This topic describes how to call the DescribeSecurityGroupAttribute operation by using Alibaba Cloud CLI to query rules of a security group.

Background information

You can call the DescribeSecurityGroupAttribute operation to query the rules of a security group. We recommend that you read the description of the operation before you call the operation. For more information, see DescribeSecurityGroupAttribute.

When you call an API operation through Alibaba Cloud CLI, make sure that request parameter values of different data types are in required formats. For more information, see Parameter format overview.

Example 1: Query the inbound rules of a security group

Query the inbound rules of the security group whose ID is sg-bp18viqv1vrl0fgy****.

aliyun ecs DescribeSecurityGroupAttribute --RegionId cn-hangzhou --SecurityGroupId sg-bp18viqv1vrl0fgy**** --Direction ingress --output cols=SourceCidrIp,NicType,PortRange,Direction,IpProtocol,Policy rows=Permissions.Permission[]

Sample response:

SourceCidrIp | NicType  | PortRange | Direction | IpProtocol | Policy
------------ | -------  | --------- | --------- | ---------- | ------
0.0.0.0/0    | intranet | 22/22     | ingress   | TCP        | Accept
0.0.0.0/0    | intranet | 80/80     | ingress   | TCP        | Accept

Example 2: Query the outbound rules of a security group

Query the outbound rules of the security group whose ID is sg-bp18viqv1vrl0fgy****.

aliyun ecs DescribeSecurityGroupAttribute --RegionId cn-hangzhou --SecurityGroupId sg-bp18viqv1vrl0fgy**** --Direction egress --output cols=SourceCidrIp,NicType,PortRange,Direction,IpProtocol,Policy rows=Permissions.Permission[]

Sample response:

SourceCidrIp | NicType  | PortRange | Direction | IpProtocol | Policy
------------ | -------  | --------- | --------- | ---------- | ------
0.0.0.0/0    | intranet | -1/-1     | egress    | ALL        | Accept