-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathawsGetSecurityGroups.bash
More file actions
54 lines (47 loc) · 2.11 KB
/
awsGetSecurityGroups.bash
File metadata and controls
54 lines (47 loc) · 2.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#!/bin/bash
# awsdGetSecurityGroups v0.1a : List all AWS security groups : https://github.com/elemantalcode/bash-scripts
# Requires AWS-CLI to be configured correctly and assumes we have multiple profiles set up
# Space separated list of profile
PROFILES="sandbox dev test production"
# Function to extract rules from Security Group
function getSg() {
CHECK="IpPermissionsEgress"
[ "$1" == "In" ] && CHECK="IpPermissions"
RULE=$( aws ec2 describe-security-groups --region "$REGION" --profile "$PROFILE" --group-ids "$GID" --query \
"SecurityGroups[*].${CHECK}[].{From:FromPort,To:ToPort,Range:IpRanges[*].CidrIp}" \
| jq -r '.[] | "Port: " + (.From|tostring) + "-" + (.To|tostring) + " IP: " + .Range[]' )
ipOrSg "$1"
}
# IP Range or attached to Security Group?
function ipOrSg (){
CHECK="IpPermissionsEgress"
DIRECTION="<="
[ "$1" == "In" ] && CHECK="IpPermissions" && DIRECTION="=>"
if [ "$RULE" == "" ] ; then
RULE=$( aws ec2 describe-security-groups --region "$REGION" --profile "$PROFILE" --group-ids "$GID" --query \
"SecurityGroups[*].${CHECK}[].{From:FromPort,To:ToPort,Range:UserIdGroupPairs[*].GroupId}" \
| jq -r '.[] | "Port: " + (.From|tostring) + "-" + (.To|tostring) + " IP: " + .Range[]' )
[ "$RULE" == "" ] && RULE=" $DIRECTION No Rule Defined"
fi
}
# For every PROFILE get every REGION
for PROFILE in ${PROFILES[*]}; do
REGIONS=$( aws ec2 describe-regions --region us-west-1 --profile "$PROFILE" | jq -r '.[] | .[].RegionName' )
# For every REGION get the Security Groups
echo "=> $PROFILE"
for REGION in ${REGIONS[*]}; do
echo " => $REGION"
aws ec2 describe-security-groups --region "$REGION" --profile "$PROFILE" \
| jq -r '.SecurityGroups[] | .GroupId + ":" + .GroupName + ":" + .VpcId' | while IFS=: read -r GID NAME VPC
do
# Print each security group
echo " => $GID ($VPC) $NAME"
# First show ingress
getSg "In"
echo "$RULE" | sed -e 's/^Port/ => Port/g'
# Also show Egress
getSg "Out"
echo "$RULE" | sed -e 's/^Port/ <= Port/g'
done
done
done