Reputation: 1289
AWS - Find out if a security group has a ALL TCP rule through the CLI
In the console, you can set a rule with "All TCP" under the "Type" field. I'm trying to identify this through the CLI, but I'm not finding it in their documentation. https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-security-groups.html Is it possible to see this?
This is what I've tried:
aws ec2 describe-security-groups --group-ids <group id>
These are the results I get from the command under IPPermissions where I think is where I should see it.
"IpPermissions": [
{
"PrefixListIds": [],
"FromPort": 0,
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"ToPort": 65535,
"IpProtocol": "tcp",
"UserIdGroupPairs": [],
"Ipv6Ranges": [
{
"CidrIpv6": "::/0"
}
]
}
],
TCP is listed, but I'm specifically looking for a rule that is set to "ALL TCP"
Upvotes: 1
Views: 56
Answers (1)
Reputation: 46859
This rule is 'all tcp', because the 'FromPort' is '0' and the 'ToPort' is '65535', in otherwords it is ALL ports.
If, for example, you have a rule for HTTP, it would be 'FromPort:80' and 'ToPort:80',
So you may just need to do a bit more parsing of the results to get the data you want - but the information you need is available in the results you show.
Upvotes: 3
Related Questions
- How to list the rules for a security group using AWS java SDK
- How to get all security groups that are inbound to All traffic to 0.0.0.0
- AWS CLI Find All Security Groups which Contain a Rule Allowing All Traffic from All Sources
- Clear rules of AWS security group for a particular port
- How do I query security groups for EC2 instances?
- How to describe all Security Group in which inbound rule's source is not "sg-12345678"
- How do I determine what a given AWS Security Group is associated with?
- Filtering AWS CLI output for security groups that have specific port and IP ACLs
- How to discover all instances in the same ec2 security group
- Display security groups for a specific instance using aws cli