forked from sanketdeshpande/DevOps-Task
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathPython-OpenSG.py
More file actions
27 lines (25 loc) · 1.14 KB
/
Python-OpenSG.py
File metadata and controls
27 lines (25 loc) · 1.14 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#This script is used to get all open ingress rules of Security Group
import json
import boto3
import os
def getOpenSG(region):
try:
sg = boto3.client('ec2',region_name=region) #instantiate boto3 API for EC2 on a particular region endpoint
response = sg.describe_security_groups() #Describe All Security groups present in a region
for SG in response['SecurityGroups']: # Iterate through every Security Group
for rule in SG['IpPermissions']: # Check each ingress rule in a Security group
for cidr in rule['IpRanges']:
if (cidr['CidrIp'] == '0.0.0.0/0'): #Look for CIDR open with 0.0.0.0/0
print(SG['GroupName']+'\t'+SG['GroupId']+'\t'+cidr['CidrIp'])
except Exception as e:
print(e)
def lambda_handler(event, context):
try:
# You can define region here as hardcode as well
region = os.environ['Region'] #Proivde a region in Environment variables of Lambda Function
getOpenSG(region) # Function to get the Security groups
return {
'statusCode': 200
}
except Exception as e:
print(e)