Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- export AWS_PROFILE=$1
- export AWS_DEFAULT_REGION=$2
- export AWS_DEFAULT_OUTPUT=text
- echo " It Starts..."
- echo " Evaluating Security Groups Ingress Rules"
- SecurityGroupIds=$(aws ec2 describe-security-groups --query 'SecurityGroups[*].[GroupId]')
- for SecurityGroupId in $SecurityGroupIds; do
- echo "SecurityGroupId " $SecurityGroupId
- portcount=0
- FromPorts=$(aws ec2 describe-security-groups --query 'SecurityGroups[*].[IpPermissions[*].FromPort]' --filter "Name=group-id,Values=$SecurityGroupId")
- for FromPort in $FromPorts; do
- cidrcount=0
- IpRanges=$(aws ec2 describe-security-groups --query "SecurityGroups[*].[IpPermissions[$portcount].IpRanges[*].CidrIp]" --filter "Name=group-id,Values=$SecurityGroupId")
- for IpRange in $IpRanges; do
- echo $IpRange
- aws ec2 describe-security-groups --query "SecurityGroups[*].[GroupId, VpcId, IpPermissions[$portcount].FromPort, IpPermissions[$portcount].IpRanges[$cidrcount].IpProtocol, IpPermissions[$portcount].IpRanges[$cidrcount].CidrIp ]" --filter "Name=group-id,Values=$SecurityGroupId" >> ./SecurityGroup-Ingress-Rules.tsv
- cidrcount=`expr $cidrcount + 1`
- done
- portcount=`expr $portcount + 1`
- done
- done
- echo " Evaluating Security Group Egress Rules"
- for SecurityGroupId in $SecurityGroupIds; do
- echo "SecurityGroupId " $SecurityGroupId
- portcount=0
- FromPorts=$(aws ec2 describe-security-groups --query 'SecurityGroups[*].[EgressIpPermissions[*].FromPort]' --filter "Name=group-id,Values=$SecurityGroupId")
- for FromPort in $FromPorts; do
- cidrcount=0
- IpRanges=$(aws ec2 describe-security-groups --query "SecurityGroups[*].[EgressIpPermissions[$portcount].IpRanges[*].CidrIp]" --filter "Name=group-id,Values=$SecurityGroupId")
- for IpRange in $IpRanges; do
- aws ec2 describe-security-groups --query "SecurityGroups[*].[GroupId, VpcId, EgressIpPermissions[$portcount].FromPort, EgressIpPermissions[$portcount].IpRanges[$cidrcount].IpProtocol, EgressIpPermissions[$portcount].IpRanges[$cidrcount].CidrIp ]" --filter "Name=group-id,Values=$SecurityGroupId" >> ./SecurityGroup-Egress-Rules.tsv
- cidrcount=`expr $cidrcount + 1`
- done
- portcount=`expr $portcount + 1`
- done
- done
- echo " Evaluating Instance Security Group Associations "
- EC2Instances=$(aws ec2 describe-instances --query 'Reservations[*].Instances[*].[InstanceId]')
- for EC2Instance in $EC2Instances; do
- echo "EC2Instance " $EC2Instance
- sgcount=0
- SecurityGroups=$(aws ec2 describe-instances --query "Reservations[*].Instances[*].[SecurityGroups[*].GroupId]" --filter "Name=instance-id,Values=$EC2Instance")
- for SecurityGroup in $SecurityGroups; do
- aws ec2 describe-instances --query "Reservations[*].Instances[*].[InstanceId, Placement.AvailabilityZone, SecurityGroups[$sgcount].GroupId]" --filter "Name=instance-id,Values=$EC2Instance" >> ./Instance-SG-Map.tsv
- sgcount=`expr $sgcount + 1`
- done
- done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement