AWS Cloud Control v1.27.0, Apr 14 25

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.27.0 published on Monday, Apr 14, 2025 by Pulumi

aws-native.ec2.getSecurityGroup

Explore with Pulumi AI

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.27.0 published on Monday, Apr 14, 2025 by Pulumi

Using getSecurityGroup

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

TypeScript
Python
Go
C#
Java
YAML

function getSecurityGroup(args: GetSecurityGroupArgs, opts?: InvokeOptions): Promise<GetSecurityGroupResult>
function getSecurityGroupOutput(args: GetSecurityGroupOutputArgs, opts?: InvokeOptions): Output<GetSecurityGroupResult>

def get_security_group(id: Optional[str] = None,
                       opts: Optional[InvokeOptions] = None) -> GetSecurityGroupResult
def get_security_group_output(id: Optional[pulumi.Input[str]] = None,
                       opts: Optional[InvokeOptions] = None) -> Output[GetSecurityGroupResult]

func LookupSecurityGroup(ctx *Context, args *LookupSecurityGroupArgs, opts ...InvokeOption) (*LookupSecurityGroupResult, error)
func LookupSecurityGroupOutput(ctx *Context, args *LookupSecurityGroupOutputArgs, opts ...InvokeOption) LookupSecurityGroupResultOutput

> Note: This function is named LookupSecurityGroup in the Go SDK.

public static class GetSecurityGroup 
{
    public static Task<GetSecurityGroupResult> InvokeAsync(GetSecurityGroupArgs args, InvokeOptions? opts = null)
    public static Output<GetSecurityGroupResult> Invoke(GetSecurityGroupInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetSecurityGroupResult> getSecurityGroup(GetSecurityGroupArgs args, InvokeOptions options)
public static Output<GetSecurityGroupResult> getSecurityGroup(GetSecurityGroupArgs args, InvokeOptions options)

fn::invoke:
  function: aws-native:ec2:getSecurityGroup
  arguments:
    # arguments dictionary

The following arguments are supported:

Id string: The group name or group ID depending on whether the SG is created in default or specific VPC

Id string: The group name or group ID depending on whether the SG is created in default or specific VPC

id String: The group name or group ID depending on whether the SG is created in default or specific VPC

id string: The group name or group ID depending on whether the SG is created in default or specific VPC

id str: The group name or group ID depending on whether the SG is created in default or specific VPC

id String: The group name or group ID depending on whether the SG is created in default or specific VPC

getSecurityGroup Result

The following output properties are available:

GroupId string: The group ID of the specified security group.
Id string: The group name or group ID depending on whether the SG is created in default or specific VPC
SecurityGroupEgress List<Pulumi.AwsNative.Ec2.Outputs.SecurityGroupEgress>: [VPC only] The outbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
SecurityGroupIngress List<Pulumi.AwsNative.Ec2.Outputs.SecurityGroupIngress>: The inbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
Tags List<Pulumi.AwsNative.Outputs.Tag>: Any tags assigned to the security group.

GroupId string: The group ID of the specified security group.
Id string: The group name or group ID depending on whether the SG is created in default or specific VPC
SecurityGroupEgress []SecurityGroupEgressType: [VPC only] The outbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
SecurityGroupIngress []SecurityGroupIngressType: The inbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
Tags Tag: Any tags assigned to the security group.

groupId String: The group ID of the specified security group.
id String: The group name or group ID depending on whether the SG is created in default or specific VPC
securityGroupEgress List<SecurityGroupEgress>: [VPC only] The outbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
securityGroupIngress List<SecurityGroupIngress>: The inbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
tags List<Tag>: Any tags assigned to the security group.

groupId string: The group ID of the specified security group.
id string: The group name or group ID depending on whether the SG is created in default or specific VPC
securityGroupEgress SecurityGroupEgress[]: [VPC only] The outbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
securityGroupIngress SecurityGroupIngress[]: The inbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
tags Tag[]: Any tags assigned to the security group.

group_id str: The group ID of the specified security group.
id str: The group name or group ID depending on whether the SG is created in default or specific VPC
security_group_egress Sequence[SecurityGroupEgress]: [VPC only] The outbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
security_group_ingress Sequence[SecurityGroupIngress]: The inbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
tags Sequence[root_Tag]: Any tags assigned to the security group.

groupId String: The group ID of the specified security group.
id String: The group name or group ID depending on whether the SG is created in default or specific VPC
securityGroupEgress List<Property Map>: [VPC only] The outbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
securityGroupIngress List<Property Map>: The inbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
tags List<Property Map>: Any tags assigned to the security group.

Supporting Types

SecurityGroupEgress

IpProtocol string

The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

CidrIp string

The IPv4 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

CidrIpv6 string

The IPv6 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

Description string

A description for the security group rule.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

DestinationPrefixListId string

The prefix list IDs for the destination AWS service. This is the AWS service that you want to access through a VPC endpoint from instances associated with the security group.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

DestinationSecurityGroupId string

The ID of the destination VPC security group.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

FromPort int

If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).

ToPort int

If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).

IpProtocol string

The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

CidrIp string

The IPv4 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

CidrIpv6 string

The IPv6 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

Description string

A description for the security group rule.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

DestinationPrefixListId string

The prefix list IDs for the destination AWS service. This is the AWS service that you want to access through a VPC endpoint from instances associated with the security group.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

DestinationSecurityGroupId string

The ID of the destination VPC security group.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

FromPort int

If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).

ToPort int

ipProtocol String

The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

cidrIp String

The IPv4 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

cidrIpv6 String

The IPv6 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

description String

A description for the security group rule.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

destinationPrefixListId String

The prefix list IDs for the destination AWS service. This is the AWS service that you want to access through a VPC endpoint from instances associated with the security group.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

destinationSecurityGroupId String

The ID of the destination VPC security group.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

fromPort Integer

If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).

toPort Integer

ipProtocol string

The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

cidrIp string

The IPv4 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

cidrIpv6 string

The IPv6 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

description string

A description for the security group rule.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

destinationPrefixListId string

The prefix list IDs for the destination AWS service. This is the AWS service that you want to access through a VPC endpoint from instances associated with the security group.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

destinationSecurityGroupId string

The ID of the destination VPC security group.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

fromPort number

If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).

toPort number

ip_protocol str

The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

cidr_ip str

The IPv4 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

cidr_ipv6 str

The IPv6 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

description str

A description for the security group rule.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

destination_prefix_list_id str

The prefix list IDs for the destination AWS service. This is the AWS service that you want to access through a VPC endpoint from instances associated with the security group.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

destination_security_group_id str

The ID of the destination VPC security group.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

from_port int

If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).

to_port int

ipProtocol String

The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

cidrIp String

The IPv4 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

cidrIpv6 String

The IPv6 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

description String

A description for the security group rule.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

destinationPrefixListId String

The prefix list IDs for the destination AWS service. This is the AWS service that you want to access through a VPC endpoint from instances associated with the security group.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

destinationSecurityGroupId String

The ID of the destination VPC security group.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

fromPort Number

If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).

toPort Number

SecurityGroupIngress

IpProtocol string

The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

CidrIp string

The IPv4 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

CidrIpv6 string

The IPv6 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

Description string

Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

FromPort int

If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).

SourcePrefixListId string

The ID of a prefix list.

SourceSecurityGroupId string

The ID of the security group.

SourceSecurityGroupName string

[Default VPC] The name of the source security group. You must specify either the security group ID or the security group name. You can't specify the group name in combination with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.

For security groups in a nondefault VPC, you must specify the group ID.

SourceSecurityGroupOwnerId string

[nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account. You can't specify this property with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.

If you specify SourceSecurityGroupName or SourceSecurityGroupId and that security group is owned by a different account than the account creating the stack, you must specify the SourceSecurityGroupOwnerId ; otherwise, this property is optional.

ToPort int

IpProtocol string

The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

CidrIp string

The IPv4 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

CidrIpv6 string

The IPv6 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

Description string

Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

FromPort int

If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).

SourcePrefixListId string

The ID of a prefix list.

SourceSecurityGroupId string

The ID of the security group.

SourceSecurityGroupName string

For security groups in a nondefault VPC, you must specify the group ID.

SourceSecurityGroupOwnerId string

ToPort int

ipProtocol String

The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

cidrIp String

The IPv4 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

cidrIpv6 String

The IPv6 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

description String

Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

fromPort Integer

If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).

sourcePrefixListId String

The ID of a prefix list.

sourceSecurityGroupId String

The ID of the security group.

sourceSecurityGroupName String

For security groups in a nondefault VPC, you must specify the group ID.

sourceSecurityGroupOwnerId String

toPort Integer

ipProtocol string

The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

cidrIp string

The IPv4 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

cidrIpv6 string

The IPv6 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

description string

Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

fromPort number

If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).

sourcePrefixListId string

The ID of a prefix list.

sourceSecurityGroupId string

The ID of the security group.

sourceSecurityGroupName string

For security groups in a nondefault VPC, you must specify the group ID.

sourceSecurityGroupOwnerId string

toPort number

ip_protocol str

The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

cidr_ip str

The IPv4 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

cidr_ipv6 str

The IPv6 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

description str

Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

from_port int

If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).

source_prefix_list_id str

The ID of a prefix list.

source_security_group_id str

The ID of the security group.

source_security_group_name str

For security groups in a nondefault VPC, you must specify the group ID.

source_security_group_owner_id str

to_port int

ipProtocol String

The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

cidrIp String

The IPv4 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

cidrIpv6 String

The IPv6 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

description String

Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

fromPort Number