Recently I am doing a security check and I need to sort out the relationship between AWS securityGroup and ec2. It can also be regarded as an archive of configuration management in excel management. My pain point is
1 AWS does not provide excel download
2 More than 100 machines enter and leave the site with thousands of inbound and outbound messages, and they need to be associated with EC2
3 For security reasons, rules cannot be used to convert json to excel websites such as http://www.esjson.com/jsontoexcel.html . It is unsafe to upload comparison data to the tool website.
Okay, now let’s use a computer to do the above things.
The first step is to download SecurityGroup using AWS CLI
--outbound
aws ec2 describe-security-groups --region cn-north-1 |jq '.SecurityGroups[] | {name:.GroupName,protocl:.IpPermissionsEgress[].IpProtocol,portfrom:.IpPermissionsEgress[].FromPort,portto:.IpPermissionsEgress[].ToPort,ip:.IpPermissionsEgress[].IpRanges[].CidrIp }' > outbound.txt
--inbound
aws ec2 describe-security-groups --region cn-north-1 |jq '.SecurityGroups[] | {name:.GroupName,protocl:.IpPermissionsEgress[].IpProtocol,portfrom:.IpPermissionsEgress[].FromPort,portto:.IpPermissionsEgress[].ToPort,ip:.IpPermissionsEgress[].IpRanges[].CidrIp }' > inbound.txtAWS provides a method to export securitygroup to json. In order to facilitate subsequent organization, I used jquery to do some organization. After the organization, the data looks like this.
{
"name": "SG-OOOOO",
"protocl": "tcp",
"portfrom": XXX3,
"portto": XXX3,
"ip": "10.XXX.10.30/32"
}
{
"name": "SG-XXXX",
"protocl": "tcp",
"portfrom": XX3,
"portto": XXX3,
"ip": "10.XXX.110.30/32"
}
..............Then organize it in NotPad++ and copy it to excel.
notePad++ organize and copy to excel
select all-->edit-->row operations-->merge rows
} Replace with } \n
{ "name": and "protocl": and "portfrom": and "portto": and" Replace "ip": and "and} with empty
, replace with \tCopy
to excel, add inboud and outbound columns
The next step is to sort out the relationship between EC2 and SecurityGroup.
#3 aws cli 下载 EC2中SC关系
aws ec2 describe-instances | jq '.Reservations[] | .Instances[] | {name:.Tags[].Value ,SG:.SecurityGroups[].GroupName}'>map.json
下载后为json格式,将json整理至excel,方法同上The second step is to install powerquery in excel
https://www.microsoft.com/zh-CN/download/details.aspx?id=39379
The third step is to merge excel
1 powerquery-->load two sheets from file-->excel
2 merge-->select matching columns-->completely external
3. Click the button on the table to select all columns. You can
refer to http: //www.360doc.com/content/18/0707/06/28740943_768444049.shtml