RubyGems - aws-graph - Versions diffs - 0.0.2 - Mend

aws-graph 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 98684500355629aba642dc7d73f4b88f01d40825
+  data.tar.gz: b85e7d15a321c9d25ac7410007bbe6b8efc7eae8
+SHA512:
+  metadata.gz: a0c17fbc993ad3773b65783e9071d79c130d9c05c019f2f6a6a2c0f3ef67652871ff3bc8109cbcf2c5ba851cafd690569a0729d33c35a40cf19329db852ed391
+  data.tar.gz: 9915d7062faed34d1413a3e091303b1ad7bdcbfd324777bd1e49969b45b843637f5b9a28ece89ec59c25f30889ac015c8fd1dd6a91298616dbb6e46d995de739

data/.gitignore ADDED Viewed

@@ -0,0 +1,18 @@
+*~
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile ADDED Viewed

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+# Specify your gem's dependencies in aws-graph.gemspec
+gemspec

data/README.md ADDED Viewed

@@ -0,0 +1,39 @@
+# aws-graph
+Draw AWS network graph with Graphviz.
+![sample](http://github.com/k1LoW/aws-graph/raw/master/sample.png)
+## Installation
+Add this line to your application's Gemfile:
+    gem 'aws-graph'
+And then execute:
+    $ bundle
+Or install it yourself as:
+    $ gem install aws-graph
+## Usage
+Make config.yml
+    aws_access_key_id: XXXXXXXXXXXXXXXXXXXX
+    aws_secret_access_key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+    aws_region: ap-northeast-1
+And draw graph
+    $ aws-graph draw -c config.yml -o output.png
+## Contributing
+1. Fork it ( http://github.com/<my-github-username>/aws-graph/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile ADDED Viewed

	@@ -0,0 +1 @@
1	+ require "bundler/gem_tasks"

data/aws-graph.gemspec ADDED Viewed

@@ -0,0 +1,27 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'aws-graph/version'
+Gem::Specification.new do |spec|
+  spec.name          = "aws-graph"
+  spec.version       = AwsGraph::VERSION
+  spec.authors       = ["k1LoW"]
+  spec.email         = ["k1lowxb@gmail.com"]
+  spec.summary       = %q{Draw AWS network graph with Graphviz}
+  spec.description   = %q{Draw AWS security based network graph with Graphviz}
+  spec.homepage      = "https://github.com/k1LoW/aws-graph"
+  spec.license       = "MIT"
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+  spec.add_development_dependency "bundler", "~> 1.5"
+  spec.add_development_dependency "rake"
+  spec.add_dependency "aws-sdk"
+  spec.add_dependency "thor"
+  spec.add_dependency "gviz"
+end

data/bin/aws-graph ADDED Viewed

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+require 'aws-graph'
+AwsGraph::CLI.start

data/lib/aws-graph/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module AwsGraph
+  VERSION = "0.0.2"
+end

data/lib/aws-graph.rb ADDED Viewed

@@ -0,0 +1,208 @@
+require "aws-graph/version"
+require "thor"
+require 'aws-sdk'
+require 'gviz'
+module AwsGraph
+  class CLI < Thor
+    desc "draw [config.yml]", "Draw AWS network graph"
+    method_option :config, :type => :string, :aliases => '-c', :default => 'config.yml', :banner => 'AWS config.yml'
+    method_option :output, :type => :string, :aliases => '-o', :default => 'output.png', :banner => 'output file path'
+    method_option :secret, :type => :boolean, :aliases => '-s', :default => false, :banner => 'mask label'
+    def draw()
+      yml = options[:config]
+      self.load(yml)
+      self.sg()
+    end
+    protected
+    def sg()
+      gv = Gviz.new(:AWS, :digraph)
+      ec2_instances = @ec2.instances # EC2 instances
+      vpcs = @ec2.vpcs # VPC Collection
+      security_groups = @ec2.security_groups # EC2 security groups
+      rds_client = @rds.client # RDS low level client
+      db_instances = rds_client.describe_db_instances
+      db_security_groups = rds_client.describe_db_security_groups
+      lbs = @elb.load_balancers # ELB
+      secret = options[:secret]
+      gv.graph do
+        global layout:'fdp', overlap:false, compound:true, rankdir:'LR'
+        edges lhead: '', ltail: ''
+        nodes shape: 'box'
+        sg_hash = {}
+        # Create EC2 security group cluster
+        security_groups.each do | sg |
+          print "."
+          cluster_id = 'cluster' + sg.id.gsub(/[-\/]/,'')
+          sg_hash[sg.id] = cluster_id
+          subgraph(cluster_id.to_sym) do
+            global label: Util.new.label(sg.name + '[' + sg.id + ']', secret), style: 'rounded'
+          end
+        end
+        # Create RDS security group cluster
+        db_security_groups[:db_security_groups].each do | db_sg |
+          print "."
+          cluster_id = 'cluster' + db_sg[:db_security_group_name].gsub(/[-\/]/,'')
+          subgraph(cluster_id.to_sym) do
+            global label: Util.new.label(db_sg[:db_security_group_name], secret), style: 'rounded'
+          end
+        end
+        # Append EC2 to EC2 security group
+        ec2_instances.each do | e |
+          if e.status == :running
+            image_path = File.dirname(__FILE__) + '/ec2.png'
+          else
+            image_path = File.dirname(__FILE__) + '/ec2_disactive.png'
+          end
+          e.security_groups.each do | sg |
+            print "."
+            cluster_id = 'cluster' + sg.id.gsub(/[-\/]/,'')
+            subgraph(cluster_id.to_sym) do
+              node (sg.id + ':' + e.id).gsub(/[-\/]/, '').to_sym, label: Util.new.label(e.id, secret), shape: :none, image: image_path
+            end
+          end
+        end
+        # Append VPC EC2 to EC2 security group
+        vpcs.each do | vpc |
+          vpc.instances.each do | e |
+            if e.status == :running
+              image_path = File.dirname(__FILE__) + '/ec2.png'
+            else
+              image_path = File.dirname(__FILE__) + '/ec2_disactive.png'
+            end
+            e.security_groups.each do | sg |
+              print "v"
+              cluster_id = 'cluster' + sg.id.gsub(/[-\/]/,'')
+              subgraph(cluster_id.to_sym) do
+                node (sg.id + ':' + e.id).gsub(/[-\/]/, '').to_sym, label: Util.new.label(e.id, secret), shape: :none, image: image_path
+              end
+            end
+          end
+        end
+        # Append RDS to RDS security group
+        db_instancesa = {}
+        db_instances[:db_instances].each do | r |
+          r[:db_security_groups].each do | db_sg |
+            print "."
+            cluster_id = 'cluster' + db_sg[:db_security_group_name].gsub(/[-\/]/,'')
+            image_path = File.dirname(__FILE__) + '/rds.png'
+            subgraph(cluster_id.to_sym) do
+              node (r[:db_instance_identifier]).gsub(/[-\/]/, '').to_sym, label: Util.new.label(r[:db_instance_identifier], secret), shape: :none, image: image_path
+            end
+          end
+          r[:vpc_security_groups].each do | sg |
+            print "v"
+            cluster_id = 'cluster' + sg[:vpc_security_group_id].gsub(/[-\/]/,'')
+            image_path = File.dirname(__FILE__) + '/rds.png'
+            subgraph(cluster_id.to_sym) do
+              node (r[:db_instance_identifier]).gsub(/[-\/]/, '').to_sym, label: Util.new.label(r[:db_instance_identifier], secret), shape: :none, image: image_path
+            end
+          end
+        end
+        # Add edges EC2 security group
+        security_groups.each do | sg |
+          ips = sg.ingress_ip_permissions # inbound permissions
+          ips.each do | ip |
+            # EC2 security group -> EC2 security group
+            ip.groups.each do | fromsg |
+              next if fromsg.id == sg.id
+              print "-"
+              unless sg_hash[fromsg.id]
+                # Unknown security group is amazon-elb/amazon-elb-sg
+                unknown = AWS::EC2::SecurityGroup.new(fromsg.id)
+                cluster_id = 'cluster' + fromsg.id.gsub(/[-\/]/,'')
+                sg_hash['amazon-elb/amazon-elb-sg'] = cluster_id
+                subgraph(cluster_id.to_sym) do
+                  global label: Util.new.label('amazon-elb/amazon-elb-sg', false), style: 'rounded'
+                end
+              end
+              from_cluster_id = 'cluster' + fromsg.id.gsub(/[-\/]/,'')
+              to_cluster_id = 'cluster' + sg.id.gsub(/[-\/]/,'')
+              route from_cluster_id.to_sym => to_cluster_id.to_sym
+              edge (from_cluster_id + '_' + to_cluster_id).to_sym, label: Util.new.label(ip.port_range.to_s + '[' + ip.protocol.to_s + ']', secret)
+            end
+          end
+        end
+        # EC2 security group -> RDS security group
+        db_security_groups[:db_security_groups].each do | db_sg |
+          print "-"
+          db_sg[:ec2_security_groups].each do | sg |
+            if sg[:ec2_security_group_id]
+              from_cluster_id = 'cluster' + sg[:ec2_security_group_id].gsub(/[-\/]/,'')
+              to_cluster_id = 'cluster' + db_sg[:db_security_group_name].gsub(/[-\/]/,'')
+              route from_cluster_id.to_sym => to_cluster_id.to_sym
+              edge (from_cluster_id + '_' + to_cluster_id).to_sym, label: 'RDS'
+            else
+              # なぜかdb_security_group_idが存在しないものがある
+              security_groups.each do | s |
+                if s.name == sg[:ec2_security_group_name]
+                  from_cluster_id = 'cluster' + s.id.gsub(/[-\/]/,'')
+                  to_cluster_id = 'cluster' + db_sg[:db_security_group_name].gsub(/[-\/]/,'')
+                  route from_cluster_id.to_sym => to_cluster_id.to_sym
+                  edge (from_cluster_id + '_' + to_cluster_id).to_sym, label: 'RDS'
+                end
+              end
+            end
+          end
+        end
+        # Append ELB to ELB security group
+        lbs.each do | lb |
+          break unless sg_hash['amazon-elb/amazon-elb-sg']
+          cluster_id = sg_hash['amazon-elb/amazon-elb-sg']
+          image_path = File.dirname(__FILE__) + '/elb.png'
+          subgraph(cluster_id.to_sym) do
+            node lb.name.gsub('-', '').to_sym, label: Util.new.label(lb.name, secret), shape: :none, image: image_path
+          end
+        end
+        puts ''
+      end
+      gv.save(options[:output].sub(/\.png$/,''), :png)
+    end
+    protected
+    def load(yml)
+      @config = YAML.load_file(yml)
+      @ec2 = AWS::EC2.new(
+                          :access_key_id => @config['aws_access_key_id'],
+                          :secret_access_key => @config['aws_secret_access_key'],
+                          :region => @config['aws_region'],
+                          )
+      @rds = AWS::RDS.new(
+                          :access_key_id => @config['aws_access_key_id'],
+                          :secret_access_key => @config['aws_secret_access_key'],
+                          :region => @config['aws_region'],
+                          )
+      @elb = AWS::ELB.new(
+                          :access_key_id => @config['aws_access_key_id'],
+                          :secret_access_key => @config['aws_secret_access_key'],
+                          :region => @config['aws_region'],
+                          )
+    end
+  end
+  class Util
+    def label(text, secret)
+      if secret
+        return text.gsub(/[^\[\]]/,'*')
+      else
+        return text
+      end
+    end
+  end
+end

data/lib/ec2.png ADDED Viewed

Binary file

data/lib/ec2_disactive.png ADDED Viewed

Binary file

data/lib/elb.png ADDED Viewed

Binary file

data/lib/rds.png ADDED Viewed

Binary file

data/sample.png ADDED Viewed

Binary file

metadata ADDED Viewed

@@ -0,0 +1,128 @@
+--- !ruby/object:Gem::Specification
+name: aws-graph
+version: !ruby/object:Gem::Version
+  version: 0.0.2
+platform: ruby
+authors:
+- k1LoW
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2014-02-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: gviz
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Draw AWS security based network graph with Graphviz
+email:
+- k1lowxb@gmail.com
+executables:
+- aws-graph
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- README.md
+- Rakefile
+- aws-graph.gemspec
+- bin/aws-graph
+- lib/aws-graph.rb
+- lib/aws-graph/version.rb
+- lib/ec2.png
+- lib/ec2_disactive.png
+- lib/elb.png
+- lib/rds.png
+- sample.png
+homepage: https://github.com/k1LoW/aws-graph
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.0.14
+signing_key:
+specification_version: 4
+summary: Draw AWS network graph with Graphviz
+test_files: []