Getting Information About Your Security Groups
You can get information about one or more security groups and the rules they contain.
Information about your security groups is also available from within the associated virtual machines (VMs) themselves. For more information, see Accessing the Metadata and User Data of a VM.
Getting Information About Your Security Groups Using OSC CLI
See the ReadSecurityGroups command sample in the documentation of the OUTSCALE API. |
Getting Information About Your Security Groups Using AWS CLI
To get information about one or more security groups, use the describe-security-groups command following this syntax:
$ aws ec2 describe-security-groups \
--profile YOUR_PROFILE \
--group-names my-security-groups \
--group-ids sg-12345678 \
[--filter NOT_SPECIFIED] \
--endpoint https://fcu.eu-west-2.outscale.com
This command contains the following attributes that you need to specify:
-
(optional)
profile
: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI. -
(optional)
group-names
: The name of one or more security groups, if you are in the public Cloud. If you are in a VPC, use thegroup-name
filter instead. -
(optional)
group-ids
: The ID of one or more security groups, that you must specify if you are in a VPC. If the ID is invalid or does not exist, returns an error. -
(optional)
filters
: One or more filters. The following filters are available:-
description
: The description of the security group. -
egress.ip-permission.prefix-list-id
: The prefix ID of the service to which the security group allows access. -
group-id
: The ID of the security group. -
group-name
: The name of the security group. -
ip-permission.cidr
: An IP or a range of IPs that have been granted permission, in CIDR notation. -
ip-permission.from-port
: The beginning of the port range for the TCP and UDP protocols, or an ICMP type number (-1
to indicate all ICMP types). -
ip-permission.group-id
: The ID of a security group that has been granted permission. -
ip-permission.group-name
: The name of a security group that has been granted permission. -
ip-permission.protocol
: The IP protocol for the permission (tcp
|udp
|icmp
, or-1
for all protocols). -
ip-permission.to-port
: The end of the port range for the TCP and UDP protocols, or an ICMP code. -
ip-permission.user-id
: The account ID that has been granted permission. -
owner-id
: The account ID of the owner of the security group. -
tag-key
: The key of a tag associated with the resource. -
tag-value
: The value of a tag associated with the resource. -
tag:XXXX
: The value of a tag associated with the resource, whereXXXX
is the key of the tag.To filter a tag whose key is
XXXX
and value isYYYY
, you can therefore use either of the following two formats:-
--filters Name=tag-key,Values=XXXX Name=tag-value,Values=YYYY
-
--filters Name=tag:XXXX,Values=YYYY
-
-
vpc-id
: The ID of the VPC specified when the security group was created.
-
-
endpoint
: The endpoint corresponding to the Region you want to send the request to.
The describe-security-groups command returns the following elements:
-
SecurityGroups
: Information about one or more security groups. This element contains the following information:-
(VPC only)
IpPermissionsEgress
: Information about one or more outbound rules contained in the security group. This element contains the same information as theIpPermissions
one. -
Description
: The description of the security group. -
Tags
: One or more tags associated with the security group. This element contains the following information:-
Value
: The value of the tag. -
Key
: The key of the tag.
-
-
Ip-permissions
: A set of permissions. This element contains the following information:-
IpProtocol
: The protocol you want to use (tcp
|udp
|icmp
, or-1
for all protocols). -
FromPort
: The beginning of the port range for the TCP and UDP protocols, or an ICMP type number (-1
to indicate all ICMP types). -
ToPort
: The end of port range for the TCP and UDP protocols, or an ICMP code number (-1
to indicate all ICMP codes). -
UserIdGroupPairs
: Information about one or more accounts and security groups referenced in rules. This element contains the following information:-
UserId
: The account ID of the owner of the referenced security group. -
GroupName
: The name of the referenced security group. -
GroupId
: The ID of the referenced security group.
-
-
-
GroupName
: The name of the security group. -
(VPC only)
VpcId
: The ID of the VPC the security group is allocated to. -
OwnerId
: The account ID of the owner of the security group. -
GroupId
: The ID of the security group.
-
{
"SecurityGroups": [
{
"IpPermissionsEgress": [],
"Description": "my_security_group",
"Tags": [
{
"Value": "SG1",
"Key": "Name"
}
],
"IpPermissions": [
{
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
"UserIdGroupPairs": [
{
"UserId": "987654321000",
"GroupId": "sg-1234abcd",
"GroupName":
}
],
"PrefixListIds": []
"FromPort": 22,
"ToPort": 22,
],
"GroupName": "MySecurityGroup",
"VpcId": "vpc-87654321",
"OwnerId": "123456789000",
"GroupId": "sg-12345678",
}
]
}
Related Pages
Corresponding API Methods
AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.