Forked from miketheman/security-group-cleanup.py
Last active
February 15, 2021 14:43
-
-
Save jorgegarciamule/bf153bb7684891462795 to your computer and use it in GitHub Desktop.
AWS EC2 Unused Security Group cleanup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import sys | |
| import boto | |
| import pprint | |
| del_flag = '' | |
| if len(sys.argv) > 1: | |
| del_flag = sys.argv[1] | |
| pp = pprint.PrettyPrinter(indent=4) | |
| # set credentials | |
| ACCESS_KEY="<access key>" | |
| SECRET_KEY="<security key>" | |
| ec2 = boto.connect_ec2(ACCESS_KEY, SECRET_KEY) | |
| rds = boto.connect_rds(ACCESS_KEY, SECRET_KEY) | |
| allgroups = [] | |
| # Get ALL instance security groups names exept the ones who have Owner and ar not default | |
| groups = ec2.get_all_security_groups() | |
| for groupobj in groups: | |
| if 'Owner' not in groupobj.tags and groupobj.name != 'default': | |
| allgroups.append(groupobj.id) | |
| # Get [running|stopped] instances security groups | |
| groups_in_use = [] | |
| for state in ['running','stopped']: | |
| reservations = ec2.get_all_instances(filters={'instance-state-name': state}) | |
| for r in reservations: | |
| for inst in r.instances: | |
| for sg in inst.groups: | |
| if sg.id not in groups_in_use: | |
| groups_in_use.append(sg.id) | |
| # Add RDS DB Instances usage | |
| dbinstances = rds.get_all_dbinstances() | |
| for db in dbinstances: | |
| for sg in db.vpc_security_groups: | |
| if sg.vpc_group not in groups_in_use: | |
| groups_in_use.append(sg.vpc_group) | |
| # Add Network Interfaces usage | |
| nfs = ec2.get_all_network_interfaces() | |
| for nf in nfs: | |
| for group in nf.groups: | |
| if group.id not in groups_in_use: | |
| groups_in_use.append(group.id) | |
| # All security groups minus used | |
| delete_candidates = [] | |
| for group in allgroups: | |
| if group not in groups_in_use: | |
| delete_candidates.append(group) | |
| # Log in csv file | |
| # f = open('delete_candidates.csv', 'w') | |
| # for item in delete_candidates: | |
| # theGroup = [group for group in groups if group.id==item][0] | |
| # group_str = theGroup.id + ',' + theGroup.name | |
| # print >> f, group_str | |
| if del_flag == '--delete': | |
| print "We will now delete security groups identified to not be in use." | |
| for group in delete_candidates: | |
| print "Deleting %s" % group | |
| ec2.delete_security_group( group_id = group ) | |
| print "We have deleted %d groups." % (len(delete_candidates)) | |
| else: | |
| print "The list of security groups to be removed is below." | |
| print "Run this again with `--delete` to remove them" | |
| pp.pprint(sorted(delete_candidates)) | |
| print "Total of %d groups targeted for removal." % (len(delete_candidates)) | |
| # For each security group in the total list, if not in the "used" list, flag for deletion | |
| # If running with a "--delete" flag, delete the ones flagged. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Added RDS instances check and Network interfaces