HEX
Server: Apache/2.4.41 (Ubuntu)
System: Linux ip-172-31-42-149 5.15.0-1084-aws #91~20.04.1-Ubuntu SMP Fri May 2 07:00:04 UTC 2025 aarch64
User: ubuntu (1000)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
Upload Files
File: //usr/local/aws-cli/v2/current/current/dist/awscli/examples/ec2/describe-security-groups.rst
**Example 1: To describe a security group**

The following ``describe-security-groups`` example describes the specified security group. ::

    aws ec2 describe-security-groups \
        --group-ids sg-903004f8

Output::

    {
        "SecurityGroups": [
            {
                "IpPermissionsEgress": [
                    {
                        "IpProtocol": "-1",
                        "IpRanges": [
                            {
                                "CidrIp": "0.0.0.0/0"
                            }
                        ],
                        "UserIdGroupPairs": [],
                        "PrefixListIds": []
                    }
                ],
                "Description": "My security group",
                "Tags": [
                    {
                        "Value": "SG1", 
                        "Key": "Name"
                    }
                ], 
                "IpPermissions": [
                    {
                        "IpProtocol": "-1", 
                        "IpRanges": [], 
                        "UserIdGroupPairs": [
                            {
                                "UserId": "123456789012", 
                                "GroupId": "sg-903004f8"
                            }
                        ], 
                        "PrefixListIds": []
                    },
                    {
                        "PrefixListIds": [], 
                        "FromPort": 22, 
                        "IpRanges": [
                            {
                                "Description": "Access from NY office",
                                "CidrIp": "203.0.113.0/24"
                            }
                        ], 
                        "ToPort": 22, 
                        "IpProtocol": "tcp", 
                        "UserIdGroupPairs": []
                        }
                ],
                "GroupName": "MySecurityGroup",
                "VpcId": "vpc-1a2b3c4d",
                "OwnerId": "123456789012",
                "GroupId": "sg-903004f8",
            }
        ]
    }

**Example 2: To describe security groups that have specific rules**

The following ``describe-security-groups``example uses filters to scope the results to security groups that have a rule that allows SSH traffic (port 22) and a rule that allows traffic from all addresses (``0.0.0.0/0``). The example uses the ``--query`` parameter to display only the names of the security groups. Security groups must match all filters to be returned in the results; however, a single rule does not have to match all filters. For example, the output returns a security group with a rule that allows SSH traffic from a specific IP address and another rule that allows HTTP traffic from all addresses. ::

    aws ec2 describe-security-groups \
        --filters Name=ip-permission.from-port,Values=22 Name=ip-permission.to-port,Values=22 Name=ip-permission.cidr,Values='0.0.0.0/0' \
        --query "SecurityGroups[*].[GroupName]" \
        --output text

Output::

    default
    my-security-group
    web-servers
    launch-wizard-1

**Example 3: To describe security groups based on tags**

The following ``describe-security-groups`` example uses filters to scope the results to security groups that include ``test`` in the security group name, and that have the tag ``Test=To-delete``. The example uses the ``--query`` parameter to display only the names and IDs of the security groups. ::

    aws ec2 describe-security-groups \
        --filters Name=group-name,Values=*test* Name=tag:Test,Values=To-delete \
        --query "SecurityGroups[*].{Name:GroupName,ID:GroupId}"
  
Output::

    [
        {
            "Name": "testfornewinstance", 
            "ID": "sg-33bb22aa"
        }, 
        {
            "Name": "newgrouptest", 
            "ID": "sg-1a2b3c4d"
        }
    ]

For additional examples using tag filters, see `Working with tags <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#Using_Tags_CLI>`__ in the *Amazon EC2 User Guide*.