How to find Unused Security Groups of all AWS Security Groups?

Question

How to find all the used security groups attached with all the aws resources using Boto?
Currently the following script which is giving only ec2 instances-

     sec_grps = ec2_conn.get_all_security_groups()  
     for group in sec_grps:   
         print group, " Instances attached ", group.instances()  

Is there any way to get all security groups which are unused by all aws resources?

Answer 1

This is a slightly difficult request because Security Groups are used by many different resources, including:

• Amazon EC2 instances
• Amazon RDS instances
• VPC Elastic Network Interfaces (ENIs)
• Amazon Redshift clusters
• Amazon ElastiCache clusters
• Amazon Elastic MapReduce clusters
• Amazon Workspaces
• ...and most probably other services, too

To obtain a list of unused Security Groups, you would need to query all the above services to discover which ones are "in use".

Alternatively, you could just try to delete them -- an error is generated if you try to delete a Security Group that is in-use. (But please test this method before deleting important Security Groups!)