jibaromar · September 5, 2024 10:19
diff --git a/is-sg-used.sh b/is-sg-used.sh
 # ====================================================
 #                 ⚠️ USE AT YOUR OWN RISK ⚠️
 # ----------------------------------------------------
 #   This script is provided as-is with no guarantees.
 #   You are responsible for any consequences that may
 #   arise from using it. Please use with caution!
 # ====================================================

 # Script only checks these resources:
 # - EC2 Instances
 # - ELB Classic Load Balancers
 # - ELB Application/Network Load Balancers
 # - RDS Instances
 # - ElasticCache Clusters
 # - Lambda Functions
 # - Redshift Clusters
 # - ENIs

 SG_ID="sg-xxxxxxxxx"
 REGION="us-east-1"
 PROFILE="my-sso-profile"

 # EC2 Instances
 aws ec2 describe-instances \
    --filters "Name=instance.group-id,Values=$SG_ID" \
    --region $REGION \
    --profile $PROFILE \
    --query "Reservations[*].Instances[*].{ID:InstanceId,Type:'EC2 Instance'}" \
    --output table

 # ELB Classic Load Balancers
 aws elb describe-load-balancers \
    --region $REGION \
    --profile $PROFILE \
    --query "LoadBalancerDescriptions[?SecurityGroups.contains(@, '$SG_ID')].[LoadBalancerName]" \
    --output table

 # ELB Application/Network Load Balancers
 aws elbv2 describe-load-balancers \
    --region $REGION \
    --profile $PROFILE \
    --query "LoadBalancers[?SecurityGroups.contains(@, '$SG_ID')].[LoadBalancerName]" \
    --output table

 # RDS Instances
 aws rds describe-db-instances \
    --region $REGION \
    --profile $PROFILE \
    --query "DBInstances[?VpcSecurityGroups[?VpcSecurityGroupId=='$SG_ID']].[DBInstanceIdentifier]" \
    --output table

 # ElasticCache Clusters
 aws elasticache describe-cache-clusters \
    --region $REGION \
    --profile $PROFILE \
    --query "CacheClusters[?SecurityGroups[?SecurityGroupId=='$SG_ID']].[CacheClusterId]" \
    --output table

 # Lambda Functions
 aws lambda list-functions \
    --region $REGION \
    --profile $PROFILE \
    --query "Functions[?VpcConfig.SecurityGroupIds != null && VpcConfig.SecurityGroupIds.contains(@, '$SG_ID')].[FunctionName]" \
    --output table

 # Redshift Clusters
 aws redshift describe-clusters \
    --region $REGION \
    --profile $PROFILE \
    --query "Clusters[?VpcSecurityGroups[?VpcSecurityGroupId=='$SG_ID']].[ClusterIdentifier]" \
    --output table

 # ENIs
 aws ec2 describe-network-interfaces \
    --filters "Name=group-id,Values=$SG_ID" \
    --region $REGION \
    --profile $PROFILE \
    --query "NetworkInterfaces[*].{ID:NetworkInterfaceId,Type:'ENI'}" \
    --output table
	# ====================================================
	# ⚠️ USE AT YOUR OWN RISK ⚠️
	# ----------------------------------------------------
	# This script is provided as-is with no guarantees.
	# You are responsible for any consequences that may
	# arise from using it. Please use with caution!
	# ====================================================

	# Script only checks these resources:
	# - EC2 Instances
	# - ELB Classic Load Balancers
	# - ELB Application/Network Load Balancers
	# - RDS Instances
	# - ElasticCache Clusters
	# - Lambda Functions
	# - Redshift Clusters
	# - ENIs

	SG_ID="sg-xxxxxxxxx"
	REGION="us-east-1"
	PROFILE="my-sso-profile"

	# EC2 Instances
	aws ec2 describe-instances \
	--filters "Name=instance.group-id,Values=$SG_ID" \
	--region $REGION \
	--profile $PROFILE \
	--query "Reservations[].Instances[].{ID:InstanceId,Type:'EC2 Instance'}" \
	--output table

	# ELB Classic Load Balancers
	aws elb describe-load-balancers \
	--region $REGION \
	--profile $PROFILE \
	--query "LoadBalancerDescriptions[?SecurityGroups.contains(@, '$SG_ID')].[LoadBalancerName]" \
	--output table

	# ELB Application/Network Load Balancers
	aws elbv2 describe-load-balancers \
	--region $REGION \
	--profile $PROFILE \
	--query "LoadBalancers[?SecurityGroups.contains(@, '$SG_ID')].[LoadBalancerName]" \
	--output table

	# RDS Instances
	aws rds describe-db-instances \
	--region $REGION \
	--profile $PROFILE \
	--query "DBInstances[?VpcSecurityGroups[?VpcSecurityGroupId=='$SG_ID']].[DBInstanceIdentifier]" \
	--output table

	# ElasticCache Clusters
	aws elasticache describe-cache-clusters \
	--region $REGION \
	--profile $PROFILE \
	--query "CacheClusters[?SecurityGroups[?SecurityGroupId=='$SG_ID']].[CacheClusterId]" \
	--output table

	# Lambda Functions
	aws lambda list-functions \
	--region $REGION \
	--profile $PROFILE \
	--query "Functions[?VpcConfig.SecurityGroupIds != null && VpcConfig.SecurityGroupIds.contains(@, '$SG_ID')].[FunctionName]" \
	--output table

	# Redshift Clusters
	aws redshift describe-clusters \
	--region $REGION \
	--profile $PROFILE \
	--query "Clusters[?VpcSecurityGroups[?VpcSecurityGroupId=='$SG_ID']].[ClusterIdentifier]" \
	--output table

	# ENIs
	aws ec2 describe-network-interfaces \
	--filters "Name=group-id,Values=$SG_ID" \
	--region $REGION \
	--profile $PROFILE \
	--query "NetworkInterfaces[*].{ID:NetworkInterfaceId,Type:'ENI'}" \
	--output table