Skip to content

Instantly share code, notes, and snippets.

@sblack4

sblack4/screw-this-sg.sh

Created March 1, 2023 16:59
Show Gist options
  • Save sblack4/079c2345d8b3a50165e6a2161ba977af to your computer and use it in GitHub Desktop.
Save sblack4/079c2345d8b3a50165e6a2161ba977af to your computer and use it in GitHub Desktop.
Download ZIP
Nuke a security group. Deletes all rules referencing it. you may have to turn this multiple times if there are security groups that reference your group in multiple rules
Raw
screw-this-sg.sh
#!/bin/bash
# abbreviations refer to resource IDs
# security group = SG
# security group rule = SGR
# referencing security group = RGS
# SG to delete
SG=$1
get_SGs_with_rule() {
aws ec2 describe-security-groups \
--filters Name=ip-permission.group-id,Values=$SG > groups.json
}
count_groups() {
echo "Number of groups: $(cat groups.json | jq '.SecurityGroups | length')"
}
get_group_rules() {
RSG=$1
aws ec2 describe-security-group-rules \
--filters Name=group-id,Values=$RSG
}
delete_rule(){
SGR=$2
aws ec2 revoke-security-group-ingress \
--group-id $1 \
--security-group-rule-ids $SGR
}
iterate_groups() {
mkdir groups
for RSG in $(cat groups.json | jq -r '.SecurityGroups[].GroupId'); do
echo $RSG
# get the rules
get_group_rules $RSG > "groups/$RSG.json"
# get the rule ID
SGR=$(cat "groups/$RSG.json" | jq -r '.SecurityGroupRules[]|select(.ReferencedGroupInfo.GroupId=="'$SG'").SecurityGroupRuleId')
#remove it
echo "deleting $SGR on $RSG"
delete_rule $RSG $SGR
done
}
delete_og(){
aws ec2 delete-security-group --group-id $SG
}
clean_up() {
rm -rf groups
rm groups.json
}
# VPC_ID=$(aws ec2 describe-security-groups --group-ids $SG | jq '.SecurityGroups[].VpcId')
get_SGs_with_rule
count_groups
iterate_groups
delete_og
clean_up
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment