unused aws vpc security group assuming all securitry groups are used by either RDS or EC2

gistfile1.txt

comm -23 <(aws --region us-east-1 ec2 describe-security-groups --query 'SecurityGroups[*].GroupId'  --output text | tr '\t' '\n'| sort) <(((aws --region us-east-1 ec2 describe-instances --query 'Reservations[*].Instances[*].SecurityGroups[*].GroupId' --output text | tr '\t' '\n') ; (aws --region us-east-1 rds describe-db-instances --query 'DBInstances[*].VpcSecurityGroups[*].VpcSecurityGroupId' --output text | tr '\t' '\n')) | sort | uniq)