How to find Unused Security Groups of all AWS Security Groups?

2
votes

How to find all the used security groups attached with all the aws resources using Boto?
Currently the following script which is giving only ec2 instances- 

     sec_grps = ec2_conn.get_all_security_groups()  
     for group in sec_grps:   
         print group, " Instances attached ", group.instances()

Is there any way to get all security groups which are unused by all aws resources?

1
python-2.7amazon-web-servicesamazon-ec2amazon-s3boto

1 Answers

4
votes

This is a slightly difficult request because Security Groups are used by many different resources, including:

  • Amazon EC2 instances
  • Amazon RDS instances
  • VPC Elastic Network Interfaces (ENIs)
  • Amazon Redshift clusters
  • Amazon ElastiCache clusters
  • Amazon Elastic MapReduce clusters
  • Amazon Workspaces
  • ...and most probably other services, too

To obtain a list of unused Security Groups, you would need to query all the above services to discover which ones are "in use".

Alternatively, you could just try to delete them -- an error is generated if you try to delete a Security Group that is in-use. (But please test this method before deleting important Security Groups!)