CreateDBSecurityGroup - Amazon Relational Database Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Creates a new DB security group. DB security groups control access to a DB instance.

A DB security group controls access to EC2-Classic DB instances that are not in a VPC.


EC2-Classic was retired on August 15, 2022. If you haven't migrated from EC2-Classic to a VPC, we recommend that you migrate as soon as possible. For more information, see Migrate from EC2-Classic to a VPC in the Amazon EC2 User Guide, the blog EC2-Classic Networking is Retiring – Here’s How to Prepare, and Moving a DB instance not in a VPC into a VPC in the Amazon RDS User Guide.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.


The description for the DB security group.

Type: String

Required: Yes


The name for the DB security group. This value is stored as a lowercase string.


  • Must be 1 to 255 letters, numbers, or hyphens.

  • First character must be a letter

  • Can't end with a hyphen or contain two consecutive hyphens

  • Must not be "Default"

Example: mysecuritygroup

Type: String

Required: Yes


Tags to assign to the DB security group.

Type: Array of Tag objects

Required: No

Response Elements

The following element is returned by the service.


Contains the details for an Amazon RDS DB security group.

This data type is used as a response element in the DescribeDBSecurityGroups action.

Type: DBSecurityGroup object


For information about the errors that are common to all actions, see Common Errors.


A DB security group with the name specified in DBSecurityGroupName already exists.

HTTP Status Code: 400


A DB security group isn't allowed for this action.

HTTP Status Code: 400


The request would result in the user exceeding the allowed number of DB security groups.

HTTP Status Code: 400



This example illustrates one usage of CreateDBSecurityGroup.

Sample Request ?Action=CreateDBSecurityGroup &DBSecurityGroupDescription=My%20new%20DB%20Security%20Group &DBSecurityGroupName=mydbsecuritygroup00 &SignatureMethod=HmacSHA256 &SignatureVersion=4 &Version=2014-10-31 &X-Amz-Algorithm=AWS4-HMAC-SHA256 &X-Amz-Credential=AKIADQKE4SARGYLE/20140424/us-east-1/rds/aws4_request &X-Amz-Date=20140424T190716Z &X-Amz-SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date &X-Amz-Signature=c2f180a3f0f5d73b47f9c229937a78f3569bf14392db8093d9b2e6785609ab45

Sample Response

<CreateDBSecurityGroupResponse xmlns=""> <CreateDBSecurityGroupResult> <DBSecurityGroup> <EC2SecurityGroups/> <DBSecurityGroupDescription>My new DB Security Group</DBSecurityGroupDescription> <IPRanges/> <OwnerId>803#########</OwnerId> <DBSecurityGroupName>mydbsecuritygroup00</DBSecurityGroupName> </DBSecurityGroup> </CreateDBSecurityGroupResult> <ResponseMetadata> <RequestId>e68ef6fa-afc1-11c3-845a-476777009d19</RequestId> </ResponseMetadata> </CreateDBSecurityGroupResponse>

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: