Scan ip and tag

gistfile1.txt

#!/usr/bin/env bash
# runscript.sh
# Usage: ./runscript.sh <ip-address>
set -euo pipefail

IP_ADDRESS=${1:-}
if [[ -z $IP_ADDRESS ]]; then
  echo "Usage: $0 <ip-address>" >&2
  exit 1
fi

# helper: given ARN(s) or name(s), and a describe-tags command,
# fetch cost-centre and app-id, with fallbacks.
get_elbv2_tags() {
  local arn="$1"
  local tags json cc ai
  json=$(aws elbv2 describe-tags --resource-arns "$arn" \
    --query 'TagDescriptions[0].Tags' --output json 2>/dev/null) || json='[]'
  cc=$(jq -r '.[]? | select(.Key=="CostCentre")     | .Value'   <<<"$json")
  ai=$(jq -r '.[]? | select(.Key=="ApplicationID") | .Value'   <<<"$json")
  [[ -z $cc ]] && cc="not exist"
  [[ -z $ai ]] && ai="not exist"
  printf '%s,%s' "$cc" "$ai"
}

get_elb_tags() {
  local name="$1"
  local tags json cc ai
  json=$(aws elb describe-tags --load-balancer-names "$name" \
    --query 'TagDescriptions[0].Tags' --output json 2>/dev/null) || json='[]'
  cc=$(jq -r '.[]? | select(.Key=="CostCentre")     | .Value'   <<<"$json")
  ai=$(jq -r '.[]? | select(.Key=="ApplicationID") | .Value'   <<<"$json")
  [[ -z $cc ]] && cc="not exist"
  [[ -z $ai ]] && ai="not exist"
  printf '%s,%s' "$cc" "$ai"
}

get_instance_tags() {
  local iid="$1"
  local tags json cc ai
  json=$(aws ec2 describe-instances --instance-ids "$iid" \
    --query 'Reservations[0].Instances[0].Tags' --output json 2>/dev/null) || json='[]'
  cc=$(jq -r '.[]? | select(.Key=="CostCentre")     | .Value'   <<<"$json")
  ai=$(jq -r '.[]? | select(.Key=="ApplicationID") | .Value'   <<<"$json")
  [[ -z $cc ]] && cc="not exist"
  [[ -z $ai ]] && ai="not exist"
  printf '%s,%s' "$cc" "$ai"
}

# --- 1. fetch the ENI for this IP (first match only) ------------------------
eni=$(aws ec2 describe-network-interfaces \
  --filters "Name=private-ip-address,Values=$IP_ADDRESS" \
  --query 'NetworkInterfaces[0]' \
  --output json 2>/dev/null) || eni="null"

if [[ -z $eni || $eni == "null" ]]; then
  # no ENI → can't identify resource
  echo "$IP_ADDRESS,Not found,unknown,unknown"
  exit 0
fi

# extract common fields
interface_type=$(jq -r '.InterfaceType // ""' <<<"$eni")
description  =$(jq -r '.Description   // ""' <<<"$eni")
attach_iid   =$(jq -r '.Attachment.InstanceId // ""' <<<"$eni")

# --- 2. classify & tag‐lookup -----------------------------------------------

# 2.1 Lambda
if [[ $interface_type == "lambda" ]]; then
  full=${description#AWS Lambda VPC ENI-}
  fn=$(printf '%s' "$full" \
       | sed -E 's/-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}.*$//')
  # get tags via get-function
  tags_json=$(aws lambda get-function --function-name "$fn" \
    --query 'Tags' --output json 2>/dev/null) || tags_json='{}'
  cc=$(jq -r '.CostCentre     // empty' <<<"$tags_json")
  ai=$(jq -r '.ApplicationID // empty' <<<"$tags_json")
  [[ -z $cc ]] && cc="not exist"
  [[ -z $ai ]] && ai="not exist"
  echo "$IP_ADDRESS,Lambda $fn,$cc,$ai"
  exit 0
fi

# 2.2 NLB (ELBv2 net/)
if [[ $interface_type == "network_load_balancer" ]]; then
  np=${description#ELB net/}
  nlbn=${np%%/*}
  arn=$(aws elbv2 describe-load-balancers --names "$nlbn" \
    --query 'LoadBalancers[0].LoadBalancerArn' --output text 2>/dev/null) || arn=""
  if [[ -z $arn ]]; then
    echo "$IP_ADDRESS,NLB $nlbn,unknown,unknown"
  else
    echo "$IP_ADDRESS,NLB $nlbn,$(get_elbv2_tags "$arn")"
  fi
  exit 0
fi

# 2.3 ALB (ELBv2 app/)
if [[ $description == ELB\ app/* ]]; then
  ap=${description#ELB app/}
  albn=${ap%%/*}
  arn=$(aws elbv2 describe-load-balancers --names "$albn" \
    --query 'LoadBalancers[0].LoadBalancerArn' --output text 2>/dev/null) || arn=""
  if [[ -z $arn ]]; then
    echo "$IP_ADDRESS,ALB $albn,unknown,unknown"
  else
    echo "$IP_ADDRESS,ALB $albn,$(get_elbv2_tags "$arn")"
  fi
  exit 0
fi

# 2.4 Classic ELB
if [[ $interface_type == "interface" && $description == ELB\ * ]]; then
  elbn=${description#ELB }
  if aws elb describe-load-balancers --load-balancer-names "$elbn" &>/dev/null; then
    echo "$IP_ADDRESS,ELB $elbn,$(get_elb_tags "$elbn")"
  else
    echo "$IP_ADDRESS,ELB $elbn,unknown,unknown"
  fi
  exit 0
fi

# 2.5 ECS task
ecs_arn=$(jq -r '.TagSet[]? | select(.Key=="aws:ecs:taskArn") | .Value' <<<"$eni")
if [[ -n $ecs_arn ]]; then
  # list‐tags-for-resource on the task ARN
  tags_json=$(aws ecs list-tags-for-resource --resource-arn "$ecs_arn" \
    --query 'tags' --output json 2>/dev/null) || tags_json='[]'
  cc=$(jq -r '.[]? | select(.key=="CostCentre")     | .value' <<<"$tags_json")
  ai=$(jq -r '.[]? | select(.key=="ApplicationID") | .value' <<<"$tags_json")
  [[ -z $cc ]] && cc="not exist"
  [[ -z $ai ]] && ai="not exist"
  echo "$IP_ADDRESS,ECS $ecs_arn,$cc,$ai"
  exit 0
fi

# 2.6 EKS branch
if [[ $interface_type == "branch" && -n $attach_iid ]]; then
  cc_ai=$(get_instance_tags "$attach_iid")
  echo "$IP_ADDRESS,EKS branch,$cc_ai"
  exit 0
fi

# 2.7 EKS trunk
eks_iid=$(jq -r '.TagSet[]? | select(.Key=="node.k8s.amazonaws.com/instance_id") | .Value' <<<"$eni")
if [[ -n $eks_iid ]]; then
  name=$(aws ec2 describe-instances \
    --instance-ids "$eks_iid" \
    --query 'Reservations[0].Instances[0].Tags[?Key==`Name`].Value|[0]' \
    --output text 2>/dev/null || echo "")
  display="EKS ${name:-$eks_iid}"
  cc_ai=$(get_instance_tags "$eks_iid")
  echo "$IP_ADDRESS,$display,$cc_ai"
  exit 0
fi

# 2.8 EC2 instance
if [[ -n $attach_iid ]]; then
  name=$(aws ec2 describe-instances \
    --instance-ids "$attach_iid" \
    --query 'Reservations[0].Instances[0].Tags[?Key==`Name`].Value|[0]' \
    --output text 2>/dev/null || echo "")
  display="EC2 ${name:-$attach_iid}"
  cc_ai=$(get_instance_tags "$attach_iid")
  echo "$IP_ADDRESS,$display,$cc_ai"
  exit 0
fi

# 2.9 anything else
echo "$IP_ADDRESS,Other,unknown,unknown"
exit 0