Created
May 7, 2012 21:07
-
-
Save miketheman/2630437 to your computer and use it in GitHub Desktop.
AWS EC2 Unused Security Group cleanup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import sys | |
import boto | |
import pprint | |
del_flag = '' | |
if len(sys.argv) > 1: | |
del_flag = sys.argv[1] | |
pp = pprint.PrettyPrinter(indent=4) | |
# set credentials | |
ACCESS_KEY="<access key>" | |
SECRET_KEY="<security key>" | |
ec2 = boto.connect_ec2(ACCESS_KEY, SECRET_KEY) | |
allgroups = [] | |
# Get ALL security groups names | |
groups = ec2.get_all_security_groups() | |
for groupobj in groups: | |
allgroups.append(groupobj.name) | |
# pp.pprint(sorted(allgroups)) | |
# Get [running|stopped] instances security groups | |
groups_in_use = [] | |
for state in ['running','stopped']: | |
reservations = ec2.get_all_instances(filters={'instance-state-name': state}) | |
for r in reservations: | |
for inst in r.instances: | |
if inst.groups[0].name not in groups_in_use: | |
groups_in_use.append(inst.groups[0].name) | |
delete_candidates = [] | |
for group in allgroups: | |
if group not in groups_in_use: | |
delete_candidates.append(group) | |
if del_flag == '--delete': | |
print "We will now delete security groups identified to not be in use." | |
for group in delete_candidates: | |
ec2.delete_security_group(group) | |
print "We have deleted %d groups." % (len(delete_candidates)) | |
else: | |
print "The list of security groups to be removed is below." | |
print "Run this again with `--delete` to remove them" | |
pp.pprint(sorted(delete_candidates)) | |
print "Total of %d groups targeted for removal." % (len(delete_candidates)) | |
# For each security group in the total list, if not in the "used" list, flag for deletion | |
# If running with a "--delete" flag, delete the ones flagged. |
Also, sometimes SGs are references as scheduled tasks in ECS, you might delete a SG that is referenced there.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am getting below when executing with --delete argument, boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request
InvalidGroup.NotFound
The security group 'launch-wizard-15' does not exist in default VPC