EC2 / Client / describe_security_group_rules



Describes one or more of your security group rules.

See also: AWS API Documentation

Request Syntax

response = client.describe_security_group_rules(
            'Name': 'string',
            'Values': [
  • Filters (list) –

    One or more filters.

    • group-id - The ID of the security group.

    • security-group-rule-id - The ID of the security group rule.

    • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

    • (dict) –

      A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.

      If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.

      • Name (string) –

        The name of the filter. Filter names are case-sensitive.

      • Values (list) –

        The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.

        • (string) –

  • SecurityGroupRuleIds (list) –

    The IDs of the security group rules.

    • (string) –

  • DryRun (boolean) – Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

  • NextToken (string) – The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.

  • MaxResults (integer) – The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. This value can be between 5 and 1000. If this parameter is not specified, then all items are returned. For more information, see Pagination.

Return type:



Response Syntax

    'SecurityGroupRules': [
            'SecurityGroupRuleId': 'string',
            'GroupId': 'string',
            'GroupOwnerId': 'string',
            'IsEgress': True|False,
            'IpProtocol': 'string',
            'FromPort': 123,
            'ToPort': 123,
            'CidrIpv4': 'string',
            'CidrIpv6': 'string',
            'PrefixListId': 'string',
            'ReferencedGroupInfo': {
                'GroupId': 'string',
                'PeeringStatus': 'string',
                'UserId': 'string',
                'VpcId': 'string',
                'VpcPeeringConnectionId': 'string'
            'Description': 'string',
            'Tags': [
                    'Key': 'string',
                    'Value': 'string'
    'NextToken': 'string'

Response Structure

  • (dict) –

    • SecurityGroupRules (list) –

      Information about security group rules.

      • (dict) –

        Describes a security group rule.

        • SecurityGroupRuleId (string) –

          The ID of the security group rule.

        • GroupId (string) –

          The ID of the security group.

        • GroupOwnerId (string) –

          The ID of the Amazon Web Services account that owns the security group.

        • IsEgress (boolean) –

          Indicates whether the security group rule is an outbound rule.

        • IpProtocol (string) –

          The IP protocol name ( tcp, udp, icmp, icmpv6) or number (see Protocol Numbers).

          Use -1 to specify all protocols.

        • FromPort (integer) –

          If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).

        • ToPort (integer) –

          If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).

        • CidrIpv4 (string) –

          The IPv4 CIDR range.

        • CidrIpv6 (string) –

          The IPv6 CIDR range.

        • PrefixListId (string) –

          The ID of the prefix list.

        • ReferencedGroupInfo (dict) –

          Describes the security group that is referenced in the rule.

          • GroupId (string) –

            The ID of the security group.

          • PeeringStatus (string) –

            The status of a VPC peering connection, if applicable.

          • UserId (string) –

            The Amazon Web Services account ID.

          • VpcId (string) –

            The ID of the VPC.

          • VpcPeeringConnectionId (string) –

            The ID of the VPC peering connection (if applicable).

        • Description (string) –

          The security group rule description.

        • Tags (list) –

          The tags applied to the security group rule.

          • (dict) –

            Describes a tag.

            • Key (string) –

              The key of the tag.

              Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.

            • Value (string) –

              The value of the tag.

              Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

    • NextToken (string) –

      The token to include in another request to get the next page of items. This value is null when there are no more items to return.