Finding AWS security group duplicate entries

Question

Is it possible to find duplications in the security groups in AWS?

For example :

Security group 1 has : 198.168.5.2/24 , 192.168.4.2/24 , 172.54.60.12/24

Security group 2 has : 192.168.4.2/24 , 172.54.60.12/24 , 52.43.56.98/32

As you can see there are two exact same IPs in both SGs. Can this be done through AWS Cli ?

Yes you can describe the security groups using aws cli and parse the response to get the duplicates. — franklinsijo, Jan 24 '17 at 16:22
Refer:[describe-security-groups](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-security-groups.html) — franklinsijo, Jan 24 '17 at 19:42

score 1 · Answer 1 · answered Jan 28 '17 at 18:52

Yes, you can use the ip-permission.cidr filter for this. From the documentation:

ip-permission.cidr - An IPv4 CIDR range that has been granted permission in a security group rule.

So you can use this to specify the CIDR range you want to check for, and it will list only the security groups containing a rule matching that CIDR range.

Example command:

aws ec2 describe-security-groups --filters Name=ip-permission.cidr,Values=172.54.60.12/24

Further reading:

Finding AWS security group duplicate entries

1 Answers1