terraform/website/source/docs/providers/aws/r/security_group.html.markdown

---
layout: "aws"
page_title: "AWS: aws_security_group"
sidebar_current: "docs-aws-resource-security-group"
description: |-
  Provides an security group resource.
---

# aws\_security\_group

Provides an security group resource.

## Example Usage

Basic usage

```
resource "aws_security_group" "allow_all" {
  name = "allow_all"
	description = "Allow all inbound traffic"

  ingress {
      from_port = 0
      to_port = 65535
      protocol = "tcp"
      cidr_blocks = ["0.0.0.0/0"]
  }
}
```

Basic usage with tags:

```
resource "aws_security_group" "allow_all" {
  name = "allow_all"
  description = "Allow all inbound traffic"

  ingress {
      from_port = 0
      to_port = 65535
      protocol = "tcp"
      cidr_blocks = ["0.0.0.0/0"]
  }

  tags {
    Name = "allow_all"
  }
}
```

## Argument Reference

The following arguments are supported:

* `name` - (Required) The name of the security group
* `description` - (Required) The security group description.
* `ingress` - (Required) Can be specified multiple times for each
   ingress rule. Each ingress block supports fields documented below.
* `vpc_id` - (Optional) The VPC ID.
* `owner_id` - (Optional) The AWS Owner ID.

The `ingress` block supports:

* `cidr_blocks` - (Optional) List of CIDR blocks. Cannot be used with `security_groups`.
* `from_port` - (Required) The start port.
* `protocol` - (Required) The protocol.
* `security_groups` - (Optional) List of security group IDs. Cannot be used with `cidr_blocks`.
* `self` - (Optional) If true, the security group itself will be added as
     a source to this ingress rule.
* `to_port` - (Required) The end range port.
* `tags` - (Optional) A mapping of tags to assign to the resource.

## Attributes Reference

The following attributes are exported:

* `id` - The ID of the security group
* `vpc_id` - The VPC ID.
* `owner_id` - The owner ID.
* `name` - The name of the security group
* `description` - The description of the security group
* `ingress` - The ingress rules. See above for more.
website: Docs for VPC, subnet, sec group 2014-07-23 22:32:33 +02:00			`---`
			`layout: "aws"`
			`page_title: "AWS: aws_security_group"`
			`sidebar_current: "docs-aws-resource-security-group"`
Add meta descriptions to all pages 2014-10-22 05:21:56 +02:00			`description: \|-`
			`Provides an security group resource.`
website: Docs for VPC, subnet, sec group 2014-07-23 22:32:33 +02:00			`---`

			`# aws\_security\_group`

			`Provides an security group resource.`

			`## Example Usage`

Added security group tagging 2014-10-14 23:07:01 +02:00			`Basic usage`

website: Docs for VPC, subnet, sec group 2014-07-23 22:32:33 +02:00			```
			`resource "aws_security_group" "allow_all" {`
Added security group tagging 2014-10-14 23:07:01 +02:00			`name = "allow_all"`
Add required description attribute to aws_security_group example. 2014-08-03 04:39:22 +02:00			`description = "Allow all inbound traffic"`

Added security group tagging 2014-10-14 23:07:01 +02:00			`ingress {`
			`from_port = 0`
			`to_port = 65535`
			`protocol = "tcp"`
			`cidr_blocks = ["0.0.0.0/0"]`
			`}`
			`}`
			```

			`Basic usage with tags:`

			```
			`resource "aws_security_group" "allow_all" {`
			`name = "allow_all"`
			`description = "Allow all inbound traffic"`

			`ingress {`
			`from_port = 0`
			`to_port = 65535`
			`protocol = "tcp"`
			`cidr_blocks = ["0.0.0.0/0"]`
			`}`

			`tags {`
			`Name = "allow_all"`
			`}`
website: Docs for VPC, subnet, sec group 2014-07-23 22:32:33 +02:00			`}`
			```

			`## Argument Reference`

			`The following arguments are supported:`

			* `name` - (Required) The name of the security group
website: document security group description requirement 2014-07-30 23:59:09 +02:00			* `description` - (Required) The security group description.
website: Docs for VPC, subnet, sec group 2014-07-23 22:32:33 +02:00			* `ingress` - (Required) Can be specified multiple times for each
			`ingress rule. Each ingress block supports fields documented below.`
			* `vpc_id` - (Optional) The VPC ID.
			* `owner_id` - (Optional) The AWS Owner ID.

			The `ingress` block supports:

			* `cidr_blocks` - (Optional) List of CIDR blocks. Cannot be used with `security_groups`.
			* `from_port` - (Required) The start port.
			* `protocol` - (Required) The protocol.
			* `security_groups` - (Optional) List of security group IDs. Cannot be used with `cidr_blocks`.
providers/aws: add `self` to ingress [GH-219] 2014-09-30 23:19:16 +02:00			* `self` - (Optional) If true, the security group itself will be added as
			`a source to this ingress rule.`
website: Docs for VPC, subnet, sec group 2014-07-23 22:32:33 +02:00			* `to_port` - (Required) The end range port.
Added security group tagging 2014-10-14 23:07:01 +02:00			* `tags` - (Optional) A mapping of tags to assign to the resource.
website: Docs for VPC, subnet, sec group 2014-07-23 22:32:33 +02:00
			`## Attributes Reference`

			`The following attributes are exported:`

			* `id` - The ID of the security group
			* `vpc_id` - The VPC ID.
			* `owner_id` - The owner ID.
			* `name` - The name of the security group
			* `description` - The description of the security group
			* `ingress` - The ingress rules. See above for more.