Add list of exposed ports

From a security stance we should have the ability to find out which ports are
opened to the world across our AWS accounts.

bin/waf/ip-port-exposed

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+# exit on failures
+set -e
+set -o pipefail
+
+usage() {
+  echo "Usage: $(basename "$0") [OPTIONS]" 1>&2
+  echo "  -h                     - help"
+  echo "  -i <infrastructure>    - infrastructure name"
+  exit 1
+}
+
+# if there are no arguments passed exit with usage
+if [ $# -eq 0 ]
+then
+ usage
+fi
+
+while getopts "i:h" opt; do
+  case $opt in
+    i)
+      INFRASTRUCTURE_NAME=$OPTARG
+      ;;
+    h)
+      usage
+      ;;
+    *)
+      usage
+      ;;
+  esac
+done
+
+if [[
+  -z "$INFRASTRUCTURE_NAME"
+]]
+then
+  usage
+fi
+
+EXPOSED_PORTS=$(aws ec2 describe-security-groups --query "SecurityGroups[*].[GroupId, GroupName, IpPermissions[?IpRanges[?CidrIp == '0.0.0.0/0']].{FromPort:FromPort, ToPort:ToPort, IpRanges:IpRanges[*].CidrIp}]" --output json | jq -r '.[] | "\(.[0]) \(.[1]) \(.[2][].FromPort) \(.[2][].ToPort) \(.[2][].IpRanges | join(", "))"' | grep -E -v '443|80')
+
+echo -e "Retrieving list of exposed ports to the world >>>\n$EXPOSED_PORTS"