API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 21st, 2019
81
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.84 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. export AWS_PROFILE=$1
  4. export AWS_DEFAULT_REGION=$2
  5. export AWS_DEFAULT_OUTPUT=text
  6.  
  7. echo " It Starts..."
  8.  
  9. echo " Evaluating Security Groups Ingress Rules"
  10. SecurityGroupIds=$(aws ec2 describe-security-groups --query 'SecurityGroups[*].[GroupId]')
  11. for SecurityGroupId in $SecurityGroupIds; do
  12. echo "SecurityGroupId " $SecurityGroupId
  13. portcount=0
  14. FromPorts=$(aws ec2 describe-security-groups --query 'SecurityGroups[*].[IpPermissions[*].FromPort]' --filter "Name=group-id,Values=$SecurityGroupId")
  15. for FromPort in $FromPorts; do
  16. cidrcount=0
  17. IpRanges=$(aws ec2 describe-security-groups --query "SecurityGroups[*].[IpPermissions[$portcount].IpRanges[*].CidrIp]" --filter "Name=group-id,Values=$SecurityGroupId")
  18. for IpRange in $IpRanges; do
  19. echo $IpRange
  20. aws ec2 describe-security-groups --query "SecurityGroups[*].[GroupId, VpcId, IpPermissions[$portcount].FromPort, IpPermissions[$portcount].IpRanges[$cidrcount].IpProtocol, IpPermissions[$portcount].IpRanges[$cidrcount].CidrIp ]" --filter "Name=group-id,Values=$SecurityGroupId" >> ./SecurityGroup-Ingress-Rules.tsv
  21. cidrcount=`expr $cidrcount + 1`
  22. done
  23. portcount=`expr $portcount + 1`
  24. done
  25. done
  26.  
  27. echo " Evaluating Security Group Egress Rules"
  28. for SecurityGroupId in $SecurityGroupIds; do
  29. echo "SecurityGroupId " $SecurityGroupId
  30. portcount=0
  31. FromPorts=$(aws ec2 describe-security-groups --query 'SecurityGroups[*].[EgressIpPermissions[*].FromPort]' --filter "Name=group-id,Values=$SecurityGroupId")
  32. for FromPort in $FromPorts; do
  33. cidrcount=0
  34. IpRanges=$(aws ec2 describe-security-groups --query "SecurityGroups[*].[EgressIpPermissions[$portcount].IpRanges[*].CidrIp]" --filter "Name=group-id,Values=$SecurityGroupId")
  35. for IpRange in $IpRanges; do
  36. aws ec2 describe-security-groups --query "SecurityGroups[*].[GroupId, VpcId, EgressIpPermissions[$portcount].FromPort, EgressIpPermissions[$portcount].IpRanges[$cidrcount].IpProtocol, EgressIpPermissions[$portcount].IpRanges[$cidrcount].CidrIp ]" --filter "Name=group-id,Values=$SecurityGroupId" >> ./SecurityGroup-Egress-Rules.tsv
  37. cidrcount=`expr $cidrcount + 1`
  38. done
  39. portcount=`expr $portcount + 1`
  40. done
  41. done
  42.  
  43. echo " Evaluating Instance Security Group Associations "
  44. EC2Instances=$(aws ec2 describe-instances --query 'Reservations[*].Instances[*].[InstanceId]')
  45. for EC2Instance in $EC2Instances; do
  46. echo "EC2Instance " $EC2Instance
  47. sgcount=0
  48. SecurityGroups=$(aws ec2 describe-instances --query "Reservations[*].Instances[*].[SecurityGroups[*].GroupId]" --filter "Name=instance-id,Values=$EC2Instance")
  49. for SecurityGroup in $SecurityGroups; do
  50. aws ec2 describe-instances --query "Reservations[*].Instances[*].[InstanceId, Placement.AvailabilityZone, SecurityGroups[$sgcount].GroupId]" --filter "Name=instance-id,Values=$EC2Instance" >> ./Instance-SG-Map.tsv
  51. sgcount=`expr $sgcount + 1`
  52. done
  53. done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!