delete-unused-aws-security-groups.sh

#!/bin/bash

# Finds and deletes unused aws security groups, following template for determining unused groups here:
# https://stackoverflow.com/a/24704644

region=$1

comm -23  <(aws ec2 describe-security-groups --query 'SecurityGroups[*].GroupId' \
	--output text --region $region | tr '\t' '\n'| sort) \
	<(aws ec2 describe-instances --query 'Reservations[*].Instances[*].SecurityGroups[*].GroupId' \
	--output text --region $region | tr '\t' '\n' | sort | uniq) \
	| while read groupid; do

	echo "Deleting $groupid"
	aws ec2 delete-security-group --dry-run --region $region --group-id $groupid
done