$ python get_blackholes.py --aws_profile=default
['rtb-1f371c01, 172.31.0.0/11', 'rtb-1f371c01, 10.18.0.0/11', 'rtb-1f371c01, 10.88.0.0/11', 'rtb-1f371c01, 10.113.0.0/11']
Last active
August 12, 2021 16:05
-
-
Save pstanton237/02f5d122c16f9ba82579b3da6c366ea9 to your computer and use it in GitHub Desktop.
(aws/python) find 'blackhole' route tables
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import boto3 | |
import click | |
import logzero | |
from logzero import logger | |
class GetRoutesTables: | |
def __init__(self, aws_profile: str, aws_region: str = 'ap-northeast-2'): | |
self.session = boto3.session.Session(profile_name=aws_profile, region_name=aws_region) | |
def get_route_tables(self) -> list: | |
""" | |
:param aws_account: | |
:return: | |
""" | |
client = self.session.client('ec2') | |
response = client.describe_route_tables() | |
return response['RouteTables'] | |
def get_blackhole_route(self) -> list: | |
""" | |
:return: ['rtb-6f571234,10.10.10.0./26', 'rtb-6f556786,10.11.0.0/21'] | |
""" | |
route_tables = self.get_route_tables() | |
for route_table in route_tables: | |
route_table_id = route_table['RouteTableId'] | |
logger.debug('route table id: %s', route_table_id) | |
blackhole_routes = [] | |
for route in route_table['Routes']: | |
destination_cidr_black = route.get('DestinationCidrBlock', 'N/A') | |
state = route['State'] | |
logger.debug('destination: %s, %s, %s', route_table_id, destination_cidr_black, state) | |
if state == 'blackhole': | |
blackhole_routes.append(route_table_id + ', ' + destination_cidr_black) | |
return blackhole_routes | |
@click.command() | |
@click.option('--aws_profile', required=True) | |
@click.option('--debug', default=False, is_flag=True) | |
def main(aws_profile, debug): | |
""" | |
:param aws_profile: | |
:param debug: | |
""" | |
if debug: | |
logzero.loglevel(logzero.DEBUG) | |
else: | |
logzero.loglevel(logzero.INFO) | |
route_tables = GetRoutesTables(aws_profile) | |
blackhole_routes = route_tables.get_blackhole_route() | |
print(blackhole_routes) | |
return None | |
if __name__ == '__main__': | |
main() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
boto3 | |
click | |
logzero |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment