Last active
June 4, 2024 10:12
-
-
Save thibautsacreste/47a83653cebe165c862042eab7218368 to your computer and use it in GitHub Desktop.
Bash: list unused AWS security groups
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # lists all unused AWS security groups. | |
| # a group is considered unused if it's not attached to any network interface. | |
| # requires aws-cli and jq. | |
| # all groups | |
| aws ec2 describe-security-groups \ | |
| | jq --raw-output '.SecurityGroups[] | [.GroupName, .GroupId] | @tsv' \ | |
| | sort > /tmp/sg.all | |
| # groups in use | |
| aws ec2 describe-network-interfaces \ | |
| | jq --raw-output '.NetworkInterfaces[].Groups[] | [.GroupName, .GroupId] | @tsv' \ | |
| | sort \ | |
| | uniq > /tmp/sg.in.use | |
| diff /tmp/sg.all /tmp/sg.in.use |grep "<" |cut -d ' ' -f2-3 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Security groups can also be attached to RDS or Load Balancers. Here is some information: https://stackoverflow.com/questions/24685508/how-to-find-unused-amazon-ec2-security-groups