Search code examples
amazon-web-servicesaws-security-group

How to find all the resources attached to an AWS Security Group

I found a security group with all traffic allowed from 0.0.0.0 and I want to know all the resources that are using this security group.

Is there any AWS CLI command for this or should I go through each resource to see if this security group is attached?

Solution

  • Method 1: Use the AWS Management Console

    Select you region in which resources are located

    1. Open the Amazon EC2 console.
    2. In the navigation pane, choose Security Groups.
    3. Copy the security group ID of the security group that you're investigating.
    4. In the navigation pane, choose Network Interfaces.
    5. Paste the security group ID in the search bar.

    Search results show the network interfaces associated with the security group. Check the description of the network interface to determine the resource that's associated with the security group. For example, ELB app/example-alb/1234567890abcdef indicates that an Application Load Balancer with the name example-alb is using this security group.

    Method 2: Use the AWS CLI

    aws ec2 describe-network-interfaces --filters Name=group-id,Values=<group-id> --region <region> --output json

    If the output is empty then there are no resources attached for example

    {
    "NetworkInterfaces": []
}

    If you see information in output then run this

    aws ec2 describe-network-interfaces \
  --filters Name=group-id,Values=<group-id> \
  --region <region> --output json \
  --query "NetworkInterfaces[*].[NetworkInterfaceId,Description,PrivateIpAddress,VpcId]"