From a04a820a947785c52e7ce4d3d77001f38ff7f2d7 Mon Sep 17 00:00:00 2001
From: bob walker <bob@randomness.org.uk>
Date: Wed, 21 Feb 2024 11:27:32 +0000
Subject: [PATCH] Add a tool to list all security group rules in an account

---
 bin/util/list-security-group-rules | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100755 bin/util/list-security-group-rules

diff --git a/bin/util/list-security-group-rules b/bin/util/list-security-group-rules
new file mode 100755
index 0000000..27a4549
--- /dev/null
+++ b/bin/util/list-security-group-rules
@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+
+usage() {
+  echo "List all the open ports in all security groups in the account"
+  echo "Usage: $(basename "$0") [OPTIONS] <command>" 1>&2
+  echo "  -h                     - help"
+  echo "  -i <infrastructure>    - infrastructure name OPTIONAL defaults to main dalmatian account"
+  exit 1
+}
+
+while getopts "ih" opt; do
+  case $opt in
+    i)
+      INFRASTRUCTURE_NAME=$OPTARG
+      ;;
+    h)
+      usage
+      ;;
+    *)
+      usage
+      ;;
+  esac
+done
+log_info -l "Open Ports in the ${INFRASTRUCTURE_NAME} account"
+aws ec2 describe-security-groups | jq -r '.SecurityGroups[] | .GroupName as $group | .IpPermissions[] | .FromPort as $fromPort | .ToPort as $toPort | ([.IpRanges[]?.CidrIp, .UserIdGroupPairs[]?.GroupId, .Ipv6Ranges[]?.CidrIpv6] | map(select(. != null)) | .[] | "\($group),\($fromPort)-\($toPort),\(.)")'