aws-graph 0.0.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 98684500355629aba642dc7d73f4b88f01d40825
+  data.tar.gz: b85e7d15a321c9d25ac7410007bbe6b8efc7eae8
+SHA512:
+  metadata.gz: a0c17fbc993ad3773b65783e9071d79c130d9c05c019f2f6a6a2c0f3ef67652871ff3bc8109cbcf2c5ba851cafd690569a0729d33c35a40cf19329db852ed391
+  data.tar.gz: 9915d7062faed34d1413a3e091303b1ad7bdcbfd324777bd1e49969b45b843637f5b9a28ece89ec59c25f30889ac015c8fd1dd6a91298616dbb6e46d995de739

data/.gitignore

@@ -0,0 +1,18 @@
+*~
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in aws-graph.gemspec
+gemspec

data/README.md

@@ -0,0 +1,39 @@
+# aws-graph
+
+Draw AWS network graph with Graphviz.
+
+![sample](http://github.com/k1LoW/aws-graph/raw/master/sample.png)
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'aws-graph'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install aws-graph
+
+## Usage
+
+Make config.yml
+
+    aws_access_key_id: XXXXXXXXXXXXXXXXXXXX
+    aws_secret_access_key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+    aws_region: ap-northeast-1
+
+And draw graph
+
+    $ aws-graph draw -c config.yml -o output.png
+
+## Contributing
+
+1. Fork it ( http://github.com/<my-github-username>/aws-graph/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/aws-graph.gemspec

@@ -0,0 +1,27 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'aws-graph/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "aws-graph"
+  spec.version       = AwsGraph::VERSION
+  spec.authors       = ["k1LoW"]
+  spec.email         = ["k1lowxb@gmail.com"]
+  spec.summary       = %q{Draw AWS network graph with Graphviz}
+  spec.description   = %q{Draw AWS security based network graph with Graphviz}
+  spec.homepage      = "https://github.com/k1LoW/aws-graph"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.5"
+  spec.add_development_dependency "rake"
+
+  spec.add_dependency "aws-sdk"
+  spec.add_dependency "thor"
+  spec.add_dependency "gviz"
+end

data/bin/aws-graph

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+
+require 'aws-graph'
+
+AwsGraph::CLI.start

data/lib/aws-graph/version.rb

@@ -0,0 +1,3 @@
+module AwsGraph
+  VERSION = "0.0.2"
+end

data/lib/aws-graph.rb

@@ -0,0 +1,208 @@
+require "aws-graph/version"
+require "thor"
+require 'aws-sdk'
+require 'gviz'
+
+module AwsGraph
+  class CLI < Thor
+
+    desc "draw [config.yml]", "Draw AWS network graph"
+    method_option :config, :type => :string, :aliases => '-c', :default => 'config.yml', :banner => 'AWS config.yml'
+    method_option :output, :type => :string, :aliases => '-o', :default => 'output.png', :banner => 'output file path'
+    method_option :secret, :type => :boolean, :aliases => '-s', :default => false, :banner => 'mask label'
+    def draw()
+      yml = options[:config]
+      self.load(yml)
+      self.sg()
+    end
+
+    protected
+    def sg()
+      gv = Gviz.new(:AWS, :digraph)
+
+      ec2_instances = @ec2.instances # EC2 instances
+      vpcs = @ec2.vpcs # VPC Collection
+      security_groups = @ec2.security_groups # EC2 security groups
+      rds_client = @rds.client # RDS low level client
+      db_instances = rds_client.describe_db_instances
+      db_security_groups = rds_client.describe_db_security_groups
+      lbs = @elb.load_balancers # ELB
+
+      secret = options[:secret]
+
+      gv.graph do
+        global layout:'fdp', overlap:false, compound:true, rankdir:'LR'
+        edges lhead: '', ltail: ''
+        nodes shape: 'box'
+
+        sg_hash = {}
+
+        # Create EC2 security group cluster
+        security_groups.each do | sg |
+          print "."
+          cluster_id = 'cluster' + sg.id.gsub(/[-\/]/,'')
+          sg_hash[sg.id] = cluster_id
+          subgraph(cluster_id.to_sym) do
+            global label: Util.new.label(sg.name + '[' + sg.id + ']', secret), style: 'rounded'
+          end
+        end
+
+        # Create RDS security group cluster
+        db_security_groups[:db_security_groups].each do | db_sg |
+          print "."
+          cluster_id = 'cluster' + db_sg[:db_security_group_name].gsub(/[-\/]/,'')
+          subgraph(cluster_id.to_sym) do
+            global label: Util.new.label(db_sg[:db_security_group_name], secret), style: 'rounded'
+          end
+        end
+
+        # Append EC2 to EC2 security group
+        ec2_instances.each do | e |
+          if e.status == :running
+            image_path = File.dirname(__FILE__) + '/ec2.png'
+          else
+            image_path = File.dirname(__FILE__) + '/ec2_disactive.png'
+          end
+          e.security_groups.each do | sg |
+            print "."
+            cluster_id = 'cluster' + sg.id.gsub(/[-\/]/,'')
+            subgraph(cluster_id.to_sym) do
+              node (sg.id + ':' + e.id).gsub(/[-\/]/, '').to_sym, label: Util.new.label(e.id, secret), shape: :none, image: image_path
+            end
+          end
+        end
+
+        # Append VPC EC2 to EC2 security group
+        vpcs.each do | vpc |
+          vpc.instances.each do | e |
+            if e.status == :running
+              image_path = File.dirname(__FILE__) + '/ec2.png'
+            else
+              image_path = File.dirname(__FILE__) + '/ec2_disactive.png'
+            end
+            e.security_groups.each do | sg |
+              print "v"
+              cluster_id = 'cluster' + sg.id.gsub(/[-\/]/,'')
+              subgraph(cluster_id.to_sym) do
+                node (sg.id + ':' + e.id).gsub(/[-\/]/, '').to_sym, label: Util.new.label(e.id, secret), shape: :none, image: image_path
+              end
+            end
+          end
+        end
+
+        # Append RDS to RDS security group
+        db_instancesa = {}
+        db_instances[:db_instances].each do | r |
+          r[:db_security_groups].each do | db_sg |
+            print "."
+            cluster_id = 'cluster' + db_sg[:db_security_group_name].gsub(/[-\/]/,'')
+            image_path = File.dirname(__FILE__) + '/rds.png'
+            subgraph(cluster_id.to_sym) do
+              node (r[:db_instance_identifier]).gsub(/[-\/]/, '').to_sym, label: Util.new.label(r[:db_instance_identifier], secret), shape: :none, image: image_path
+            end
+          end
+          r[:vpc_security_groups].each do | sg |
+            print "v"
+            cluster_id = 'cluster' + sg[:vpc_security_group_id].gsub(/[-\/]/,'')
+            image_path = File.dirname(__FILE__) + '/rds.png'
+            subgraph(cluster_id.to_sym) do
+              node (r[:db_instance_identifier]).gsub(/[-\/]/, '').to_sym, label: Util.new.label(r[:db_instance_identifier], secret), shape: :none, image: image_path
+            end
+          end
+        end
+
+        # Add edges EC2 security group
+        security_groups.each do | sg |
+          ips = sg.ingress_ip_permissions # inbound permissions
+          ips.each do | ip |
+
+            # EC2 security group -> EC2 security group
+            ip.groups.each do | fromsg |
+              next if fromsg.id == sg.id
+              print "-"
+              unless sg_hash[fromsg.id]
+                # Unknown security group is amazon-elb/amazon-elb-sg
+                unknown = AWS::EC2::SecurityGroup.new(fromsg.id)
+                cluster_id = 'cluster' + fromsg.id.gsub(/[-\/]/,'')
+                sg_hash['amazon-elb/amazon-elb-sg'] = cluster_id
+                subgraph(cluster_id.to_sym) do
+                  global label: Util.new.label('amazon-elb/amazon-elb-sg', false), style: 'rounded'
+                end
+              end
+              from_cluster_id = 'cluster' + fromsg.id.gsub(/[-\/]/,'')
+              to_cluster_id = 'cluster' + sg.id.gsub(/[-\/]/,'')
+              route from_cluster_id.to_sym => to_cluster_id.to_sym
+              edge (from_cluster_id + '_' + to_cluster_id).to_sym, label: Util.new.label(ip.port_range.to_s + '[' + ip.protocol.to_s + ']', secret)
+            end
+          end
+        end
+
+        # EC2 security group -> RDS security group
+        db_security_groups[:db_security_groups].each do | db_sg |
+          print "-"
+          db_sg[:ec2_security_groups].each do | sg |
+            if sg[:ec2_security_group_id]
+              from_cluster_id = 'cluster' + sg[:ec2_security_group_id].gsub(/[-\/]/,'')
+              to_cluster_id = 'cluster' + db_sg[:db_security_group_name].gsub(/[-\/]/,'')
+              route from_cluster_id.to_sym => to_cluster_id.to_sym
+              edge (from_cluster_id + '_' + to_cluster_id).to_sym, label: 'RDS'
+            else
+              # なぜかdb_security_group_idが存在しないものがある
+              security_groups.each do | s |
+                if s.name == sg[:ec2_security_group_name]
+                  from_cluster_id = 'cluster' + s.id.gsub(/[-\/]/,'')
+                  to_cluster_id = 'cluster' + db_sg[:db_security_group_name].gsub(/[-\/]/,'')
+                  route from_cluster_id.to_sym => to_cluster_id.to_sym
+                  edge (from_cluster_id + '_' + to_cluster_id).to_sym, label: 'RDS'
+                end
+              end
+            end
+          end
+        end
+
+        # Append ELB to ELB security group
+        lbs.each do | lb |
+          break unless sg_hash['amazon-elb/amazon-elb-sg']
+          cluster_id = sg_hash['amazon-elb/amazon-elb-sg']
+          image_path = File.dirname(__FILE__) + '/elb.png'
+          subgraph(cluster_id.to_sym) do
+            node lb.name.gsub('-', '').to_sym, label: Util.new.label(lb.name, secret), shape: :none, image: image_path
+          end
+        end
+
+        puts ''
+      end
+      gv.save(options[:output].sub(/\.png$/,''), :png)
+    end
+
+    protected
+    def load(yml)
+      @config = YAML.load_file(yml)
+      @ec2 = AWS::EC2.new(
+                          :access_key_id => @config['aws_access_key_id'],
+                          :secret_access_key => @config['aws_secret_access_key'],
+                          :region => @config['aws_region'],
+                          )
+      @rds = AWS::RDS.new(
+                          :access_key_id => @config['aws_access_key_id'],
+                          :secret_access_key => @config['aws_secret_access_key'],
+                          :region => @config['aws_region'],
+                          )
+      @elb = AWS::ELB.new(
+                          :access_key_id => @config['aws_access_key_id'],
+                          :secret_access_key => @config['aws_secret_access_key'],
+                          :region => @config['aws_region'],
+                          )
+    end
+  end
+
+  class Util
+    def label(text, secret)
+      if secret
+        return text.gsub(/[^\[\]]/,'*')
+      else
+        return text
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,128 @@
+--- !ruby/object:Gem::Specification
+name: aws-graph
+version: !ruby/object:Gem::Version
+  version: 0.0.2
+platform: ruby
+authors:
+- k1LoW
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-02-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: gviz
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Draw AWS security based network graph with Graphviz
+email:
+- k1lowxb@gmail.com
+executables:
+- aws-graph
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- README.md
+- Rakefile
+- aws-graph.gemspec
+- bin/aws-graph
+- lib/aws-graph.rb
+- lib/aws-graph/version.rb
+- lib/ec2.png
+- lib/ec2_disactive.png
+- lib/elb.png
+- lib/rds.png
+- sample.png
+homepage: https://github.com/k1LoW/aws-graph
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.14
+signing_key: 
+specification_version: 4
+summary: Draw AWS network graph with Graphviz
+test_files: []