Skip to content

Instantly share code, notes, and snippets.

@guessi
Created January 22, 2022 07:10
Show Gist options
  • Save guessi/22558268c23be6e8c6b4eb5513daa60b to your computer and use it in GitHub Desktop.
Save guessi/22558268c23be6e8c6b4eb5513daa60b to your computer and use it in GitHub Desktop.
[AWS] Find out unused Security Groups
#!/bin/bash
# Usage:
#
# ./find-unused-security-groups.sh [us-east-1]
#
REGION=${1:-us-east-1}
SECURITY_GROUPS=($(aws ec2 describe-security-groups --no-paginate --region ${REGION} --output json | jq -r '.SecurityGroups[].GroupId'))
echo "Found ${#SECURITY_GROUPS[@]} security group(s) under region: ${REGION}"
echo "${SECURITY_GROUPS[*]}"
echo # just a line break
for SECURITY_GROUP in ${SECURITY_GROUPS[*]}; do
echo "Security Group \"${SECURITY_GROUP}\" is used by the following ENIs:"
aws ec2 describe-network-interfaces \
--filters Name=group-id,Values=${SECURITY_GROUP} \
--no-paginate --region ${REGION} --output json | \
jq -r '.NetworkInterfaces[] | { InterfaceType: .InterfaceType, Description: .Description, ENI: .NetworkInterfaceId}'
echo # just a line break
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment