script.py

1. # -*- coding: utf-8 -*-
2. import boto3
3. import yaml
4. from botocore.exceptions import ClientError
5. def main(data):
6. ec2_id_list=[]
7. sgid_list=[]
8. iplist=[]
9. output_text_list=[]
10.  
11. ec2_resource = boto3.resource('ec2')
12. ec2_client = boto3.client('ec2')
13. alb_client = boto3.client('elbv2')
14. clb_client = boto3.client('elb')
15.  
16. if data.get('CLB_Name') is not None:
17. describe_clb_list=clb_client.describe_load_balancers()
18. for clb in describe_clb_list['LoadBalancerDescriptions']:
19. if data.get('CLB_Name') in clb['LoadBalancerName']:
20. sgid_list=clb['SecurityGroups']
21. for i in clb['Instances']:
22. x=i.get('InstanceId')
23. ec2_id_list.extend( x if type(x) == list else [x] )
24.  
25. else:
26. if 'x' in locals():
27. x='CLB_Name:' + data.get('CLB_Name')
28. output_text_list.extend( x if type(x) == list else [x] )
29. else:
30. x='存在しないCLB_Name:' + data.get('CLB_Name')
31. output_text_list.extend( x if type(x) == list else [x] )
32.  
33.  
34.  
35. if data.get('ALB_Name') is not None:
36. describe_alb_list=alb_client.describe_load_balancers()
37. for alb in describe_alb_list['LoadBalancers']:
38. if data.get('ALB_Name') in alb['LoadBalancerName']:
39. x=alb.get('SecurityGroups')
40. sgid_list.extend( x if type(x) == list else [x] )
41. try:
42. describe_tgg = alb_client.describe_target_groups(Names=[data['TargetGroup_Name']])
43.  
44. for d in describe_tgg['TargetGroups']:
45. tgg_health = alb_client.describe_target_health(TargetGroupArn=d['TargetGroupArn'])
46.  
47. for o in tgg_health['TargetHealthDescriptions']:
48. x=o['Target'].get('Id')
49. ec2_id_list.extend( x if type(x) == list else [x] )
50.  
51. except ClientError as e:
52. if e.response['Error']['Code'] == 'TargetGroupNotFound':
53. print('!!!!：' + data.get('TargetGroup_Name'))
54.  
55. except KeyError:
56. print('!!ALB!!：' + data.get('ALB_Name'))
57. break
58.  
59. finally:
60. pass
61.  
62. else:
63. if 'd' in locals():
64. x='ALB_Name:' + data.get('ALB_Name')
65. output_text_list.extend( x if type(x) == list else [x] )
66. else:
67. x='存在しないALB_Name:' + data.get('ALB_Name')
68. output_text_list.extend( x if type(x) == list else [x] )
69.  
70. for i in ec2_id_list:
71. describe_instance=ec2_client.describe_instances(InstanceIds=[i])
72. for u in describe_instance['Reservations']:
73. for d in u['Instances']:
74. for c in d['SecurityGroups']:
75. x=c.get('GroupId')
76. sgid_list.extend( x if type(x) == list else [x] )
77.  
78. for sgid in sgid_list:
79. security_group = ec2_resource.SecurityGroup(sgid)
80. for u in security_group.ip_permissions:
81. for i in u['IpRanges']:
82. x=i.get('CidrIp')
83. iplist.extend( x if type(x) == list else [x] )
84.  
85. uniq_iplist = set(iplist)
86.  
87. if '0.0.0.0/0' in uniq_iplist:
88. uniq_iplist.remove('0.0.0.0/0')
89.  
90. if not uniq_iplist:
91. uniq_iplist = 'jj、または0.0.0.0/0jj'
92.  
93.  
94. return uniq_iplist , output_text_list
95.  
96. if __name__ == '__main__':
97. with open('lb_config.yml', 'r') as yml:
98. config = yaml.safe_load(yml)
99.  
100. for data in config:
101. print('----------')
102. iplist , output_text_list = main(data)
103. print(' , '.join(output_text_list))
104. print(iplist)
105.