AWS v6.80.0 published on Tuesday, May 6, 2025 by Pulumi
aws.ec2.getSecurityGroups
Explore with Pulumi AI
Use this data source to get IDs and VPC membership of Security Groups that are created outside this provider.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const test = aws.ec2.getSecurityGroups({
    tags: {
        Application: "k8s",
        Environment: "dev",
    },
});
import pulumi
import pulumi_aws as aws
test = aws.ec2.get_security_groups(tags={
    "Application": "k8s",
    "Environment": "dev",
})
package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ec2.GetSecurityGroups(ctx, &ec2.GetSecurityGroupsArgs{
			Tags: map[string]interface{}{
				"Application": "k8s",
				"Environment": "dev",
			},
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() => 
{
    var test = Aws.Ec2.GetSecurityGroups.Invoke(new()
    {
        Tags = 
        {
            { "Application", "k8s" },
            { "Environment", "dev" },
        },
    });
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.Ec2Functions;
import com.pulumi.aws.ec2.inputs.GetSecurityGroupsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var test = Ec2Functions.getSecurityGroups(GetSecurityGroupsArgs.builder()
            .tags(Map.ofEntries(
                Map.entry("Application", "k8s"),
                Map.entry("Environment", "dev")
            ))
            .build());
    }
}
variables:
  test:
    fn::invoke:
      function: aws:ec2:getSecurityGroups
      arguments:
        tags:
          Application: k8s
          Environment: dev
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const test = aws.ec2.getSecurityGroups({
    filters: [
        {
            name: "group-name",
            values: ["*nodes*"],
        },
        {
            name: "vpc-id",
            values: [vpcId],
        },
    ],
});
import pulumi
import pulumi_aws as aws
test = aws.ec2.get_security_groups(filters=[
    {
        "name": "group-name",
        "values": ["*nodes*"],
    },
    {
        "name": "vpc-id",
        "values": [vpc_id],
    },
])
package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ec2.GetSecurityGroups(ctx, &ec2.GetSecurityGroupsArgs{
Filters: []ec2.GetSecurityGroupsFilter{
{
Name: "group-name",
Values: []string{
"*nodes*",
},
},
{
Name: "vpc-id",
Values: interface{}{
vpcId,
},
},
},
}, nil);
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() => 
{
    var test = Aws.Ec2.GetSecurityGroups.Invoke(new()
    {
        Filters = new[]
        {
            new Aws.Ec2.Inputs.GetSecurityGroupsFilterInputArgs
            {
                Name = "group-name",
                Values = new[]
                {
                    "*nodes*",
                },
            },
            new Aws.Ec2.Inputs.GetSecurityGroupsFilterInputArgs
            {
                Name = "vpc-id",
                Values = new[]
                {
                    vpcId,
                },
            },
        },
    });
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.Ec2Functions;
import com.pulumi.aws.ec2.inputs.GetSecurityGroupsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var test = Ec2Functions.getSecurityGroups(GetSecurityGroupsArgs.builder()
            .filters(            
                GetSecurityGroupsFilterArgs.builder()
                    .name("group-name")
                    .values("*nodes*")
                    .build(),
                GetSecurityGroupsFilterArgs.builder()
                    .name("vpc-id")
                    .values(vpcId)
                    .build())
            .build());
    }
}
variables:
  test:
    fn::invoke:
      function: aws:ec2:getSecurityGroups
      arguments:
        filters:
          - name: group-name
            values:
              - '*nodes*'
          - name: vpc-id
            values:
              - ${vpcId}
Using getSecurityGroups
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getSecurityGroups(args: GetSecurityGroupsArgs, opts?: InvokeOptions): Promise<GetSecurityGroupsResult>
function getSecurityGroupsOutput(args: GetSecurityGroupsOutputArgs, opts?: InvokeOptions): Output<GetSecurityGroupsResult>def get_security_groups(filters: Optional[Sequence[GetSecurityGroupsFilter]] = None,
                        tags: Optional[Mapping[str, str]] = None,
                        opts: Optional[InvokeOptions] = None) -> GetSecurityGroupsResult
def get_security_groups_output(filters: Optional[pulumi.Input[Sequence[pulumi.Input[GetSecurityGroupsFilterArgs]]]] = None,
                        tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                        opts: Optional[InvokeOptions] = None) -> Output[GetSecurityGroupsResult]func GetSecurityGroups(ctx *Context, args *GetSecurityGroupsArgs, opts ...InvokeOption) (*GetSecurityGroupsResult, error)
func GetSecurityGroupsOutput(ctx *Context, args *GetSecurityGroupsOutputArgs, opts ...InvokeOption) GetSecurityGroupsResultOutput> Note: This function is named GetSecurityGroups in the Go SDK.
public static class GetSecurityGroups 
{
    public static Task<GetSecurityGroupsResult> InvokeAsync(GetSecurityGroupsArgs args, InvokeOptions? opts = null)
    public static Output<GetSecurityGroupsResult> Invoke(GetSecurityGroupsInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetSecurityGroupsResult> getSecurityGroups(GetSecurityGroupsArgs args, InvokeOptions options)
public static Output<GetSecurityGroupsResult> getSecurityGroups(GetSecurityGroupsArgs args, InvokeOptions options)
fn::invoke:
  function: aws:ec2/getSecurityGroups:getSecurityGroups
  arguments:
    # arguments dictionaryThe following arguments are supported:
- Filters
List<GetSecurity Groups Filter> 
- One or more name/value pairs to use as filters. There are several valid keys, for a full reference, check out [describe-security-groups in the AWS CLI reference][1].
- Dictionary<string, string>
- Map of tags, each pair of which must exactly match for desired security groups.
- Filters
[]GetSecurity Groups Filter 
- One or more name/value pairs to use as filters. There are several valid keys, for a full reference, check out [describe-security-groups in the AWS CLI reference][1].
- map[string]string
- Map of tags, each pair of which must exactly match for desired security groups.
- filters
List<GetSecurity Groups Filter> 
- One or more name/value pairs to use as filters. There are several valid keys, for a full reference, check out [describe-security-groups in the AWS CLI reference][1].
- Map<String,String>
- Map of tags, each pair of which must exactly match for desired security groups.
- filters
GetSecurity Groups Filter[] 
- One or more name/value pairs to use as filters. There are several valid keys, for a full reference, check out [describe-security-groups in the AWS CLI reference][1].
- {[key: string]: string}
- Map of tags, each pair of which must exactly match for desired security groups.
- filters
Sequence[GetSecurity Groups Filter] 
- One or more name/value pairs to use as filters. There are several valid keys, for a full reference, check out [describe-security-groups in the AWS CLI reference][1].
- Mapping[str, str]
- Map of tags, each pair of which must exactly match for desired security groups.
- filters List<Property Map>
- One or more name/value pairs to use as filters. There are several valid keys, for a full reference, check out [describe-security-groups in the AWS CLI reference][1].
- Map<String>
- Map of tags, each pair of which must exactly match for desired security groups.
getSecurityGroups Result
The following output properties are available:
- Arns List<string>
- ARNs of the matched security groups.
- Id string
- The provider-assigned unique ID for this managed resource.
- Ids List<string>
- IDs of the matches security groups.
- Dictionary<string, string>
- VpcIds List<string>
- VPC IDs of the matched security groups. The data source's tag or filter will span VPCs unless the vpc-idfilter is also used.
- Filters
List<GetSecurity Groups Filter> 
- Arns []string
- ARNs of the matched security groups.
- Id string
- The provider-assigned unique ID for this managed resource.
- Ids []string
- IDs of the matches security groups.
- map[string]string
- VpcIds []string
- VPC IDs of the matched security groups. The data source's tag or filter will span VPCs unless the vpc-idfilter is also used.
- Filters
[]GetSecurity Groups Filter 
- arns List<String>
- ARNs of the matched security groups.
- id String
- The provider-assigned unique ID for this managed resource.
- ids List<String>
- IDs of the matches security groups.
- Map<String,String>
- vpcIds List<String>
- VPC IDs of the matched security groups. The data source's tag or filter will span VPCs unless the vpc-idfilter is also used.
- filters
List<GetSecurity Groups Filter> 
- arns string[]
- ARNs of the matched security groups.
- id string
- The provider-assigned unique ID for this managed resource.
- ids string[]
- IDs of the matches security groups.
- {[key: string]: string}
- vpcIds string[]
- VPC IDs of the matched security groups. The data source's tag or filter will span VPCs unless the vpc-idfilter is also used.
- filters
GetSecurity Groups Filter[] 
- arns Sequence[str]
- ARNs of the matched security groups.
- id str
- The provider-assigned unique ID for this managed resource.
- ids Sequence[str]
- IDs of the matches security groups.
- Mapping[str, str]
- vpc_ids Sequence[str]
- VPC IDs of the matched security groups. The data source's tag or filter will span VPCs unless the vpc-idfilter is also used.
- filters
Sequence[GetSecurity Groups Filter] 
- arns List<String>
- ARNs of the matched security groups.
- id String
- The provider-assigned unique ID for this managed resource.
- ids List<String>
- IDs of the matches security groups.
- Map<String>
- vpcIds List<String>
- VPC IDs of the matched security groups. The data source's tag or filter will span VPCs unless the vpc-idfilter is also used.
- filters List<Property Map>
Supporting Types
GetSecurityGroupsFilter   
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the awsTerraform Provider.