boto3 - 遍历 AWS 安全组

问题描述

for i in configuration_item['configuration']['ipPermissions']:
           if i['FromPort'] == '23':
            compliance_type = 'NON_COMPLIANT'
            annotation = 'SecurityGroup is not compliant:Port 23'
            break

如果只有一个规则但对多个规则失败，则上面的代码有效。那么如何遍历所有规则（检查端口/ipRanges 等）

标签： boto3

这将遍历并获得所有 sgs 和权限。

您可以使用它来过滤您要查找的内容。

import boto3
    ec2 = boto3.client('ec2',region_name='us-west-1')
    response = ec2.describe_security_groups()
    for i in response['SecurityGroups']:
       print "Security Group Name: "+i['GroupName']
       print "the Egress rules are as follows: "
       for j in i['IpPermissionsEgress']:
           print "IP Protocol: "+j['IpProtocol']
           for k in j['IpRanges']:
              print "IP Ranges: "+k['CidrIp']
       print "The Ingress rules are as follows: "
       for j in i['IpPermissions']:
           print "IP Protocol: "+j['IpProtocol']
           try:
              print "PORT: "+str(j['FromPort'])
              for k in j['IpRanges']:
                  print "IP Ranges: "+k['CidrIp']
           except Exception:
              print "No value for ports and ip ranges available for this security group"
              continue

boto3 - 遍历 AWS 安全组

问题描述

解决方案

推荐阅读