stackoom
  简体   繁体   中英

Finding unused Security Groups in ec2,rds,LB using boto or bash(using AWS-CLI)

 原文  2020-09-17 10:20:54       bash/ amazon-web-services/ boto3/ aws-cli

Question

I'm trying to find a way to determine orphan security groups so I can clean up and get rid of them. Does anyone know a way to discover unused security groups. It should check EC2,RDS,LB,VPC etc

I am able to find the unused SG only for EC2 Security groups. I tried to find rds Security groups.

#!/usr/bin/python3
import boto3

session = boto3.session.Session(profile_name='xxx-xxx-xxx')


sgs = session.client('rds', region_name='us-east-1').describe_db_security_groups()
for sg in sgs:
    print (sg)

1 answers

solution1
 1  2020-09-17 11:54:03

Security Groups are associated with Elastic Network Interfaces (ENIs).

Therefore, you could iterate through all ENIs and retrieve the attached Security Groups. Then, compare the list against security groups to identify which ones are not in use.

Alternatively, I wonder if you can just attempt to delete them? If they are "in use", the deletion should probably fail. (But test it first!)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Run a command remotely on ec2 using aws-cli Using aws-cli in cronjob AWS-CLI - Error with ec2-attributes Running multiple commands on EC2 using psexec and AWS CLI Bash/AWS CLI: Trying to figure out how to validate an array of uptimes with 2 checks when rebooting groups of EC2 instances through AWS SSM cant suppress or use an AWS-CLI error in bash aws-cli won't work with a variable I created in bash Impossible to store aws-cli command into a variable in bash How to retrieve all the ec2 security groups of aws tied to a aws account Import Error Loading Module using Bash Script on EC2 Instance (AWS)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM