How to find Unused Security Groups of all AWS Security Groups?

Question

How to find all the used security groups attached with all the aws resources using Boto?
Currently the following script which is giving only ec2 instances-

     sec_grps = ec2_conn.get_all_security_groups()  
     for group in sec_grps:   
         print group, " Instances attached ", group.instances()  

Is there any way to get all security groups which are unused by all aws resources?

Answer 1

As of 2024, all security groups are grouped inside the VPC, so to visualize them, you can either go to EC2 > Security Groups or VPC > Security groups

Alternatively there is a tool that checks the unused security groups here https://solardevs.com/aws-security-groups-checker/

Answer 2

Manual Process: copy the security group id

go to network interface in ec2 console and paste SG Here in n/w interface see whether attached any ENI

Answer 3

This is a slightly difficult request because Security Groups are used by many different resources, including:

• Amazon EC2 instances
• Amazon RDS instances
• VPC Elastic Network Interfaces (ENIs)
• Amazon Redshift clusters
• Amazon ElastiCache clusters
• Amazon Elastic MapReduce clusters
• Amazon Workspaces
• ...and most probably other services, too

To obtain a list of unused Security Groups, you would need to query all the above services to discover which ones are "in use".

Alternatively, you could just try to delete them -- an error is generated if you try to delete a Security Group that is in-use. (But please test this method before deleting important Security Groups!)