How to list security groups for the specific instance via CLI?

Question

I'm looking for syntax like:

aws ec2 describe-security-groups --instance-id i-0xyz

however, the above sub-command doesn't support --instance-id parameter.

I've checked and there are --filters and --query parameters, but I'm not sure about the syntax.

What would be the easiest way to display the description of the security group of the instance?

Answer 1

The following one-liner in shell works for me:

aws ec2 describe-security-groups --group-ids $(aws ec2 describe-instances --instance-id $id --query "Reservations[].Instances[].SecurityGroups[].GroupId[]" --output text) --output text

Where $id is my instance-id.

Answer 2

You can use aws ec2 describe-instances instead, you can specify the id --instance-ids <value> and it will output the security group.

Answer 3

Even better check this out:

aws ec2 describe-instances --output=json | jq '.Reservations[] | .Instances[] | {PrivateAddress: .PrivateIpAddress, Tags: .Tags, KeyName: .KeyName, Tags: .Tags, RunningState: .State, InstanceId: .InstanceId, SecurityGroups: .SecurityGroups}'

You don't need to know anything this way ... but you need to install jq, to chomp the JSON o/p just right.

A lot of the elements there could be removed I guess ... tags, key names, running state, etc.

Answer 4

If you want to run this on an EC2 instance and find out its own security groups, you can do:

id=$(wget -q -O - http://169.254.169.254/latest/meta-data/instance-id)
for sg in $(aws ec2 describe-instances --instance-id $id 

  --query "Reservations[].Instances[].SecurityGroups[].GroupId[]" 

  --output text)
do
 echo
 aws ec2 describe-security-groups --group-id $sg --output text
done

Answer 5

you can use

aws ec2 describe-instances --instance-ids (your Instance id) --query "Reservations[].Instances[].SecurityGroups[].GroupId[]" --output text

replace

(your instance id)

with the specific instance id you are looking for.