Create VPC Security Groups, Rules, and Tags with PowerShell

Here is some example code which may help you automate security group creation with PowerShell. I wanted to take a look at automating some security group creation tasks today and there wasn’t too much help available via search engines. Maybe this post will help that out a bit.

The minimum amount of IAM permissions needed to accomplish this task will be:


This snippet of powershell will:

  • Lookup the only VPC in your account, provided your regional defaults are set via Initialize-AWSDefaults or the ec2 instance you are running this on. This is helpful as some of the powershell cmdlets only play nice with the default vpc, which many people tend to delete.
  • Create a new security group for a load balancer
  • Allow HTTP and HTTPS traffic ingress into the load balancer security group
  • Create a new security group for a web server
  • Allow HTTP from the load balancer to the web server security group
  • Allow SSH from a security group that is looked up by the name “My Bastion Host Security Group” to the web server
  • Name Tag the created security groups

Leave a Comment