-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaws-sg.sh
32 lines (27 loc) · 1.18 KB
/
aws-sg.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#!/usr/bin/env bash
# usage: aws-sg.sh security-group-name (NAME, not ID)
# shows where an specific AWS SG is being used
# requires aws-cli and jq
# + lists network interfaces where provided SG is attached to
# + lists other security groups where SG is referenced
sg_name=$1
group_id=`aws ec2 describe-security-groups --filters "Name=group-name,Values=$sg_name" | \
jq --raw-output '.SecurityGroups[0].GroupId'`
printf '## start of output ##\n'
printf '* Network interfaces where SG is attached to: *Remember that SG can be attached to RDS \n \n'
aws ec2 describe-network-interfaces --filter "Name=group-name,Values=$sg_name" | \
jq --raw-output '.NetworkInterfaces[] |
[if .Attachment.InstanceId
then .Attachment.InstanceId
else .Attachment.InstanceOwnerId
end,
.PrivateIpAddress,
.PrivateDnsName,
.Description]
| @tsv'
printf '\n'
printf '* SGs (ID, name and description) where SG is referenced, (check them for more details):\n \n'
aws ec2 describe-security-groups --filters Name=ip-permission.group-id,Values=$group_id | \
jq --raw-output '.SecurityGroups[] | [.GroupId, .GroupName, .Description] | @tsv'
printf '\n'
printf '## end of output ##\n'