Last active
August 11, 2025 22:34
-
-
Save amgill/353225152495d2dce52501fa70c2528a to your computer and use it in GitHub Desktop.
Revisions
-
amgill revised this gist
Apr 11, 2018 . 2 changed files with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,7 +2,7 @@ ###################################################################################################################### # Purpose: Generate rules report of all the security groups # # Input Params: None [Make sure to set AWS CLI session by populating env. vars. with keys.] # # Usage: ./ec2_sg_rules.py > account-date.csv [python ./ec2_sg_rules.py > gill-dev-sg-2018-04-11.csv] # # Author: Abdul Gill # # Doc. Ref: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.describe_security_groups# ###################################################################################################################### File renamed without changes. -
Apr 11, 2018 . 1 changed file with 4 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -13,14 +13,14 @@ default,sg-156c2e62 ,,,All,All,0.0.0.0/0 transit-spoke-app-sg,sg-ebb8fa9c ,,Inbound ,,,tcp,80,175.29.255.240/28 ,,,tcp,80,15.0.0.0/8 ,,,icmp,N/A,15.0.0.0/8 ,,,tcp,22,175.29.255.240/28 ,,,tcp,22,15.0.0.0/8 ,,,udp,3389,175.29.255.240/28 ,,,udp,3389,15.0.0.0/8 ,,,tcp,3389,175.29.255.240/28 ,,,tcp,3389,15.0.0.0/8 ,,Outbound ,,,tcp,80,0.0.0.0/0 -
Apr 11, 2018 . 2 changed files with 40 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,39 @@ Group-Name,Group-ID,In/Out,Protocol,Port,Source/Destination default,sg-0990507b ,,Inbound ,,,All,All,sg-0990507b ,,Outbound ,,,All,All,0.0.0.0/0 default,sg-156c2e62 ,,Inbound ,,,All,All,0.0.0.0/0 ,,,All,All,sg-156c2e62 ,,,tcp,22,0.0.0.0/0 ,,Outbound ,,,All,All,0.0.0.0/0 transit-spoke-app-sg,sg-ebb8fa9c ,,Inbound ,,,tcp,80,175.27.255.240/28 ,,,tcp,80,15.0.0.0/8 ,,,icmp,N/A,15.0.0.0/8 ,,,tcp,22,175.27.255.240/28 ,,,tcp,22,15.0.0.0/8 ,,,udp,3389,175.27.255.240/28 ,,,udp,3389,15.0.0.0/8 ,,,tcp,3389,175.27.255.240/28 ,,,tcp,3389,15.0.0.0/8 ,,Outbound ,,,tcp,80,0.0.0.0/0 ,,,tcp,80,::/0 ,,,All,All,0.0.0.0/0 ,,,All,All,::/0 default,sg-b291bfd4 ,,Inbound ,,,All,All,sg-b291bfd4 ,,Outbound ,,,All,All,0.0.0.0/0 default,sg-b82d6dc5 ,,Inbound ,,,All,All,sg-b82d6dc5 ,,Outbound ,,,All,All,0.0.0.0/0 This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,7 +2,7 @@ ###################################################################################################################### # Purpose: Generate rules report of all the security groups # # Input Params: None [Make sure to set AWS CLI session by populating env. vars. with keys.] # # Usage: ./ec2_sg_rules.py > account-date.csv [python ./ec2_sg_rules.py > agill-dev-sg-2018-04-11.csv] # # Author: Abdul Gill # # Doc. Ref: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.describe_security_groups# ###################################################################################################################### -
Apr 11, 2018 . 1 changed file with 4 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,10 +1,10 @@ #!/usr/local/bin/python3 ###################################################################################################################### # Purpose: Generate rules report of all the security groups # # Input Params: None [Make sure to set AWS CLI session by populating env. vars. with keys.] # # Usage: ./ec2_sg_rules.py > account-date.csv [python ./ec2_sg_rules.py > agill-prd-2018-04-11.csv ] # # Author: Abdul Gill # # Doc. Ref: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.describe_security_groups# ###################################################################################################################### from __future__ import print_function -
Apr 11, 2018 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,96 @@ #!/usr/local/bin/python3 ###################################################################################################################### # Purpose: Generate rules report of all the security groups # # Input Params: None [Make sure to set AWS CLI session by populating env. vars. with keys.] # # Usage: ./ec2_sg_rules.py > account-date.csv [python ./ec2_sg_rules.py > agill-prd-2018-04-11.csv ] # # Author: Abdul Gill # # Doc. Ref: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.describe_security_groups # ###################################################################################################################### from __future__ import print_function import json import boto3 #Explicitly declaring variables here grants them global scope cidr_block = "" ip_protpcol = "" from_port = "" to_port = "" from_source = "" print("%s,%s,%s,%s,%s,%s" % ("Group-Name","Group-ID","In/Out","Protocol","Port","Source/Destination")) for region in ["us-east-1","us-west-1", "us-west-2"]: ec2=boto3.client('ec2', region ) sgs = ec2.describe_security_groups()["SecurityGroups"] for sg in sgs: group_name = sg['GroupName'] group_id = sg['GroupId'] print("%s,%s" % (group_name,group_id)) # InBound permissions ########################################## inbound = sg['IpPermissions'] print("%s,%s,%s" % ("","","Inbound")) for rule in inbound: if rule['IpProtocol'] == "-1": traffic_type="All Trafic" ip_protpcol="All" to_port="All" else: ip_protpcol = rule['IpProtocol'] from_port=rule['FromPort'] to_port=rule['ToPort'] #If ICMP, report "N/A" for port # if to_port == -1: to_port = "N/A" #Is source/target an IP v4? if len(rule['IpRanges']) > 0: for ip_range in rule['IpRanges']: cidr_block = ip_range['CidrIp'] print("%s,%s,%s,%s,%s,%s" % ("", "", "", ip_protpcol, to_port, cidr_block)) #Is source/target an IP v6? if len(rule['Ipv6Ranges']) > 0: for ip_range in rule['Ipv6Ranges']: cidr_block = ip_range['CidrIpv6'] print("%s,%s,%s,%s,%s,%s" % ("", "", "", ip_protpcol, to_port, cidr_block)) #Is source/target a security group? if len(rule['UserIdGroupPairs']) > 0: for source in rule['UserIdGroupPairs']: from_source = source['GroupId'] print("%s,%s,%s,%s,%s,%s" % ("", "", "", ip_protpcol, to_port, from_source)) # OutBound permissions ########################################## outbound = sg['IpPermissionsEgress'] print("%s,%s,%s" % ("","","Outbound")) for rule in outbound: if rule['IpProtocol'] == "-1": traffic_type="All Trafic" ip_protpcol="All" to_port="All" else: ip_protpcol = rule['IpProtocol'] from_port=rule['FromPort'] to_port=rule['ToPort'] #If ICMP, report "N/A" for port # if to_port == -1: to_port = "N/A" #Is source/target an IP v4? if len(rule['IpRanges']) > 0: for ip_range in rule['IpRanges']: cidr_block = ip_range['CidrIp'] print("%s,%s,%s,%s,%s,%s" % ("", "", "", ip_protpcol, to_port, cidr_block)) #Is source/target an IP v6? if len(rule['Ipv6Ranges']) > 0: for ip_range in rule['Ipv6Ranges']: cidr_block = ip_range['CidrIpv6'] print("%s,%s,%s,%s,%s,%s" % ("", "", "", ip_protpcol, to_port, cidr_block)) #Is source/target a security group? if len(rule['UserIdGroupPairs']) > 0: for source in rule['UserIdGroupPairs']: from_source = source['GroupId'] print("%s,%s,%s,%s,%s,%s" % ("", "", "", ip_protpcol, to_port, from_source))