9.2K
I made two scripts using Python and boto that will list all unused security groups and volumes for your account. Make sure you have aws cli already installed and configured (see my other post). In addition, you’ll need python 2.x and boto (pip install boto). It won’t work with python 3.x and boto3. Also, you’ll need SES configured for sending e-mails. If you just want to print unused security groups and volumes, you don’t need SES. Just uncomment the print statement in lines #35 and #33.
Script for unused security groups.
################################################################## # Lists all unused security groups and sends an e-mail through SES # K.Andreev - 2017 - FreeBSD license ################################################################## # Import boto modules for ec2 and ses import boto.ec2 import boto.ses # Define variables here sender = '[email protected]' # Max 50 recipients, use DLs instead of personal emails recipients = ['[email protected]', '[email protected]'] subject = 'Unused EC2 security groups' body = 'This is an automated e-mail. For any errors please contact [email protected]\n\n' ses_region = 'us-east-1' SES_KEY_ID = 'YOUR_KEY_ID' SES_SECRET = 'YOUR_SECRET' # Connect to AWS/EC2 ec2 = boto.connect_ec2() # Get all security groups sgs = ec2.get_all_security_groups() # Loop through all security groups # Empty string that contains all unused security groups sglist = '' for sg in sgs: # Get the instance count where the security group is attached sglen = len(sg.instances()) # If the security group is not attached (0) it means it's not attached to an instance if sglen == 0 and sg.name != 'default': # Use the print statement below for debugging purposes only # print sg.name, len(sg.instances()) # Concatenate security groups to the string sglist = sglist + sg.name + '\n' # Establish a connection with SES conn = boto.ses.connect_to_region( ses_region, aws_access_key_id = SES_KEY_ID, aws_secret_access_key = SES_SECRET) # Send an email conn.send_email( sender, subject, body + sglist, recipients)
Script for unused volumes.
########################################################## # Lists all unused volumes and sends an e-mail through SES # K.Andreev - 2017 - FreeBSD license ########################################################## # Import boto modules for ec2 and ses import boto.ec2 import boto.ses # Define variables here sender = '[email protected]' # Max 50 recipients, use DLs instead of personal emails recipients = ['[email protected]', '[email protected]'] subject = 'Unused EC2 volumes' body = 'This is an automated e-mail. For any errors please contact [email protected]\n\n' ses_region = 'us-east-1' SES_KEY_ID = 'YOUR_KEY_ID' SES_SECRET = 'YOUR_SECRET' # Connect to AWS/EC2 ec2 = boto.connect_ec2() # Get all volumes vols = ec2.get_all_volumes() # Loop through all volumes # Empty string that contains all unused volumes svols = '' for vol in vols: # If the volume status is available it means it's not attached to an instance if vol.status == 'available': # Use the print statement below for debugging purposes only # print vol.id + " is unused" # Concatenate the volume ids to the string svols = svols + vol.id + '\n' # Establish a connection with SES conn = boto.ses.connect_to_region( ses_region, aws_access_key_id = SES_KEY_ID, aws_secret_access_key = SES_SECRET) # Send an email conn.send_email( sender, subject, body + svols, recipients)
