BeardedCloudWalker/sg-poller.sh

## sg-poller.sh

#!/bin/bash

export AWS_PROFILE=$1
export AWS_DEFAULT_REGION=$2
export AWS_DEFAULT_OUTPUT=text

echo " It Starts..."

echo " Evaluating Security Groups Ingress Rules"
SecurityGroupIds=$(aws ec2 describe-security-groups --query 'SecurityGroups[*].[GroupId]')
for SecurityGroupId in $SecurityGroupIds; do
  echo "SecurityGroupId " $SecurityGroupId
  portcount=0
  FromPorts=$(aws ec2 describe-security-groups --query 'SecurityGroups[*].[IpPermissions[*].FromPort]' --filter "Name=group-id,Values=$SecurityGroupId")
  for FromPort in $FromPorts; do
    cidrcount=0
    IpRanges=$(aws ec2 describe-security-groups --query "SecurityGroups[*].[IpPermissions[$portcount].IpRanges[*].CidrIp]" --filter "Name=group-id,Values=$SecurityGroupId")
    for IpRange in $IpRanges; do
      echo $IpRange
      aws ec2 describe-security-groups --query "SecurityGroups[*].[GroupId, VpcId, IpPermissions[$portcount].FromPort, IpPermissions[$portcount].IpRanges[$cidrcount].IpProtocol, IpPermissions[$portcount].IpRanges[$cidrcount].CidrIp ]" --filter "Name=group-id,Values=$SecurityGroupId" >> ./SecurityGroup-Ingress-Rules.tsv
      cidrcount=`expr $cidrcount + 1`
    done
    portcount=`expr $portcount + 1`
  done
done

echo " Evaluating Security Group Egress Rules"
for SecurityGroupId in $SecurityGroupIds; do
  echo "SecurityGroupId " $SecurityGroupId
  portcount=0
  FromPorts=$(aws ec2 describe-security-groups --query 'SecurityGroups[*].[EgressIpPermissions[*].FromPort]' --filter "Name=group-id,Values=$SecurityGroupId")
  for FromPort in $FromPorts; do
    cidrcount=0
    IpRanges=$(aws ec2 describe-security-groups --query "SecurityGroups[*].[EgressIpPermissions[$portcount].IpRanges[*].CidrIp]" --filter "Name=group-id,Values=$SecurityGroupId")
    for IpRange in $IpRanges; do
      aws ec2 describe-security-groups --query "SecurityGroups[*].[GroupId, VpcId, EgressIpPermissions[$portcount].FromPort, EgressIpPermissions[$portcount].IpRanges[$cidrcount].IpProtocol, EgressIpPermissions[$portcount].IpRanges[$cidrcount].CidrIp ]" --filter "Name=group-id,Values=$SecurityGroupId" >> ./SecurityGroup-Egress-Rules.tsv
      cidrcount=`expr $cidrcount + 1`
    done
    portcount=`expr $portcount + 1`
  done
done

echo " Evaluating Instance Security Group Associations "
EC2Instances=$(aws ec2 describe-instances --query 'Reservations[*].Instances[*].[InstanceId]')
for EC2Instance in $EC2Instances; do
  echo "EC2Instance " $EC2Instance
  sgcount=0
  SecurityGroups=$(aws ec2 describe-instances --query "Reservations[*].Instances[*].[SecurityGroups[*].GroupId]" --filter "Name=instance-id,Values=$EC2Instance")
  for SecurityGroup in $SecurityGroups; do
    aws ec2 describe-instances --query "Reservations[*].Instances[*].[InstanceId, Placement.AvailabilityZone, SecurityGroups[$sgcount].GroupId]" --filter "Name=instance-id,Values=$EC2Instance" >> ./Instance-SG-Map.tsv
    sgcount=`expr $sgcount + 1`
  done
done

	#!/bin/bash

	export AWS_PROFILE=$1
	export AWS_DEFAULT_REGION=$2
	export AWS_DEFAULT_OUTPUT=text

	echo " It Starts..."

	echo " Evaluating Security Groups Ingress Rules"
	SecurityGroupIds=$(aws ec2 describe-security-groups --query 'SecurityGroups[*].[GroupId]')
	for SecurityGroupId in $SecurityGroupIds; do
	echo "SecurityGroupId " $SecurityGroupId
	portcount=0
	FromPorts=$(aws ec2 describe-security-groups --query 'SecurityGroups[].[IpPermissions[].FromPort]' --filter "Name=group-id,Values=$SecurityGroupId")
	for FromPort in $FromPorts; do
	cidrcount=0
	IpRanges=$(aws ec2 describe-security-groups --query "SecurityGroups[].[IpPermissions[$portcount].IpRanges[].CidrIp]" --filter "Name=group-id,Values=$SecurityGroupId")
	for IpRange in $IpRanges; do
	echo $IpRange
	aws ec2 describe-security-groups --query "SecurityGroups[*].[GroupId, VpcId, IpPermissions[$portcount].FromPort, IpPermissions[$portcount].IpRanges[$cidrcount].IpProtocol, IpPermissions[$portcount].IpRanges[$cidrcount].CidrIp ]" --filter "Name=group-id,Values=$SecurityGroupId" >> ./SecurityGroup-Ingress-Rules.tsv
	cidrcount=`expr $cidrcount + 1`
	done
	portcount=`expr $portcount + 1`
	done
	done

	echo " Evaluating Security Group Egress Rules"
	for SecurityGroupId in $SecurityGroupIds; do
	echo "SecurityGroupId " $SecurityGroupId
	portcount=0
	FromPorts=$(aws ec2 describe-security-groups --query 'SecurityGroups[].[EgressIpPermissions[].FromPort]' --filter "Name=group-id,Values=$SecurityGroupId")
	for FromPort in $FromPorts; do
	cidrcount=0
	IpRanges=$(aws ec2 describe-security-groups --query "SecurityGroups[].[EgressIpPermissions[$portcount].IpRanges[].CidrIp]" --filter "Name=group-id,Values=$SecurityGroupId")
	for IpRange in $IpRanges; do
	aws ec2 describe-security-groups --query "SecurityGroups[*].[GroupId, VpcId, EgressIpPermissions[$portcount].FromPort, EgressIpPermissions[$portcount].IpRanges[$cidrcount].IpProtocol, EgressIpPermissions[$portcount].IpRanges[$cidrcount].CidrIp ]" --filter "Name=group-id,Values=$SecurityGroupId" >> ./SecurityGroup-Egress-Rules.tsv
	cidrcount=`expr $cidrcount + 1`
	done
	portcount=`expr $portcount + 1`
	done
	done

	echo " Evaluating Instance Security Group Associations "
	EC2Instances=$(aws ec2 describe-instances --query 'Reservations[].Instances[].[InstanceId]')
	for EC2Instance in $EC2Instances; do
	echo "EC2Instance " $EC2Instance
	sgcount=0
	SecurityGroups=$(aws ec2 describe-instances --query "Reservations[].Instances[].[SecurityGroups[*].GroupId]" --filter "Name=instance-id,Values=$EC2Instance")
	for SecurityGroup in $SecurityGroups; do
	aws ec2 describe-instances --query "Reservations[].Instances[].[InstanceId, Placement.AvailabilityZone, SecurityGroups[$sgcount].GroupId]" --filter "Name=instance-id,Values=$EC2Instance" >> ./Instance-SG-Map.tsv
	sgcount=`expr $sgcount + 1`
	done
	done