jorgegarciamule · February 15, 2021 14:43 · jorgegarciamule · Jul 31, 2015
diff --git a/security-group-cleanup.py b/security-group-cleanup.py
 #!/usr/bin/env python

 import sys
 import boto
 import pprint

 del_flag = ''
 if len(sys.argv) > 1:
    del_flag = sys.argv[1]

 pp = pprint.PrettyPrinter(indent=4)

 # set credentials
 ACCESS_KEY="<access key>"
 SECRET_KEY="<security key>"

 ec2 = boto.connect_ec2(ACCESS_KEY, SECRET_KEY)
 rds = boto.connect_rds(ACCESS_KEY, SECRET_KEY)

 allgroups = []
 # Get ALL instance security groups names exept the ones who have Owner and ar not default
 groups = ec2.get_all_security_groups()
 for groupobj in groups:
    if 'Owner' not in groupobj.tags and groupobj.name != 'default':
        allgroups.append(groupobj.id)

 # Get [running|stopped] instances security groups
 groups_in_use = []
 for state in ['running','stopped']:
    reservations = ec2.get_all_instances(filters={'instance-state-name': state})
    for r in reservations:
        for inst in r.instances:
            for sg in inst.groups:
                if sg.id not in groups_in_use:
                    groups_in_use.append(sg.id)

 # Add RDS DB Instances usage
 dbinstances = rds.get_all_dbinstances()
 for db in dbinstances:
    for sg in db.vpc_security_groups:
        if sg.vpc_group not in groups_in_use:
            groups_in_use.append(sg.vpc_group)

 # Add Network Interfaces usage
 nfs = ec2.get_all_network_interfaces()
 for nf in nfs:
    for group in nf.groups:
        if group.id not in groups_in_use:
            groups_in_use.append(group.id)

 # All security groups minus used
 delete_candidates = []
 for group in allgroups:
    if group not in groups_in_use:
        delete_candidates.append(group)

 # Log in csv file
 # f = open('delete_candidates.csv', 'w')
 # for item in delete_candidates:
 #     theGroup = [group for group in groups if group.id==item][0]
 #     group_str = theGroup.id + ',' + theGroup.name
 #     print >> f, group_str

 if del_flag == '--delete':
    print "We will now delete security groups identified to not be in use."
    for group in delete_candidates:
        print "Deleting %s" % group
        ec2.delete_security_group( group_id = group )
    print "We have deleted %d groups." % (len(delete_candidates))
 else:
    print "The list of security groups to be removed is below."
    print "Run this again with `--delete` to remove them"
    pp.pprint(sorted(delete_candidates))
    print "Total of %d groups targeted for removal." % (len(delete_candidates))

 # For each security group in the total list, if not in the "used" list, flag for deletion
 # If running with a "--delete" flag, delete the ones flagged.
	#!/usr/bin/env python

	import sys
	import boto
	import pprint

	del_flag = ''
	if len(sys.argv) > 1:
	del_flag = sys.argv[1]

	pp = pprint.PrettyPrinter(indent=4)

	# set credentials
	ACCESS_KEY="<access key>"
	SECRET_KEY="<security key>"

	ec2 = boto.connect_ec2(ACCESS_KEY, SECRET_KEY)
	rds = boto.connect_rds(ACCESS_KEY, SECRET_KEY)

	allgroups = []
	# Get ALL instance security groups names exept the ones who have Owner and ar not default
	groups = ec2.get_all_security_groups()
	for groupobj in groups:
	if 'Owner' not in groupobj.tags and groupobj.name != 'default':
	allgroups.append(groupobj.id)

	# Get [running\|stopped] instances security groups
	groups_in_use = []
	for state in ['running','stopped']:
	reservations = ec2.get_all_instances(filters={'instance-state-name': state})
	for r in reservations:
	for inst in r.instances:
	for sg in inst.groups:
	if sg.id not in groups_in_use:
	groups_in_use.append(sg.id)

	# Add RDS DB Instances usage
	dbinstances = rds.get_all_dbinstances()
	for db in dbinstances:
	for sg in db.vpc_security_groups:
	if sg.vpc_group not in groups_in_use:
	groups_in_use.append(sg.vpc_group)

	# Add Network Interfaces usage
	nfs = ec2.get_all_network_interfaces()
	for nf in nfs:
	for group in nf.groups:
	if group.id not in groups_in_use:
	groups_in_use.append(group.id)

	# All security groups minus used
	delete_candidates = []
	for group in allgroups:
	if group not in groups_in_use:
	delete_candidates.append(group)

	# Log in csv file
	# f = open('delete_candidates.csv', 'w')
	# for item in delete_candidates:
	# theGroup = [group for group in groups if group.id==item][0]
	# group_str = theGroup.id + ',' + theGroup.name
	# print >> f, group_str

	if del_flag == '--delete':
	print "We will now delete security groups identified to not be in use."
	for group in delete_candidates:
	print "Deleting %s" % group
	ec2.delete_security_group( group_id = group )
	print "We have deleted %d groups." % (len(delete_candidates))
	else:
	print "The list of security groups to be removed is below."
	print "Run this again with `--delete` to remove them"
	pp.pprint(sorted(delete_candidates))
	print "Total of %d groups targeted for removal." % (len(delete_candidates))

	# For each security group in the total list, if not in the "used" list, flag for deletion
	# If running with a "--delete" flag, delete the ones flagged.