I made two scripts using Python and boto that will list all unused security groups and volumes for your account. Make sure you have aws cli already installed and configured (see my other post). In addition, you’ll need python 2.x and boto (pip install boto). It won’t work with python 3.x and boto3. Also, you’ll need SES configured for sending e-mails. If you just want to print unused security groups and volumes, you don’t need SES. Just uncomment the print statement in lines #35 and #33.

Script for unused security groups.

##################################################################
# Lists all unused security groups and sends an e-mail through SES
# K.Andreev - 2017 - FreeBSD license
##################################################################

# Import boto modules for ec2 and ses
import boto.ec2
import boto.ses

# Define variables here
sender = 'someone@domain.com'
# Max 50 recipients, use DLs instead of personal emails
recipients = ['rec1@d1.com', 'rec2@d2.com']
subject = 'Unused EC2 security groups'
body = 'This is an automated e-mail. For any errors please contact klimenta@futurebit.com\n\n'
ses_region = 'us-east-1'
SES_KEY_ID = 'YOUR_KEY_ID'
SES_SECRET = 'YOUR_SECRET'

# Connect to AWS/EC2
ec2 = boto.connect_ec2()

# Get all security groups
sgs = ec2.get_all_security_groups()

# Loop through all security groups
# Empty string that contains all unused security groups
sglist = ''
for sg in sgs:
    # Get the instance count where the security group is attached
    sglen = len(sg.instances())
    # If the security group is not attached (0) it means it's not attached to an instance
    if sglen == 0 and sg.name != 'default':
        # Use the print statement below for debugging purposes only
        # print sg.name, len(sg.instances())
        # Concatenate security groups to the string
        sglist = sglist + sg.name + '\n'

# Establish a connection with SES
conn = boto.ses.connect_to_region(
        ses_region,
        aws_access_key_id = SES_KEY_ID,
        aws_secret_access_key = SES_SECRET)

# Send an email
conn.send_email(
        sender,
        subject,
        body + sglist,
        recipients)

Script for unused volumes.

##########################################################
# Lists all unused volumes and sends an e-mail through SES
# K.Andreev - 2017 - FreeBSD license
##########################################################

# Import boto modules for ec2 and ses
import boto.ec2
import boto.ses

# Define variables here
sender = 'sender@whatever.com'
# Max 50 recipients, use DLs instead of personal emails
recipients = ['rec1@d1.com', 'rec2@d2.com']
subject = 'Unused EC2 volumes'
body = 'This is an automated e-mail. For any errors please contact klimenta@futurebit.com\n\n'
ses_region = 'us-east-1'
SES_KEY_ID = 'YOUR_KEY_ID'
SES_SECRET = 'YOUR_SECRET'

# Connect to AWS/EC2
ec2 = boto.connect_ec2()

# Get all volumes
vols = ec2.get_all_volumes()

# Loop through all volumes
# Empty string that contains all unused volumes
svols = ''
for vol in vols:
    # If the volume status is available it means it's not attached to an instance
    if vol.status == 'available':
        # Use the print statement below for debugging purposes only
        # print vol.id + " is unused"
        # Concatenate the volume ids to the string
        svols = svols + vol.id + '\n'

# Establish a connection with SES
conn = boto.ses.connect_to_region(
        ses_region,
        aws_access_key_id = SES_KEY_ID,
        aws_secret_access_key = SES_SECRET)

# Send an email
conn.send_email(
        sender,
        subject,
        body + svols,
        recipients)