For the most recent update on ongoing service disruptions affecting the AWS Middle East (UAE) Region (ME-CENTRAL-1), refer to the AWS Health Dashboard. For information on AWS Service migration, see How do I migrate my services to another region?
How do I find the resources associated with an Amazon EC2 security group?
I use Amazon Elastic Compute Cloud (Amazon EC2) security groups and I want to determine the resources that use a particular security group.
Resolution
Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.
Important: The following resolution only applies to services that have elastic network interfaces actively deployed. The following resolution doesn't work for services where you configured security groups but didn't directly deploy network interfaces.
Use the EC2 console
Complete the following steps:
-
Open the Amazon EC2 console.
-
In the navigation pane, choose Security Groups.
-
Copy the security group ID of the security group that you want to investigate.
-
In the navigation pane, choose Network Interfaces.
-
Enter the security group ID in the search bar.
Note: Make sure that you search in the AWS Region where your security group is located.
-
Review the search results.
Search results show the network interfaces that are associated with the security group. To determine the resource that's associated with the security group, check the description of the network interface. For example, ELB app/example-alb/1234567890abcdef shows that an Application Load Balancer with the name example-alb uses this security group.
If you receive a "No Network Interfaces found matching your filter criteria" message, then there are no resources associated with the security group.
Use the AWS CLI
To find network interfaces that are associated with a security group based on the security group ID, run the describe-network-interfaces AWS CLI command:
aws ec2 describe-network-interfaces --filters Name=group-id,Values=your-group-id --region region --output json
Note: Replace your-group-id with your security group ID. Replace region with your Region.
The output lists the network interfaces that are associated with the security group.
If the output is empty, then there are no resources associated with the security group.
Example output:
{ "NetworkInterfaces": [] }
If the output contains results, then run the describe-network-interfaces AWS CLI command with your NetworkInterfaces value:
aws ec2 describe-network-interfaces --filters Name=group-id,Values=group-id --region region --output json --query "NetworkInterfaces[*].[NetworkInterfaceId,Description,PrivateIpAddress,VpcId]"
The output gives you information about the resources that are associated with the security group.
Related information
- Language
- English
This is not enough. A SG can be also mentioned in other SGs.
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
this doesn't show you if used by eks ingress
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
As others have mentioned, the answer is not exhaustive. The Security Group may be used by RDS. Would be great if AWS could provide a way of showing any and all resources used by a Security Group, not just EC2 Network Interfaces.
Relevant content
- asked 3 years ago
- asked 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 10 months ago
