From 491be029d4525d17cb331eeeb43730c07629daaf Mon Sep 17 00:00:00 2001
From: Scott Piper <scott@summitroute.com>
Date: Thu, 18 Jul 2019 08:58:54 -0600
Subject: [PATCH] find_unused does things the way everyone else does now, by
 looking at the network interfaces

---
 README.md               |  1 +
 commands/find_unused.py | 28 ++++++++++------------------
 2 files changed, 11 insertions(+), 18 deletions(-)

diff --git a/README.md b/README.md
index f4a8826df..8467809f4 100644
--- a/README.md
+++ b/README.md
@@ -15,6 +15,7 @@ CloudMapper helps you analyze your Amazon Web Services (AWS) environments.  The
 - `audit`: Check for potential misconfigurations.
 - `collect`: Collect metadata about an account. More details [here](https://summitroute.com/blog/2018/06/05/cloudmapper_collect/).
 - `find_admins`: Look at IAM policies to identify admin users and roles and spot potential IAM issues. More details [here](https://summitroute.com/blog/2018/06/12/cloudmapper_find_admins/).
+- `find_unused`: Look for unused resources in the account.  Makes a best effort. Currently finds unused Security Groups.
 - `prepare`/`webserver`: See [Network Visualizations](docs/network_visualizations.md)
 - `public`: Find public hosts and port ranges. More details [here](https://summitroute.com/blog/2018/06/13/cloudmapper_public/).
 - `sg_ips`: Get geoip info on CIDRs trusted in Security Groups. More details [here](https://summitroute.com/blog/2018/06/12/cloudmapper_sg_ips/).
diff --git a/commands/find_unused.py b/commands/find_unused.py
index 8f0d4fc97..e74f83678 100644
--- a/commands/find_unused.py
+++ b/commands/find_unused.py
@@ -12,40 +12,32 @@
 def run(arguments):
     _, accounts, config = parse_arguments(arguments)
 
-    # Get the data from the `prepare` command
-    outputfilter = {
-        "internal_edges": True,
-        "read_replicas": True,
-        "inter_rds_edges": True,
-        "azs": False,
-        "collapse_by_tag": None,
-        "collapse_asgs": True,
-        "mute": True,
-    }
     unused_resources = []
     for account in accounts:
         unused_resources_for_account = []
         for region_json in get_regions(Account(None, account)):
             unused_resources_for_region = {}
             used_sgs = set()
-            outputfilter["regions"] = '"{}"'.format(region_json["RegionName"])
-            network = build_data_structure(account, config, outputfilter)
-
-            for edge in pyjq.all('.[].data|select(.type=="edge")', network):
-                for sg in edge.get("node_data", []):
-                    if type(sg) is not list:
-                        used_sgs.add(sg.get("GroupId", None))
 
             region = Region(Account(None, account), region_json)
             defined_sgs = query_aws(
                 Account(None, account), "ec2-describe-security-groups", region
             )
 
+            network_interfaces = query_aws(
+                Account(None, account), "ec2-describe-network-interfaces", region
+            )
+
             defined_sg_set = {}
 
             for sg in pyjq.all(".SecurityGroups[]", defined_sgs):
                 defined_sg_set[sg["GroupId"]] = sg
 
+            for used_sg in pyjq.all(
+                ".NetworkInterfaces[].Groups[].GroupId", network_interfaces
+            ):
+                used_sgs.add(used_sg)
+
             unused_sg_ids = set(defined_sg_set) - used_sgs
             unused_sgs = []
             for sg_id in unused_sg_ids:
@@ -61,7 +53,7 @@ def run(arguments):
 
             unused_resources_for_account.append(
                 {
-                    "name": region_json["RegionName"],
+                    "region": region_json["RegionName"],
                     "unused_resources": unused_resources_for_region,
                 }
             )