-
Notifications
You must be signed in to change notification settings - Fork 2
/
sg-tools
executable file
·42 lines (36 loc) · 2.17 KB
/
sg-tools
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#!/usr/bin/env python2
from sgcompliance import main as sgcompliance_main
from sgmapping import main as sgmapping_main
import argparse
import sys
import boto3
def _create_function_dict():
return {"compliance": sgcompliance_main,
"mapping": sgmapping_main}
def _run_against_all_regions(args, subcommand_to_function_dict):
session = boto3.Session(profile_name=args["profile"], region_name="us-east-1")
regions = session.client('ec2').describe_regions()
regions = [elem['RegionName'] for elem in regions['Regions']]
total_data_across_region = []
for i, region in enumerate(regions):
if i + 1 == len(regions):
args['finished'] = True
session = boto3.Session(profile_name=args["profile"], region_name=region)
total_data_across_region = subcommand_to_function_dict[args['which']](args, session, total_data_across_region)
def main():
parser = argparse.ArgumentParser(description="Collection of tools to analyse and map AWS Security Groups")
parser.add_argument("--profile", nargs="?", help="Specify a AWS profile (stored in ~/.aws/credentials) for the program to use")
parser.add_argument("--all-regions", action="store_true", help="Run the program against all AWS regions")
subparser = parser.add_subparsers(dest='which', help="Available commands")
compliance_parser = subparser.add_parser("compliance", help="Check for too permissive security groups rules (rules where inbound or outbond traffic is allowed on all ports)")
mapping_parser = subparser.add_parser("mapping", help="Map security groups to the resources to which they are applied. The default mapping order is Security Groups -> resources")
mapping_parser.add_argument("--reverse-direction", action="store_true", help="Reverse the mapping direction, making it : Resources -> Security Groups")
args = vars(parser.parse_args())
subcommand_to_function_dict = _create_function_dict()
session = boto3.Session(profile_name=args["profile"])
if args['all_regions']:
_run_against_all_regions(args, subcommand_to_function_dict)
else:
subcommand_to_function_dict[args['which']](args, session)
if __name__ == "__main__":
main()