AWS EC2: Inspect Security Group Rules

Steven Jul 09, 2026

When managing security in the Amazon Web Services (AWS) cloud, understanding your security groups' rules is paramount. The AWS CLI command `ec2 describe-security-groups` and its cousin `ec2 describe-security-group-rules` are your go-to tools for this task. Today, we delve into the latter, exploring its functionality, syntax, and practical use cases.

AWS Cheat Sheet ☁️ Amazon Web Services Explained for Beginners
AWS Cheat Sheet ☁️ Amazon Web Services Explained for Beginners

Before we dive in, let's ensure you have the AWS Command Line Interface (CLI) installed and configured with the necessary permissions. If not, you can download and set it up following the official AWS guide.

the different types of security infos on this page are shown in red, white and blue
the different types of security infos on this page are shown in red, white and blue

Understanding `ec2 describe-security-group-rules`

The `ec2 describe-security-group-rules` command provides detailed information about security group rules. It helps you understand the inbound and outbound traffic allowed by your security groups, aiding in network configuration and troubleshooting.

Core AWS Security Services – qualimente
Core AWS Security Services – qualimente

At its core, the command returns a JSON-formatted list of rules, including the protocol, port range, source/destination, and more. Let's break down its syntax and essential parameters.

Basic Syntax and Parameters

Security and Privacy Audits: A Core Topic for CIA Part 1 Candidates
Security and Privacy Audits: A Core Topic for CIA Part 1 Candidates

The basic syntax of the command is as follows:

aws ec2 describe-security-group-rules --group-ids <group-id>

Here, `` is the ID of the security group you want to inspect. You can find your group IDs using the `describe-security-groups` command.

Other essential parameters include:

the top 10 aws use cases
the top 10 aws use cases
  • `--filters`: Allows you to filter the results based on various criteria, such as rule ID, protocol, or port range.
  • `--query`: Lets you specify a custom query to extract specific data from the response.
  • `--output`: Determines the output format (text, json, table, or yaml).

Example Usage

Let's say you want to list all rules for a specific security group (e.g., `sg-0123456789abcdef0`) and filter them by the SSH protocol. You would use the following command:

Aws Cheat Sheet, Aws Services Cheat Sheet, Aws Cloud Practitioner Cheat Sheet, Cloud Practitioner, Aws Cloud Computing, Aws Cloud Practitioner, Flow Chart Design, Aws Lambda, Enterprise Architecture
Aws Cheat Sheet, Aws Services Cheat Sheet, Aws Cloud Practitioner Cheat Sheet, Cloud Practitioner, Aws Cloud Computing, Aws Cloud Practitioner, Flow Chart Design, Aws Lambda, Enterprise Architecture

aws ec2 describe-security-group-rules --group-ids sg-0123456789abcdef0 --filters Name=protocol,Values=tcp --query 'SecurityGroupRules[*].{RuleID:Id,Protocol:Protocol,PortRange:IpProtocol,Source:Source{Start:Start,End:End},Destination:Destination{Start:Start,End:End}}' --output table

This command will display a table with the rule ID, protocol, port range, and source/destination IP ranges for all SSH-related rules in the specified security group.

Interpreting the Results

the security controls chart is shown in yellow
the security controls chart is shown in yellow
the aws cloud services chart
the aws cloud services chart
aws_security_incident_response.pdf
aws_security_incident_response.pdf
Computer Networking Basics, Cybersecurity Notes, Computer Ethics, Cybersecurity Tools List, Cybersecurity For Beginners, Techment Cybersecurity Types, Web Security, Cybersecurity Study Guide, Cybersecurity Basics
Computer Networking Basics, Cybersecurity Notes, Computer Ethics, Cybersecurity Tools List, Cybersecurity For Beginners, Techment Cybersecurity Types, Web Security, Cybersecurity Study Guide, Cybersecurity Basics
the top 10 aws use cases
the top 10 aws use cases
Abbreviations used in IT security/Сокращения, используемые в ИТ-безопасности
Abbreviations used in IT security/Сокращения, используемые в ИТ-безопасности
owasp top 10 web application vulnerabilities
owasp top 10 web application vulnerabilities
[Infographic] Top 6 Aws Certifications
[Infographic] Top 6 Aws Certifications
Night Safety Rules Everyone Must Follow 🌙 | Stay Safe Late Night
Night Safety Rules Everyone Must Follow 🌙 | Stay Safe Late Night
the security controls chart is shown in yellow
the security controls chart is shown in yellow
it
it
Cloud Security Audit Services | Secure AWS, Azure & Google Cloud
Cloud Security Audit Services | Secure AWS, Azure & Google Cloud
What Is Amazon EC2? - ASM , Rockville , Maryland
What Is Amazon EC2? - ASM , Rockville , Maryland
Understanding Active Directory for IT Support | Eng Saleem posted on the topic | LinkedIn
Understanding Active Directory for IT Support | Eng Saleem posted on the topic | LinkedIn
Network Security Cheat Sheet for Beginners
Network Security Cheat Sheet for Beginners
IT vs OT Security: Converging Priorities for Cyber Resilience | Aman P. posted on the topic | LinkedIn
IT vs OT Security: Converging Priorities for Cyber Resilience | Aman P. posted on the topic | LinkedIn
Most security teams don’t have a “security problem” They have a visibility problem.  Because attacks don’t hit “the system” in one place, they hit a layer. Last week, we were reviewing an incident… | Mohammed Hussein
Most security teams don’t have a “security problem” They have a visibility problem. Because attacks don’t hit “the system” in one place, they hit a layer. Last week, we were reviewing an incident… | Mohammed Hussein
an image of a poster with different types of information
an image of a poster with different types of information
Post from ByteByteGo
Post from ByteByteGo
the security technologies info sheet for kids
the security technologies info sheet for kids

Once you've run the command, you'll receive a JSON response containing an array of rules. Each rule includes details such as:

Rule Details

Here's a breakdown of the key fields in each rule:

Field Description
Id The unique ID of the rule.
Protocol The protocol used for the rule (tcp, udp, icmp, etc.).
FromPort The starting port number for the rule.
ToPort The ending port number for the rule.
IpProtocol The protocol name (tcp, udp, icmp, etc.) in string format.
Source The source of the traffic (IP range or security group ID).
Destination The destination of the traffic (IP range or security group ID).

Using this information, you can analyze and fine-tune your security groups' rules to ensure they align with your security policies and application requirements.

In conclusion, mastering the `ec2 describe-security-group-rules` command empowers you to gain deep insights into your AWS security groups' rules. By leveraging its syntax and parameters, you can efficiently manage and troubleshoot your network configurations, enhancing your overall AWS security posture. Happy exploring!