Skip to content

Instantly share code, notes, and snippets.

@asinghal

asinghal/prune_aws_security_groups.md

Last active October 28, 2019 22:08
Show Gist options
  • Save asinghal/f72afd1aebeba26789fd6ff3789cf4d4 to your computer and use it in GitHub Desktop.
Save asinghal/f72afd1aebeba26789fd6ff3789cf4d4 to your computer and use it in GitHub Desktop.
Download ZIP
Clean up AWS Security groups
Raw
prune_aws_security_groups.md

Commands to get security groups in use and echo names of groups that can not be found in use

Note: Always check manually before deleting security groups. There are various places the groups may be used, and the scripts output may not always be conclusive

aws elb describe-load-balancers --query 'LoadBalancerDescriptions[*].SecurityGroups' --output text | tr '\t' '\n' | sort | uniq > used.txt

aws ec2 describe-instances --query 'Reservations[*].Instances[*].SecurityGroups[*].GroupId' --output text | tr '\t' '\n' | sort | uniq >> used.txt

aws rds describe-db-instances  --query 'DBInstances[*].VpcSecurityGroups[*].VpcSecurityGroupId' --output text | tr '\t' '\n' | sort | uniq >> used.txt

comm -23  <(aws ec2 describe-security-groups --query 'SecurityGroups[*].[GroupName,GroupId]' --output text | grep -v "default" | cut  -f2| sort) <(cat used.txt | sort | uniq )
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment