Prerequisits
LAMBDA Functon need ACL Permissions via Role.
Created
August 4, 2022 23:05
-
-
Save kugelblitzz/2009af6ac6ee526ff19e1ac3a42a2192 to your computer and use it in GitHub Desktop.
AWS ACL Rule Update Block for "Supply Chain Attack" - "myjino.com", "myjino.ru" (Lambda)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| import socket | |
| import urllib3 | |
| import boto3 | |
| def lambda_handler(event, context): | |
| ec2 = boto3.resource('ec2') | |
| network_acl = ec2.NetworkAcl('<acl-id>') | |
| domains = ["myjino.com", "myjino.ru"] | |
| ips = [] | |
| rule = 1 | |
| for domain in domains: | |
| ip = socket.gethostbyname_ex(domain) | |
| ips.append(ip[2]) | |
| print (ip) | |
| for n in ips: | |
| print(n[0]) | |
| try: | |
| response = network_acl.delete_entry( | |
| DryRun=False, | |
| Egress=True, | |
| RuleNumber=rule | |
| ) | |
| except: | |
| print("No Rules Found") | |
| finally: | |
| print("The 'try except' is finished") | |
| response = network_acl.create_entry( | |
| CidrBlock= n[0]+'/32', | |
| DryRun=False, | |
| Egress=True, | |
| IcmpTypeCode={ | |
| 'Code': 123, | |
| 'Type': 123 | |
| }, | |
| PortRange={ | |
| 'From': 123, | |
| 'To': 123 | |
| }, | |
| Protocol='-1', | |
| RuleAction='deny', | |
| RuleNumber=rule | |
| ) | |
| rule = rule + 1 | |
| return |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment