Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account
Create a security group to support EFA communications - AWS PCS

Create a security group to support EFA communications

PDFRSS
AWS CLI

You can use the following AWS CLI command to create a security group that supports EFA. The command outputs a security group ID. Make the following replacements:

  • region-code – Specify the AWS Region where you use AWS PCS, such as us-east-1.

  • vpc-id – Specify the ID of the VPC that you use for AWS PCS.

  • efa-group-name – Provide your chosen name for the security group.

aws ec2 create-security-group \
    --group-name efa-group-name \
    --description "Security group to enable EFA traffic" \
    --vpc-id vpc-id \
    --region region-code

Use the following commands to attach inbound and outbound security group rules. Make the following replacement:

  • efa-secgroup-id – Provide the ID of the EFA security group you just created. 

aws ec2 authorize-security-group-ingress \
    --group-id efa-secgroup-id \
    --protocol -1 \
    --source-group efa-secgroup-id
    
aws ec2 authorize-security-group-egress \
    --group-id efa-secgroup-id \
    --protocol -1 \
    --source-group efa-secgroup-id
CloudFormation template

You can use a CloudFormation template to create a security group that supports EFA. Download the template from the following URL, then upload it into the AWS CloudFormation console. 

https://aws-hpc-recipes.s3.amazonaws.com/main/recipes/pcs/enable_efa/assets/efa-sg.yaml

With the template open in the AWS CloudFormation console, enter the following options.

  • Under Provide a stack name

    • Under Stack name, enter a name such as efa-sg-stack.

  • Under Parameters

    • Under SecurityGroupName, enter a name such as efa-sg.

    • Under VPC, select the VPC where you will use AWS PCS.

Finish creating the CloudFormation stack and monitor its status. When it reaches CREATE_COMPLETE the EFA security group is ready for use.

anchoranchor

You can use the following AWS CLI command to create a security group that supports EFA. The command outputs a security group ID. Make the following replacements:

  • region-code – Specify the AWS Region where you use AWS PCS, such as us-east-1.

  • vpc-id – Specify the ID of the VPC that you use for AWS PCS.

  • efa-group-name – Provide your chosen name for the security group.

aws ec2 create-security-group \
    --group-name efa-group-name \
    --description "Security group to enable EFA traffic" \
    --vpc-id vpc-id \
    --region region-code

Use the following commands to attach inbound and outbound security group rules. Make the following replacement:

  • efa-secgroup-id – Provide the ID of the EFA security group you just created. 

aws ec2 authorize-security-group-ingress \
    --group-id efa-secgroup-id \
    --protocol -1 \
    --source-group efa-secgroup-id
    
aws ec2 authorize-security-group-egress \
    --group-id efa-secgroup-id \
    --protocol -1 \
    --source-group efa-secgroup-id

Need help?

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.