From 52c02357f21360b52d7c732a27357b16571b7d98 Mon Sep 17 00:00:00 2001 From: ragra27 Date: Thu, 18 Aug 2022 17:40:42 -0600 Subject: [PATCH] Commit to add elb scan as well as filter unused security groups that is attached to elb --- full_scan.py | 4 ++++ helper.py | 22 ++++++++++++++++++++++ modules/elb.py | 26 ++++++++++++++++++++++++++ modules/securitygroups.py | 10 +++++++--- 4 files changed, 59 insertions(+), 3 deletions(-) create mode 100644 modules/elb.py diff --git a/full_scan.py b/full_scan.py index c4b0227..efc1d13 100755 --- a/full_scan.py +++ b/full_scan.py @@ -24,6 +24,7 @@ cloudwatch, cloudformation, s3, + elb ) all_regions = helper.get_all_regions() @@ -79,6 +80,9 @@ print(crayons.yellow("Scanning elastic IPs")) eip.scan() +print(crayons.yellow("Scanning Elbs")) +elb.scan() + stop = timeit.default_timer() runtime = int(stop - start) print("Scan finished after {} seconds".format(crayons.yellow(runtime))) diff --git a/helper.py b/helper.py index 5996288..1161dc0 100644 --- a/helper.py +++ b/helper.py @@ -65,3 +65,25 @@ def get_all_regions(): response = ec2.describe_regions() regions = response["Regions"] return [r["RegionName"] for r in regions] + + +def get_elb_sg(region=None): + if not region: + region = config.REGIONS + elb_sg = [] + for region in config.REGIONS: + client = boto3.client("elb", region_name=region) + data = client.describe_load_balancers() + for elbDesc in data["LoadBalancerDescriptions"]: + elb_sg.extend(elbDesc["SecurityGroups"]) + return elb_sg + + +def get_all_elbs(region=None): + if not region: + region = config.REGIONS + data = "" + for region in config.REGIONS: + client = boto3.client("elb", region_name=region) + data = client.describe_load_balancers() + return data diff --git a/modules/elb.py b/modules/elb.py new file mode 100644 index 0000000..2a2a531 --- /dev/null +++ b/modules/elb.py @@ -0,0 +1,26 @@ +#! /usr/bin/env python3 +from helper import get_all_instances, get_all_rds, get_all_sg, get_all_elbs +import crayons +import boto3 +import config + + +def scan(): + not_used = [] + flags = [] + + response = get_all_elbs() + for ELB in response['LoadBalancerDescriptions']: + if len(ELB['Instances']) == 0: + not_used.append(ELB['LoadBalancerName']) + flags.append(crayons.yellow(" Not used")) + + for elb in not_used: + if len(flags) > 0: + suffix = ",".join([str(f) for f in flags]) + print(" - {} {}".format(elb, suffix)) + + +if __name__ == "__main__": + scan() + diff --git a/modules/securitygroups.py b/modules/securitygroups.py index b12c588..933ead4 100644 --- a/modules/securitygroups.py +++ b/modules/securitygroups.py @@ -1,5 +1,5 @@ #! /usr/bin/env python3 -from helper import get_all_instances, get_all_rds, get_all_sg +from helper import get_all_instances, get_all_rds, get_all_sg, get_elb_sg import crayons @@ -15,14 +15,18 @@ def scan(): used_groups.extend(attached) all_sg = get_all_sg() - + elb_sg = get_elb_sg() print("Found {} security groups".format(len(all_sg))) not_used = [] for group in all_sg: id = group["GroupId"] if id not in used_groups: - not_used.append(group) + if len(elb_sg) > 0: + if id not in elb_sg: + not_used.append(group) + else: + not_used.append(group) for sg in all_sg: flags = []