Create an EC2 security group, add IP-scoped SSH and open HTTP rules, launch a t2.micro, modify rules on a live instance, and clean up ā all from the CLI.
Display the security groups currently in your account for this region. Every account starts with at least one default security group ā one per VPC. Reviewing existing groups helps you avoid naming conflicts and understand the starting baseline.
aws ec2 describe-security-groups \
--query "SecurityGroups[*].{Name:GroupName,ID:GroupId,VPC:VpcId,Description:Description}" \
--output tabledescribe-security-groups returns all security groups in the current region.
The JMESPath projection selects four fields and renames them for readable table output.
You will see at least the default security group that AWS creates automatically for every VPC.
Note its Group ID ā it starts with sg-.
The default security group allows all outbound traffic and all inbound traffic from other members of the same group.
A table listing at least one row for the default VPC's default security group:
---------------------------------------------------------------------------
| DescribeSecurityGroups |
+-----------+----------------+----------------------------------+--------+
| Description | ID | Name | VPC |
+-----------+----------------+----------------------------------+--------+
| default VPC... | sg-0abc123456 | default | vpc-0a1b2c3d4e5f67890 |
+-----------+----------------+----------------------------------+--------+