Add a tool to list all security group rules in an account

dxw · Feb 21, 2024 · 8222479 · 8222479
1 parent d284a59
commit 8222479
Showing 1 changed file with 26 additions and 0 deletions.
diff --git a/bin/util/list-security-group-rules b/bin/util/list-security-group-rules
@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+
+usage() {
+  echo "List all the open ports in all security groups in the account"
+  echo "Usage: $(basename "$0") [OPTIONS] <command>" 1>&2
+  echo "  -h                     - help"
+  echo "  -i <infrastructure>    - infrastructure name OPTIONAL defaults to main dalmatian account"
+  exit 1
+}
+
+while getopts "ih" opt; do
+  case $opt in
+    i)
+      INFRASTRUCTURE_NAME=$OPTARG
+      ;;
+    h)
+      usage
+      ;;
+    *)
+      usage
+      ;;
+  esac
+done
+
+aws ec2 describe-security-groups | jq -r '.SecurityGroups[] | .GroupName as $group | .IpPermissions[] | .FromPort as $fromPort | .ToPort as $toPort | ([.IpRanges[]?.CidrIp, .UserIdGroupPairs[]?.GroupId, .Ipv6Ranges[]?.CidrIpv6] | map(select(. != null)) | .[] | "\($group),\($fromPort)-\($toPort),\(.)")'