-
Notifications
You must be signed in to change notification settings - Fork 1
/
aws-list-sg-rules.sh
executable file
·41 lines (39 loc) · 1.23 KB
/
aws-list-sg-rules.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#!/bin/bash
# Parse arguments:
while getopts ":r:p:v" opt; do
case $opt in
r) REGION="--region $OPTARG";;
p) PROFILE="--profile $OPTARG";;
v) VERBOSE=$(( VERBOSE + 1 ));;
:) echo "Option -$OPTARG requires an argument." >&2; exit 1;;
\?) echo "Invalid option: -$OPTARG" >&2;;
esac
done
shift $((OPTIND-1))
if [[ "$VERBOSE" != "" ]]; then
aws $PROFILE $REGION ec2 describe-security-groups
else
aws $PROFILE $REGION ec2 describe-security-groups \
| jq --arg profile "$PROFILE" -r '.SecurityGroups[]
| "aws \($profile) ec2 revoke-security-group-ingress --group-id \( .GroupId )" as $start
| .IpPermissions[]
| select(.IpProtocol != "-1")
| (if .IpProtocol == "icmp" then
"-1"
else
if .FromPort == .ToPort then
"\( .FromPort )"
else
"\( .FromPort )-\(.ToPort)"
end
end) as $port
| "--protocol \( .IpProtocol ) --port \( $port )" as $middle
| if
.UserIdGroupPairs? | length > 0
then
"\($start) \($middle) --source-group \( .UserIdGroupPairs[0].GroupId )"
else
"\($start) \($middle) --cidr \( .IpRanges[].CidrIp )"
end
'
fi