Effortless AWS Security Group Cleanup with SG-Cleaner

Introduction

In the world of AWS cloud infrastructure, security groups play a crucial role in controlling inbound and outbound traffic to your resources. However, managing these security groups efficiently can be a challenge, especially when dealing with unused or redundant ones. In this blog post, we’ll introduce you to SG-Cleaner, a simple and powerful Python script designed to help you to identify and remove unused security groups, ensuring a cleaner and more secure AWS environment.

The Problem with Unused Security Groups

Unused security groups can accumulate over time, cluttering your AWS environment and potentially introducing security risks. When left unmanaged, these groups can make it harder to maintain an organized and secure cloud infrastructure. Additionally, some Cloud Security Posture Management (CSPM) tools may flag these unused groups as potential vulnerabilities, underscoring the importance of regularly cleaning them up.

Dealing with a High Volume of Security Groups: A Manual Nightmare

As your AWS environment scales, so does the number of security groups associated with your resources. Managing these groups manually can quickly become a daunting task. Here are some of the pain points you may encounter:

1. Time-Consuming Manual Review: Manually reviewing a large number of security groups is a time-consuming task prone to oversight.
2. Human Error and Oversight: Manual deletion risks human error, potentially leading to the accidental removal of critical security groups.
3. Lack of Visibility: Managing numerous security groups across regions can lead to a lack of visibility, making it difficult to identify unused ones.

SG-Cleaner: Automating the Solution

SG-Cleaner addresses these pain points by automating the process of identifying and removing unused security groups.

Repository: https://github.com/satishpatnayak/sg-cleaner

Prerequisites

Before you can start using SG-Cleaner, ensure you have the following:

• Python 3.x installed on your system.
• Boto3 library installed (Install it using pip3 install boto3).
• AWS profile configured with required permissions

Usage

1. Clone the repo from https://github.com/satishpatnayak/SG-Cleaner
2. Configure the AWS regions in sg-cleaner.py
3. Update the exception_list or leave it blank
4. Run the script python3 sg-cleaner.py
5. Provide your AWS profile name when prompted.
6. The script will scan the specified AWS regions for unused security groups.
7. Any unused security groups found will be deleted.

Exception List

You can specify a list of security groups that should be excluded from deletion. Edit the exception_list variable in the Python script to add the IDs of the security groups you want to protect.

E.g.
exception_list = ['sg-12345678', 'sg-87654321']

Output:

Conclusion

SG-Cleaner provides a simple yet powerful solution for managing unused security groups in your AWS environment. By automating the identification and removal process, SG-Cleaner helps you maintain a cleaner and more secure cloud infrastructure. Give it a try and experience the benefits for yourself.

Connect with me on GitHub and Twitter for more insights, updates and tools.