Skip to content

Instantly share code, notes, and snippets.

@riveck

riveck/aws_ips.py

Created June 19, 2019 11:34
Show Gist options
  • Save riveck/273d8814d8675d514dd27901314f4f1b to your computer and use it in GitHub Desktop.
Save riveck/273d8814d8675d514dd27901314f4f1b to your computer and use it in GitHub Desktop.
Download ZIP
List all the public IP's from an organization (EC2 and Load Balancers only) through role delegation
Raw
aws_ips.py
#!/usr/bin/env python3
import argparse
import boto3
import socket
parser = argparse.ArgumentParser(description="List all IPs from CMP")
args = parser.parse_args()
boto3.setup_default_session(profile_name="[REDACTED]", region_name="us-east-1")
# For each account
ips = []
sts = boto3.client('sts')
cmpprod_ro_role = "arn:aws:iam::[REDACTED]:role/[REDACTED]"
assumed_role_object = sts.assume_role(RoleArn=cmpprod_ro_role, RoleSessionName="ip-lister")
credentials = assumed_role_object['Credentials']
org = boto3.client("organizations",
aws_access_key_id=credentials['AccessKeyId'],
aws_secret_access_key=credentials['SecretAccessKey'],
aws_session_token=credentials['SessionToken'])
paginator = org.get_paginator('list_accounts')
accounts_object = paginator.paginate()
for partial_accounts in accounts_object:
accounts = partial_accounts['Accounts']
for account in accounts:
try:
print("Analyzing account %s" % account["Name"])
role_arn = "arn:aws:iam::%s:role/DelegatedReadOnly" % account['Id']
assumed_role_object = sts.assume_role(RoleArn=role_arn, RoleSessionName="ip-lister")
credentials = assumed_role_object['Credentials']
ec2 = boto3.client("ec2",
aws_access_key_id=credentials['AccessKeyId'],
aws_secret_access_key=credentials['SecretAccessKey'],
aws_session_token=credentials['SessionToken'])
#For each region
regions = ec2.describe_regions()['Regions']
for region in regions:
# Public IPs from EC2 instances
ec2 = boto3.client("ec2",
aws_access_key_id=credentials['AccessKeyId'],
aws_secret_access_key=credentials['SecretAccessKey'],
aws_session_token=credentials['SessionToken'],
region_name = region['RegionName'])
paginator_ec2 = ec2.get_paginator("describe_instances")
instances_object = paginator_ec2.paginate()
for reservation_object in instances_object:
reservations = reservation_object['Reservations']
for reservation in reservations:
for instance in reservation['Instances']:
if 'PublicIpAddress' in instance:
ips.append(instance['PublicIpAddress'])
# Public IPs for all load balancers
elb = boto3.client("elbv2",
aws_access_key_id=credentials['AccessKeyId'],
aws_secret_access_key=credentials['SecretAccessKey'],
aws_session_token=credentials['SessionToken'],
region_name = region['RegionName'])
lbs_object = elb.get_paginator('describe_load_balancers').paginate()
for lbs_object in lbs_object:
lbs = lbs_object['LoadBalancers']
for lb in lbs:
if lb['Scheme'] == 'internet-facing':
dns = lb['DNSName']
ip = socket.gethostbyname(dns)
ips.append(ip)
except Exception as e:
print('Error on %s account: %s' % (account["Name"], str(e)))
ips.sort()
print("\n".join(ips))
print("\n\nTotal list of ips: %" % str(len(ips)))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment