Diagram Showing EC2 Security Group Data Flows

gistfile1.rb

#!/usr/bin/env ruby

require 'fog'
require 'graphviz'

ec2 = Fog::Compute.new(:provider => 'AWS')
graph = GraphViz::new("structs", "type" => "graph")

groups = ec2.security_groups
group_map = Hash[groups.collect { |g| [g.group_id, g.name] }]

groups.each do |group|
    graph.add_nodes(group.name, :shape => "box", :color => "lightblue")

    group.ip_permissions.each do |perm|
        if perm['ipProtocol'] == "-1"
            port = ""
        elsif perm["fromPort"] == perm["toPort"]
            port = "#{perm['ipProtocol']}:#{perm['fromPort']}"
        else
            port = "#{perm['ipProtocol']}:#{perm['fromPort']}-#{perm['toPort']}"
        end

        perm["ipRanges"].each do |pg|
            graph.add_nodes(pg["cidrIp"])
            edge = graph.add_edges(group.name, pg["cidrIp"])
            edge[:label] = port
        end

        perm["groups"].each do |pg|
            pg_name = group_map[pg["groupId"]]
            next if group.name == pg_name

            edge = graph.add_edges(group.name, pg_name) 
            edge[:label] = port
        end
    end
end

graph.output(:png => "security_groups.png")