Create a security group View your security groups Tag your security groups Delete a security group

Work with security groups

The following tasks show you how to work with security groups.

Tasks

Create a security group
View your security groups
Tag your security groups
Delete a security group

Required permissions

Before you begin, ensure that you have the required permissions.

The rules of a security group control the inbound traffic that's allowed to reach the resources that are associated with the security group. For more information about security group rules, see Security group rules .

Create a security group

By default, new security groups start with only an outbound rule that allows all traffic to leave the resource. You must add rules to enable any inbound traffic or to restrict the outbound traffic.

To create a security group using the console

Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, choose Security groups.
Choose Create security group.
Enter a name and description for the security group. You cannot change the name and description of a security group after it is created.
From VPC, choose a VPC. The security group can be used only in the VPC for which it is created.
You can add security group rules now, or you can add them later. For more information, see Add rules to a security group.
You can add tags now, or you can add them later. To add a tag, choose Add new tag and enter the tag key and value.
Choose Create security group.

After you create a security group, you may want to do one of the following:

Assign the security group to an EC2 instance when you launch the instance or change the security group currently assigned to an instance. For more information, see Launch an instance or Change security groups in the Amazon EC2 User Guide.
Add security group rules. The rules of a security group control the inbound traffic that's allowed to reach the resources that are associated with the security group. For more information about security group rules, see Work with security group rules.

To create a security group using the AWS CLI

Use the create-security-group command.

View your security groups

You can view information about your security groups as follows.

To view your security groups using the console

Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, choose Security groups.
Your security groups are listed. To view the details for a specific security group, including its inbound and outbound rules, select the security group. For more information about updating security group rules, see Update security group rules.

To view all of your security groups across Regions

Open the Amazon EC2 Global View console at https://console.aws.amazon.com/ec2globalview/home. For more information, see List and filter resources using the Amazon EC2 Global View in the Amazon EC2 User Guide.

To view your security groups using the AWS CLI

Use the describe-security-groups and describe-security-group-rules command.

Tag your security groups

Add tags to your resources to help organize and identify them, such as by purpose, owner, or environment. You can add tags to your security groups. Tag keys must be unique for each security group. If you add a tag with a key that is already associated with the rule, it updates the value of that tag.

To tag a security group using the console

Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, choose Security groups.
Select the check box for the security group.
Choose Actions, Manage tags. The Manage tags page displays any tags that are assigned to the security group.
To add a tag, choose Add new tag and enter the tag key and tag value. To delete a tag, choose Remove next to the tag to delete.
Choose Save changes.

To tag a security group using the AWS CLI

Use the create-tags command.

Delete a security group

You can delete a security group only if it is not associated with any resources. You can't delete a default security group.

If you're using the console, you can delete more than one security group at a time. If you're using the command line or the API, you can delete only one security group at a time.

To delete a security group using the console

Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, choose Security groups.
Select the security group and choose Actions, Delete security groups.
When prompted for confirmation, choose Delete.

To delete a security group using the AWS CLI

Use the delete-security-group command.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Default security groups

Manage security groups using Firewall Manager