-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsecurity_groups.py
More file actions
executable file
·31 lines (26 loc) · 1.36 KB
/
security_groups.py
File metadata and controls
executable file
·31 lines (26 loc) · 1.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#!/usr/bin/python3
"""List the security groups"""
import boto3
import sys
from botocore.exceptions import ClientError
def main(filter_text="*"):
"""Do the main things"""
ec2 = boto3.client('ec2')
try:
response = ec2.describe_security_groups(Filters=[{'Name': 'tag:Name','Values': [filter_text]}])
if len(response['SecurityGroups']) == 0 and filter_text[:3] == 'sg-':
response = ec2.describe_security_groups(GroupIds=[filter_text])
#pprint(response['SecurityGroups'])
for group in sorted(response['SecurityGroups'], key=lambda k: k['Description']):
print("{}: {}".format(group['GroupId'], group['Description']))
for rule in group['IpPermissions']:
for iprange in sorted(rule['IpRanges'], key=lambda l: l['CidrIp']):
rule['IpProtocol'] = 'any' if rule['IpProtocol'] == "-1" else rule['IpProtocol']
print("\tAllow {} {}-{} from {}".format(rule['IpProtocol'], rule.get('FromPort', 'all'), rule.get('ToPort', 'all'), iprange['CidrIp']))
for sg in sorted(rule.get('UserIdGroupPairs', []), key=lambda m: m['GroupId']):
print("\tAllow {}".format(sg['GroupId']))
#main(sg['GroupId'])
except ClientError as c_e:
print(c_e)
if __name__ == '__main__':
_= [main(text) for text in sys.argv[1:]]