-
-
Save drewmace/1a74f73364a479f528d653ffdd67f21f to your computer and use it in GitHub Desktop.
A simple python file to clean up all unused AWS security groups with boto3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import boto3 | |
### ### | |
# Need aws credentails already been configured # | |
### ### | |
### Code based on https://gist.github.com/miketheman/2630437 | |
client = boto3.client('ec2') | |
### Pre-defined groups lists | |
in_use_groups = [] | |
to_delete_groups = [] | |
### Get All security groups | |
all_groups = [group['GroupName'] for group in client.describe_security_groups()['SecurityGroups']] | |
### Get All instances | |
all_instances = client.describe_instances() | |
### Get All security groups that has been used by some instances | |
for instances in all_instances['Reservations']: | |
for inst in instances['Instances']: | |
for group in inst['SecurityGroups']: | |
groupName = group['GroupName'] | |
if groupName not in in_use_groups: | |
in_use_groups.append(groupName) | |
### Get security group candidates that has not been used and will be deleted | |
delete_candidates = [item for item in all_groups if item not in in_use_groups] | |
### Can Add some more filtering conditions like this: | |
#delete_candidates = [item for item in all_groups if item not in in_use_groups and item.startswith('launch-wizard-') and int(group.split('-')[-1]) > 5] | |
### Start delete security groups that haven't been used | |
print("We will now delete security groups.") | |
for group in to_delete_groups: | |
client.delete_security_group(GroupName = group) | |
print("We have deleted %d groups." % (len(to_delete_groups))) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment