Skip to main content

What is AWS Security Group Auditor?

AWS Security Group Auditor is a powerful Python CLI tool designed to help you maintain a clean and secure AWS infrastructure by identifying security groups that are no longer in use. The tool performs a comprehensive audit across 20+ AWS services, tracking which security groups are actively attached to resources and which are orphaned.
The tool generates detailed logs showing every security group’s associations, making it easy to understand your security posture before making any changes.

Why use this tool?

As your AWS infrastructure grows, security groups can accumulate over time. Unused security groups create several problems:
  • Security risks: Orphaned security groups can be mistakenly attached to resources with unintended permissions
  • Management overhead: Clutter makes it harder to understand your actual security configuration
  • Compliance challenges: Auditing becomes more complex with unnecessary security groups
  • Cost of complexity: More resources to track and manage during security reviews
This tool solves these problems by providing complete visibility into security group usage and offering safe cleanup options.

Key features

Comprehensive scanning

Audits security groups across 20+ AWS services including EC2, RDS, ECS, EKS, ElastiCache, and more

Cross-reference detection

Identifies security groups referenced by other security groups, even if not directly attached to resources

Detailed logging

Generates account-specific log files showing every security group and its associated resources

Safe deletion

Interactive prompts prevent accidental deletion, with full error handling for groups that can’t be removed

Supported AWS services

The auditor checks security group associations across:
  • Compute: EC2 instances, ECS services, EKS clusters, Elastic Beanstalk
  • Load Balancing: Classic ELB, Application Load Balancers (ALB), Network Load Balancers (NLB)
  • Databases: RDS, Neptune, DocumentDB, Redshift, ElastiCache
  • Networking: VPC Endpoints, VPN Connections, Transfer Family servers
  • Analytics & Data: Amazon MSK (Kafka), Glue, Elasticsearch Service
  • Storage: Amazon FSx file systems
  • Development: CodeBuild projects, SageMaker endpoints
  • Messaging: Amazon MQ brokers
  • Other: WorkSpaces directories, and more

How it works

The tool follows a systematic approach:
  1. Connects to your AWS account using boto3 and retrieves your account ID
  2. Lists all security groups in your account
  3. Iterates through each security group, checking associations across all supported services
  4. Tracks which security groups are in use and which are orphaned
  5. Generates a detailed log file named {account_id}_sg_log.txt
  6. Presents a summary of unused security groups
  7. Optionally deletes unused security groups with your confirmation
The tool can delete security groups from your AWS account. Always review the log file before confirming any deletions.

Get started

Installation

Install Python dependencies and configure AWS credentials

Quick start

Run your first security group audit in minutes

Build docs developers (and LLMs) love

Get started for freeTalk to us