Tracking what is using a security group


Hello, I am still at trying to clean up AWS account, and am needing some advice.

In AWS - EC2 - Security Groups - I have several critical vulnerabilities there, and in lieu of just nixing the issues, as im SURE it will blow something up, how do I find what function(s) are using this security group. So I can chase it back to its roots, see if they can be safely removed, or changed so the security value that is a vulnerability can be removed. THANKS

4 Answers

Check out this document. You can do it via the console as shown in the document or via the CLI:

aws ec2 describe-network-interfaces --filters Name=group-id,Values=<group-id> --region <region> --output json

Hope this helps

answered 2 years ago
  • Unfortunately this will only catch resources in the current account, but if you have VPC peering you could have SG in a different account referencing it. You should loop on every account having a peering in fact.


Hello @BigD63

We answered your question in the latest episode of AWS Supports You. Please take a look at the YouTube video here, and we hope it helps answer your question!

Please don't hesitate to comment here if you have any follow up questions. If this helped to answer your question, please make sure to mark this question as answered.

Have a great day!

profile pictureAWS
answered 2 years ago

This will definitely show you all the resources your security group is associate with aws ec2 describe-network-interfaces --filters Name=group-id,Values=<group-id> --region <region> --output json --query 'NetworkInterfaces'

profile pictureAWS
answered a year ago

Hey, does checking into network interfaces cover all cases? or there might be some cases further left and we end up deleting the wrong one. Couple of things on top of my head

  1. What if a security group is referenced by another security group but not there in a network interface
  2. What if security group is used by another account?

there might be other cases ,how can we make sure that these cases are also handled or am i just being too much paranoid?


answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions