correct aws cli syntax to find a VPC security group in a non default VPC

Question

This is a follow on question from What is the correct syntax for filtering by tag in describe-vpcs?.

Using the answer provided and referencing http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-security-groups.html

--filters (list)
One or more filters.
......
vpc-id - The ID of the VPC specified when the security group was created.

I have constructed the cli request

aws --profile myProfile --region eu-west-1 ec2 describe-security-groups --group-name MyVpcSecGroup --filters Name=tag:vpc-id,Values=vpc-9xxxxxxx

however I get an error

The security group 'MyVpcSecGroup' does not exist in default VPC 'vpc-bxxxxxx'

So how do I format the syntax to search for a security group in a non default VPC using a list of --filters such as vpc-id?

thx Art

Answer 1

The documentation says:

   --group-names (list)
      [EC2-Classic, default VPC] One or more security group names.

So, it would seem that --group-names cannot be used on a non-default VPC.

However, there are alternative methods:

aws ec2 describe-security-groups --group-ids sg-xxxxxxxx
aws ec2 describe-security-groups --filters Name=group-name,Values=MyVpcSecGroup

To filter based on a specific VPC and Name:

aws ec2 describe-security-groups --filters Name=vpc-id,Values=vpc-11223344 Name=group-name,Values=MyVpcSecGroup

To filter based on a specific VPC and any Tag:

aws ec2 describe-security-groups --filters Name=vpc-id,Values=vpc-11223344 Name=tag-value,Values=Production

To filter based on a specific VPC and a specific Tag:

aws ec2 describe-security-groups --filters Name=vpc-id,Values=vpc-11223344 Name=tag:Environment,Values=Production

Note: Tag names and values are case-sensitive.

Answer 2

Here's how we do it when looking for a specific group:

aws --profile myProfile ec2 describe-security-groups --region=AWS_REGION --filters "Name=vpc-id,Values=VPC_ID" --filters "Name=group-name,Values=NAMEOFSECGROUP"