Boto3: How can I set Security Group Ids to default?

Question

I am trying to set security group ids while creating an EC2 instance. If I have a specific security group Id list, I can do this:

boto3.resource(resource, region_name=self.region)
ec2 = self.resource

instances = ec2.create_instances(
        ImageId=image_id,
        MinCount=minCount,
        MaxCount=maxCount,
        InstanceType=instance_type,
        SubnetId=subnet_id,
        KeyName=key_pair,                
        SecurityGroupIds=security_groups)

If I don't have the security group ids I'd like to use a default security group ids that get associated to launch-wizard-# security group if I don't pass SecurityGroupIds argument in ec2.create_instances. Is there a way to pass something to SecurityGroupIds argument that tells boto3 to use default security group Id? More specifically:

instances = ec2.create_instances(
            ImageId=image_id,
            MinCount=minCount,
            MaxCount=maxCount,
            InstanceType=instance_type,
            SubnetId=subnet_id,
            KeyName=key_pair,                
            SecurityGroupIds= <"What do I pass here so that boto3 takes in defaults?">)

So that I get the same behavior as below (using the previous code snippet):

instances = ec2.create_instances(
                 ImageId=image_id,
                 MinCount=minCount,
                 MaxCount=maxCount,
                 InstanceType=instance_type,
                 SubnetId=subnet_id,
                 KeyName=key_pair)

Answer 1

Those launch-wizard-# SGs are created by the console launch wizard, they are not "default" in any way.

On the other hand each VPC has a default SG that can be assigned to instances, however it's not very useful. E.g. it doesn't permit inbound access from outside.

I recommend against relying on any implicit defaults. Better create a new SG in your boto3 script before creating the instance and then assign it to the instance.

See Working with Security Groups in boto3 for details.