Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- KNOWN_SECURITY_GROUPS=$(aws ec2 describe-security-groups | jq '.SecurityGroups[].GroupId' | egrep -o '[^"]+')
- INSTANCES_DETAILS=$(aws ec2 describe-instances)
- ELB_DETAILS=$(aws elb describe-load-balancers)
- for SECURITY_GROUP in ${KNOWN_SECURITY_GROUPS[@]}; do
- echo "checking '$SECURITY_GROUP':"
- EC2_USAGE_COUNT=$(echo $INSTANCES_DETAILS | grep $SECURITY_GROUP | wc -l)
- if [[ "$EC2_USAGE_COUNT" == "0" ]]; then
- echo "not assigned to any ec2-instance, checking ELBs..."
- ELB_USAGE_COUNT=$(echo $ELB_DETAILS | grep $SECURITY_GROUP | wc -l)
- if [[ "$EC2_USAGE_COUNT" == "0" ]]; then
- echo "looks like security group $SECURITY_GROUP is not used at all"
- fi
- fi
- done
Add Comment
Please, Sign In to add comment