I use Amazon Elastic Compute Cloud (Amazon EC2) security groups and I want to determine the resources that use a particular security group.
Resolution
Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.
Use the AWS Management Console
Complete the following steps:
- Open the Amazon EC2 console.
- In the navigation pane, choose Security Groups.
- Copy the security group ID of the security group that you want to investigate.
- In the navigation pane, choose Network Interfaces.
- Paste the security group ID in the search bar.
Note: Make sure that you search in the same AWS Region where your security group is located.
- Review the search results.
Search results show the network interfaces associated with the security group. To determine the resource that's associated with the security group, check the description of the network interface. For example, ELB app/example-alb/1234567890abcdef shows that an Application Load Balancer with the name example-alb is using this security group.
If you receive a "No Network Interfaces found matching your filter criteria" message, then there are no resources associated with the security group.
Use the AWS CLI
To find network interfaces associated with a security group based on the security group ID, run the describe-network-interfaces AWS CLI command:
aws ec2 describe-network-interfaces --filters Name=group-id,Values=group-id --region region --output json
The output shows the network interfaces associated with the security group.
If the output is empty similar to the following example, then there are no resources associated with the security group:
{ "NetworkInterfaces": []
}
If the output contains results, then run the describe-network-interfaces AWS CLI command with your NetworkInterfaces value:
aws ec2 describe-network-interfaces --filters Name=group-id,Values=group-id --region region --output json --query "NetworkInterfaces[*].[NetworkInterfaceId,Description,PrivateIpAddress,VpcId]"
The output provides information about the resources associated with the security group.
Related information
Control traffic to your AWS resources using security groups
Client-side filtering