From d36a424e1505d79bc2024bc3884d94f6a3b638ca Mon Sep 17 00:00:00 2001 From: Peter Shipley Date: Sat, 1 Jun 2019 15:32:21 -0700 Subject: [PATCH 1/3] deal with ELB with out SecurityGroups --- aws_visualizer/dot/graph_region.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aws_visualizer/dot/graph_region.py b/aws_visualizer/dot/graph_region.py index ca920ce..16858d8 100644 --- a/aws_visualizer/dot/graph_region.py +++ b/aws_visualizer/dot/graph_region.py @@ -253,13 +253,13 @@ def load_assigned_security_groups(self): self.assigned_security_groups = {} for instance in self.instances: self.assigned_security_groups[instance] = list(map( - lambda g: SecurityGroup(g), instance['SecurityGroups'])) + lambda g: SecurityGroup(g), instance.get('SecurityGroups', []))) def load_assigned_lb_security_groups(self): self.assigned_lb_security_groups = {} for lb in self.loadbalancers: self.assigned_lb_security_groups[lb] = list(map( - lambda g: self.get_security_group_by_id(g), lb['SecurityGroups'])) + lambda g: self.get_security_group_by_id(g), lb.get('SecurityGroups', []))) def get_networks_of_rule_refering_to_external_address(self, vpc, rule): cidrs = rule['IpRanges'] if 'IpRanges' in rule else set() From bddb923ef889993c44964437fac5ad154cb3d4fc Mon Sep 17 00:00:00 2001 From: Peter Shipley Date: Sat, 1 Jun 2019 15:51:00 -0700 Subject: [PATCH 2/3] iDeal with ELB without SecurityGroups --- aws_visualizer/dot/graph_region.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws_visualizer/dot/graph_region.py b/aws_visualizer/dot/graph_region.py index 16858d8..9f50f5d 100644 --- a/aws_visualizer/dot/graph_region.py +++ b/aws_visualizer/dot/graph_region.py @@ -371,7 +371,7 @@ def load_security_table_of_vpc(self, vpc_id): self._add_security_group_to_table(instance, group) for loadbalancer in self.get_loadbalancers_in_vpc(vpc_id): - for sg in loadbalancer['SecurityGroups']: + for sg in loadbalancer.get('SecurityGroups', []): group = self.get_security_group_by_id(sg) self._add_security_group_to_table(loadbalancer, group) From f077adbef0721ce426f8bb9fc461a0c9ee3f3171 Mon Sep 17 00:00:00 2001 From: Peter Shipley Date: Tue, 4 Jun 2019 14:53:46 -0700 Subject: [PATCH 3/3] optimize load of SG --- aws_visualizer/dot/graph_region.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/aws_visualizer/dot/graph_region.py b/aws_visualizer/dot/graph_region.py index 9f50f5d..f903de8 100644 --- a/aws_visualizer/dot/graph_region.py +++ b/aws_visualizer/dot/graph_region.py @@ -174,6 +174,8 @@ def __init__(self): self.ips = {} self.exclude_security_groups = set() self.ArnToAssume = None + self.group_pair_in_table = [] + self.group_targ_in_table = [] def connect(self): @@ -339,6 +341,11 @@ def _add_security_group_to_table(self, target, group): if group['GroupId'] in self.exclude_security_groups: return + tpair = (str(target), group['GroupId']) + if tpair in self.group_targ_in_table: + return + self.group_targ_in_table.append(tpair) + for rule in list(map(lambda r: IpPermissions(r), group['IpPermissions'])): if 'IpRanges' in rule: for cidr in rule['IpRanges']: @@ -347,6 +354,12 @@ def _add_security_group_to_table(self, target, group): if 'UserIdGroupPairs' in rule: for group_pairs in rule['UserIdGroupPairs']: + + gpair = (group['GroupId'], group_pairs['GroupId']) + if gpair in self.group_pair_in_table: + continue + self.group_pair_in_table.append(gpair) + granted_group_id = self.get_security_group_by_id(group_pairs[ 'GroupId']) sources = self.find_instances_with_assigned_security_group(