Created
June 19, 2019 11:34
-
-
Save riveck/273d8814d8675d514dd27901314f4f1b to your computer and use it in GitHub Desktop.
List all the public IP's from an organization (EC2 and Load Balancers only) through role delegation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import argparse | |
import boto3 | |
import socket | |
parser = argparse.ArgumentParser(description="List all IPs from CMP") | |
args = parser.parse_args() | |
boto3.setup_default_session(profile_name="[REDACTED]", region_name="us-east-1") | |
# For each account | |
ips = [] | |
sts = boto3.client('sts') | |
cmpprod_ro_role = "arn:aws:iam::[REDACTED]:role/[REDACTED]" | |
assumed_role_object = sts.assume_role(RoleArn=cmpprod_ro_role, RoleSessionName="ip-lister") | |
credentials = assumed_role_object['Credentials'] | |
org = boto3.client("organizations", | |
aws_access_key_id=credentials['AccessKeyId'], | |
aws_secret_access_key=credentials['SecretAccessKey'], | |
aws_session_token=credentials['SessionToken']) | |
paginator = org.get_paginator('list_accounts') | |
accounts_object = paginator.paginate() | |
for partial_accounts in accounts_object: | |
accounts = partial_accounts['Accounts'] | |
for account in accounts: | |
try: | |
print("Analyzing account %s" % account["Name"]) | |
role_arn = "arn:aws:iam::%s:role/DelegatedReadOnly" % account['Id'] | |
assumed_role_object = sts.assume_role(RoleArn=role_arn, RoleSessionName="ip-lister") | |
credentials = assumed_role_object['Credentials'] | |
ec2 = boto3.client("ec2", | |
aws_access_key_id=credentials['AccessKeyId'], | |
aws_secret_access_key=credentials['SecretAccessKey'], | |
aws_session_token=credentials['SessionToken']) | |
#For each region | |
regions = ec2.describe_regions()['Regions'] | |
for region in regions: | |
# Public IPs from EC2 instances | |
ec2 = boto3.client("ec2", | |
aws_access_key_id=credentials['AccessKeyId'], | |
aws_secret_access_key=credentials['SecretAccessKey'], | |
aws_session_token=credentials['SessionToken'], | |
region_name = region['RegionName']) | |
paginator_ec2 = ec2.get_paginator("describe_instances") | |
instances_object = paginator_ec2.paginate() | |
for reservation_object in instances_object: | |
reservations = reservation_object['Reservations'] | |
for reservation in reservations: | |
for instance in reservation['Instances']: | |
if 'PublicIpAddress' in instance: | |
ips.append(instance['PublicIpAddress']) | |
# Public IPs for all load balancers | |
elb = boto3.client("elbv2", | |
aws_access_key_id=credentials['AccessKeyId'], | |
aws_secret_access_key=credentials['SecretAccessKey'], | |
aws_session_token=credentials['SessionToken'], | |
region_name = region['RegionName']) | |
lbs_object = elb.get_paginator('describe_load_balancers').paginate() | |
for lbs_object in lbs_object: | |
lbs = lbs_object['LoadBalancers'] | |
for lb in lbs: | |
if lb['Scheme'] == 'internet-facing': | |
dns = lb['DNSName'] | |
ip = socket.gethostbyname(dns) | |
ips.append(ip) | |
except Exception as e: | |
print('Error on %s account: %s' % (account["Name"], str(e))) | |
ips.sort() | |
print("\n".join(ips)) | |
print("\n\nTotal list of ips: %" % str(len(ips))) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment