:doc:`RDS <../../rds>` / Client / create_db_security_group

************************
create_db_security_group
************************



.. py:method:: RDS.Client.create_db_security_group(**kwargs)

  

  Creates a new DB security group. DB security groups control access to a DB instance.

   

  A DB security group controls access to EC2-Classic DB instances that are not in a VPC.

   

  .. note::

    

    EC2-Classic was retired on August 15, 2022. If you haven't migrated from EC2-Classic to a VPC, we recommend that you migrate as soon as possible. For more information, see `Migrate from EC2-Classic to a VPC <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html>`__ in the *Amazon EC2 User Guide*, the blog `EC2-Classic Networking is Retiring – Here’s How to Prepare <http://aws.amazon.com/blogs/aws/ec2-classic-is-retiring-heres-how-to-prepare/>`__, and `Moving a DB instance not in a VPC into a VPC <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.Non-VPC2VPC.html>`__ in the *Amazon RDS User Guide*.

    

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBSecurityGroup>`_  


  **Request Syntax**
  ::

    response = client.create_db_security_group(
        DBSecurityGroupName='string',
        DBSecurityGroupDescription='string',
        Tags=[
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    )
    
  :type DBSecurityGroupName: string
  :param DBSecurityGroupName: **[REQUIRED]** 

    The name for the DB security group. This value is stored as a lowercase string.

     

    Constraints:

     

    
    * Must be 1 to 255 letters, numbers, or hyphens.
     
    * First character must be a letter
     
    * Can't end with a hyphen or contain two consecutive hyphens
     
    * Must not be "Default"
    

     

    Example: ``mysecuritygroup``

    

  
  :type DBSecurityGroupDescription: string
  :param DBSecurityGroupDescription: **[REQUIRED]** 

    The description for the DB security group.

    

  
  :type Tags: list
  :param Tags: 

    Tags to assign to the DB security group.

    

  
    - *(dict) --* 

      Metadata assigned to an Amazon RDS resource consisting of a key-value pair.

       

      For more information, see `Tagging Amazon RDS resources <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html>`__ in the *Amazon RDS User Guide* or `Tagging Amazon Aurora and Amazon RDS resources <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html>`__ in the *Amazon Aurora User Guide*.

      

    
      - **Key** *(string) --* 

        A key is the required name of the tag. The string value can be from 1 to 128 Unicode characters in length and can't be prefixed with ``aws:`` or ``rds:``. The string can only contain only the set of Unicode letters, digits, white-space, '_', '.', ':', '/', '=', '+', '-', '@' (Java regex: "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$").

        

      
      - **Value** *(string) --* 

        A value is the optional value of the tag. The string value can be from 1 to 256 Unicode characters in length and can't be prefixed with ``aws:`` or ``rds:``. The string can only contain only the set of Unicode letters, digits, white-space, '_', '.', ':', '/', '=', '+', '-', '@' (Java regex: "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$").

        

      
    

  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'DBSecurityGroup': {
              'OwnerId': 'string',
              'DBSecurityGroupName': 'string',
              'DBSecurityGroupDescription': 'string',
              'VpcId': 'string',
              'EC2SecurityGroups': [
                  {
                      'Status': 'string',
                      'EC2SecurityGroupName': 'string',
                      'EC2SecurityGroupId': 'string',
                      'EC2SecurityGroupOwnerId': 'string'
                  },
              ],
              'IPRanges': [
                  {
                      'Status': 'string',
                      'CIDRIP': 'string'
                  },
              ],
              'DBSecurityGroupArn': 'string'
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **DBSecurityGroup** *(dict) --* 

        Contains the details for an Amazon RDS DB security group.

         

        This data type is used as a response element in the ``DescribeDBSecurityGroups`` action.

        
        

        - **OwnerId** *(string) --* 

          Provides the Amazon Web Services ID of the owner of a specific DB security group.

          
        

        - **DBSecurityGroupName** *(string) --* 

          Specifies the name of the DB security group.

          
        

        - **DBSecurityGroupDescription** *(string) --* 

          Provides the description of the DB security group.

          
        

        - **VpcId** *(string) --* 

          Provides the VpcId of the DB security group.

          
        

        - **EC2SecurityGroups** *(list) --* 

          Contains a list of ``EC2SecurityGroup`` elements.

          
          

          - *(dict) --* 

            This data type is used as a response element in the following actions:

             

            
            * ``AuthorizeDBSecurityGroupIngress``
             
            * ``DescribeDBSecurityGroups``
             
            * ``RevokeDBSecurityGroupIngress``
            

            
            

            - **Status** *(string) --* 

              Provides the status of the EC2 security group. Status can be "authorizing", "authorized", "revoking", and "revoked".

              
            

            - **EC2SecurityGroupName** *(string) --* 

              Specifies the name of the EC2 security group.

              
            

            - **EC2SecurityGroupId** *(string) --* 

              Specifies the id of the EC2 security group.

              
            

            - **EC2SecurityGroupOwnerId** *(string) --* 

              Specifies the Amazon Web Services ID of the owner of the EC2 security group specified in the ``EC2SecurityGroupName`` field.

              
        
      
        

        - **IPRanges** *(list) --* 

          Contains a list of ``IPRange`` elements.

          
          

          - *(dict) --* 

            This data type is used as a response element in the ``DescribeDBSecurityGroups`` action.

            
            

            - **Status** *(string) --* 

              The status of the IP range. Status can be "authorizing", "authorized", "revoking", and "revoked".

              
            

            - **CIDRIP** *(string) --* 

              The IP range.

              
        
      
        

        - **DBSecurityGroupArn** *(string) --* 

          The Amazon Resource Name (ARN) for the DB security group.

          
    
  
  **Exceptions**
  
  *   :py:class:`RDS.Client.exceptions.DBSecurityGroupQuotaExceededFault`

  
  *   :py:class:`RDS.Client.exceptions.DBSecurityGroupAlreadyExistsFault`

  
  *   :py:class:`RDS.Client.exceptions.DBSecurityGroupNotSupportedFault`

  

  **Examples**

  This example creates a DB security group.
  ::

    response = client.create_db_security_group(
        DBSecurityGroupDescription='My DB security group',
        DBSecurityGroupName='mydbsecuritygroup',
    )
    
    print(response)

  
  Expected Output:
  ::

    {
        'DBSecurityGroup': {
        },
        'ResponseMetadata': {
            '...': '...',
        },
    }

  