replacement.

GroupDescriptionGroupNameVpcId

Related Resources

External Links

AWS Documentation