-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 68fb348
Showing
20 changed files
with
14,528 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| *.txt | ||
| *.json | ||
| bin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| # EC2 Security Group Tool | ||
|
|
||
| This app uses the [AWS Go SDK](https://github.com/aws/aws-sdk-go/wiki/Getting-Started-Credentials) to perform some basic operations. | ||
|
|
||
| Currently, it queries existing security groups, listing the total number of Incoming IP Permissions, Outgoing IP Permissions and the EC2 Instances using them. Additionally, it outputs an AWS CLI to delete unused security groups. | ||
|
|
||
| This can be run with the [shared AWS credentials file](https://github.com/aws/aws-sdk-go/wiki/Getting-Started-Credentials) (more info at [configuring the aws cli](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html)) | ||
|
|
||
| ## Examples | ||
|
|
||
| Using the default profile | ||
|
|
||
| ``` | ||
| awstool | ||
| ``` | ||
|
|
||
| Using a profile | ||
|
|
||
| ``` | ||
| AWS_PROFILE=bespoke awstool | ||
| ``` | ||
|
|
||
| ## output | ||
|
|
||
| ```bash | ||
| $ AWS_PROFILE=bespoke awstool | ||
| id name in out i | ||
| sg-5e866b36 quicklaunch-1 2 0 0 | ||
| tcp 22- 22 0.0.0.0/0 | ||
| tcp 80- 80 0.0.0.0/0 | ||
| sg-4bd5b526 cmdline-test 1 0 0 | ||
| tcp 80- 80 0.0.0.0/0 | ||
| sg-dc876ab4 default 3 0 0 | ||
| icmp -1- -1 all | ||
| tcp 0-65535 all | ||
| udp 0-65535 all | ||
| sg-094e6562 doge-launch1 1 0 0 | ||
| tcp 22- 22 0.0.0.0/0 | ||
| sg-d7406bbc lite-launch-1 1 0 0 | ||
| tcp 22- 22 0.0.0.0/0 | ||
| sg-96cdb6fe pega 4 0 0 | ||
| tcp 80- 80 0.0.0.0/0 | ||
| tcp 3389-3389 0.0.0.0/0 | ||
| tcp 9090-9090 0.0.0.0/0 | ||
| tcp 9443-9443 0.0.0.0/0 | ||
| aws ec2 delete-security-group --group-id sg-5e866b36 --dry-run | ||
| aws ec2 delete-security-group --group-id sg-4bd5b526 --dry-run | ||
| aws ec2 delete-security-group --group-id sg-dc876ab4 --dry-run | ||
| aws ec2 delete-security-group --group-id sg-094e6562 --dry-run | ||
| aws ec2 delete-security-group --group-id sg-d7406bbc --dry-run | ||
| aws ec2 delete-security-group --group-id sg-96cdb6fe --dry-run | ||
| ``` |
Large diffs are not rendered by default.
Oops, something went wrong.
Binary file not shown.
Binary file not shown.
595 changes: 595 additions & 0 deletions
595
pkg/darwin/amd64/github.com/aws/aws-sdk-go/aws/credentials.a
Large diffs are not rendered by default.
Oops, something went wrong.
Binary file not shown.
493 changes: 493 additions & 0 deletions
493
pkg/darwin/amd64/github.com/aws/aws-sdk-go/internal/protocol/ec2query.a
Large diffs are not rendered by default.
Oops, something went wrong.
Binary file added
BIN
+61.5 KB
pkg/darwin/amd64/github.com/aws/aws-sdk-go/internal/protocol/query/queryutil.a
Binary file not shown.
596 changes: 596 additions & 0 deletions
596
pkg/darwin/amd64/github.com/aws/aws-sdk-go/internal/protocol/rest.a
Large diffs are not rendered by default.
Oops, something went wrong.
496 changes: 496 additions & 0 deletions
496
pkg/darwin/amd64/github.com/aws/aws-sdk-go/internal/protocol/xml/xmlutil.a
Large diffs are not rendered by default.
Oops, something went wrong.
613 changes: 613 additions & 0 deletions
613
pkg/darwin/amd64/github.com/aws/aws-sdk-go/internal/signer/v4.a
Large diffs are not rendered by default.
Oops, something went wrong.
10,680 changes: 10,680 additions & 0 deletions
10,680
pkg/darwin/amd64/github.com/aws/aws-sdk-go/service/ec2.a
Large diffs are not rendered by default.
Oops, something went wrong.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,182 @@ | ||
| /* | ||
| * Assists in finding duplicates of Security Groups | ||
| * Shows Security Groups | ||
| * their network configs | ||
| * and associated Instances | ||
| */ | ||
| package main | ||
|
|
||
| import ( | ||
| "fmt" | ||
| "log" | ||
| "sort" | ||
| "strings" | ||
|
|
||
| "github.com/aws/aws-sdk-go/aws" | ||
| "github.com/aws/aws-sdk-go/service/ec2" | ||
| ) | ||
|
|
||
| type SecGroup struct { | ||
| Id string | ||
| SecurityGroup ec2.SecurityGroup | ||
| Instances []ec2.Instance | ||
| } | ||
|
|
||
| type ByInstanceCount []SecGroup | ||
|
|
||
| func (g ByInstanceCount) Len() int { | ||
| return len(g) | ||
| } | ||
| func (g ByInstanceCount) Swap(i, j int) { | ||
| g[i], g[j] = g[j], g[i] | ||
| } | ||
| func (g ByInstanceCount) Less(i, j int) bool { | ||
| return len(g[i].Instances) > len(g[j].Instances) | ||
| } | ||
|
|
||
| type ByIPPort []ec2.IPPermission | ||
|
|
||
| func (p ByIPPort) Len() int { | ||
| return len(p) | ||
| } | ||
| func (p ByIPPort) Swap(i, j int) { | ||
| p[i], p[j] = p[j], p[i] | ||
| } | ||
| func (p ByIPPort) Less(i, j int) bool { | ||
| return *p[i].FromPort < *p[j].FromPort | ||
| } | ||
|
|
||
| func main() { | ||
|
|
||
| aws.DefaultConfig.Region = "us-east-1" | ||
|
|
||
| svc := ec2.New(nil) | ||
| params := &ec2.DescribeSecurityGroupsInput{} | ||
|
|
||
| runResult, err := svc.DescribeSecurityGroups(params) | ||
| if err != nil { | ||
| log.Println("Can't even", err) | ||
| return | ||
| } | ||
|
|
||
| log.Println("Obtained security groups") | ||
|
|
||
| grpmap := make(map[string]SecGroup) | ||
|
|
||
| for _, s := range runResult.SecurityGroups { | ||
| secgrp := SecGroup{SecurityGroup: *s, Id: *s.GroupID} | ||
| id := *s.GroupID | ||
| grpmap[id] = secgrp | ||
| } | ||
|
|
||
| inParams := &ec2.DescribeInstancesInput{} | ||
| instanceResult, err := svc.DescribeInstances(inParams) | ||
| if err != nil { | ||
| log.Println("Can't even", err) | ||
| return | ||
| } | ||
|
|
||
| log.Println("Obtained instances") | ||
|
|
||
| // Output Instances | ||
| for _, r := range instanceResult.Reservations { | ||
| //fmt.Printf("Reservation %s, owner: %s\n", *r.ReservationID, *r.OwnerID) | ||
| for _, i := range r.Instances { | ||
| for _, s := range i.SecurityGroups { | ||
| secgrp := grpmap[*s.GroupID] | ||
| secgrp.Instances = append(secgrp.Instances, *i) | ||
| //fmt.Printf("%s %v\n", secgrp.Id, len(secgrp.Instances)) | ||
| grpmap[*s.GroupID] = secgrp | ||
| } | ||
| //securityGroupsList, _ := listSecurityGroups(i.SecurityGroups) | ||
| //fmt.Printf("%s [%s]\n", *i.InstanceID, securityGroupsList) | ||
| } | ||
| } | ||
|
|
||
| // this isn't working? | ||
| // something to do with iterating over map vs SecGroup array in next step | ||
| var groups []SecGroup | ||
| for _, e := range grpmap { | ||
| groups = append(groups, e) | ||
| } | ||
| sort.Sort(ByInstanceCount(groups)) | ||
|
|
||
| // Output Security Groups | ||
| fmt.Printf("%12s %20s %3s %3s %3s\n", "id", "name", "in", "out", "i") | ||
| for _, v := range groups { | ||
| fmt.Printf("%12s %20s %3v %3v %3v\n", | ||
| *v.SecurityGroup.GroupID, *v.SecurityGroup.GroupName, | ||
| len(v.SecurityGroup.IPPermissions), len(v.SecurityGroup.IPPermissionsEgress), | ||
| len(v.Instances)) | ||
|
|
||
| if len(v.SecurityGroup.IPPermissions) > 0 { | ||
|
|
||
| var ports []ec2.IPPermission | ||
| for _, p := range v.SecurityGroup.IPPermissions { | ||
| ports = append(ports, *p) | ||
| } | ||
| sort.Sort(ByIPPort(ports)) | ||
|
|
||
| for _, perm := range ports { | ||
| if *perm.IPProtocol != "-1" { | ||
| var cidrp string | ||
| if len(perm.IPRanges) > 0 { | ||
| cidrp = *perm.IPRanges[0].CIDRIP | ||
| } else { | ||
| cidrp = "all" | ||
| } | ||
|
|
||
| fmt.Printf(" %s %4v-%4v %s\n", | ||
| *perm.IPProtocol, *perm.FromPort, *perm.ToPort, | ||
| cidrp) | ||
| } | ||
| } | ||
| } | ||
|
|
||
| instances, _ := listInstances(v.Instances) | ||
| if instances != "" { | ||
| fmt.Printf("\tinstances: %s\n", instances) | ||
| } | ||
| } | ||
|
|
||
| log.Println("AWS CLI to remove unused groups") | ||
| fmt.Println() | ||
| for _, d := range groups { | ||
| if len(d.Instances) == 0 { | ||
| fmt.Printf("aws ec2 delete-security-group --group-id %s --dry-run\n", *d.SecurityGroup.GroupID) | ||
| } | ||
| } | ||
|
|
||
| } | ||
|
|
||
| func listInstances(instances []ec2.Instance) (string, error) { | ||
| var iList string | ||
| if len(instances) == 0 { | ||
| return "", nil | ||
| } | ||
| if len(instances) == 1 { | ||
| return *instances[0].InstanceID, nil | ||
| } | ||
| for _, v := range instances { | ||
| iList += *v.InstanceID + ", " | ||
| } | ||
| iList = strings.TrimSuffix(iList, ", ") | ||
| return iList, nil | ||
| } | ||
|
|
||
| func listSecurityGroups(groups []*ec2.GroupIdentifier) (string, error) { | ||
|
|
||
| var groupList string | ||
|
|
||
| if len(groups) == 1 { | ||
| return *groups[0].GroupID, nil | ||
| } | ||
|
|
||
| for _, v := range groups { | ||
| groupList += *v.GroupID + ", " | ||
| } | ||
|
|
||
| groupList = strings.TrimSuffix(groupList, ", ") | ||
|
|
||
| return groupList, nil | ||
| } |
Submodule aws-sdk-go
added at
469e9f
Submodule gucumber
added at
e8116c
Submodule ansicolor
added at
264b05
Submodule testify
added at
089c71
Submodule go-ini
added at
a98ad7