:doc:`ServiceResource <index>` / Action / create_security_group

*********************
create_security_group
*********************



.. py:method:: EC2.ServiceResource.create_security_group(**kwargs)

  

  Creates a security group.

   

  A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. For more information, see `Amazon EC2 security groups <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html>`__ in the *Amazon EC2 User Guide* and `Security groups for your VPC <https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html>`__ in the *Amazon VPC User Guide*.

   

  When you create a security group, you specify a friendly name of your choice. You can't have two security groups for the same VPC with the same name.

   

  You have a default security group for use in your VPC. If you don't specify a security group when you launch an instance, the instance is launched into the appropriate default security group. A default security group includes a default rule that grants instances unrestricted network access to each other.

   

  You can add or remove rules from your security groups using  AuthorizeSecurityGroupIngress,  AuthorizeSecurityGroupEgress,  RevokeSecurityGroupIngress, and  RevokeSecurityGroupEgress.

   

  For more information about VPC security group limits, see `Amazon VPC Limits <https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html>`__.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateSecurityGroup>`_  


  **Request Syntax**
  ::

    security_group = ec2.create_security_group(
        Description='string',
        GroupName='string',
        VpcId='string',
        TagSpecifications=[
            {
                'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'declarative-policies-report'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'image-usage-report'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'outpost-lag'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'service-link-virtual-interface'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-metering-policy'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'vpc-encryption-control'|'route-server'|'route-server-endpoint'|'route-server-peer'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint'|'verified-access-endpoint-target'|'ipam-external-resource-verification-token'|'capacity-block'|'mac-modification-task'|'ipam-prefix-list-resolver'|'ipam-policy'|'ipam-prefix-list-resolver-target'|'secondary-interface'|'secondary-network'|'secondary-subnet'|'capacity-manager-data-export'|'vpn-concentrator',
                'Tags': [
                    {
                        'Key': 'string',
                        'Value': 'string'
                    },
                ]
            },
        ],
        DryRun=True|False
    )
    
  :type Description: string
  :param Description: **[REQUIRED]** 

    A description for the security group.

     

    Constraints: Up to 255 characters in length

     

    Valid characters: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*

    

  
  :type GroupName: string
  :param GroupName: **[REQUIRED]** 

    The name of the security group. Names are case-insensitive and must be unique within the VPC.

     

    Constraints: Up to 255 characters in length. Can't start with ``sg-``.

     

    Valid characters: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*

    

  
  :type VpcId: string
  :param VpcId: 

    The ID of the VPC. Required for a nondefault VPC.

    

  
  :type TagSpecifications: list
  :param TagSpecifications: 

    The tags to assign to the security group.

    

  
    - *(dict) --* 

      The tags to apply to a resource when the resource is being created. When you specify a tag, you must specify the resource type to tag, otherwise the request will fail.

       

      .. note::

        

        The ``Valid Values`` lists all the resource types that can be tagged. However, the action you're using might not support tagging all of these resource types. If you try to tag a resource type that is unsupported for the action you're using, you'll get an error.

        

      

    
      - **ResourceType** *(string) --* 

        The type of resource to tag on creation.

        

      
      - **Tags** *(list) --* 

        The tags to apply to the resource.

        

      
        - *(dict) --* 

          Describes a tag.

          

        
          - **Key** *(string) --* 

            The key of the tag.

             

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with ``aws:``.

            

          
          - **Value** *(string) --* 

            The value of the tag.

             

            Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

            

          
        
    
    

  :type DryRun: boolean
  :param DryRun: 

    Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is ``DryRunOperation``. Otherwise, it is ``UnauthorizedOperation``.

    

  
  
  :rtype: :py:class:`ec2.SecurityGroup`
  :returns: SecurityGroup resource
  