A script to track unused security groups of an AWS account over period of time with control of the interval to sample the security groups usage. This script is useful when trying to detect usage of security groups by ephemeral resources
Configure aws sdk with the account to collect (~/.aws/credentials file)
Run npm install
Run the script with your default configured AWS profile by running:
node CollectUnusedSecurityGroup.jsIt will collect unused groups for one hour, and will re-sample the security groups for every 5 minutes.
To change the sampling parameters, refer:
-p / -profile The AWS profile to be used, as defined in the AWS credentials file
-t / -time The amount of time to run the script (in minutes)
-i / -interval The time interval to sample the unused security groups (in minutes)
--no-default Skip groups named 'default', which are typically default VPC security groups, and can't be deleted
Running example:
node CollectUnusedSecurityGroup.js -p <aws_profile> -t <time_period> -i <interval_time> Output example json containing unused security groups over the entire period:
[
{
"region": "us-east-1",
"groupId": "sg-111",
"groupName": "prod-rds"
},
{
"region": "us-east-1",
"groupId": "sg-2222",
"groupName": "k8s-elb"
},
{
"region": "us-east-1",
"groupId": "sg-333",
"groupName": "bastion-elb"
},
...
]
Note: Interval time units are in minutes
Created by Bridgecrew