Created
January 7, 2020 14:54
-
-
Save gmirsky/9fd903df5674d82c60487d4580f7130b to your computer and use it in GitHub Desktop.
PowerShell script to find unused AWS EC2 Key Pairs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Param( $AWSRegion = 'us-east-1', $AWSProfileName = 'default') | |
| # | |
| # Store your AWS credentials using the following Powershell AWS command: | |
| # | |
| # Set-AWSCredentials -AccessKey {xx} -SecretKey {xx} -StoreAs {MyProfileName} | |
| # | |
| # Example: | |
| # | |
| # Set-AWSCredentials -AccessKey 'AKIAVJL...OB4XN' -SecretKey 'oxLcrpnd3S+...8e2Me' -StoreAs 'testprofile' | |
| # Set-DefaultAWSRegion us-east-1 | |
| # | |
| # Verify your profile exists using: | |
| # | |
| # Get-AWSCredential -ListProfileDetail | |
| # | |
| # | |
| # Call this script with the following command: | |
| # | |
| # .\AwsListUnusedKeyPairs.ps1 -AWSRegion us-east-1 -AWSProfileName testprofile | |
| # | |
| # | |
| #Write-Output "`r`nInput parameter for AWSRegion ==> $AWSRegion" | |
| #Write-Output "Input parameter for AWSProfileName ==> $AWSProfileName `r`n" | |
| # | |
| try { | |
| Import-Module AWSPowerShell | |
| } | |
| catch { | |
| Write-Host "Import-Module AWSPowerShell failed!" | |
| exit | |
| } | |
| $keys_in_use = @() | |
| $keys_not_in_use = @() | |
| # Set AWS Credential | |
| Set-DefaultAWSRegion $AWSRegion | |
| #Set-AWSCredential -AccessKey $access_Key -SecretKey $secret_key | |
| try { Set-AWSCredential -ProfileName $AWSProfileName } | |
| catch { | |
| Write-Host "Set-AWSCredential -ProfileName $AWSProfileName failed!" | |
| exit | |
| } | |
| # Get the AWS Account number and print it. | |
| try { | |
| $accountId = @(get-ec2securitygroup -GroupNames "default")[0].OwnerId | |
| Write-Host "`n`rAWS Account number: $accountid" | |
| } | |
| catch { | |
| Write-Host "Encountered an issue obtaining the AWS Account ID." | |
| exit | |
| } | |
| # Alternate method to obtain AWS Acccount ID. | |
| # $awsAccountNumber = (get-ec2securitygroup -ProfileName saml -Region $AWSRegion)[0].OwnerId | |
| # Get ec2 key name from each instance | |
| $allInstancesKeys = (Get-EC2instance -Region $AWSRegion).Instances.KeyName | |
| If ($allInstancesKeys -lt 1 ) { | |
| Write-Output "`r`nNo keypairs found in region: $AWSRegion`r`n`r`n" | |
| } | |
| else { | |
| Write-Output "The following key pairs were found in region: $AWSRegion" | |
| # Get all key based on region and check if there's an instance who use this key | |
| Get-EC2KeyPair -Region $AWSRegion | ForEach-Object { | |
| if ($_.KeyName -notin $allInstancesKeys) { | |
| $keys_not_in_use += $_.KeyName | |
| } | |
| else { | |
| $keys_in_use += $_.KeyName | |
| } | |
| } | |
| # Write the output of keys used and unused. | |
| Write-Output "`r`nKeys not in use:`r`n`t$($keys_not_in_use -join "`r`n`t")" | |
| "`r`nKeys in use:`r`n`t$($keys_in_use -join "`r`n`t")" | |
| } | |
| Write-Output "`n`r" | |
| Exit | |
| # |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment