Add list of exposed ports

From a security stance we should have the ability to find out which ports are
opened to the world across our AWS accounts.

bin/waf/ip-port-exposed

@@ -0,0 +1,57 @@
+#!/bin/bash
+
+# exit on failures
+set -e
+set -o pipefail
+
+usage() {
+  echo "Usage: $(basename "$0") [OPTIONS]" 1>&2
+  echo "  -h                     - help"
+  echo "  -i <infrastructure>    - infrastructure name"
+  exit 1
+}
+
+# if there are no arguments passed exit with usage
+if [ $# -eq 0 ]
+then
+ usage
+fi
+
+while getopts "i:h" opt; do
+  case $opt in
+    i)
+      INFRASTRUCTURE_NAME=$OPTARG
+      ;;
+    h)
+      usage
+      ;;
+    *)
+      usage
+      ;;
+  esac
+done
+
+if [[
+  -z "$INFRASTRUCTURE_NAME"
+]]
+then
+  usage
+fi
+
+log_info() {
+  echo "==>[INFO] $1"
+} 
+
+log_error() {
+  echo "==>[ERROR] $1" >&2
+}
+
+EXPOSED_PORTS=$(aws ec2 describe-security-groups --query 'SecurityGroups[*].[GroupId, GroupName, IpPermissions[?IpRanges[?CidrIp == `0.0.0.0/0`]].{FromPort:FromPort, ToPort:ToPort, IpRanges:IpRanges[*].CidrIp}]' --output json | jq -r '.[] | {GroupId: .[0], GroupName: .[1], OpenToWorld: .[2][]}' | grep -v -E '(80|443)')
+
+
+if [[ -z "$EXPOSED_PORTS" ]]; then
+  log_error "No exposed ports"
+  exit 1
+else
+  log_info "Retrieving list of exposed ports to the world >>> $EXPOSED_PORTS"
+fi