How to Rename and Update Description of AWS EC2 Security Groups via CLI & Console


4 views

When AWS creates a default security group, it assigns generic names like quick-start-1 which don't reflect actual use cases. As infrastructure grows, meaningful naming becomes crucial for:

  • Security auditing
  • Team collaboration
  • Infrastructure documentation
  1. Navigate to EC2 Dashboard > Security Groups
  2. Select target security group
  3. Click Actions > Edit security group
  4. Update fields: 
    Name: "HTTP, HTTPS and Limited SSH"
Description: "Allows web traffic (80/443) + restricted SSH access"
  5. Save changes (Note: changes apply immediately)

For infrastructure-as-code scenarios or batch processing:

aws ec2 update-security-group-rule-descriptions \
    --group-id sg-1234567890abcdef0 \
    --ip-permissions '[{"IpProtocol": "tcp", "FromPort": 80, "ToPort": 80}]' \
    --group-name "HTTP, HTTPS and Limited SSH" \
    --description "Web traffic security group"
  • Name changes don't affect existing references (security group ID remains constant)
  • Description field has 255-character limit
  • IAM permissions required: ec2:UpdateSecurityGroupRuleDescriptions

For infrastructure-as-code users:

resource "aws_security_group" "web" {
  name        = "HTTP, HTTPS and Limited SSH"
  description = "Managed by Terraform - Web traffic + SSH"
  vpc_id      = aws_vpc.main.id

  ingress {
    description = "HTTP"
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}
  • Include environment prefix (prod-, staging-)
  • Indicate service purpose (web-, db-, redis-)
  • Add creation timestamp for ephemeral groups
  • Maintain consistency across AWS regions

While AWS EC2 security group rules are frequently modified, many administrators overlook that the name and description fields are also editable properties. These metadata fields serve as crucial documentation, especially in environments with dozens of security groups.

You have two primary ways to update security group metadata:

Using AWS Management Console

  1. Navigate to EC2 Dashboard → Security Groups
  2. Select your target group (e.g., quick-start-1)
  3. Click Actions → Edit security group
  4. Update both fields: 
    Name: HTTP, HTTPS and Limited SSH
Description: Allows web traffic and restricted SSH access
  5. Save changes

Using AWS CLI (Version 2 Recommended)

For automation scenarios, use the update-security-group-rule-descriptions command. First identify your security group ID:

aws ec2 describe-security-groups --query 'SecurityGroups[?GroupName==`quick-start-1`].GroupId'

Then update both name and description:

aws ec2 update-security-group-rule-descriptions \
    --group-id sg-1234567890abcdef0 \
    --group-name "HTTP, HTTPS and Limited SSH" \
    --description "Allows web traffic and restricted SSH access"
  • Changes may take 1-2 minutes to propagate across AWS regions
  • The security group ID remains immutable
  • Name changes won't affect existing references in IAM policies or VPC configurations

Here's a Python boto3 implementation for programmatic updates:

import boto3

ec2 = boto3.client('ec2')

response = ec2.update_security_group_rule_descriptions(
    GroupId='sg-1234567890abcdef0',
    GroupName='HTTP, HTTPS and Limited SSH',
    Description='Web traffic with controlled SSH access'
)

Always confirm your changes:

aws ec2 describe-security-groups \
    --group-ids sg-1234567890abcdef0 \
    --query 'SecurityGroups[0].[GroupName,Description]'