AWS v7.11.0 published on Wednesday, Nov 5, 2025 by Pulumi
aws.ec2.getSecurityGroups
Start a Neo task
Explain and create an aws.ec2.getSecurityGroups resource
Use this data source to get IDs and VPC membership of Security Groups that are created outside this provider.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const test = aws.ec2.getSecurityGroups({
tags: {
Application: "k8s",
Environment: "dev",
},
});
import pulumi
import pulumi_aws as aws
test = aws.ec2.get_security_groups(tags={
"Application": "k8s",
"Environment": "dev",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ec2.GetSecurityGroups(ctx, &ec2.GetSecurityGroupsArgs{
Tags: map[string]interface{}{
"Application": "k8s",
"Environment": "dev",
},
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var test = Aws.Ec2.GetSecurityGroups.Invoke(new()
{
Tags =
{
{ "Application", "k8s" },
{ "Environment", "dev" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.Ec2Functions;
import com.pulumi.aws.ec2.inputs.GetSecurityGroupsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var test = Ec2Functions.getSecurityGroups(GetSecurityGroupsArgs.builder()
.tags(Map.ofEntries(
Map.entry("Application", "k8s"),
Map.entry("Environment", "dev")
))
.build());
}
}
variables:
test:
fn::invoke:
function: aws:ec2:getSecurityGroups
arguments:
tags:
Application: k8s
Environment: dev
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const test = aws.ec2.getSecurityGroups({
filters: [
{
name: "group-name",
values: ["*nodes*"],
},
{
name: "vpc-id",
values: [vpcId],
},
],
});
import pulumi
import pulumi_aws as aws
test = aws.ec2.get_security_groups(filters=[
{
"name": "group-name",
"values": ["*nodes*"],
},
{
"name": "vpc-id",
"values": [vpc_id],
},
])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ec2.GetSecurityGroups(ctx, &ec2.GetSecurityGroupsArgs{
Filters: []ec2.GetSecurityGroupsFilter{
{
Name: "group-name",
Values: []string{
"*nodes*",
},
},
{
Name: "vpc-id",
Values: interface{}{
vpcId,
},
},
},
}, nil);
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var test = Aws.Ec2.GetSecurityGroups.Invoke(new()
{
Filters = new[]
{
new Aws.Ec2.Inputs.GetSecurityGroupsFilterInputArgs
{
Name = "group-name",
Values = new[]
{
"*nodes*",
},
},
new Aws.Ec2.Inputs.GetSecurityGroupsFilterInputArgs
{
Name = "vpc-id",
Values = new[]
{
vpcId,
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.Ec2Functions;
import com.pulumi.aws.ec2.inputs.GetSecurityGroupsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var test = Ec2Functions.getSecurityGroups(GetSecurityGroupsArgs.builder()
.filters(
GetSecurityGroupsFilterArgs.builder()
.name("group-name")
.values("*nodes*")
.build(),
GetSecurityGroupsFilterArgs.builder()
.name("vpc-id")
.values(vpcId)
.build())
.build());
}
}
variables:
test:
fn::invoke:
function: aws:ec2:getSecurityGroups
arguments:
filters:
- name: group-name
values:
- '*nodes*'
- name: vpc-id
values:
- ${vpcId}
Using getSecurityGroups
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getSecurityGroups(args: GetSecurityGroupsArgs, opts?: InvokeOptions): Promise<GetSecurityGroupsResult>
function getSecurityGroupsOutput(args: GetSecurityGroupsOutputArgs, opts?: InvokeOptions): Output<GetSecurityGroupsResult>def get_security_groups(filters: Optional[Sequence[GetSecurityGroupsFilter]] = None,
region: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
opts: Optional[InvokeOptions] = None) -> GetSecurityGroupsResult
def get_security_groups_output(filters: Optional[pulumi.Input[Sequence[pulumi.Input[GetSecurityGroupsFilterArgs]]]] = None,
region: Optional[pulumi.Input[str]] = None,
tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetSecurityGroupsResult]func GetSecurityGroups(ctx *Context, args *GetSecurityGroupsArgs, opts ...InvokeOption) (*GetSecurityGroupsResult, error)
func GetSecurityGroupsOutput(ctx *Context, args *GetSecurityGroupsOutputArgs, opts ...InvokeOption) GetSecurityGroupsResultOutput> Note: This function is named GetSecurityGroups in the Go SDK.
public static class GetSecurityGroups
{
public static Task<GetSecurityGroupsResult> InvokeAsync(GetSecurityGroupsArgs args, InvokeOptions? opts = null)
public static Output<GetSecurityGroupsResult> Invoke(GetSecurityGroupsInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetSecurityGroupsResult> getSecurityGroups(GetSecurityGroupsArgs args, InvokeOptions options)
public static Output<GetSecurityGroupsResult> getSecurityGroups(GetSecurityGroupsArgs args, InvokeOptions options)
fn::invoke:
function: aws:ec2/getSecurityGroups:getSecurityGroups
arguments:
# arguments dictionaryThe following arguments are supported:
- Filters
List<Get
Security Groups Filter> - One or more name/value pairs to use as filters. There are several valid keys, for a full reference, check out [describe-security-groups in the AWS CLI reference][1].
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Dictionary<string, string>
- Map of tags, each pair of which must exactly match for desired security groups.
- Filters
[]Get
Security Groups Filter - One or more name/value pairs to use as filters. There are several valid keys, for a full reference, check out [describe-security-groups in the AWS CLI reference][1].
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- map[string]string
- Map of tags, each pair of which must exactly match for desired security groups.
- filters
List<Get
Security Groups Filter> - One or more name/value pairs to use as filters. There are several valid keys, for a full reference, check out [describe-security-groups in the AWS CLI reference][1].
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String,String>
- Map of tags, each pair of which must exactly match for desired security groups.
- filters
Get
Security Groups Filter[] - One or more name/value pairs to use as filters. There are several valid keys, for a full reference, check out [describe-security-groups in the AWS CLI reference][1].
- region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- {[key: string]: string}
- Map of tags, each pair of which must exactly match for desired security groups.
- filters
Sequence[Get
Security Groups Filter] - One or more name/value pairs to use as filters. There are several valid keys, for a full reference, check out [describe-security-groups in the AWS CLI reference][1].
- region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Mapping[str, str]
- Map of tags, each pair of which must exactly match for desired security groups.
- filters List<Property Map>
- One or more name/value pairs to use as filters. There are several valid keys, for a full reference, check out [describe-security-groups in the AWS CLI reference][1].
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String>
- Map of tags, each pair of which must exactly match for desired security groups.
getSecurityGroups Result
The following output properties are available:
- Arns List<string>
- ARNs of the matched security groups.
- Id string
- The provider-assigned unique ID for this managed resource.
- Ids List<string>
- IDs of the matches security groups.
- Region string
- Dictionary<string, string>
- Vpc
Ids List<string> - VPC IDs of the matched security groups. The data source's tag or filter will span VPCs unless the
vpc-idfilter is also used. - Filters
List<Get
Security Groups Filter>
- Arns []string
- ARNs of the matched security groups.
- Id string
- The provider-assigned unique ID for this managed resource.
- Ids []string
- IDs of the matches security groups.
- Region string
- map[string]string
- Vpc
Ids []string - VPC IDs of the matched security groups. The data source's tag or filter will span VPCs unless the
vpc-idfilter is also used. - Filters
[]Get
Security Groups Filter
- arns List<String>
- ARNs of the matched security groups.
- id String
- The provider-assigned unique ID for this managed resource.
- ids List<String>
- IDs of the matches security groups.
- region String
- Map<String,String>
- vpc
Ids List<String> - VPC IDs of the matched security groups. The data source's tag or filter will span VPCs unless the
vpc-idfilter is also used. - filters
List<Get
Security Groups Filter>
- arns string[]
- ARNs of the matched security groups.
- id string
- The provider-assigned unique ID for this managed resource.
- ids string[]
- IDs of the matches security groups.
- region string
- {[key: string]: string}
- vpc
Ids string[] - VPC IDs of the matched security groups. The data source's tag or filter will span VPCs unless the
vpc-idfilter is also used. - filters
Get
Security Groups Filter[]
- arns Sequence[str]
- ARNs of the matched security groups.
- id str
- The provider-assigned unique ID for this managed resource.
- ids Sequence[str]
- IDs of the matches security groups.
- region str
- Mapping[str, str]
- vpc_
ids Sequence[str] - VPC IDs of the matched security groups. The data source's tag or filter will span VPCs unless the
vpc-idfilter is also used. - filters
Sequence[Get
Security Groups Filter]
- arns List<String>
- ARNs of the matched security groups.
- id String
- The provider-assigned unique ID for this managed resource.
- ids List<String>
- IDs of the matches security groups.
- region String
- Map<String>
- vpc
Ids List<String> - VPC IDs of the matched security groups. The data source's tag or filter will span VPCs unless the
vpc-idfilter is also used. - filters List<Property Map>
Supporting Types
GetSecurityGroupsFilter
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.
