How to determine AWS security group dependencies?

Amazon EC2 won't let me delete a security group, complaining that the group still has dependencies. How Can I find what those dependencies are?

aws ec2 describe-security-groups doesn't say.


Solution 1:

Paste the security group ID in the "Network Interfaces" section of EC2. This will find usage across EC2, EB, RDS, ELB.

CLI: aws ec2 describe-network-interfaces --filters Name=group-id,Values=sg-123abc45

Solution 2:

The best way to do this in the AWS EC2 console, is to paste in the security group name in the search field in the EC2->Instances section.

All instances associated with the pasted security group will then populate-those would be the ec2 objects (dependencies).

You can also run this search in ELB section and other AWS offerings that utilize security groups.

If you are trying to delete the security group, you will need to either 'change security group' for each instance (if they are in a VPC) or create an AMI and relaunch using a different security group-then delete the old instance (if using EC2 classic)

Hope that helps-

Solution 3:

You need to look at your EC2 instance objects, not the groups themselves:

$ aws ec2 describe-instances --output text

Then either look for "sg-*" or use standard unix text stream processing tools to pull out the data you need.

Alternatively, if you have a small number of instances, use --output table for a nicely-formatted list.