How to Find Unused Network Access Control Lists (ACLs) in AWS
If you have network access control lists that you are not using, it's a best practice to clean them up. In this guide, we'll show you how to find and delete unused ACLs in AWS.
If you have network access control lists that you are not using, it's a best practice to clean them up. In this guide, we'll show you how to find and delete unused ACLs in AWS.
Network ACLs are useful at regulating inbound and outbound traffic at the subnet level, but if network ACLs aren’t associated with a subnet, they just sit idle.
Unused resources in AWS add clutter and unnecessary security risks. By cleaning up unused or redundant network ACLs, you can ensure that your AWS account is well-maintained.
In this guide, we’ll show you how to find and delete unused or redundant network ACLs using the AWS console and CLI.
Finding unused ACLs can be accomplished with more than one method. Below, you can find how to navigate AWS to seek out and delete unused entries.
You’ll see an output that looks like this:
If you see any ACLs with no associations (shown by the line "Associations": [],”), then you can note the NetworkAclID as an ACL that is unused and can be deleted.
It is not possible to delete a network ACL if it is associated with a subnet; it’s also not possible to delete the default network ACL. However, if you find a network ACL that is not associated with a subnet, delete it by running the following command:
Repeat this process for all unused or redundant ACLs.
You won’t see any output from these commands. To confirm that you have successfully deleted them, you can run the describe-network-acls command again.
Manually finding unused ACLs isn’t hard, but it requires you to context-switch and either click through the console or run CLI commands. There’s an easier way to manage your resources and ensure a clean AWS account.
With Blink, there’s an easier way to manage all of your resources and ensure a clean AWS account.
This automation in the Blink library scans your AWS account for unused ACLs and Security Groups.
When the automation runs, it does the following steps:
You can also customize this automation by dragging and dropping no-code actions into the canvas to add conditional logic, notifications, or approval steps.
Build your own automation from scratch or use one of our 5K pre-built automations like this one today.
Get started with Blink today to see how easy automation can be.
Blink is an automation copilot that enables you to create full ready-to-run workflows between tools – just type a prompt.