RDS / Client / create_db_security_group

create_db_security_group#

RDS.Client.create_db_security_group(**kwargs)#

Creates a new DB security group. DB security groups control access to a DB instance.

A DB security group controls access to EC2-Classic DB instances that are not in a VPC.

Note

EC2-Classic was retired on August 15, 2022. If you haven’t migrated from EC2-Classic to a VPC, we recommend that you migrate as soon as possible. For more information, see Migrate from EC2-Classic to a VPC in the Amazon EC2 User Guide, the blog EC2-Classic Networking is Retiring – Here’s How to Prepare, and Moving a DB instance not in a VPC into a VPC in the Amazon RDS User Guide.

See also: AWS API Documentation

Request Syntax

response = client.create_db_security_group(
    DBSecurityGroupName='string',
    DBSecurityGroupDescription='string',
    Tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ]
)
Parameters:
  • DBSecurityGroupName (string) –

    [REQUIRED]

    The name for the DB security group. This value is stored as a lowercase string.

    Constraints:

    • Must be 1 to 255 letters, numbers, or hyphens.

    • First character must be a letter

    • Can’t end with a hyphen or contain two consecutive hyphens

    • Must not be “Default”

    Example: mysecuritygroup

  • DBSecurityGroupDescription (string) –

    [REQUIRED]

    The description for the DB security group.

  • Tags (list) –

    Tags to assign to the DB security group.

    • (dict) –

      Metadata assigned to an Amazon RDS resource consisting of a key-value pair.

      For more information, see Tagging Amazon RDS resources in the Amazon RDS User Guide or Tagging Amazon Aurora and Amazon RDS resources in the Amazon Aurora User Guide.

      • Key (string) –

        A key is the required name of the tag. The string value can be from 1 to 128 Unicode characters in length and can’t be prefixed with aws: or rds:. The string can only contain only the set of Unicode letters, digits, white-space, ‘_’, ‘.’, ‘:’, ‘/’, ‘=’, ‘+’, ‘-’, ‘@’ (Java regex: “^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$”).

      • Value (string) –

        A value is the optional value of the tag. The string value can be from 1 to 256 Unicode characters in length and can’t be prefixed with aws: or rds:. The string can only contain only the set of Unicode letters, digits, white-space, ‘_’, ‘.’, ‘:’, ‘/’, ‘=’, ‘+’, ‘-’, ‘@’ (Java regex: “^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$”).

Return type:

dict

Returns:

Response Syntax

{
    'DBSecurityGroup': {
        'OwnerId': 'string',
        'DBSecurityGroupName': 'string',
        'DBSecurityGroupDescription': 'string',
        'VpcId': 'string',
        'EC2SecurityGroups': [
            {
                'Status': 'string',
                'EC2SecurityGroupName': 'string',
                'EC2SecurityGroupId': 'string',
                'EC2SecurityGroupOwnerId': 'string'
            },
        ],
        'IPRanges': [
            {
                'Status': 'string',
                'CIDRIP': 'string'
            },
        ],
        'DBSecurityGroupArn': 'string'
    }
}

Response Structure

  • (dict) –

    • DBSecurityGroup (dict) –

      Contains the details for an Amazon RDS DB security group.

      This data type is used as a response element in the DescribeDBSecurityGroups action.

      • OwnerId (string) –

        Provides the Amazon Web Services ID of the owner of a specific DB security group.

      • DBSecurityGroupName (string) –

        Specifies the name of the DB security group.

      • DBSecurityGroupDescription (string) –

        Provides the description of the DB security group.

      • VpcId (string) –

        Provides the VpcId of the DB security group.

      • EC2SecurityGroups (list) –

        Contains a list of EC2SecurityGroup elements.

        • (dict) –

          This data type is used as a response element in the following actions:

          • AuthorizeDBSecurityGroupIngress

          • DescribeDBSecurityGroups

          • RevokeDBSecurityGroupIngress

          • Status (string) –

            Provides the status of the EC2 security group. Status can be “authorizing”, “authorized”, “revoking”, and “revoked”.

          • EC2SecurityGroupName (string) –

            Specifies the name of the EC2 security group.

          • EC2SecurityGroupId (string) –

            Specifies the id of the EC2 security group.

          • EC2SecurityGroupOwnerId (string) –

            Specifies the Amazon Web Services ID of the owner of the EC2 security group specified in the EC2SecurityGroupName field.

      • IPRanges (list) –

        Contains a list of IPRange elements.

        • (dict) –

          This data type is used as a response element in the DescribeDBSecurityGroups action.

          • Status (string) –

            The status of the IP range. Status can be “authorizing”, “authorized”, “revoking”, and “revoked”.

          • CIDRIP (string) –

            The IP range.

      • DBSecurityGroupArn (string) –

        The Amazon Resource Name (ARN) for the DB security group.

Exceptions

  • RDS.Client.exceptions.DBSecurityGroupAlreadyExistsFault

  • RDS.Client.exceptions.DBSecurityGroupQuotaExceededFault

  • RDS.Client.exceptions.DBSecurityGroupNotSupportedFault

Examples

This example creates a DB security group.

response = client.create_db_security_group(
    DBSecurityGroupDescription='My DB security group',
    DBSecurityGroupName='mydbsecuritygroup',
)

print(response)

Expected Output:

{
    'DBSecurityGroup': {
    },
    'ResponseMetadata': {
        '...': '...',
    },
}