JEEN/check-unused-security-groups.sh

## check-unused-security-groups.sh
#!/bin/bash

rm -rf security-groups
rm -rf inuse-sg
rm -rf uniq-inuse
rm -rf unused-security-groups.txt

aws ec2 describe-security-groups --output json | jq -r '.SecurityGroups[].GroupId' | sort > security-groups
aws ec2 describe-instances --output json | jq -r '.Reservations[].Instances[].SecurityGroups[].GroupId' > inuse-sg
aws elb describe-load-balancers --output json | jq -r '.LoadBalancerDescriptions[].SecurityGroups[]' >> inuse-sg
aws elbv2  describe-load-balancers --output json | jq -r '.LoadBalancers[].SecurityGroups[]' >> inuse-sg
aws rds describe-db-instances --output json | jq -r '.DBInstances[].VpcSecurityGroups[].VpcSecurityGroupId' >> inuse-sg
aws elasticache describe-cache-clusters --output json | jq -r '.CacheClusters[].SecurityGroups[].SecurityGroupId' >> inuse-sg
aws redshift describe-clusters --output json | jq -r '.Clusters[] | (.ClusterSecurityGroups[] .ClusterSecurityGroupId), (.VpcSecurityGroups[] .VpcSecurityGroupId)' >> inuse-sg

aws efs describe-file-systems | jq -r ".FileSystems[] .FileSystemId" \
  | xargs -I {} aws efs describe-mount-targets --file-system-id {} | jq -r ".MountTargets[] .MountTargetId" \
  | xargs -I {} aws efs describe-mount-target-security-groups --mount-target-id {} | jq -r ".SecurityGroups[]" \
  >> inuse-sg

cat inuse-sg | sort | uniq > uniq-inuse

diff security-groups uniq-inuse | grep sg | cut -c 3-22 | xargs -I {} aws ec2 describe-security-groups --group-ids {} | jq -r ".SecurityGroups[] | [.GroupId, .GroupName] | @tsv"
	#!/bin/bash

	rm -rf security-groups
	rm -rf inuse-sg
	rm -rf uniq-inuse
	rm -rf unused-security-groups.txt

	aws ec2 describe-security-groups --output json \| jq -r '.SecurityGroups[].GroupId' \| sort > security-groups
	aws ec2 describe-instances --output json \| jq -r '.Reservations[].Instances[].SecurityGroups[].GroupId' > inuse-sg
	aws elb describe-load-balancers --output json \| jq -r '.LoadBalancerDescriptions[].SecurityGroups[]' >> inuse-sg
	aws elbv2 describe-load-balancers --output json \| jq -r '.LoadBalancers[].SecurityGroups[]' >> inuse-sg
	aws rds describe-db-instances --output json \| jq -r '.DBInstances[].VpcSecurityGroups[].VpcSecurityGroupId' >> inuse-sg
	aws elasticache describe-cache-clusters --output json \| jq -r '.CacheClusters[].SecurityGroups[].SecurityGroupId' >> inuse-sg
	aws redshift describe-clusters --output json \| jq -r '.Clusters[] \| (.ClusterSecurityGroups[] .ClusterSecurityGroupId), (.VpcSecurityGroups[] .VpcSecurityGroupId)' >> inuse-sg

	aws efs describe-file-systems \| jq -r ".FileSystems[] .FileSystemId" \
	\| xargs -I {} aws efs describe-mount-targets --file-system-id {} \| jq -r ".MountTargets[] .MountTargetId" \
	\| xargs -I {} aws efs describe-mount-target-security-groups --mount-target-id {} \| jq -r ".SecurityGroups[]" \
	>> inuse-sg

	cat inuse-sg \| sort \| uniq > uniq-inuse

	diff security-groups uniq-inuse \| grep sg \| cut -c 3-22 \| xargs -I {} aws ec2 describe-security-groups --group-ids {} \| jq -r ".SecurityGroups[] \| [.GroupId, .GroupName] \| @tsv"