Untitled

#!/bin/bash
KNOWN_SECURITY_GROUPS=$(aws ec2 describe-security-groups | jq '.SecurityGroups[].GroupId' | egrep -o '[^"]+')
INSTANCES_DETAILS=$(aws ec2 describe-instances)
ELB_DETAILS=$(aws elb describe-load-balancers)

for SECURITY_GROUP in ${KNOWN_SECURITY_GROUPS[@]}; do
    echo "checking '$SECURITY_GROUP':"
    EC2_USAGE_COUNT=$(echo $INSTANCES_DETAILS | grep $SECURITY_GROUP | wc -l)
    if [[ "$EC2_USAGE_COUNT" == "0" ]]; then
        echo "not assigned to any ec2-instance, checking ELBs..."
        ELB_USAGE_COUNT=$(echo $ELB_DETAILS | grep $SECURITY_GROUP | wc -l)
         if [[ "$EC2_USAGE_COUNT" == "0" ]]; then
            echo "looks like security group $SECURITY_GROUP is not used at all"
         fi
    fi
done