Getting Information About Your Security Groups
You can get information about one or more security groups and the rules they contain.
Information about your security groups is also available from within the associated instances themselves. For more information, see Accessing the Metadata and User Data of an Instance.
Getting Information About Your Security Groups Using Cockpit v2-beta
|
See the Security Groups dashboard. |
Getting Information About Your Security Groups Using OSC CLI
|
See the ReadSecurityGroups command sample in the documentation of the OUTSCALE API. |
Getting Information About Your Security Groups Using AWS CLI
To get information about one or more security groups, use the describe-security-groups command following this syntax:
$ aws ec2 describe-security-groups \
--profile YOUR_PROFILE \
--group-names my-security-groups \
--group-ids sg-12345678 \
[--filter NOT_SPECIFIED] \
--endpoint https://fcu.eu-west-2.outscale.comThis command contains the following attributes that you need to specify:
-
(optional)
profile: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI. -
(optional)
group-names: The name of one or more security groups, if you are in the public Cloud. If you are in a VPC, use thegroup-namefilter instead. -
(optional)
group-ids: The ID of one or more security groups, that you must specify if you are in a VPC. If the ID is invalid or does not exist, returns an error. -
(optional)
filters: One or more filters. The following filters are available:-
description: The description of the security group. -
egress.ip-permission.prefix-list-id: The prefix ID of the service to which the security group allows access. -
group-id: The ID of the security group. -
group-name: The name of the security group. -
ip-permission.cidr: An IP or a range of IPs that have been granted permission, in CIDR notation. -
ip-permission.from-port: The beginning of the port range for the TCP and UDP protocols, or an ICMP type number (-1to indicate all ICMP types). -
ip-permission.group-id: The ID of a security group that has been granted permission. -
ip-permission.group-name: The name of a security group that has been granted permission. -
ip-permission.protocol: The IP protocol for the permission (tcp|udp|icmp, or-1for all protocols). -
ip-permission.to-port: The end of the port range for the TCP and UDP protocols, or an ICMP code. -
ip-permission.user-id: The account ID of a user that has been granted permission. -
owner-id: The account ID of the owner of the security group. -
tag-key: The key of a tag associated with the resource. -
tag-value: The value of a tag associated with the resource. -
tag:XXXX: The value of a tag associated with the resource, whereXXXXis the key of the tag.To filter a tag whose key is
XXXXand value isYYYY, you can therefore use either of the following two formats:-
--filters Name=tag-key,Values=XXXX Name=tag-value,Values=YYYY -
--filters Name=tag:XXXX,Values=YYYY
-
-
vpc-id: The ID of the VPC specified when the security group was created.
-
-
endpoint: The endpoint corresponding to the Region you want to send the request to.
The describe-security-groups command returns the following elements:
-
SecurityGroups: Information about one or more security groups. This element contains the following information:-
(VPC only)
IpPermissionsEgress: Information about one or more outbound rules contained in the security group. This element contains the same information as theIpPermissionsone. -
Description: The description of the security group. -
Tags: One or more tags associated with the security group. This element contains the following information:-
Value: The value of the tag. -
Key: The key of the tag.
-
-
Ip-permissions: A set of permissions. This element contains the following information:-
IpProtocol: The protocol you want to use (tcp|udp|icmp, or-1for all protocols). -
FromPort: The beginning of the port range for the TCP and UDP protocols, or an ICMP type number (-1to indicate all ICMP types). -
ToPort: The end of port range for the TCP and UDP protocols, or an ICMP code number (-1to indicate all ICMP codes). -
UserIdGroupPairs: Information about one or more accounts and security groups referenced in rules. This element contains the following information:-
UserId: The account ID of the owner of the referenced security group. -
GroupName: The name of the referenced security group. -
GroupId: The ID of the referenced security group.
-
-
-
GroupName: The name of the security group. -
(VPC only)
VpcId: The ID of the VPC the security group is allocated to. -
OwnerId: The account ID of the owner of the security group. -
GroupId: The ID of the security group.
-
{
"SecurityGroups": [
{
"IpPermissionsEgress": [],
"Description": "my_security_group",
"Tags": [
{
"Value": "SG1",
"Key": "Name"
}
],
"IpPermissions": [
{
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
"UserIdGroupPairs": [
{
"UserId": "987654321000",
"GroupId": "sg-1234abcd",
"GroupName":
}
],
"PrefixListIds": []
"FromPort": 22,
"ToPort": 22,
],
"GroupName": "MySecurityGroup",
"VpcId": "vpc-87654321",
"OwnerId": "123456789000",
"GroupId": "sg-12345678",
}
]
}Related Pages
Corresponding API Methods
AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.