kjoconnor/check_if_sg_is_used.py

## check_if_sg_is_used.py
import sys

from boto.ec2 import connect_to_region

target_sg = sys.argv[1]

ec2 = connect_to_region('us-west-1')

target_sg_object = ec2.get_all_security_groups([target_sg])[0]

print 'EC2 instances with group'
instances = target_sg_object.instances()

for instance in instances:
    print '{target_sg} is used by instance {name} ({id}) <{status}>'.format(
        target_sg=target_sg,
        name=instance.tags.get('Name', 'No Name'),
        id=instance.id,
        status=instance.state
    )

print 'EC2 security groups with group'
security_groups = ec2.get_all_security_groups()

for security_group in security_groups:
    for rule in security_group.rules:
        for grant in rule.grants:
            if getattr(grant, 'groupName', False) == target_sg:
                print '{sg} includes {target_sg} in rule {rule}'.format(
                    sg=security_group,
                    target_sg=target_sg,
                    rule=rule
                )
	import sys

	from boto.ec2 import connect_to_region

	target_sg = sys.argv[1]

	ec2 = connect_to_region('us-west-1')

	target_sg_object = ec2.get_all_security_groups([target_sg])[0]

	print 'EC2 instances with group'
	instances = target_sg_object.instances()

	for instance in instances:
	print '{target_sg} is used by instance {name} ({id}) <{status}>'.format(
	target_sg=target_sg,
	name=instance.tags.get('Name', 'No Name'),
	id=instance.id,
	status=instance.state
	)

	print 'EC2 security groups with group'
	security_groups = ec2.get_all_security_groups()

	for security_group in security_groups:
	for rule in security_group.rules:
	for grant in rule.grants:
	if getattr(grant, 'groupName', False) == target_sg:
	print '{sg} includes {target_sg} in rule {rule}'.format(
	sg=security_group,
	target_sg=target_sg,
	rule=rule
	)