Created
March 2, 2025 02:24
-
-
Save tjulien/37b179b9b66cedc98c66cf75a9c936f8 to your computer and use it in GitHub Desktop.
security group resources
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| SG_ID="sg-xxxxxxxxxxx" | |
| print_separator() { | |
| printf '%.0s-' {1..80} | |
| echo | |
| } | |
| echo "Checking resources using Security Group $SG_ID..." | |
| # EC2 Instances | |
| print_separator | |
| echo "EC2 Instances:" | |
| aws ec2 describe-instances --filters "Name=instance.group-id,Values=$SG_ID" --query "Reservations[*].Instances[*].InstanceId" --output text | |
| # Network Interfaces (ENIs) | |
| print_separator | |
| echo -e "\nNetwork Interfaces (ENIs):" | |
| aws ec2 describe-network-interfaces --filters "Name=group-id,Values=$SG_ID" --query "NetworkInterfaces[*].NetworkInterfaceId" --output text | |
| # Lambda Functions | |
| print_separator | |
| echo -e "\nLambda Functions:" | |
| aws lambda list-functions --query "Functions[?VpcConfig.SecurityGroupIds && contains(VpcConfig.SecurityGroupIds, '$SG_ID')].[FunctionName]" --output text | |
| # RDS Instances | |
| print_separator | |
| echo -e "\nRDS Instances:" | |
| aws rds describe-db-instances --query "DBInstances[?VpcSecurityGroups[?VpcSecurityGroupId=='$SG_ID']].DBInstanceIdentifier" --output text | |
| # Classic Load Balancers (ELB) | |
| print_separator | |
| echo -e "\nClassic Load Balancers (ELB):" | |
| aws elb describe-load-balancers --query "LoadBalancerDescriptions[?SecurityGroups.contains('$SG_ID')].LoadBalancerName" --output text | |
| # Application/Network Load Balancers (ALB/NLB) | |
| print_separator | |
| echo -e "\nApplication/Network Load Balancers (ELBv2):" | |
| aws elbv2 describe-load-balancers --query "LoadBalancers[?SecurityGroups.contains('$SG_ID')].LoadBalancerName" --output text | |
| # ECS Tasks and Services | |
| print_separator | |
| echo -e "\nECS Tasks and Services:" | |
| for cluster in $(aws ecs list-clusters --query "clusterArns" --output text); do | |
| for service in $(aws ecs list-services --cluster $cluster --query "serviceArns" --output text); do | |
| aws ecs describe-services --cluster $cluster --services $service --query "services[?networkConfiguration.awsvpcConfiguration.securityGroups.contains('$SG_ID')].serviceName" --output text | |
| done | |
| done | |
| # Redshift Clusters | |
| print_separator | |
| echo -e "\nRedshift Clusters:" | |
| aws redshift describe-clusters --query "Clusters[?VpcSecurityGroups[?VpcSecurityGroupId=='$SG_ID']].ClusterIdentifier" --output text | |
| # Elasticsearch Domains | |
| print_separator | |
| echo -e "\nElasticsearch Domains:" | |
| for domain in $(aws es list-domain-names --query "DomainNames[*].DomainName" --output text); do | |
| aws es describe-elasticsearch-domain --domain-name $domain --query "DomainStatus.VPCOptions.SecurityGroupIds" --output text | grep -q $SG_ID && echo $domain | |
| done | |
| # SageMaker Notebook Instances | |
| print_separator | |
| echo -e "\nSageMaker Notebook Instances:" | |
| for notebook in $(aws sagemaker list-notebook-instances --query "NotebookInstances[?DirectInternetAccess=='Disabled'].NotebookInstanceName" --output text); do | |
| aws sagemaker describe-notebook-instance --notebook-instance-name $notebook --query "SecurityGroups" --output text | grep -q $SG_ID && echo $notebook | |
| done | |
| echo -e "\nFinished checking all resources." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment