This topic describes how to call the DescribeSecurityGroupAttribute operation by using Alibaba Cloud command-line interface (CLI) to query rules of a security group.

Background information

You can call the DescribeSecurityGroupAttribute operation to query the rules of a security group. For more information, see DescribeSecurityGroupAttribute.

When you call an API operation through Alibaba Cloud CLI, make sure that request parameter values of different data types are in required formats. For more information, see Parameter format overview.

Example 1: Query the inbound rules of a security group

Query the inbound rules of the security group with the ID of sg-bp18viqv1vrl0fgy****.

aliyun ecs DescribeSecurityGroupAttribute --RegionId cn-hangzhou --SecurityGroupId sg-bp18viqv1vrl0fgy**** --Direction ingress --output cols=SourceCidrIp,NicType,PortRange,Direction,IpProtocol,Policy rows=Permissions.Permission[]

Sample response:

SourceCidrIp | NicType  | PortRange | Direction | IpProtocol | Policy
------------ | -------  | --------- | --------- | ---------- | ------
0.0.0.0/0    | intranet | 22/22     | ingress   | TCP        | Accept
0.0.0.0/0    | intranet | 80/80     | ingress   | TCP        | Accept

Example 2: Query the outbound rules of a security group

Query the outbound rules of the security group with the ID of sg-bp18viqv1vrl0fgy****.

aliyun ecs DescribeSecurityGroupAttribute --RegionId cn-hangzhou --SecurityGroupId sg-bp18viqv1vrl0fgy**** --Direction egress --output cols=SourceCidrIp,NicType,PortRange,Direction,IpProtocol,Policy rows=Permissions.Permission[]

Sample response:

SourceCidrIp | NicType  | PortRange | Direction | IpProtocol | Policy
------------ | -------  | --------- | --------- | ---------- | ------
0.0.0.0/0    | intranet | -1/-1     | egress    | ALL        | Accept