AWS CLI Find Unused Security Groups
AWS CLI Find Unused Security Groups
There are times when your architecture becomes too complex, and you need to find orphan security groups to get rid of them. the console. This guide will show you how to easily find the orphaned security groups with the CLI. See this post for details:
1
https://stackoverflow.com/questions/24685508/how-to-find-unused-amazon-ec2-security-groups
- Get all security groups:
1
aws ec2 describe-security-groups --query 'SecurityGroups[*].GroupId' --output text | tr '\t' '\n'
- Get all security groups tied to an instance:
1
aws ec2 describe-instances --query 'Reservations[*].Instances[*].SecurityGroups[*].GroupId' --output text | tr '\t' '\n' | sort | uniq
- Get all orphaned security groups. This command compares the two lists and finds the difference.
1
comm -23 <(aws ec2 describe-security-groups --query 'SecurityGroups[*].GroupId' --output text | tr '\t' '\n'| sort) <(aws ec2 describe-instances --query 'Reservations[*].Instances[*].SecurityGroups[*].GroupId' --output text | tr '\t' '\n' | sort | uniq)
This post is licensed under CC BY 4.0 by the author.