- Newest
- Most votes
- Most comments
To export security group inbound/outbound rules using the AWS command line, you can use the describe-security-groups
command with some additional options to format the output. Here's an improved approach:
- For a specific security group using its ID:
aws ec2 describe-security-groups --group-ids sg-1234567890abcdef0 --query 'SecurityGroups[*].[GroupName,GroupId,Description,IpPermissions,IpPermissionsEgress]' --output table
Replace sg-1234567890abcdef0
with your actual security group ID.
- To exclude tags and get a more readable output, you can use the
--query
parameter to specify exactly what you want to see:
aws ec2 describe-security-groups --group-ids sg-1234567890abcdef0 --query 'SecurityGroups[*].[GroupName,GroupId,Description,IpPermissions[*].[IpProtocol,FromPort,ToPort,IpRanges[*].CidrIp],IpPermissionsEgress[*].[IpProtocol,FromPort,ToPort,IpRanges[*].CidrIp]]' --output table
This will give you a table format output with the group name, ID, description, and both inbound and outbound rules.
Regarding the issue with --group-names
, this parameter is only supported for EC2-Classic. For VPC security groups, you must use the --group-ids
parameter. If you want to use the group name, you'll need to first query for the group ID using the name, then use that ID in the describe-security-groups
command.
To get the group ID from the name:
aws ec2 describe-security-groups --filters "Name=group-name,Values=your-group-name" --query "SecurityGroups[*].GroupId" --output text
You can then use this ID in the previous commands.
Unfortunately, there isn't an official AWS CLI testing environment available online. However, you can set up a sandbox environment on your local machine or use AWS CloudShell, which provides a browser-based shell with AWS CLI pre-installed.
To export to CSV, you can pipe the output to a file:
aws ec2 describe-security-groups --group-ids sg-1234567890abcdef0 --query 'SecurityGroups[*].[GroupName,GroupId,Description,IpPermissions[*].[IpProtocol,FromPort,ToPort,IpRanges[*].CidrIp],IpPermissionsEgress[*].[IpProtocol,FromPort,ToPort,IpRanges[*].CidrIp]]' --output json | jq -r '.[] | @csv' > security_group_rules.csv
This command uses jq
to convert the JSON output to CSV format. Make sure you have jq
installed on your system.
Sources
describe-security-group-rules — AWS CLI 2.19.1 Command Reference
Use DescribeSecurityGroups with an AWS SDK or CLI - AWS SDK Code Examples
Use DescribeSecurityGroups with an AWS SDK or CLI - Amazon Elastic Compute Cloud
When using the --group-names
this ONLY works in the default VPC. You have to use Security group ID's for any other VPCs I am afraid.
--group-names (list)
[Default VPC] The names of the security groups. You can specify either the security group name or the security group ID.
--group-ids (list)
The IDs of the security groups. Required for security groups in a nondefault VPC.
https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-security-groups.html
Relevant content
- asked a year ago
- Accepted Answerasked 6 months ago
- asked 22 days ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 8 months ago