# # # sgremediate.sh # Copyright 2015-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Written By: Eric Pullen, AWS Professional Services # # Will scan the given vpcID for SG's and detect if they have any associated services # Services scaned: EC2, ELB, RDS, RedShift, ElastiCache # If EC2 is detected, it will build a ElasticSearch URL that has the VPC FlowLogs ingested # #!/bin/bash # # Variables # # AWS CLI profile name #profileName="MYProfile" profileName="default" # VPC We are looking at vpcID="vpc-exammpleId" # ElasticSearch URL ElasticsearchURL=".es.amazonaws.com" ElasticsearchDashboard="FlowLogDash" # --------------------------------------------------- # Start of check, no other variables below this line # --------------------------------------------------- # Start the process by getting a list of all the SG's in the defined VPC sgList=`aws ec2 describe-security-groups --profile "$profileName" --filters Name=vpc-id,Values=$vpcID |jq -r .SecurityGroups[].GroupId` if [ -z "$sgList" ] then # echo "VPC-ID $vpcID is invalid or returning no security groups"; exit 0 fi echo "" echo "" echo "" for securityGroup in $sgList; do #We need to get a list of ENI’s based on the security group in this loop #eniList=(`aws configservice get-resource-config-history --profile "$profileName" --resource-type AWS::EC2::SecurityGroup --resource-id "$securityGroup" | jq -r .configurationItems[].relationships[].resourceId |grep eni`) eniList=(`aws ec2 describe-instances --profile "$profileName" --filters "Name=instance.group-id,Values=$securityGroup" |jq -r .Reservations[].Instances[].NetworkInterfaces[].NetworkInterfaceId`) #echo "ElasticSearch URL for $securityGroup" if [ -z "$eniList" ] then echo -n "$securityGroup - " # Check to see if they are associated with any RDS instances rdsVpcList=(`aws rds --profile "$profileName" describe-db-instances |grep $securityGroup`) if [ -z "$rdsVpcList" ] then echo -n "" else echo -n "RDS instance is associated " other="yes" fi # Check to see if they are associated with any ELB instances elbList=(`aws elb --profile "$profileName" describe-load-balancers |grep $securityGroup`) if [ -z "$elbList" ] then echo -n "" else echo -n "ELB instance is associated " other="yes" fi # Check to see if they are associated with any Redshift instances rsList=(`aws redshift --profile "$profileName" describe-clusters |grep $securityGroup`) if [ -z "$rsList" ] then echo -n "" else echo -n "Redshift cluster is associated " other="yes" fi # Check to see if they are associated with any ElastiCache instances ecList=(`aws elasticache --profile "$profileName" describe-cache-clusters |grep $securityGroup`) if [ -z "$ecList" ] then echo -n "" else echo -n "ElastiCache cluster is associated " other="yes" fi if [ -z "$other" ] then echo "No services related to this SG
" else echo "
" fi else # Start the URL string to present back to the user echo -n "$securityGroup
" fi done echo "" echo ""