Security Group Finder
Orphaned Security Group Finder
Coming Soon
This automation is planned but not yet implemented. The documentation below describes the intended functionality.
The Security Group Finder is a Trigger automation that identifies security groups that are no longer attached to any AWS resources. These orphaned security groups can clutter your environment and pose security risks.
How It Works
graph LR
A[Security Group Finder] --> B[List All Security Groups]
B --> C[Check Attachments]
C --> D{Attached?}
D -->|Yes| E[Skip]
D -->|No| F[Flag as Orphaned]
F --> G[Generate Report]- Enumerate - Lists all security groups across configured accounts and regions
- Analyze - Checks each security group for resource attachments
- Identify - Flags security groups with no attachments as orphaned
- Report - Generates a report of orphaned security groups
Why Orphaned Security Groups Matter
| Risk | Impact |
|---|---|
| Clutter | Difficulty managing security configurations |
| Security audit | Harder to review security posture |
| Compliance | May violate security policies |
| Confusion | Unclear purpose of unused groups |
Running the Automation
As a Trigger automation, the Security Group Finder runs on-demand:
- Navigate to Automations
- Find Orphaned Security Group Finder
- Click Trigger
- Wait for the automation to complete
- View results in Automation Reports
Prerequisites
The SkySaver IAM role needs these permissions:
- Effect: "Allow"
Action:
- "ec2:DescribeSecurityGroups"
- "ec2:DescribeNetworkInterfaces"
- "ec2:DescribeInstances"
Resource: "*"Understanding the Report
The report includes:
| Field | Description |
|---|---|
| Security Group ID | The AWS security group ID (sg-xxx) |
| Name | Security group name |
| VPC ID | The VPC where the group exists |
| Account | AWS account containing the group |
| Region | AWS region |
| Description | Security group description |
| Created Date | When the group was created |
What to Do with Orphaned Groups
After reviewing the report:
- Verify - Confirm the groups are truly unused
- Document - Note why each group was orphaned
- Delete - Remove groups that are no longer needed
- Keep - Some groups may be intentionally reserved
Safely Deleting Security Groups
Before deleting a security group:
Check for references in:
- Launch templates
- Auto Scaling Group configurations
- CloudFormation stacks
- Terraform state
Verify no pending instance launches will use the group
Delete via AWS Console or CLI:
aws ec2 delete-security-group --group-id sg-xxxxxxxxx
Common Scenarios
| Scenario | Orphan Likely? | Action |
|---|---|---|
| Instance terminated | Yes | Safe to delete |
| Lambda function deleted | Yes | Safe to delete |
| RDS instance removed | Yes | Safe to delete |
| Newly created for future use | No | Keep for now |
| Referenced by CloudFormation | No | Keep (CloudFormation manages it) |
Best Practices
- Run regularly - Schedule monthly reviews
- Document exceptions - Use description field for reserved groups
- Tag groups - Use tags like
Status: Reservedfor intentional keeps - Review before deletion - Always verify before removing
Downloading Results
Export the orphaned security group list:
- Navigate to Automation Reports
- Find the relevant execution
- Click Download CSV
Troubleshooting
| Issue | Possible Cause | Solution |
|---|---|---|
| No groups found | Permissions issue | Verify IAM role permissions |
| Missing regions | Region not configured | Add region to Project Defaults |
| False positives | Group used by unsupported service | Manually verify before deletion |
Related Topics
- Automation Reports - View execution history
- AWS Account Setup - IAM permissions
- ENI Finder - Related cleanup automation