Open taraspos opened 7 years ago
Thanks for the suggestion, this is a good idea and is something we want to do.
A way to do it would be to add new inspectors. For example, as a proof of concept, you can try awless inspect -i port_scanner
that display, in particular, the security groups that are not used by instances, nor network interfaces, nor loadbalancers.
We also could imagine an inspector that directly outputs an awless
template to delete all unused securitygroups/images/volumes/snapshots.
@fxaguessy cool, I didn't know about awless inspect -i port_scanner
.
Would be nice to add "rds/elasticache/lambdas/etc" to the applying on nothing
check.
Note - as @fxaguessy is saying - that the port scanner inspector is not production ready and was done quickly. Its output is not really usable and friendly.
We will do a proper one soon enough though.
Hey, there are a bunch of different scripts for finding and cleaning up unused resources, it would be nice to integrate such functionality in awless to have it all in one place and easy to use.
AMIs and Snapshots cleaner example: https://github.com/bonclay7/aws-amicleaner
Some rough SG list example: https://gist.github.com/asinghal/f72afd1aebeba26789fd6ff3789cf4d4