The current asset API implementation can only query primary attributes of an Asset and the Security Group is not currently a primary attribute that's included as it's built off a separate table. One can pull in related assets via an include directive but in this case, the Security Group is not a directly referenceable table for EC2 Instances in our Asset database.

API can be used to obtain the VPC ID of the instances and the VPC ID of the Security Groups so depending on the level of granularity, this list can be obtained and then post-processed. 
 

Example of Instance with VPC ID - 

https://chapi.cloudhealthtech.com/api/search?api_key=<api_key>&api_version=2&page=1&per_page=10&name=AwsInstance&query=is_active=1&fields=instance_id,vpc_id


Example of Security Group with VPC ID - 
https://chapi.cloudhealthtech.com/api/search?api_key=<api_key>&api_version=2&page=1&per_page=10&name=AwsSecurityGroup&query=is_active=1&include=vpc