EC2 / Client / describe_stale_security_groups
describe_stale_security_groups#
- EC2.Client.describe_stale_security_groups(**kwargs)#
Describes the stale security group rules for security groups in a specified VPC. Rules are stale when they reference a deleted security group in the same VPC, peered VPC, or in separate VPCs attached to a transit gateway (with security group referencing support enabled). Rules can also be stale if they reference a security group in a peer VPC for which the VPC peering connection has been deleted or if they reference a security group in a VPC that has been detached from a transit gateway.
See also: AWS API Documentation
Request Syntax
response = client.describe_stale_security_groups( DryRun=True|False, MaxResults=123, NextToken='string', VpcId='string' )
- Parameters:
DryRun (boolean) – Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is
DryRunOperation
. Otherwise, it isUnauthorizedOperation
.MaxResults (integer) – The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.
NextToken (string) – The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.
VpcId (string) –
[REQUIRED]
The ID of the VPC.
- Return type:
dict
- Returns:
Response Syntax
{ 'NextToken': 'string', 'StaleSecurityGroupSet': [ { 'Description': 'string', 'GroupId': 'string', 'GroupName': 'string', 'StaleIpPermissions': [ { 'FromPort': 123, 'IpProtocol': 'string', 'IpRanges': [ 'string', ], 'PrefixListIds': [ 'string', ], 'ToPort': 123, 'UserIdGroupPairs': [ { 'Description': 'string', 'GroupId': 'string', 'GroupName': 'string', 'PeeringStatus': 'string', 'UserId': 'string', 'VpcId': 'string', 'VpcPeeringConnectionId': 'string' }, ] }, ], 'StaleIpPermissionsEgress': [ { 'FromPort': 123, 'IpProtocol': 'string', 'IpRanges': [ 'string', ], 'PrefixListIds': [ 'string', ], 'ToPort': 123, 'UserIdGroupPairs': [ { 'Description': 'string', 'GroupId': 'string', 'GroupName': 'string', 'PeeringStatus': 'string', 'UserId': 'string', 'VpcId': 'string', 'VpcPeeringConnectionId': 'string' }, ] }, ], 'VpcId': 'string' }, ] }
Response Structure
(dict) –
NextToken (string) –
The token to include in another request to get the next page of items. If there are no additional items to return, the string is empty.
StaleSecurityGroupSet (list) –
Information about the stale security groups.
(dict) –
Describes a stale security group (a security group that contains stale rules).
Description (string) –
The description of the security group.
GroupId (string) –
The ID of the security group.
GroupName (string) –
The name of the security group.
StaleIpPermissions (list) –
Information about the stale inbound rules in the security group.
(dict) –
Describes a stale rule in a security group.
FromPort (integer) –
The start of the port range for the TCP and UDP protocols, or an ICMP type number. A value of -1 indicates all ICMP types.
IpProtocol (string) –
The IP protocol name (for
tcp
,udp
, andicmp
) or number (see Protocol Numbers).IpRanges (list) –
The IP ranges. Not applicable for stale security group rules.
(string) –
PrefixListIds (list) –
The prefix list IDs. Not applicable for stale security group rules.
(string) –
ToPort (integer) –
The end of the port range for the TCP and UDP protocols, or an ICMP type number. A value of
-1
indicates all ICMP types.UserIdGroupPairs (list) –
The security group pairs. Returns the ID of the referenced security group and VPC, and the ID and status of the VPC peering connection.
(dict) –
Describes a security group and Amazon Web Services account ID pair.
Description (string) –
A description for the security group rule that references this user ID group pair.
Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
GroupId (string) –
The ID of the security group.
GroupName (string) –
[Default VPC] The name of the security group. For a security group in a nondefault VPC, use the security group ID.
For a referenced security group in another VPC, this value is not returned if the referenced security group is deleted.
PeeringStatus (string) –
The status of a VPC peering connection, if applicable.
UserId (string) –
The ID of an Amazon Web Services account.
For a referenced security group in another VPC, the account ID of the referenced security group is returned in the response. If the referenced security group is deleted, this value is not returned.
VpcId (string) –
The ID of the VPC for the referenced security group, if applicable.
VpcPeeringConnectionId (string) –
The ID of the VPC peering connection, if applicable.
StaleIpPermissionsEgress (list) –
Information about the stale outbound rules in the security group.
(dict) –
Describes a stale rule in a security group.
FromPort (integer) –
The start of the port range for the TCP and UDP protocols, or an ICMP type number. A value of -1 indicates all ICMP types.
IpProtocol (string) –
The IP protocol name (for
tcp
,udp
, andicmp
) or number (see Protocol Numbers).IpRanges (list) –
The IP ranges. Not applicable for stale security group rules.
(string) –
PrefixListIds (list) –
The prefix list IDs. Not applicable for stale security group rules.
(string) –
ToPort (integer) –
The end of the port range for the TCP and UDP protocols, or an ICMP type number. A value of
-1
indicates all ICMP types.UserIdGroupPairs (list) –
The security group pairs. Returns the ID of the referenced security group and VPC, and the ID and status of the VPC peering connection.
(dict) –
Describes a security group and Amazon Web Services account ID pair.
Description (string) –
A description for the security group rule that references this user ID group pair.
Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
GroupId (string) –
The ID of the security group.
GroupName (string) –
[Default VPC] The name of the security group. For a security group in a nondefault VPC, use the security group ID.
For a referenced security group in another VPC, this value is not returned if the referenced security group is deleted.
PeeringStatus (string) –
The status of a VPC peering connection, if applicable.
UserId (string) –
The ID of an Amazon Web Services account.
For a referenced security group in another VPC, the account ID of the referenced security group is returned in the response. If the referenced security group is deleted, this value is not returned.
VpcId (string) –
The ID of the VPC for the referenced security group, if applicable.
VpcPeeringConnectionId (string) –
The ID of the VPC peering connection, if applicable.
VpcId (string) –
The ID of the VPC for the security group.