Security Group Removal: A Guide to Deleting Unused AWS Security Groups

by arun danielin CLI, QuickByteson Posted on

Introduction

In the world of cloud computing, the importance of proper housekeeping cannot be overstated. With the dynamic and rapidly evolving digital landscape, it’s easy for some things to accumulate and clutter up your resources, as well as increase your security blast radius – like unused AWS security groups. Left unchecked, these seemingly insignificant elements can add up to administration woes and potentially impact your cloud security footprint.

Welcome to this step-by-step guide on ‘Security Group Spring Cleaning’. This post will delve into the significance of removing unused security groups.

Use This

  • AWS CloudShell
  • Bash Script

Do This

  1. Open CloudShell
  2. Create bash file: touch removeUnusedSecurityGroups.sh
  3. Create contents of bash file: vi removeUnusedSecurityGroups.sh
  4. Type in code below
  5. Save the file
  6. Change the file to an executable file: chmod +x removeUnusedSecurityGroups.sh
  7. Run the script: ./removeUnusedSecurityGroups.sh

Write This

#!/bin/bash

# Fetch all AWS regions
for region in $(aws ec2 describe-regions --output text --query 'Regions[].RegionName')
do
  echo "Checking region $region"
  
  # Fetch all security groups
  for sg in $(aws ec2 describe-security-groups --region "$region" --query "SecurityGroups[?GroupName!='default'].[GroupId]" --output text)
  do
    # Check for security group usage in Network Interfaces
    result=$(aws ec2 describe-network-interfaces --region "$region" --filters Name=group-id,Values="$sg" --query "NetworkInterfaces[*].[GroupId]" --output text)

    if [ -z "$result" ]; then
      echo "Deleting unused security group $sg in region $region"
      aws ec2 delete-security-group --region "$region" --group-id "$sg"
    fi
  done
done

What The Heck Does This Code Do

  1. Gets a list of all AWS regions
  2. For each of the region found, find all non-default security groups
  3. Since secuirty groups are attached to interfaces, find all interfaces and check if the security group is attached to any
  4. If the result of the security group to interface is empty, delete the security group

Till Next Time

As we conclude this digital decluttering journey, it’s vital to remember that effective AWS security group management isn’t a one-off task but an ongoing process. By regularly identifying and deleting unused AWS security groups, you not only lower your administrative burden, but also contribute significantly to reducing your security risk.

The steps and strategies outlined in this guide provide an essential foundation to help you maintain a clean, organized, and efficient cloud space. But every cloud environment is unique, so don’t hesitate to tailor these approaches to suit your specific needs.

In the dynamic and often complex world of cloud computing, it’s the small things that can make a big difference. And remember, consistent cloud cleanliness is next to digital godliness. So, keep your digital broom at the ready, sweep away unnecessary objects, and keep your cloud environment running at its peak potential. Until next time, happy ‘Spring Cleaning’!

Leave a Comment

Your email address will not be published. Required fields are marked *