Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Bash: list unused AWS security groups
#!/usr/bin/env bash
# lists all unused AWS security groups.
# a group is considered unused if it's not attached to any network interface.
# requires aws-cli and jq.
# all groups
aws ec2 describe-security-groups \
| jq --raw-output '.SecurityGroups[] | [.GroupName, .GroupId] | @tsv' \
| sort > /tmp/sg.all
# groups in use
aws ec2 describe-network-interfaces \
| jq --raw-output '.NetworkInterfaces[].Groups[] | [.GroupName, .GroupId] | @tsv' \
| sort \
| uniq > /tmp/sg.in.use
diff /tmp/sg.all /tmp/sg.in.use |grep "<" |cut -d ' ' -f2-3
@julian-alarcon

This comment has been minimized.

Copy link

julian-alarcon commented Apr 15, 2019

Security groups can also be attached to RDS or Load Balancers. Here is some information: https://stackoverflow.com/questions/24685508/how-to-find-unused-amazon-ec2-security-groups

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.