How can I find the resources associated with an Amazon EC2 security group?

Last updated: 2019-07-09

I'm using Amazon Elastic Compute Cloud (Amazon EC2) security groups, and I need to determine which resources are using a particular security group. How can I find the resources associated with an Amazon EC2 security group?

Resolution

Method 1: Use the AWS Management Console

1.    Open the Amazon EC2 console.

2.    In the navigation pane, choose Security Groups.

3.    Copy the security group ID of the security group you're investigating.

4.    In the navigation pane, choose Network Interfaces.

5.    Paste the security group ID in the search bar.

Note: Be sure that you're searching in the same Region where your security group is located.

6.    Review the search results.

Search results show the network interfaces associated with the security group. Check the description of the network interface to determine the resource that's associated with the security group. For example, ELB app/example-alb/1234567890abcdef indicates that an Application Load Balancer with the name example-alb is using this security group.

If you receive a No Network Interfaces found matching your filter criteria message, there are no resources associated with the security group.

Method 2: Use the AWS CLI

1.    Run the following command in AWS Command Line Interface (AWS CLI) to find network interfaces associated with a security group based on the security group ID.

aws ec2 describe-network-interfaces --filters Name=group-id,Values=<group-id> --region <region> --output json

The output of the command above shows the network interfaces associated with the security group.

2.    Review the output.

If the output is empty like the example below, then there are no resources associated with the security group.

{
    "NetworkInterfaces": []
}

If the output contains results, you can find more information about the resources associated with the security group using the following command.

aws ec2 describe-network-interfaces --filters Name=group-id,Values=<group-id> --region <region> --output json --query 'NetworkInterfaces[*]'.['NetworkInterfaceId','Description','PrivateIpAddress','VpcId']

Did this article help you?

Anything we could improve?


Need more help?