How can I find the resources associated with an Amazon EC2 security group?

2 minute read
3

I'm using Amazon Elastic Compute Cloud (Amazon EC2) security groups and I need to determine which resources are using a particular security group. How can I find the resources associated with an Amazon EC2 security group?

Resolution

Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you’re running a recent version of the AWS CLI.

Method 1: Use the AWS Management Console

1.    Open the Amazon EC2 console.

2.    In the navigation pane, choose Security Groups.

3.    Copy the security group ID of the security group that you're investigating.

4.    In the navigation pane, choose Network Interfaces.

5.    Paste the security group ID in the search bar.

Note: Be sure that you're searching in the same Region where your security group is located.

6.    Review the search results.

Search results show the network interfaces associated with the security group. Check the description of the network interface to determine the resource that's associated with the security group. For example, ELB app/example-alb/1234567890abcdef indicates that an Application Load Balancer with the name example-alb is using this security group.

If you receive a No Network Interfaces found matching your filter criteria message, then there are no resources associated with the security group.

Method 2: Use the AWS CLI

1.    Run the following command in the AWS CLI to find network interfaces associated with a security group based on the security group ID:

aws ec2 describe-network-interfaces --filters Name=group-id,Values=<group-id> --region <region> --output json

The output of this command shows the network interfaces associated with the security group.

2.    Review the output.

If the output is empty similar to this example, then there are no resources associated with the security group:

{
    "NetworkInterfaces": []
}

If the output contains results, then use this command to find more information about the resources associated with the security group:

aws ec2 describe-network-interfaces --filters Name=group-id,Values=<group-id> --region <region> --output json --query "NetworkInterfaces[*].[NetworkInterfaceId,Description,PrivateIpAddress,VpcId]"

Related information

Control traffic to resources using security groups

Client-side filtering

AWS OFFICIAL
AWS OFFICIALUpdated a year ago
2 Comments

This is not enough. A SG can be also mentioned in other SGs.

EnzoR
replied 17 days ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
replied 17 days ago