Amazon web services 如何检索所有安全组ID并将其保存到可编辑列表中?
我想遍历所有的安全组,找到那些在任何端口上都对internet开放规则的安全组Amazon web services 如何检索所有安全组ID并将其保存到可编辑列表中?,amazon-web-services,boto3,aws-security-group,Amazon Web Services,Boto3,Aws Security Group,我想遍历所有的安全组,找到那些在任何端口上都对internet开放规则的安全组 # This script is for identifying security groups with rules with open to internet. import boto3 def inspect(thing): print("Funcs: "+str(dir(thing))) for key in list(thing): pr
# This script is for identifying security groups with rules with open to internet.
import boto3
def inspect(thing):
print("Funcs: "+str(dir(thing)))
for key in list(thing):
print(" "+key+": "+str(thing[key]))
ec2 = boto3.resource('ec2')
security_group = ec2.SecurityGroup('id')
type = inspect(security_group)
print ("type")
for i in security_group:
try:
response = client.describe_security_groups(GroupIds=[i])
print(response)
except ClientError as e:
print(e)
您可以使用EC2低级客户端获取所有安全组descripe\u security\u groups()返回字典对象作为响应。因此,您只需要迭代它来评估您的安全组规则
import boto3
client = boto3.client('ec2')
response = client.describe_security_groups()
for sg in response['SecurityGroups']:
for ingressrule in sg['IpPermissions']:
print(ingressrule.get('FromPort', -1))
print(ingressrule.get('ToPort', -1))
for iprange in ingressrule['IpRanges']:
print(iprange.get('CidrIp', -1))
您还可以使用过滤器仅列出具有完全开放访问权限的入口规则:
client.describe_security_groups(Filters=[
{
"Name": "ip-permission.cidr",
"Values": ["0.0.0.0/0"]
}
])
您可以使用EC2低级客户端获取所有安全组descripe\u security\u groups()返回字典对象作为响应。因此,您只需要迭代它来评估您的安全组规则
import boto3
client = boto3.client('ec2')
response = client.describe_security_groups()
for sg in response['SecurityGroups']:
for ingressrule in sg['IpPermissions']:
print(ingressrule.get('FromPort', -1))
print(ingressrule.get('ToPort', -1))
for iprange in ingressrule['IpRanges']:
print(iprange.get('CidrIp', -1))
您还可以使用过滤器仅列出具有完全开放访问权限的入口规则:
client.describe_security_groups(Filters=[
{
"Name": "ip-permission.cidr",
"Values": ["0.0.0.0/0"]
}
])
我试图打印出组名,但它抱怨缩进。对于响应中的sg['SecurityGroups']:print(sg.get('GroupName',-1)),我如何在回复中使用格式。很难格式化我的回复。我试图打印出组名,但它抱怨缩进。对于响应中的sg['SecurityGroups']:print(sg.get('GroupName',-1)),我如何在回复中使用格式。我的答复很难格式化。