Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Bash: list unused AWS security groups
#!/usr/bin/env bash
# lists all unused AWS security groups.
# a group is considered unused if it's not attached to any network interface.
# requires aws-cli and jq.
# all groups
aws ec2 describe-security-groups \
| jq --raw-output '.SecurityGroups[] | [.GroupName, .GroupId] | @tsv' \
| sort > /tmp/sg.all
# groups in use
aws ec2 describe-network-interfaces \
| jq --raw-output '.NetworkInterfaces[].Groups[] | [.GroupName, .GroupId] | @tsv' \
| sort \
| uniq > /tmp/
diff /tmp/sg.all /tmp/ |grep "<" |cut -d ' ' -f2-3

This comment has been minimized.

Copy link

@julian-alarcon julian-alarcon commented Apr 15, 2019

Security groups can also be attached to RDS or Load Balancers. Here is some information:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment