Skip to content
Latchkey

aws ec2 describe-security-groups: Inspect SGs in CI

aws ec2 describe-security-groups returns security groups and their inbound/outbound rules, commonly used to resolve a group ID from its name before launching instances.

Other commands want a security-group ID, not a name. This is the lookup that turns a stable name into the sg-... ID, and the way to audit which ports a group opens.

What it does

aws ec2 describe-security-groups lists security groups visible to your account, filtered by --group-ids, --group-names, or --filters. The response includes ingress and egress rules, so it doubles as a quick firewall audit.

Common usage

Terminal
# Resolve a group ID from its name within a VPC
aws ec2 describe-security-groups \
  --filters 'Name=group-name,Values=ci-runner-sg' \
            'Name=vpc-id,Values=vpc-0123456789abcdef0' \
  --query 'SecurityGroups[0].GroupId' --output text

Options

FlagWhat it does
--group-ids <sg...>Describe specific groups by ID
--group-names <name...>Describe by name (default VPC only)
--filters Name=..,Values=..Filter by group-name, vpc-id, tag, etc.
--query <jmespath>Pull GroupId or rule details

In CI

Prefer --filters Name=group-name,... over --group-names when the group lives in a non-default VPC, because --group-names resolves names only in the default VPC and otherwise errors. Use --query "SecurityGroups[0].GroupId" --output text to feed run-instances cleanly.

Common errors in CI

"An error occurred (InvalidGroup.NotFound) when calling the DescribeSecurityGroups operation: The security group 'ci-runner-sg' does not exist" with --group-names typically means the group is in a non-default VPC; switch to --filters. "InvalidGroupId.Malformed" means a bad sg- ID. "UnauthorizedOperation" means missing ec2:DescribeSecurityGroups.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →