When creating an EC2-mode ECS cluster, you must assign/create a security group:
However, there appears to be no way to retrieve the ARN/name of the security group afterward.
UI:
CLI:
$ aws ecs describe-clusters --clusters extraction
{
"clusters": [
{
"clusterArn": "arn:aws:ecs:us-east-1:326764833890:cluster/extraction",
"clusterName": "extraction",
"status": "ACTIVE",
"registeredContainerInstancesCount": 0,
"runningTasksCount": 0,
"pendingTasksCount": 0,
"activeServicesCount": 0,
"statistics": [],
"tags": [],
"settings": [
{
"name": "containerInsights",
"value": "disabled"
}
],
"capacityProviders": [
"FARGATE_SPOT",
"FARGATE"
],
"defaultCapacityProviderStrategy": []
}
],
"failures": []
}
Assume there are no services that can be expected:
As this is a cluster semantic, I would assume there is a cluster solution to inspecting this information. That said, I'm close to assuming that this information is not actually [exposed] in ECS and might only, actually, be found by looking at the actual instances in EC2.
Note that it's interesting that the "attributes" under the "ECS Instances" tab shows a machine class but, yet, not the security group: