aws_security_viz 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +33 -0
- data/.travis.yml +6 -0
- data/Gemfile +3 -0
- data/Gemfile.lock +126 -0
- data/LICENSE.md +21 -0
- data/README.md +71 -0
- data/Rakefile +2 -0
- data/Vagrantfile +17 -0
- data/aws_security_viz.gemspec +34 -0
- data/config/boot.rb +4 -0
- data/exe/aws_security_viz +21 -0
- data/images/sample.png +0 -0
- data/lib/aws_config.rb +22 -0
- data/lib/aws_security_viz.rb +44 -0
- data/lib/color_picker.rb +18 -0
- data/lib/debug/parse_log.rb +26 -0
- data/lib/debug_graph.rb +24 -0
- data/lib/ec2/ip_permission.rb +33 -0
- data/lib/ec2/security_groups.rb +77 -0
- data/lib/ec2/traffic.rb +32 -0
- data/lib/exclusions.rb +14 -0
- data/lib/export/html/view.html +36 -0
- data/lib/graph.rb +40 -0
- data/lib/provider/ec2.rb +87 -0
- data/lib/provider/json.rb +92 -0
- data/lib/version.rb +3 -0
- data/opts.yml.sample +10 -0
- data/spec/integration/dummy.dot +49 -0
- data/spec/integration/dummy.json +64 -0
- data/spec/integration/visualize_aws_spec.rb +21 -0
- data/spec/spec_helper.rb +24 -0
- data/spec/support/matchers/graph.rb +8 -0
- data/spec/visualize_aws_spec.rb +132 -0
- metadata +210 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: c14a384a5ea5c2f6781421821503487e9a2e5c23
|
4
|
+
data.tar.gz: 46669dc4475ba76b990be7f2ba6718871b72f06d
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: c59a023f8c48ebd6e98207bb36003bb9fa581f9936ee85c85d4fc6a6f8cd7a761d5e6645fe72d37452e5a4a605c4be68f0ef0bc807085ab3622c80df48262e19
|
7
|
+
data.tar.gz: fe1d7db0623bb22c357e0305dc631752c188b56152337eeee93ce567969a2e927400fb40b0e5863f69ee9cf7514864f96b109f466bb4aa9ac9fe2824af68dd71
|
data/.gitignore
ADDED
@@ -0,0 +1,33 @@
|
|
1
|
+
*.gem
|
2
|
+
*.rbc
|
3
|
+
/.config
|
4
|
+
/coverage/
|
5
|
+
/InstalledFiles
|
6
|
+
/pkg/
|
7
|
+
/spec/reports/
|
8
|
+
/test/tmp/
|
9
|
+
/test/version_tmp/
|
10
|
+
/tmp/
|
11
|
+
/data/
|
12
|
+
|
13
|
+
## Documentation cache and generated files:
|
14
|
+
/.yardoc/
|
15
|
+
/_yardoc/
|
16
|
+
/doc/
|
17
|
+
/rdoc/
|
18
|
+
|
19
|
+
## Environment normalisation:
|
20
|
+
/.bundle/
|
21
|
+
/lib/bundler/man/
|
22
|
+
|
23
|
+
.ruby-version
|
24
|
+
.rbenv-gemsets
|
25
|
+
.gems
|
26
|
+
.envrc
|
27
|
+
|
28
|
+
# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
|
29
|
+
.rvmrc
|
30
|
+
|
31
|
+
opts.yml
|
32
|
+
|
33
|
+
.vagrant
|
data/.travis.yml
ADDED
data/Gemfile
ADDED
data/Gemfile.lock
ADDED
@@ -0,0 +1,126 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
aws_security_viz (0.1.0)
|
5
|
+
fog (~> 1.26.0)
|
6
|
+
json (~> 1.8.1)
|
7
|
+
organic_hash (~> 1.0.2)
|
8
|
+
ruby-graphviz (~> 1.2.1)
|
9
|
+
trollop (~> 2.1.1)
|
10
|
+
unf (~> 0.1.4)
|
11
|
+
|
12
|
+
GEM
|
13
|
+
remote: http://rubygems.org/
|
14
|
+
specs:
|
15
|
+
CFPropertyList (2.3.1)
|
16
|
+
builder (3.2.2)
|
17
|
+
diff-lcs (1.2.5)
|
18
|
+
excon (0.45.4)
|
19
|
+
fission (0.5.0)
|
20
|
+
CFPropertyList (~> 2.2)
|
21
|
+
fog (1.26.0)
|
22
|
+
fog-atmos
|
23
|
+
fog-brightbox (~> 0.4)
|
24
|
+
fog-core (~> 1.27, >= 1.27.1)
|
25
|
+
fog-ecloud
|
26
|
+
fog-json
|
27
|
+
fog-profitbricks
|
28
|
+
fog-radosgw (>= 0.0.2)
|
29
|
+
fog-sakuracloud (>= 0.0.4)
|
30
|
+
fog-softlayer
|
31
|
+
fog-storm_on_demand
|
32
|
+
fog-terremark
|
33
|
+
fog-vmfusion
|
34
|
+
fog-voxel
|
35
|
+
fog-xml (~> 0.1.1)
|
36
|
+
ipaddress (~> 0.5)
|
37
|
+
nokogiri (~> 1.5, >= 1.5.11)
|
38
|
+
fog-atmos (0.1.0)
|
39
|
+
fog-core
|
40
|
+
fog-xml
|
41
|
+
fog-brightbox (0.8.0)
|
42
|
+
fog-core (~> 1.22)
|
43
|
+
fog-json
|
44
|
+
inflecto (~> 0.0.2)
|
45
|
+
fog-core (1.32.0)
|
46
|
+
builder
|
47
|
+
excon (~> 0.45)
|
48
|
+
formatador (~> 0.2)
|
49
|
+
mime-types
|
50
|
+
net-scp (~> 1.1)
|
51
|
+
net-ssh (>= 2.1.3)
|
52
|
+
fog-ecloud (0.1.1)
|
53
|
+
fog-core
|
54
|
+
fog-xml
|
55
|
+
fog-json (1.0.2)
|
56
|
+
fog-core (~> 1.0)
|
57
|
+
multi_json (~> 1.10)
|
58
|
+
fog-profitbricks (0.0.5)
|
59
|
+
fog-core
|
60
|
+
fog-xml
|
61
|
+
nokogiri
|
62
|
+
fog-radosgw (0.0.4)
|
63
|
+
fog-core (>= 1.21.0)
|
64
|
+
fog-json
|
65
|
+
fog-xml (>= 0.0.1)
|
66
|
+
fog-sakuracloud (1.0.1)
|
67
|
+
fog-core
|
68
|
+
fog-json
|
69
|
+
fog-softlayer (0.4.7)
|
70
|
+
fog-core
|
71
|
+
fog-json
|
72
|
+
fog-storm_on_demand (0.1.1)
|
73
|
+
fog-core
|
74
|
+
fog-json
|
75
|
+
fog-terremark (0.1.0)
|
76
|
+
fog-core
|
77
|
+
fog-xml
|
78
|
+
fog-vmfusion (0.1.0)
|
79
|
+
fission
|
80
|
+
fog-core
|
81
|
+
fog-voxel (0.1.0)
|
82
|
+
fog-core
|
83
|
+
fog-xml
|
84
|
+
fog-xml (0.1.2)
|
85
|
+
fog-core
|
86
|
+
nokogiri (~> 1.5, >= 1.5.11)
|
87
|
+
formatador (0.2.5)
|
88
|
+
inflecto (0.0.2)
|
89
|
+
ipaddress (0.8.0)
|
90
|
+
json (1.8.3)
|
91
|
+
mime-types (2.6.1)
|
92
|
+
mini_portile (0.6.2)
|
93
|
+
multi_json (1.11.2)
|
94
|
+
net-scp (1.2.1)
|
95
|
+
net-ssh (>= 2.6.5)
|
96
|
+
net-ssh (2.9.2)
|
97
|
+
nokogiri (1.6.6.2)
|
98
|
+
mini_portile (~> 0.6.0)
|
99
|
+
organic_hash (1.0.2)
|
100
|
+
rake (10.1.0)
|
101
|
+
rspec (3.1.0)
|
102
|
+
rspec-core (~> 3.1.0)
|
103
|
+
rspec-expectations (~> 3.1.0)
|
104
|
+
rspec-mocks (~> 3.1.0)
|
105
|
+
rspec-core (3.1.7)
|
106
|
+
rspec-support (~> 3.1.0)
|
107
|
+
rspec-expectations (3.1.2)
|
108
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
109
|
+
rspec-support (~> 3.1.0)
|
110
|
+
rspec-mocks (3.1.3)
|
111
|
+
rspec-support (~> 3.1.0)
|
112
|
+
rspec-support (3.1.2)
|
113
|
+
ruby-graphviz (1.2.2)
|
114
|
+
trollop (2.1.2)
|
115
|
+
unf (0.1.4)
|
116
|
+
unf_ext
|
117
|
+
unf_ext (0.0.7.1)
|
118
|
+
|
119
|
+
PLATFORMS
|
120
|
+
ruby
|
121
|
+
|
122
|
+
DEPENDENCIES
|
123
|
+
aws_security_viz!
|
124
|
+
bundler (~> 1.9)
|
125
|
+
rake (~> 10.0)
|
126
|
+
rspec (~> 3.1.0)
|
data/LICENSE.md
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2015 Anay Nayak
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
13
|
+
copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
21
|
+
SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,71 @@
|
|
1
|
+
aws-security-viz -- A tool to visualize aws security groups
|
2
|
+
============================================================
|
3
|
+
|
4
|
+
[![Build Status](https://secure.travis-ci.org/anaynayak/aws-security-viz.png)](http://travis-ci.org/anaynayak/aws-security-viz) [![Code Climate](https://codeclimate.com/github/anaynayak/aws-security-viz.png)](https://codeclimate.com/github/anaynayak/aws-security-viz) [![Dependency Status](https://gemnasium.com/anaynayak/aws-security-viz.png)](https://gemnasium.com/anaynayak/aws-security-viz)
|
5
|
+
|
6
|
+
## DESCRIPTION
|
7
|
+
Need a quick way to visualize your current aws/amazon ec2 security group configuration? aws-security-viz does just that based on the EC2 security group ingress configuration.
|
8
|
+
|
9
|
+
## FEATURES
|
10
|
+
|
11
|
+
* Output to any of the formats that Graphviz supports.
|
12
|
+
* EC2 classic and VPC security groups
|
13
|
+
|
14
|
+
## INSTALLATION
|
15
|
+
```
|
16
|
+
$ bundle install
|
17
|
+
```
|
18
|
+
([Bundler installation](http://gembundler.com/bundle_install.html))
|
19
|
+
|
20
|
+
## DEPENDENCIES
|
21
|
+
|
22
|
+
* graphviz with triangulation `brew install graphviz --with-gts`
|
23
|
+
* libxml2 `brew install libxml2`*
|
24
|
+
|
25
|
+
## USAGE
|
26
|
+
|
27
|
+
To generate the graph directly using AWS keys
|
28
|
+
```
|
29
|
+
$ bundle exec ruby lib/visualize_aws.rb -a your_aws_key -s your_aws_secret_key -f viz.svg --color=true
|
30
|
+
```
|
31
|
+
|
32
|
+
To generate the graph using an existing security_groups.json (created using aws-cli)
|
33
|
+
```
|
34
|
+
$ bundle exec ruby lib/visualize_aws.rb -o data/security_groups.json -f viz.svg --color
|
35
|
+
```
|
36
|
+
|
37
|
+
```
|
38
|
+
$ bundle exec ruby lib/visualize_aws.rb --help
|
39
|
+
Options:
|
40
|
+
-a, --access-key=<s> AWS access key
|
41
|
+
-s, --secret-key=<s> AWS secret key
|
42
|
+
-r, --region=<s> AWS region to query (default: us-east-1)
|
43
|
+
-o, --source-file=<s> JSON source file containing security groups
|
44
|
+
-f, --filename=<s> Output file name (default: aws-security-viz.png)
|
45
|
+
-c, --color Colored node edges
|
46
|
+
-h, --help Show this message
|
47
|
+
```
|
48
|
+
## DEBUGGING
|
49
|
+
|
50
|
+
To generate the graph with debug statements, execute the following command
|
51
|
+
|
52
|
+
```
|
53
|
+
$ DEBUG=true bundle exec ruby lib/visualize_aws.rb -a your_aws_key -s your_aws_secret_key -f viz.svg
|
54
|
+
```
|
55
|
+
|
56
|
+
If it doesn't indicate the problem, please share the generated json file with me @ whynospam-awsviz@yahoo.co.in
|
57
|
+
|
58
|
+
You can send me an obfuscated version using the following command:
|
59
|
+
|
60
|
+
```
|
61
|
+
$ DEBUG=true OBFUSCATE=true bundle exec ruby lib/visualize_aws.rb -a your_aws_key -s your_aws_secret_key -f viz.svg
|
62
|
+
```
|
63
|
+
|
64
|
+
Execute the following command to generate the json. You will need [aws-cli](https://github.com/aws/aws-cli) to execute the command
|
65
|
+
|
66
|
+
`aws ec2 describe-security-groups`
|
67
|
+
|
68
|
+
## EXAMPLE
|
69
|
+
|
70
|
+
![](https://github.com/anaynayak/aws-security-viz/raw/master/images/sample.png)
|
71
|
+
|
data/Rakefile
ADDED
data/Vagrantfile
ADDED
@@ -0,0 +1,17 @@
|
|
1
|
+
# -*- mode: ruby -*-
|
2
|
+
# vi: set ft=ruby :
|
3
|
+
|
4
|
+
Vagrant.configure(2) do |config|
|
5
|
+
config.vm.box = "ubuntu/vivid64"
|
6
|
+
config.vm.provision "shell", inline: <<-SHELL
|
7
|
+
apt-get -y update
|
8
|
+
apt-get -y install git bundler ruby graphviz
|
9
|
+
SHELL
|
10
|
+
|
11
|
+
config.vm.provision "shell", privileged: false, inline: <<-SHELL
|
12
|
+
git clone https://github.com/anaynayak/aws-security-viz.git
|
13
|
+
cd aws-security-viz
|
14
|
+
bundle install
|
15
|
+
# bundle exec ruby lib/visualize_aws.rb -a your_aws_key -s your_aws_secret_key -f viz.svg --color=true
|
16
|
+
SHELL
|
17
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
lib = File.expand_path('../lib', __FILE__)
|
2
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
3
|
+
require 'version'
|
4
|
+
|
5
|
+
Gem::Specification.new do |s|
|
6
|
+
s.name = 'aws_security_viz'
|
7
|
+
s.version = AwsSecurityViz::VERSION
|
8
|
+
s.date = '2015-10-15'
|
9
|
+
s.summary = "Visualize your aws security groups"
|
10
|
+
s.description = "Provides a quick mechanism to visualize your EC2 security groups in multiple formats"
|
11
|
+
s.authors = ["Anay Nayak"]
|
12
|
+
s.email = 'anayak007+rubygems@gmail.com'
|
13
|
+
s.files = ["lib", "config"]
|
14
|
+
s.homepage = 'https://github.com/anaynayak/aws-security-viz'
|
15
|
+
s.license = 'MIT'
|
16
|
+
s.bindir = 'exe'
|
17
|
+
|
18
|
+
s.files = `git ls-files -z`.split("\x0")
|
19
|
+
s.executables = s.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
20
|
+
s.test_files = s.files.grep(%r{^(test|spec|features)/})
|
21
|
+
s.require_paths = ["lib"]
|
22
|
+
|
23
|
+
s.add_development_dependency "bundler", "~> 1.9"
|
24
|
+
s.add_development_dependency "rake", "~> 10.0"
|
25
|
+
s.add_development_dependency "rspec", "~> 3.1.0"
|
26
|
+
|
27
|
+
s.add_runtime_dependency 'ruby-graphviz', "~> 1.2.1"
|
28
|
+
s.add_runtime_dependency 'fog', "~> 1.26.0"
|
29
|
+
s.add_runtime_dependency 'unf', "~> 0.1.4"
|
30
|
+
s.add_runtime_dependency 'json', "~> 1.8.1"
|
31
|
+
s.add_runtime_dependency 'trollop', "~> 2.1.1"
|
32
|
+
s.add_runtime_dependency 'organic_hash', "~> 1.0.2"
|
33
|
+
end
|
34
|
+
|
data/config/boot.rb
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require 'aws_security_viz'
|
4
|
+
require 'trollop'
|
5
|
+
|
6
|
+
opts = Trollop::options do
|
7
|
+
opt :access_key, 'AWS access key', :type => :string
|
8
|
+
opt :secret_key, 'AWS secret key', :type => :string
|
9
|
+
opt :region, 'AWS region to query', :default => 'us-east-1', :type => :string
|
10
|
+
opt :source_file, 'JSON source file containing security groups', :type => :string
|
11
|
+
opt :filename, 'Output file name', :type => :string, :default => 'aws-security-viz.png'
|
12
|
+
opt :color, 'Colored node edges', :default => false
|
13
|
+
end
|
14
|
+
if opts[:source_file].nil?
|
15
|
+
Trollop::die :access_key, 'is required' if opts[:access_key].nil?
|
16
|
+
Trollop::die :secret_key, 'is required' if opts[:secret_key].nil?
|
17
|
+
end
|
18
|
+
|
19
|
+
VisualizeAws.new(AwsConfig.load, opts).unleash(opts[:filename])
|
20
|
+
|
21
|
+
|
data/images/sample.png
ADDED
Binary file
|
data/lib/aws_config.rb
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
class AwsConfig
|
2
|
+
def initialize(opts={})
|
3
|
+
@opts = opts
|
4
|
+
end
|
5
|
+
|
6
|
+
def exclusions
|
7
|
+
@exclusions ||=Exclusions.new(@opts[:exclude])
|
8
|
+
end
|
9
|
+
|
10
|
+
def groups
|
11
|
+
@opts[:groups] || {}
|
12
|
+
end
|
13
|
+
|
14
|
+
def format
|
15
|
+
@opts[:format] || 'dot'
|
16
|
+
end
|
17
|
+
|
18
|
+
def self.load
|
19
|
+
config_opts = File.exist?('opts.yml') ? YAML.load_file('opts.yml') : {}
|
20
|
+
AwsConfig.new(config_opts)
|
21
|
+
end
|
22
|
+
end
|
@@ -0,0 +1,44 @@
|
|
1
|
+
require_relative 'ec2/security_groups'
|
2
|
+
require_relative 'provider/json'
|
3
|
+
require_relative 'provider/ec2'
|
4
|
+
require_relative 'graph'
|
5
|
+
require_relative 'exclusions'
|
6
|
+
require_relative 'debug_graph'
|
7
|
+
require_relative 'color_picker'
|
8
|
+
require_relative 'aws_config'
|
9
|
+
|
10
|
+
class VisualizeAws
|
11
|
+
def initialize(config, options={})
|
12
|
+
@options = options
|
13
|
+
@config = config
|
14
|
+
provider = options[:source_file].nil? ? Ec2Provider.new(options) : JsonProvider.new(options)
|
15
|
+
@security_groups = SecurityGroups.new(provider, config)
|
16
|
+
end
|
17
|
+
|
18
|
+
def unleash(output_file)
|
19
|
+
g = build
|
20
|
+
render(g, output_file)
|
21
|
+
end
|
22
|
+
|
23
|
+
def build
|
24
|
+
g = ENV["OBFUSCATE"] ? DebugGraph.new : Graph.new
|
25
|
+
@security_groups.each_with_index { |group, index|
|
26
|
+
picker = ColorPicker.new(@options[:color])
|
27
|
+
g.add_node(group.name)
|
28
|
+
group.traffic.each { |traffic|
|
29
|
+
if traffic.ingress
|
30
|
+
g.add_edge(traffic.from, traffic.to, :color => picker.color(index, traffic.ingress), :style => 'bold', :label => traffic.port_range)
|
31
|
+
else
|
32
|
+
g.add_edge(traffic.to, traffic.from, :color => picker.color(index, traffic.ingress), :style => 'bold', :label => traffic.port_range)
|
33
|
+
end
|
34
|
+
}
|
35
|
+
}
|
36
|
+
g
|
37
|
+
end
|
38
|
+
|
39
|
+
def render(g, output_file)
|
40
|
+
extension = File.extname(output_file)
|
41
|
+
g.output(extension[1..-1].to_sym => output_file, :use => @config.format)
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
data/lib/color_picker.rb
ADDED
@@ -0,0 +1,18 @@
|
|
1
|
+
class ColorPicker
|
2
|
+
def initialize(colored)
|
3
|
+
@picker = colored ? NodeColors.new : DefaultColors.new
|
4
|
+
end
|
5
|
+
def color(index, ingress)
|
6
|
+
@picker.color(index, ingress)
|
7
|
+
end
|
8
|
+
class NodeColors
|
9
|
+
def color(index, ingress)
|
10
|
+
GraphViz::Utils::Colors::COLORS.keys[index]
|
11
|
+
end
|
12
|
+
end
|
13
|
+
class DefaultColors
|
14
|
+
def color(index, ingress)
|
15
|
+
ingress ? :blue : :red
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|