Docs Home
AWS v7.0.0 published on Friday, Jul 18, 2025 by Pulumi
aws.ec2.getSecurityGroups
Explore with Pulumi AI
Use this data source to get IDs and VPC membership of Security Groups that are created outside this provider.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const test = aws.ec2.getSecurityGroups({
tags: {
Application: "k8s",
Environment: "dev",
},
});
import pulumi
import pulumi_aws as aws
test = aws.ec2.get_security_groups(tags={
"Application": "k8s",
"Environment": "dev",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ec2.GetSecurityGroups(ctx, &ec2.GetSecurityGroupsArgs{
Tags: map[string]interface{}{
"Application": "k8s",
"Environment": "dev",
},
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var test = Aws.Ec2.GetSecurityGroups.Invoke(new()
{
Tags =
{
{ "Application", "k8s" },
{ "Environment", "dev" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.Ec2Functions;
import com.pulumi.aws.ec2.inputs.GetSecurityGroupsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var test = Ec2Functions.getSecurityGroups(GetSecurityGroupsArgs.builder()
.tags(Map.ofEntries(
Map.entry("Application", "k8s"),
Map.entry("Environment", "dev")
))
.build());
}
}
variables:
test:
fn::invoke:
function: aws:ec2:getSecurityGroups
arguments:
tags:
Application: k8s
Environment: dev
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const test = aws.ec2.getSecurityGroups({
filters: [
{
name: "group-name",
values: ["*nodes*"],
},
{
name: "vpc-id",
values: [vpcId],
},
],
});
import pulumi
import pulumi_aws as aws
test = aws.ec2.get_security_groups(filters=[
{
"name": "group-name",
"values": ["*nodes*"],
},
{
"name": "vpc-id",
"values": [vpc_id],
},
])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ec2.GetSecurityGroups(ctx, &ec2.GetSecurityGroupsArgs{
Filters: []ec2.GetSecurityGroupsFilter{
{
Name: "group-name",
Values: []string{
"*nodes*",
},
},
{
Name: "vpc-id",
Values: interface{}{
vpcId,
},
},
},
}, nil);
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var test = Aws.Ec2.GetSecurityGroups.Invoke(new()
{
Filters = new[]
{
new Aws.Ec2.Inputs.GetSecurityGroupsFilterInputArgs
{
Name = "group-name",
Values = new[]
{
"*nodes*",
},
},
new Aws.Ec2.Inputs.GetSecurityGroupsFilterInputArgs
{
Name = "vpc-id",
Values = new[]
{
vpcId,
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.Ec2Functions;
import com.pulumi.aws.ec2.inputs.GetSecurityGroupsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var test = Ec2Functions.getSecurityGroups(GetSecurityGroupsArgs.builder()
.filters(
GetSecurityGroupsFilterArgs.builder()
.name("group-name")
.values("*nodes*")
.build(),
GetSecurityGroupsFilterArgs.builder()
.name("vpc-id")
.values(vpcId)
.build())
.build());
}
}
variables:
test:
fn::invoke:
function: aws:ec2:getSecurityGroups
arguments:
filters:
- name: group-name
values:
- '*nodes*'
- name: vpc-id
values:
- ${vpcId}
Using getSecurityGroups
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getSecurityGroups(args: GetSecurityGroupsArgs, opts?: InvokeOptions): Promise<GetSecurityGroupsResult>
function getSecurityGroupsOutput(args: GetSecurityGroupsOutputArgs, opts?: InvokeOptions): Output<GetSecurityGroupsResult>def get_security_groups(filters: Optional[Sequence[GetSecurityGroupsFilter]] = None,
region: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
opts: Optional[InvokeOptions] = None) -> GetSecurityGroupsResult
def get_security_groups_output(filters: Optional[pulumi.Input[Sequence[pulumi.Input[GetSecurityGroupsFilterArgs]]]] = None,
region: Optional[pulumi.Input[str]] = None,
tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetSecurityGroupsResult]func GetSecurityGroups(ctx *Context, args *GetSecurityGroupsArgs, opts ...InvokeOption) (*GetSecurityGroupsResult, error)
func GetSecurityGroupsOutput(ctx *Context, args *GetSecurityGroupsOutputArgs, opts ...InvokeOption) GetSecurityGroupsResultOutput> Note: This function is named GetSecurityGroups in the Go SDK.
public static class GetSecurityGroups
{
public static Task<GetSecurityGroupsResult> InvokeAsync(GetSecurityGroupsArgs args, InvokeOptions? opts = null)
public static Output<GetSecurityGroupsResult> Invoke(GetSecurityGroupsInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetSecurityGroupsResult> getSecurityGroups(GetSecurityGroupsArgs args, InvokeOptions options)
public static Output<GetSecurityGroupsResult> getSecurityGroups(GetSecurityGroupsArgs args, InvokeOptions options)
fn::invoke:
function: aws:ec2/getSecurityGroups:getSecurityGroups
arguments:
# arguments dictionaryThe following arguments are supported:
- Filters
List<Get
Security Groups Filter> - One or more name/value pairs to use as filters. There are several valid keys, for a full reference, check out [describe-security-groups in the AWS CLI reference][1].
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Dictionary<string, string>
- Map of tags, each pair of which must exactly match for desired security groups.
- Filters
[]Get
Security Groups Filter - One or more name/value pairs to use as filters. There are several valid keys, for a full reference, check out [describe-security-groups in the AWS CLI reference][1].
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- map[string]string
- Map of tags, each pair of which must exactly match for desired security groups.
- filters
List<Get
Security Groups Filter> - One or more name/value pairs to use as filters. There are several valid keys, for a full reference, check out [describe-security-groups in the AWS CLI reference][1].
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String,String>
- Map of tags, each pair of which must exactly match for desired security groups.
- filters
Get
Security Groups Filter[] - One or more name/value pairs to use as filters. There are several valid keys, for a full reference, check out [describe-security-groups in the AWS CLI reference][1].
- region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- {[key: string]: string}
- Map of tags, each pair of which must exactly match for desired security groups.
- filters
Sequence[Get
Security Groups Filter] - One or more name/value pairs to use as filters. There are several valid keys, for a full reference, check out [describe-security-groups in the AWS CLI reference][1].
- region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Mapping[str, str]
- Map of tags, each pair of which must exactly match for desired security groups.
- filters List<Property Map>
- One or more name/value pairs to use as filters. There are several valid keys, for a full reference, check out [describe-security-groups in the AWS CLI reference][1].
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String>
- Map of tags, each pair of which must exactly match for desired security groups.
getSecurityGroups Result
The following output properties are available:
- Arns List<string>
- ARNs of the matched security groups.
- Id string
- The provider-assigned unique ID for this managed resource.
- Ids List<string>
- IDs of the matches security groups.
- Region string
- Dictionary<string, string>
- Vpc
Ids List<string> - VPC IDs of the matched security groups. The data source's tag or filter will span VPCs unless the
vpc-idfilter is also used. - Filters
List<Get
Security Groups Filter>
- Arns []string
- ARNs of the matched security groups.
- Id string
- The provider-assigned unique ID for this managed resource.
- Ids []string
- IDs of the matches security groups.
- Region string
- map[string]string
- Vpc
Ids []string - VPC IDs of the matched security groups. The data source's tag or filter will span VPCs unless the
vpc-idfilter is also used. - Filters
[]Get
Security Groups Filter
- arns List<String>
- ARNs of the matched security groups.
- id String
- The provider-assigned unique ID for this managed resource.
- ids List<String>
- IDs of the matches security groups.
- region String
- Map<String,String>
- vpc
Ids List<String> - VPC IDs of the matched security groups. The data source's tag or filter will span VPCs unless the
vpc-idfilter is also used. - filters
List<Get
Security Groups Filter>
- arns string[]
- ARNs of the matched security groups.
- id string
- The provider-assigned unique ID for this managed resource.
- ids string[]
- IDs of the matches security groups.
- region string
- {[key: string]: string}
- vpc
Ids string[] - VPC IDs of the matched security groups. The data source's tag or filter will span VPCs unless the
vpc-idfilter is also used. - filters
Get
Security Groups Filter[]
- arns Sequence[str]
- ARNs of the matched security groups.
- id str
- The provider-assigned unique ID for this managed resource.
- ids Sequence[str]
- IDs of the matches security groups.
- region str
- Mapping[str, str]
- vpc_
ids Sequence[str] - VPC IDs of the matched security groups. The data source's tag or filter will span VPCs unless the
vpc-idfilter is also used. - filters
Sequence[Get
Security Groups Filter]
- arns List<String>
- ARNs of the matched security groups.
- id String
- The provider-assigned unique ID for this managed resource.
- ids List<String>
- IDs of the matches security groups.
- region String
- Map<String>
- vpc
Ids List<String> - VPC IDs of the matched security groups. The data source's tag or filter will span VPCs unless the
vpc-idfilter is also used. - filters List<Property Map>
Supporting Types
GetSecurityGroupsFilter
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.