AWS CLI Command Reference

[ aws . wickr ]

create-security-group

Description

Creates a new security group in a Wickr network. Security groups allow you to organize users and control their permissions, features, and security settings.

See also: AWS API Documentation

Synopsis

  create-security-group
--network-id <value>
--name <value>
--security-group-settings <value>
[--client-token <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]

Options

--network-id (string) [required]

The ID of the Wickr network where the security group will be created.

Constraints:

  • min: 8
  • max: 8
  • pattern: [0-9]{8}

--name (string) [required]

The name for the new security group.

Constraints:

  • pattern: [\S\s]*

--security-group-settings (structure) [required]

The configuration settings for the security group, including permissions, federation settings, and feature controls.

lockoutThreshold -> (integer)

The number of failed password attempts before a user account is locked out.

permittedNetworks -> (list)

A list of network IDs that are permitted for local federation when federation mode is set to restricted.

(string)

Constraints:

  • min: 8
  • max: 8
  • pattern: [0-9]{8}

enableGuestFederation -> (boolean)

Guest users let you work with people outside your organization that only have limited access to Wickr. Only valid when federationMode is set to Global.

globalFederation -> (boolean)

Allow users to securely federate with all Amazon Web Services Wickr networks and Amazon Web Services Enterprise networks.

federationMode -> (integer)

The local federation mode. Values: 0 (none), 1 (federated - all networks), 2 (restricted - only permitted networks).

enableRestrictedGlobalFederation -> (boolean)

Enables restricted global federation to limit communication to specific permitted networks only. Requires globalFederation to be enabled.

permittedWickrAwsNetworks -> (list)

A list of permitted Amazon Web Services Wickr networks for restricted global federation.

(structure)

Identifies a Amazon Web Services Wickr network by region and network ID, used for configuring permitted networks for global federation.

region -> (string) [required]

The Amazon Web Services region identifier where the network is hosted (e.g., ‘us-east-1’).

Constraints:

  • pattern: [\S\s]*

networkId -> (string) [required]

The network ID of the Wickr Amazon Web Services network.

Constraints:

  • min: 8
  • max: 8
  • pattern: [0-9]{8}

permittedWickrEnterpriseNetworks -> (list)

A list of permitted Wickr Enterprise networks for restricted global federation.

(structure)

Identifies a Wickr enterprise network that is permitted for global federation, allowing users to communicate with members of the specified network.

domain -> (string) [required]

The domain identifier for the permitted Wickr enterprise network.

Constraints:

  • pattern: [\S\s]*

networkId -> (string) [required]

The network ID of the permitted Wickr enterprise network.

Constraints:

  • min: 8
  • max: 8
  • pattern: [0-9]{8}

Shorthand Syntax:

lockoutThreshold=integer,permittedNetworks=string,string,enableGuestFederation=boolean,globalFederation=boolean,federationMode=integer,enableRestrictedGlobalFederation=boolean,permittedWickrAwsNetworks=[{region=string,networkId=string},{region=string,networkId=string}],permittedWickrEnterpriseNetworks=[{domain=string,networkId=string},{domain=string,networkId=string}]

JSON Syntax:

{
  "lockoutThreshold": integer,
  "permittedNetworks": ["string", ...],
  "enableGuestFederation": true|false,
  "globalFederation": true|false,
  "federationMode": integer,
  "enableRestrictedGlobalFederation": true|false,
  "permittedWickrAwsNetworks": [
    {
      "region": "string",
      "networkId": "string"
    }
    ...
  ],
  "permittedWickrEnterpriseNetworks": [
    {
      "domain": "string",
      "networkId": "string"
    }
    ...
  ]
}

--client-token (string)

A unique identifier for this request to ensure idempotency.

Constraints:

  • min: 1
  • max: 64
  • pattern: [a-zA-Z0-9-_:]+

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command. The generated JSON skeleton is not stable between versions of the AWS CLI and there are no backwards compatibility guarantees in the JSON skeleton generated.

Global Options

--debug (boolean)

Turn on debug logging.

--endpoint-url (string)

Override command’s default URL with the given URL.

--no-verify-ssl (boolean)

By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates.

--no-paginate (boolean)

Disable automatic pagination. If automatic pagination is disabled, the AWS CLI will only make one call, for the first page of results.

--output (string)

The formatting style for command output.

  • json
  • text
  • table
  • yaml
  • yaml-stream

--query (string)

A JMESPath query to use in filtering the response data.

--profile (string)

Use a specific profile from your credential file.

--region (string)

The region to use. Overrides config/env settings.

--version (string)

Display the version of this tool.

--color (string)

Turn on/off color output.

  • on
  • off
  • auto

--no-sign-request (boolean)

Do not sign requests. Credentials will not be loaded if this argument is provided.

--ca-bundle (string)

The CA certificate bundle to use when verifying SSL certificates. Overrides config/env settings.

--cli-read-timeout (int)

The maximum socket read time in seconds. If the value is set to 0, the socket read will be blocking and not timeout. The default value is 60 seconds.

--cli-connect-timeout (int)

The maximum socket connect time in seconds. If the value is set to 0, the socket connect will be blocking and not timeout. The default value is 60 seconds.

--cli-binary-format (string)

The formatting style to be used for binary blobs. The default format is base64. The base64 format expects binary blobs to be provided as a base64 encoded string. The raw-in-base64-out format preserves compatibility with AWS CLI V1 behavior and binary values must be passed literally. When providing contents from a file that map to a binary blob fileb:// will always be treated as binary and use the file contents directly regardless of the cli-binary-format setting. When using file:// the file contents will need to properly formatted for the configured cli-binary-format.

  • base64
  • raw-in-base64-out

--no-cli-pager (boolean)

Disable cli pager for output.

--cli-auto-prompt (boolean)

Automatically prompt for CLI input parameters.

--no-cli-auto-prompt (boolean)

Disable automatically prompt for CLI input parameters.

Output

securityGroup -> (structure)

The details of the newly created security group, including its ID, name, and settings.

activeMembers -> (integer) [required]

The number of active user members currently in the security group.

botMembers -> (integer) [required]

The number of bot members currently in the security group.

activeDirectoryGuid -> (string)

The GUID of the Active Directory group associated with this security group, if synchronized with LDAP.

Constraints:

  • pattern: [\S\s]*

id -> (string) [required]

The unique identifier of the security group.

Constraints:

  • pattern: [\S\s]*

isDefault -> (boolean) [required]

Indicates whether this is the default security group for the network. Each network has only one default group.

name -> (string) [required]

The human-readable name of the security group.

Constraints:

  • pattern: [\S\s]*

modified -> (integer) [required]

The timestamp when the security group was last modified, specified in epoch seconds.

securityGroupSettings -> (structure) [required]

The comprehensive configuration settings that define capabilities and restrictions for members of this security group.

alwaysReauthenticate -> (boolean)

Requires users to reauthenticate every time they return to the application, providing an additional layer of security.

atakPackageValues -> (list)

Configuration values for ATAK (Android Team Awareness Kit) package integration, when ATAK is enabled.

(string)

Constraints:

  • pattern: [\S\s]*

calling -> (structure)

The calling feature permissions and settings that control what types of calls users can initiate and participate in.

canStart11Call -> (boolean)

Specifies whether users can start one-to-one calls.

canVideoCall -> (boolean)

Specifies whether users can make video calls (as opposed to audio-only calls). Valid only when audio call(canStart11Call) is enabled.

forceTcpCall -> (boolean)

When enabled, forces all calls to use TCP protocol instead of UDP for network traversal.

checkForUpdates -> (boolean)

Enables automatic checking for Wickr client updates to ensure users stay current with the latest version.

enableAtak -> (boolean)

Enables ATAK (Android Team Awareness Kit) integration for tactical communication and situational awareness.

enableCrashReports -> (boolean)

Allow users to report crashes.

enableFileDownload -> (boolean)

Specifies whether users can download files from messages to their devices.

enableGuestFederation -> (boolean)

Allows users to communicate with guest users from other Wickr networks and federated external networks.

enableNotificationPreview -> (boolean)

Enables message preview text in push notifications, allowing users to see message content before opening the app.

enableOpenAccessOption -> (boolean)

Allow users to avoid censorship when they are geo-blocked or have network limitations.

enableRestrictedGlobalFederation -> (boolean)

Enables restricted global federation, limiting external communication to only specified permitted networks.

filesEnabled -> (boolean)

Enables file sharing capabilities, allowing users to send and receive files in conversations.

forceDeviceLockout -> (integer)

Defines the number of failed login attempts before data stored on the device is reset. Should be less than lockoutThreshold.

forceOpenAccess -> (boolean)

Automatically enable and enforce Wickr open access on all devices. Valid only if enableOpenAccessOption settings is enabled.

forceReadReceipts -> (boolean)

Allow user approved bots to read messages in rooms without using a slash command.

globalFederation -> (boolean)

Allows users to communicate with users on other Wickr instances (Wickr Enterprise) outside the current network.

isAtoEnabled -> (boolean)

Enforces a two-factor authentication when a user adds a new device to their account.

isLinkPreviewEnabled -> (boolean)

Enables automatic preview of links shared in messages, showing webpage thumbnails and descriptions.

locationAllowMaps -> (boolean)

Allows map integration in location sharing, enabling users to view shared locations on interactive maps. Only allowed when location setting is enabled.

locationEnabled -> (boolean)

Enables location sharing features, allowing users to share their current location with others.

maxAutoDownloadSize -> (long)

The maximum file size in bytes that will be automatically downloaded without user confirmation. Only allowed if fileDownload is enabled. Valid Values [512000 (low_quality), 7340032 (high_quality) ]

maxBor -> (integer)

The maximum burn-on-read (BOR) time in seconds, which determines how long messages remain visible before auto-deletion after being read.

maxTtl -> (long)

The maximum time-to-live (TTL) in seconds for messages, after which they will be automatically deleted from all devices.

messageForwardingEnabled -> (boolean)

Enables message forwarding, allowing users to forward messages from one conversation to another.

passwordRequirements -> (structure)

The password complexity requirements that users must follow when creating or changing passwords.

lowercase -> (integer)

The minimum number of lowercase letters required in passwords.

minLength -> (integer)

The minimum password length in characters.

numbers -> (integer)

The minimum number of numeric characters required in passwords.

symbols -> (integer)

The minimum number of special symbol characters required in passwords.

uppercase -> (integer)

The minimum number of uppercase letters required in passwords.

presenceEnabled -> (boolean)

Enables presence indicators that show whether users are online, away, or offline.

quickResponses -> (list)

A list of pre-defined quick response message templates that users can send with a single tap.

(string)

Constraints:

  • pattern: [\S\s]*

showMasterRecoveryKey -> (boolean)

Users will get a master recovery key that can be used to securely sign in to their Wickr account without having access to their primary device for authentication. Available in SSO enabled network.

shredder -> (structure)

The message shredder configuration that controls secure deletion of messages and files from devices.

canProcessManually -> (boolean)

Specifies whether users can manually trigger the shredder to delete content.

intensity -> (integer)

Prevents Wickr data from being recovered by overwriting deleted Wickr data. Valid Values: Must be one of [0, 20, 60, 100]

ssoMaxIdleMinutes -> (integer)

The duration for which users SSO session remains inactive before automatically logging them out for security. Available in SSO enabled network.

federationMode -> (integer)

The local federation mode controlling how users can communicate with other networks. Values: 0 (none), 1 (federated), 2 (restricted).

lockoutThreshold -> (integer)

The number of failed password attempts before a user account is locked out.

permittedNetworks -> (list)

A list of network IDs that are permitted for local federation when federation mode is set to restricted.

(string)

Constraints:

  • min: 8
  • max: 8
  • pattern: [0-9]{8}

permittedWickrAwsNetworks -> (list)

A list of permitted Wickr networks for global federation, restricting communication to specific approved networks.

(structure)

Identifies a Amazon Web Services Wickr network by region and network ID, used for configuring permitted networks for global federation.

region -> (string) [required]

The Amazon Web Services region identifier where the network is hosted (e.g., ‘us-east-1’).

Constraints:

  • pattern: [\S\s]*

networkId -> (string) [required]

The network ID of the Wickr Amazon Web Services network.

Constraints:

  • min: 8
  • max: 8
  • pattern: [0-9]{8}

permittedWickrEnterpriseNetworks -> (list)

A list of permitted Wickr Enterprise networks for global federation, restricting communication to specific approved networks.

(structure)

Identifies a Wickr enterprise network that is permitted for global federation, allowing users to communicate with members of the specified network.

domain -> (string) [required]

The domain identifier for the permitted Wickr enterprise network.

Constraints:

  • pattern: [\S\s]*

networkId -> (string) [required]

The network ID of the permitted Wickr enterprise network.

Constraints:

  • min: 8
  • max: 8
  • pattern: [0-9]{8}
© Copyright 2025, Amazon Web Services. Created using Sphinx.