Getting Information About Your Security Groups

You can get information about one or more security groups and the rules they contain.

Information about your security groups is also available from within the associated virtual machines (VMs) themselves. For more information, see Accessing the Metadata and User Data of a VM.

Getting Information About Your Security Groups Using Cockpit v2

See the Security Groups dashboard.

Getting Information About Your Security Groups Using OSC CLI

The ReadSecurityGroups command lists one or more security groups.
You can specify either the name of the security groups or their IDs.

Request sample
$ osc-cli api ReadSecurityGroups --profile "default" \
    --Filters '{
        "SecurityGroupIds": ["sg-12345678"],
      }'
Request sample
$ osc-cli api ReadSecurityGroups --profile "default" \
    --Filters '{
        "InboundRuleIpRanges": ["192.0.2.0"],
      }'

This command contains the following attributes that you need to specify:

  • DryRun: (optional) If true, checks whether you have the required permissions to perform the action.

  • Filters: (optional) One or more filters.

The ReadSecurityGroups command returns the following elements:

  • ResponseContext: Information about the context of the response.

  • SecurityGroups: Information about one or more security groups.

Result sample
{
  "SecurityGroups": [
    {
      "Tags": [],
      "SecurityGroupName": "security-group-example",
      "OutboundRules": [
        {
          "FromPortRange": -1,
          "IpProtocol": "-1",
          "ToPortRange": -1,
          "IpRanges": [
            "0.0.0.0/0"
          ]
        }
      ],
      "SecurityGroupId": "sg-12345678",
      "AccountId": "123456789012",
      "Description": "Example of security group",
      "InboundRules": [
        {
          "FromPortRange": 22,
          "IpProtocol": "tcp",
          "ToPortRange": 22,
          "IpRanges": [
            "192.0.2.0",
            "198.51.100.0"
          ]
        }
      ],
      "NetId": "vpc-12345678"
    }
  ],
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  }
}

Getting Information About Your Security Groups Using AWS CLI

To get information about one or more security groups, use the describe-security-groups command following this syntax:

Request sample
$ aws ec2 describe-security-groups \
    --profile YOUR_PROFILE \
    --group-names my-security-groups \
    --group-ids sg-12345678 \
    [--filter NOT_SPECIFIED] \
    --endpoint https://fcu.eu-west-2.outscale.com

This command contains the following attributes that you need to specify:

  • (optional) profile: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI.

  • (optional) group-names: The name of one or more security groups, if you are in the public Cloud. If you are in a VPC, use the group-name filter instead.

  • (optional) group-ids: The ID of one or more security groups, that you must specify if you are in a VPC. If the ID is invalid or does not exist, returns an error.

  • (optional) filters: One or more filters. The following filters are available:

    • description: The description of the security group.

    • egress.ip-permission.prefix-list-id: The prefix ID of the service to which the security group allows access.

    • group-id: The ID of the security group.

    • group-name: The name of the security group.

    • ip-permission.cidr: An IP or a range of IPs that have been granted permission, in CIDR notation.

    • ip-permission.from-port: The beginning of the port range for the TCP and UDP protocols, or an ICMP type number (-1 to indicate all ICMP types).

    • ip-permission.group-id: The ID of a security group that has been granted permission.

    • ip-permission.group-name: The name of a security group that has been granted permission.

    • ip-permission.protocol: The IP protocol for the permission (tcp | udp | icmp, or -1 for all protocols).

    • ip-permission.to-port: The end of the port range for the TCP and UDP protocols, or an ICMP code.

    • ip-permission.user-id: The account ID that has been granted permission.

    • owner-id: The account ID of the owner of the security group.

    • tag-key: The key of a tag associated with the resource.

    • tag-value: The value of a tag associated with the resource.

    • tag:XXXX: The value of a tag associated with the resource, where XXXX is the key of the tag.

      To filter a tag whose key is XXXX and value is YYYY, you can therefore use either of the following two formats:

      • --filters Name=tag-key,Values=XXXX Name=tag-value,Values=YYYY

      • --filters Name=tag:XXXX,Values=YYYY

    • vpc-id: The ID of the VPC specified when the security group was created.

  • endpoint: The endpoint corresponding to the Region you want to send the request to.

The describe-security-groups command returns the following elements:

  • SecurityGroups: Information about one or more security groups. This element contains the following information:

    • (VPC only) IpPermissionsEgress: Information about one or more outbound rules contained in the security group. This element contains the same information as the IpPermissions one.

    • Description: The description of the security group.

    • Tags: One or more tags associated with the security group. This element contains the following information:

      • Value: The value of the tag.

      • Key: The key of the tag.

    • Ip-permissions: A set of permissions. This element contains the following information:

      • IpProtocol: The protocol you want to use (tcp | udp | icmp, or -1 for all protocols).

      • FromPort: The beginning of the port range for the TCP and UDP protocols, or an ICMP type number (-1 to indicate all ICMP types).

      • ToPort: The end of port range for the TCP and UDP protocols, or an ICMP code number (-1 to indicate all ICMP codes).

      • UserIdGroupPairs: Information about one or more accounts and security groups referenced in rules. This element contains the following information:

        • UserId: The account ID of the owner of the referenced security group.

        • GroupName: The name of the referenced security group.

        • GroupId: The ID of the referenced security group.

    • GroupName: The name of the security group.

    • (VPC only) VpcId: The ID of the VPC the security group is allocated to.

    • OwnerId: The account ID of the owner of the security group.

    • GroupId: The ID of the security group.

Result sample
 {
    "SecurityGroups": [
        {
            "IpPermissionsEgress": [],
            "Description": "my_security_group",
            "Tags": [
                {
                    "Value": "SG1",
                    "Key": "Name"
                 }
            ],
           "IpPermissions": [
                {
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    "UserIdGroupPairs": [
                        {
                             "UserId": "987654321000",
                             "GroupId": "sg-1234abcd",
                             "GroupName":
                        }
                    ],
                    "PrefixListIds": []
                    "FromPort": 22,
                    "ToPort": 22,
              ],
           "GroupName": "MySecurityGroup",
           "VpcId": "vpc-87654321",
           "OwnerId": "123456789000",
           "GroupId": "sg-12345678",
        }
    ]
}

Related Pages

Corresponding API Methods

AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.

Export to PDF