Creates a new DB security group. DB security groups control access to a DB instance.
Note
A DB security group controls access to EC2-Classic DB instances that are not in a VPC.
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
create-db-security-group
--db-security-group-name <value>
--db-security-group-description <value>
[--tags <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
--db-security-group-name
(string)
The name for the DB security group. This value is stored as a lowercase string.
Constraints:
Must be 1 to 255 letters, numbers, or hyphens.
First character must be a letter
Can’t end with a hyphen or contain two consecutive hyphens
Must not be “Default”
Example:
mysecuritygroup
--db-security-group-description
(string)
The description for the DB security group.
--tags
(list)
Tags to assign to the DB security group.
(structure)
Metadata assigned to an Amazon RDS resource consisting of a key-value pair.
Key -> (string)
A key is the required name of the tag. The string value can be from 1 to 128 Unicode characters in length and can’t be prefixed with “aws:” or “rds:”. The string can only contain only the set of Unicode letters, digits, white-space, ‘_’, ‘.’, ‘:’, ‘/’, ‘=’, ‘+’, ‘-‘, ‘@’ (Java regex: “^([\p{L}\p{Z}\p{N}_.:/=+-@]*)$”).
Value -> (string)
A value is the optional value of the tag. The string value can be from 1 to 256 Unicode characters in length and can’t be prefixed with “aws:” or “rds:”. The string can only contain only the set of Unicode letters, digits, white-space, ‘_’, ‘.’, ‘:’, ‘/’, ‘=’, ‘+’, ‘-‘, ‘@’ (Java regex: “^([\p{L}\p{Z}\p{N}_.:/=+-@]*)$”).
Shorthand Syntax:
Key=string,Value=string ...
JSON Syntax:
[
{
"Key": "string",
"Value": "string"
}
...
]
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command.
See ‘aws help’ for descriptions of global parameters.
To create an Amazon RDS DB security group
The following create-db-security-group
command creates a new Amazon RDS DB security group:
aws rds create-db-security-group --db-security-group-name mysecgroup --db-security-group-description "My Test Security Group"
In the example, the new DB security group is named mysecgroup
and has a description.
Output:
{
"DBSecurityGroup": {
"OwnerId": "123456789012",
"DBSecurityGroupName": "mysecgroup",
"DBSecurityGroupDescription": "My Test Security Group",
"VpcId": "vpc-a1b2c3d4",
"EC2SecurityGroups": [],
"IPRanges": [],
"DBSecurityGroupArn": "arn:aws:rds:us-west-2:123456789012:secgrp:mysecgroup"
}
}
DBSecurityGroup -> (structure)
Contains the details for an Amazon RDS DB security group.
This data type is used as a response element in the
DescribeDBSecurityGroups
action.OwnerId -> (string)
Provides the AWS ID of the owner of a specific DB security group.
DBSecurityGroupName -> (string)
Specifies the name of the DB security group.
DBSecurityGroupDescription -> (string)
Provides the description of the DB security group.
VpcId -> (string)
Provides the VpcId of the DB security group.
EC2SecurityGroups -> (list)
Contains a list of
EC2SecurityGroup
elements.(structure)
This data type is used as a response element in the following actions:
AuthorizeDBSecurityGroupIngress
DescribeDBSecurityGroups
RevokeDBSecurityGroupIngress
Status -> (string)
Provides the status of the EC2 security group. Status can be “authorizing”, “authorized”, “revoking”, and “revoked”.
EC2SecurityGroupName -> (string)
Specifies the name of the EC2 security group.
EC2SecurityGroupId -> (string)
Specifies the id of the EC2 security group.
EC2SecurityGroupOwnerId -> (string)
Specifies the AWS ID of the owner of the EC2 security group specified in the
EC2SecurityGroupName
field.IPRanges -> (list)
Contains a list of
IPRange
elements.(structure)
This data type is used as a response element in the
DescribeDBSecurityGroups
action.Status -> (string)
Specifies the status of the IP range. Status can be “authorizing”, “authorized”, “revoking”, and “revoked”.
CIDRIP -> (string)
Specifies the IP range.
DBSecurityGroupArn -> (string)
The Amazon Resource Name (ARN) for the DB security group.