问题
This is a follow on question from What is the correct syntax for filtering by tag in describe-vpcs?.
Using the answer provided and referencing http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-security-groups.html
--filters (list)
One or more filters.
......
vpc-id - The ID of the VPC specified when the security group was created.
I have constructed the cli request
aws --profile myProfile --region eu-west-1 ec2 describe-security-groups --group-name MyVpcSecGroup --filters Name=tag:vpc-id,Values=vpc-9xxxxxxx
however I get an error
The security group 'MyVpcSecGroup' does not exist in default VPC 'vpc-bxxxxxx'
So how do I format the syntax to search for a security group in a non default VPC using a list of --filters such as vpc-id?
thx Art
回答1:
The documentation says:
--group-names (list)
[EC2-Classic, default VPC] One or more security group names.
So, it would seem that --group-names cannot be used on a non-default VPC.
However, there are alternative methods:
aws ec2 describe-security-groups --group-ids sg-xxxxxxxx
aws ec2 describe-security-groups --filters Name=group-name,Values=MyVpcSecGroup
To filter based on a specific VPC and Name:
aws ec2 describe-security-groups --filters Name=vpc-id,Values=vpc-11223344 Name=group-name,Values=MyVpcSecGroup
To filter based on a specific VPC and any Tag:
aws ec2 describe-security-groups --filters Name=vpc-id,Values=vpc-11223344 Name=tag-value,Values=Production
To filter based on a specific VPC and a specific Tag:
aws ec2 describe-security-groups --filters Name=vpc-id,Values=vpc-11223344 Name=tag:Environment,Values=Production
Note: Tag names and values are case-sensitive.
回答2:
Here's how we do it when looking for a specific group:
aws --profile myProfile ec2 describe-security-groups --region=AWS_REGION --filters "Name=vpc-id,Values=VPC_ID" --filters "Name=group-name,Values=NAMEOFSECGROUP"
来源:https://stackoverflow.com/questions/27119010/correct-aws-cli-syntax-to-find-a-vpc-security-group-in-a-non-default-vpc