Created
April 14, 2015 04:30
-
-
Save arpcefxl/2acd7d873b95dbebcd42 to your computer and use it in GitHub Desktop.
AWS ec2 security group delete scripts. One script is for ec2-classic, the other is for VPC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# Authored by Chad Smith on 3/10/2015 | |
# please feel free to contact me at arpcefxl@gmail.com with comments or questions | |
# assumes you have already run aws configure or are running in an ec2 role | |
import boto.ec2, sys | |
region = sys.argv[1] | |
secgroup = sys.argv[2] | |
conn = boto.ec2.connect_to_region(region) | |
allgroups = conn.get_all_security_groups() | |
mygroup = conn.get_all_security_groups(groupnames=secgroup) | |
groupname = mygroup[0].name | |
groupid = mygroup[0].id | |
group = mygroup[0] | |
for rule in group.rules: | |
for grants in rule.grants: | |
if grants.cidr_ip: | |
print "revoking ingress rule with source as cidr_ip" | |
print groupname, rule.ip_protocol, rule.from_port, rule.to_port, grants.cidr_ip | |
conn.revoke_security_group(group_name=groupname, ip_protocol=rule.ip_protocol, from_port=rule.from_port, to_port=rule.to_port, cidr_ip=grants.cidr_ip) | |
else: | |
print "revoking ingress rule with source as security group" | |
print groupname, rule.ip_protocol, rule.from_port, rule.to_port, grants.name | |
if grants.name == 'amazon-elb-sg': | |
print "revoking ingress rule with ELB as security group" | |
conn.revoke_security_group(group_name=groupname, ip_protocol=rule.ip_protocol, from_port=rule.from_port, to_port=rule.to_port, src_security_group_group_id=grants.group_id,src_security_group_owner_id='amazon-elb') | |
else: | |
conn.revoke_security_group(group_name=groupname, ip_protocol=rule.ip_protocol, from_port=rule.from_port, to_port=rule.to_port, src_security_group_name=grants.name) | |
# handle cases where the security group is referred to by other security groups | |
for othergroup in allgroups: | |
for otherrule in othergroup.rules: | |
for othergrant in otherrule.grants: | |
grant_nom = othergrant.name or othergrant.group_id | |
if grant_nom: | |
if grant_nom == groupname: | |
print "revoking ingress rule where source is the security group to be deleted" | |
print othergroup.name, otherrule.ip_protocol, otherrule.from_port, otherrule.to_port, othergrant.name | |
conn.revoke_security_group(group_name=othergroup.name, ip_protocol=otherrule.ip_protocol, from_port=otherrule.from_port, to_port=otherrule.to_port, src_security_group_name=groupname) | |
# delete the security group itself | |
print "deleting security group" | |
conn.delete_security_group(name=groupname) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# Authored by Chad Smith on 3/10/2015 | |
# please feel free to contact me at arpcefxl@gmail.com with comments or questions | |
# assumes you have already run aws configure or are running in an ec2 role | |
import boto.ec2, sys | |
region = sys.argv[1] | |
secgroup = sys.argv[2] | |
conn = boto.ec2.connect_to_region(region) | |
allgroups = conn.get_all_security_groups() | |
mygroup = conn.get_all_security_groups(group_ids=secgroup) | |
groupname = mygroup[0].name | |
groupid = mygroup[0].id | |
group = mygroup[0] | |
for rule in group.rules: | |
for grants in rule.grants: | |
if grants.cidr_ip: | |
print "revoking ingress rule with source as cidr_ip" | |
print groupname, groupid, rule.ip_protocol, rule.from_port, rule.to_port, grants.cidr_ip | |
conn.revoke_security_group(group_id=groupid, ip_protocol=rule.ip_protocol, from_port=rule.from_port, to_port=rule.to_port, cidr_ip=grants.cidr_ip) | |
else: | |
print "revoking ingress rule with source as security group" | |
print groupname, groupid, rule.ip_protocol, rule.from_port, rule.to_port, grants.name | |
conn.revoke_security_group(group_id=groupid, ip_protocol=rule.ip_protocol, from_port=rule.from_port, to_port=rule.to_port, src_security_group_name=grants.name) | |
# handle cases where the security group is referred to by other security groups | |
for othergroup in allgroups: | |
for otherrule in othergroup.rules: | |
for othergrant in otherrule.grants: | |
grant_nom = othergrant.name or othergrant.group_id | |
if grant_nom: | |
if grant_nom == groupid: | |
print "revoking ingress rule where source is the security group to be deleted" | |
print othergroup.name, otherrule.ip_protocol, otherrule.from_port, otherrule.to_port, othergrant.group_id | |
conn.revoke_security_group(group_id=othergroup.id, ip_protocol=otherrule.ip_protocol, from_port=otherrule.from_port, to_port=otherrule.to_port, src_security_group_id=groupid) | |
# delete the security group itself | |
print "deleting security group" | |
conn.delete_security_group(group_id=groupid) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is what I came up with for boto3: