最後更新: 2023-10-06

目錄

• Security Group Referencing
• CLI Usage

Security group referencing

When you specify a security group as the source or destination for a rule,
 the rule affects all instances that are associated with the security groups(被reference那Rule).
The instances can communicate in the specified direction,
 using the private IP addresses of the instances, over the specified protocol and port.

sg-1 -- reference --> sg-2

 * No rules from the referenced security group (sg-2) are added to the security group that references it (sg-1).

CLI Usage

基本

aws ec2 describe-security-groups [--filters <value>]

aws ec2 describe-security-groups > sg.json

進階

filters

 * 它是在 AWS Server 上執行

 * 當有多個 filter 時, 它們的關係係 "OR"

Syntax

-filters rule1 -filters rule2 ...

• description
• group-name(Security group name)              # 不是自定的, tag 內的 Name
• group-id(Security group ID)
• owner-id
• tag:<key>
• tag-key
• vpc-id
• ...

i.e.

aws ec2 describe-security-groups --filters Name=group-name,Values="admin_ip"

# tag 有 "Common" 的

aws ec2 describe-security-groups --filters Name=tag-key,Values="Common"

# tag 的 key=Name, Value 是  admin_ip

aws ec2 describe-security-groups --filters Name=tag:Name,Values="admin_ip"

Output

--output

• json    # DEFAULT output format
• text
• table
• yaml

--query

* 在本地執行

i.e.

--query "SecurityGroups[*].{Name:GroupName,ID:GroupId}"