Created
October 3, 2019 00:07
-
-
Save BeardedCloudWalker/03823fc01aee65799dd9a58cdcdd1135 to your computer and use it in GitHub Desktop.
Pull Spreadsheet of Security group Rules and associated Instances
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| export AWS_PROFILE=$1 | |
| export AWS_DEFAULT_REGION=$2 | |
| export AWS_DEFAULT_OUTPUT=text | |
| echo " It Starts..." | |
| echo " Evaluating Security Groups Ingress Rules" | |
| SecurityGroupIds=$(aws ec2 describe-security-groups --query 'SecurityGroups[*].[GroupId]') | |
| for SecurityGroupId in $SecurityGroupIds; do | |
| echo "SecurityGroupId " $SecurityGroupId | |
| portcount=0 | |
| FromPorts=$(aws ec2 describe-security-groups --query 'SecurityGroups[*].[IpPermissions[*].FromPort]' --filter "Name=group-id,Values=$SecurityGroupId") | |
| for FromPort in $FromPorts; do | |
| cidrcount=0 | |
| IpRanges=$(aws ec2 describe-security-groups --query "SecurityGroups[*].[IpPermissions[$portcount].IpRanges[*].CidrIp]" --filter "Name=group-id,Values=$SecurityGroupId") | |
| for IpRange in $IpRanges; do | |
| echo $IpRange | |
| aws ec2 describe-security-groups --query "SecurityGroups[*].[GroupId, VpcId, IpPermissions[$portcount].FromPort, IpPermissions[$portcount].IpRanges[$cidrcount].IpProtocol, IpPermissions[$portcount].IpRanges[$cidrcount].CidrIp ]" --filter "Name=group-id,Values=$SecurityGroupId" >> ./SecurityGroup-Ingress-Rules.tsv | |
| cidrcount=`expr $cidrcount + 1` | |
| done | |
| portcount=`expr $portcount + 1` | |
| done | |
| done | |
| echo " Evaluating Security Group Egress Rules" | |
| for SecurityGroupId in $SecurityGroupIds; do | |
| echo "SecurityGroupId " $SecurityGroupId | |
| portcount=0 | |
| FromPorts=$(aws ec2 describe-security-groups --query 'SecurityGroups[*].[EgressIpPermissions[*].FromPort]' --filter "Name=group-id,Values=$SecurityGroupId") | |
| for FromPort in $FromPorts; do | |
| cidrcount=0 | |
| IpRanges=$(aws ec2 describe-security-groups --query "SecurityGroups[*].[EgressIpPermissions[$portcount].IpRanges[*].CidrIp]" --filter "Name=group-id,Values=$SecurityGroupId") | |
| for IpRange in $IpRanges; do | |
| aws ec2 describe-security-groups --query "SecurityGroups[*].[GroupId, VpcId, EgressIpPermissions[$portcount].FromPort, EgressIpPermissions[$portcount].IpRanges[$cidrcount].IpProtocol, EgressIpPermissions[$portcount].IpRanges[$cidrcount].CidrIp ]" --filter "Name=group-id,Values=$SecurityGroupId" >> ./SecurityGroup-Egress-Rules.tsv | |
| cidrcount=`expr $cidrcount + 1` | |
| done | |
| portcount=`expr $portcount + 1` | |
| done | |
| done | |
| echo " Evaluating Instance Security Group Associations " | |
| EC2Instances=$(aws ec2 describe-instances --query 'Reservations[*].Instances[*].[InstanceId]') | |
| for EC2Instance in $EC2Instances; do | |
| echo "EC2Instance " $EC2Instance | |
| sgcount=0 | |
| SecurityGroups=$(aws ec2 describe-instances --query "Reservations[*].Instances[*].[SecurityGroups[*].GroupId]" --filter "Name=instance-id,Values=$EC2Instance") | |
| for SecurityGroup in $SecurityGroups; do | |
| aws ec2 describe-instances --query "Reservations[*].Instances[*].[InstanceId, Placement.AvailabilityZone, SecurityGroups[$sgcount].GroupId]" --filter "Name=instance-id,Values=$EC2Instance" >> ./Instance-SG-Map.tsv | |
| sgcount=`expr $sgcount + 1` | |
| done | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment