Created
November 1, 2017 02:16
-
-
Save kmkale/70688492392424d1a4cab56b25451ea3 to your computer and use it in GitHub Desktop.
deleteRulesFromDefaultSG Function for aws-process-default-sg-security-rules
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* This function calls ec2.describeSecurityGroups with a filter of group-name = default | |
* If it find any ingress or egress rules in the default security group it calls | |
* ec2.revokeSecurityGroupIngress and ec2.revokeSecurityGroupEgress to remove these rules | |
* @param {[String} thisregion region to process | |
* @param {Function} cb callback | |
*/ | |
function deleteRulesFromDefaultSG(thisregion, cb) { | |
console.log("in deleteRulesFromDefaultSG processing region: ", thisregion); | |
var regional_ec2 = new aws.EC2({ | |
region: thisregion | |
}); | |
var params = { | |
DryRun: false, | |
Filters: [{ | |
Name: 'group-name', | |
Values: [ | |
'default' | |
] | |
}] | |
}; | |
var sgloop = 0; | |
var inpermsdone = false; | |
var outpermsdone = false; | |
var numIngressRules = 0; | |
var numEgressRules = 0; | |
regional_ec2.describeSecurityGroups(params, function(err, sgdata) { | |
if (err) { | |
console.log("error in regional_ec2.describeSecurityGroups: " + err, err.stack); | |
cb(err); | |
} else { | |
console.log("regional_ec2.describeSecurityGroups returned data: " + JSON.stringify(sgdata)); | |
if (sgdata.SecurityGroups.length > 0) { | |
for (var sg of sgdata.SecurityGroups) { | |
if (sg.IpPermissions.length > 0) { | |
numIngressRules += sg.IpPermissions.length; | |
//we found some ingress rules lets remove each | |
var x = 0; | |
for (var i = 0; i < sg.IpPermissions.length; i++) { | |
var in_params = {}; | |
in_params.GroupId = sg.GroupId; | |
in_params.IpPermissions = []; | |
var IpPermission = {}; | |
IpPermission.IpProtocol = sg.IpPermissions[i].IpProtocol; | |
if (sg.IpPermissions[i].FromPort) | |
IpPermission.FromPort = sg.IpPermissions[i].FromPort; | |
if (sg.IpPermissions[i].ToPort) | |
IpPermission.ToPort = sg.IpPermissions[i].ToPort; | |
if (sg.IpPermissions[i].IpRanges.length > 0) | |
IpPermission.IpRanges = sg.IpPermissions[i].IpRanges; | |
if (sg.IpPermissions[i].Ipv6Ranges.length > 0) | |
IpPermission.Ipv6Ranges = sg.IpPermissions[i].Ipv6Ranges; | |
if (sg.IpPermissions[i].PrefixListIds.length > 0) | |
IpPermission.PrefixListIds = sg.IpPermissions[i].PrefixListIds; | |
if (sg.IpPermissions[i].UserIdGroupPairs.length > 0) | |
IpPermission.UserIdGroupPairs = sg.IpPermissions[i].UserIdGroupPairs; | |
in_params.IpPermissions[0] = IpPermission; | |
console.log("sending params to ec2.revokeSecurityGroupIngress: " + JSON.stringify(in_params)); | |
regional_ec2.revokeSecurityGroupIngress(in_params, function(err, data) { | |
x++; | |
console.log("inside IpPermissions loop x=" + x + " & numIngressRules=" + numIngressRules); | |
if (x === numIngressRules) inpermsdone = true; | |
if (err) { | |
console.log("error in ec2.revokeSecurityGroupIngress: " + err, err.stack); | |
cb(err); | |
} else { | |
console.log("data from ec2.revokeSecurityGroupIngress: " + JSON.stringify(data)); | |
console.log("in deleteRulesFromDefaultSG sgloop=" + sgloop + " & sgdata.SecurityGroups.length=" + sgdata.SecurityGroups.length + " & outpermsdone=" + outpermsdone + " & inpermsdone=" + inpermsdone); | |
if ((sgloop === sgdata.SecurityGroups.length) && outpermsdone && inpermsdone) { | |
console.log("in deleteRulesFromDefaultSG sending back SUCCESS"); | |
cb(null, "SUCCESS"); | |
} | |
} | |
}); | |
} | |
} else inpermsdone = true; | |
if (sg.IpPermissionsEgress.length > 0) { | |
numEgressRules += sg.IpPermissionsEgress.length; | |
//we found an egress rule lets remove it | |
var y = 0; | |
for (var i = 0; i < sg.IpPermissionsEgress.length; i++) { | |
var eg_params = {}; | |
eg_params.GroupId = sg.GroupId; | |
eg_params.IpPermissions = []; | |
var eg_IpPermission = {}; | |
eg_IpPermission.IpProtocol = sg.IpPermissionsEgress[i].IpProtocol; | |
if (sg.IpPermissionsEgress[i].FromPort) | |
eg_IpPermission.FromPort = sg.IpPermissionsEgress[i].FromPort; | |
if (sg.IpPermissionsEgress[i].ToPort) | |
eg_IpPermission.ToPort = sg.IpPermissionsEgress[i].ToPort; | |
if (sg.IpPermissionsEgress[i].IpRanges.length > 0) | |
eg_IpPermission.IpRanges = sg.IpPermissionsEgress[i].IpRanges; | |
if (sg.IpPermissionsEgress[i].Ipv6Ranges.length > 0) | |
eg_IpPermission.Ipv6Ranges = sg.IpPermissionsEgress[i].Ipv6Ranges; | |
if (sg.IpPermissionsEgress[i].PrefixListIds.length > 0) | |
eg_IpPermission.PrefixListIds = sg.IpPermissionsEgress[i].PrefixListIds; | |
if (sg.IpPermissionsEgress[i].UserIdGroupPairs.length > 0) | |
eg_IpPermission.UserIdGroupPairs = sg.IpPermissionsEgress[i].UserIdGroupPairs; | |
eg_params.IpPermissions[0] = eg_IpPermission; | |
console.log("sending params to ec2.revokeSecurityGroupEgress: " + JSON.stringify(eg_params)); | |
regional_ec2.revokeSecurityGroupEgress(eg_params, function(err, data) { | |
y++; | |
console.log("inside IpPermissionsEgress loop y=" + y + " & numEgressRules=" + numEgressRules); | |
if (y === numEgressRules) outpermsdone = true; | |
if (err) { | |
console.log("error in ec2.revokeSecurityGroupEgress: " + err, err.stack); | |
cb(err); | |
} else { | |
console.log("data from ec2.revokeSecurityGroupEgress: " + JSON.stringify(data)); | |
console.log("in deleteRulesFromDefaultSG sgloop=" + sgloop + " & sgdata.SecurityGroups.length=" + sgdata.SecurityGroups.length + " & outpermsdone=" + outpermsdone + " & inpermsdone=" + inpermsdone); | |
if ((sgloop === sgdata.SecurityGroups.length) && outpermsdone && inpermsdone) { | |
console.log("in deleteRulesFromDefaultSG sending back SUCCESS"); | |
cb(null, "SUCCESS"); | |
} | |
} | |
}); | |
} | |
} else outpermsdone = true; | |
sgloop++; | |
if ((sgloop === sgdata.SecurityGroups.length) && outpermsdone && inpermsdone) { | |
console.log("in deleteRulesFromDefaultSG sending back SUCCESS"); | |
cb(null, "SUCCESS"); | |
} | |
} | |
} else { | |
console.log("in deleteRulesFromDefaultSG sgdata.SecurityGroups.length =0 returning success"); | |
cb(null, "SUCCESS"); | |
} | |
} | |
}); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment