aws_security_viz 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: c14a384a5ea5c2f6781421821503487e9a2e5c23
+  data.tar.gz: 46669dc4475ba76b990be7f2ba6718871b72f06d
+SHA512:
+  metadata.gz: c59a023f8c48ebd6e98207bb36003bb9fa581f9936ee85c85d4fc6a6f8cd7a761d5e6645fe72d37452e5a4a605c4be68f0ef0bc807085ab3622c80df48262e19
+  data.tar.gz: fe1d7db0623bb22c357e0305dc631752c188b56152337eeee93ce567969a2e927400fb40b0e5863f69ee9cf7514864f96b109f466bb4aa9ac9fe2824af68dd71

data/.gitignore

@@ -0,0 +1,33 @@
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/test/tmp/
+/test/version_tmp/
+/tmp/
+/data/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalisation:
+/.bundle/
+/lib/bundler/man/
+
+.ruby-version
+.rbenv-gemsets
+.gems
+.envrc
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc
+
+opts.yml
+
+.vagrant

data/.travis.yml

@@ -0,0 +1,6 @@
+language: ruby
+rvm:
+  - 1.9.3
+  - 2.0.0
+  - 2.1.2
+script: bundle exec rspec spec --tag '~integration'

data/Gemfile

@@ -0,0 +1,3 @@
+source 'http://rubygems.org'
+
+gemspec

data/Gemfile.lock

@@ -0,0 +1,126 @@
+PATH
+  remote: .
+  specs:
+    aws_security_viz (0.1.0)
+      fog (~> 1.26.0)
+      json (~> 1.8.1)
+      organic_hash (~> 1.0.2)
+      ruby-graphviz (~> 1.2.1)
+      trollop (~> 2.1.1)
+      unf (~> 0.1.4)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    CFPropertyList (2.3.1)
+    builder (3.2.2)
+    diff-lcs (1.2.5)
+    excon (0.45.4)
+    fission (0.5.0)
+      CFPropertyList (~> 2.2)
+    fog (1.26.0)
+      fog-atmos
+      fog-brightbox (~> 0.4)
+      fog-core (~> 1.27, >= 1.27.1)
+      fog-ecloud
+      fog-json
+      fog-profitbricks
+      fog-radosgw (>= 0.0.2)
+      fog-sakuracloud (>= 0.0.4)
+      fog-softlayer
+      fog-storm_on_demand
+      fog-terremark
+      fog-vmfusion
+      fog-voxel
+      fog-xml (~> 0.1.1)
+      ipaddress (~> 0.5)
+      nokogiri (~> 1.5, >= 1.5.11)
+    fog-atmos (0.1.0)
+      fog-core
+      fog-xml
+    fog-brightbox (0.8.0)
+      fog-core (~> 1.22)
+      fog-json
+      inflecto (~> 0.0.2)
+    fog-core (1.32.0)
+      builder
+      excon (~> 0.45)
+      formatador (~> 0.2)
+      mime-types
+      net-scp (~> 1.1)
+      net-ssh (>= 2.1.3)
+    fog-ecloud (0.1.1)
+      fog-core
+      fog-xml
+    fog-json (1.0.2)
+      fog-core (~> 1.0)
+      multi_json (~> 1.10)
+    fog-profitbricks (0.0.5)
+      fog-core
+      fog-xml
+      nokogiri
+    fog-radosgw (0.0.4)
+      fog-core (>= 1.21.0)
+      fog-json
+      fog-xml (>= 0.0.1)
+    fog-sakuracloud (1.0.1)
+      fog-core
+      fog-json
+    fog-softlayer (0.4.7)
+      fog-core
+      fog-json
+    fog-storm_on_demand (0.1.1)
+      fog-core
+      fog-json
+    fog-terremark (0.1.0)
+      fog-core
+      fog-xml
+    fog-vmfusion (0.1.0)
+      fission
+      fog-core
+    fog-voxel (0.1.0)
+      fog-core
+      fog-xml
+    fog-xml (0.1.2)
+      fog-core
+      nokogiri (~> 1.5, >= 1.5.11)
+    formatador (0.2.5)
+    inflecto (0.0.2)
+    ipaddress (0.8.0)
+    json (1.8.3)
+    mime-types (2.6.1)
+    mini_portile (0.6.2)
+    multi_json (1.11.2)
+    net-scp (1.2.1)
+      net-ssh (>= 2.6.5)
+    net-ssh (2.9.2)
+    nokogiri (1.6.6.2)
+      mini_portile (~> 0.6.0)
+    organic_hash (1.0.2)
+    rake (10.1.0)
+    rspec (3.1.0)
+      rspec-core (~> 3.1.0)
+      rspec-expectations (~> 3.1.0)
+      rspec-mocks (~> 3.1.0)
+    rspec-core (3.1.7)
+      rspec-support (~> 3.1.0)
+    rspec-expectations (3.1.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.1.0)
+    rspec-mocks (3.1.3)
+      rspec-support (~> 3.1.0)
+    rspec-support (3.1.2)
+    ruby-graphviz (1.2.2)
+    trollop (2.1.2)
+    unf (0.1.4)
+      unf_ext
+    unf_ext (0.0.7.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  aws_security_viz!
+  bundler (~> 1.9)
+  rake (~> 10.0)
+  rspec (~> 3.1.0)

data/LICENSE.md

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Anay Nayak
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,71 @@
+aws-security-viz -- A tool to visualize aws security groups 
+============================================================
+
+[![Build Status](https://secure.travis-ci.org/anaynayak/aws-security-viz.png)](http://travis-ci.org/anaynayak/aws-security-viz) [![Code Climate](https://codeclimate.com/github/anaynayak/aws-security-viz.png)](https://codeclimate.com/github/anaynayak/aws-security-viz) [![Dependency Status](https://gemnasium.com/anaynayak/aws-security-viz.png)](https://gemnasium.com/anaynayak/aws-security-viz)
+
+## DESCRIPTION
+  Need a quick way to visualize your current aws/amazon ec2 security group configuration? aws-security-viz does just that based on the EC2 security group ingress configuration. 
+
+## FEATURES
+
+* Output to any of the formats that Graphviz supports. 
+* EC2 classic and VPC security groups
+
+## INSTALLATION 
+```
+  $ bundle install 
+```
+([Bundler installation](http://gembundler.com/bundle_install.html))
+
+## DEPENDENCIES
+
+* graphviz with triangulation `brew install graphviz --with-gts`
+* libxml2 `brew install libxml2`* 
+
+## USAGE
+
+To generate the graph directly using AWS keys
+```
+  $ bundle exec ruby lib/visualize_aws.rb -a your_aws_key -s your_aws_secret_key -f viz.svg --color=true
+```
+
+To generate the graph using an existing security_groups.json (created using aws-cli)
+```
+  $ bundle exec ruby lib/visualize_aws.rb -o data/security_groups.json -f viz.svg --color
+```
+
+``` 
+$ bundle exec ruby lib/visualize_aws.rb --help
+Options:
+  -a, --access-key=<s>     AWS access key
+  -s, --secret-key=<s>     AWS secret key
+  -r, --region=<s>         AWS region to query (default: us-east-1)
+  -o, --source-file=<s>    JSON source file containing security groups
+  -f, --filename=<s>       Output file name (default: aws-security-viz.png)
+  -c, --color              Colored node edges
+  -h, --help               Show this message
+```
+## DEBUGGING
+
+To generate the graph with debug statements, execute the following command 
+
+```
+$ DEBUG=true bundle exec ruby lib/visualize_aws.rb -a your_aws_key -s your_aws_secret_key -f viz.svg
+```
+
+If it doesn't indicate the problem, please share the generated json file with me @ whynospam-awsviz@yahoo.co.in
+
+You can send me an obfuscated version using the following command:
+
+```
+$ DEBUG=true OBFUSCATE=true bundle exec ruby lib/visualize_aws.rb -a your_aws_key -s your_aws_secret_key -f viz.svg
+```
+
+Execute the following command to generate the json. You will need [aws-cli](https://github.com/aws/aws-cli) to execute the command
+
+`aws ec2 describe-security-groups`
+
+## EXAMPLE
+
+![](https://github.com/anaynayak/aws-security-viz/raw/master/images/sample.png)
+

data/Rakefile

@@ -0,0 +1,2 @@
+require 'bundler/gem_tasks'
+

data/Vagrantfile

@@ -0,0 +1,17 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure(2) do |config|
+  config.vm.box = "ubuntu/vivid64"
+  config.vm.provision "shell", inline: <<-SHELL
+    apt-get -y update
+    apt-get -y install git bundler ruby graphviz
+  SHELL
+
+  config.vm.provision "shell", privileged: false, inline: <<-SHELL
+    git clone https://github.com/anaynayak/aws-security-viz.git
+    cd aws-security-viz
+    bundle install
+    # bundle exec ruby lib/visualize_aws.rb -a your_aws_key -s your_aws_secret_key -f viz.svg --color=true
+  SHELL
+end

data/aws_security_viz.gemspec

@@ -0,0 +1,34 @@
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'version'
+
+Gem::Specification.new do |s|
+  s.name        = 'aws_security_viz'
+  s.version     = AwsSecurityViz::VERSION
+  s.date        = '2015-10-15'
+  s.summary     = "Visualize your aws security groups"
+  s.description = "Provides a quick mechanism to visualize your EC2 security groups in multiple formats"
+  s.authors     = ["Anay Nayak"]
+  s.email       = 'anayak007+rubygems@gmail.com'
+  s.files       = ["lib", "config"]
+  s.homepage    = 'https://github.com/anaynayak/aws-security-viz'
+  s.license     = 'MIT'
+  s.bindir      = 'exe'
+
+  s.files = `git ls-files -z`.split("\x0")
+  s.executables   = s.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  s.test_files    = s.files.grep(%r{^(test|spec|features)/})
+  s.require_paths = ["lib"]
+
+  s.add_development_dependency "bundler", "~> 1.9"
+  s.add_development_dependency "rake", "~> 10.0"
+  s.add_development_dependency "rspec", "~> 3.1.0"
+
+  s.add_runtime_dependency 'ruby-graphviz', "~> 1.2.1"
+  s.add_runtime_dependency 'fog', "~> 1.26.0"
+  s.add_runtime_dependency 'unf', "~> 0.1.4"
+  s.add_runtime_dependency 'json', "~> 1.8.1"
+  s.add_runtime_dependency 'trollop', "~> 2.1.1"
+  s.add_runtime_dependency 'organic_hash', "~> 1.0.2"
+end
+

data/config/boot.rb

@@ -0,0 +1,4 @@
+require 'bundler'
+Bundler.setup
+
+Dir["./lib/**/*.rb"].each { |f| require f }

data/exe/aws_security_viz

@@ -0,0 +1,21 @@
+#!/usr/bin/env ruby
+
+require 'aws_security_viz'
+require 'trollop'
+
+opts = Trollop::options do
+  opt :access_key, 'AWS access key', :type => :string
+  opt :secret_key, 'AWS secret key', :type => :string
+  opt :region, 'AWS region to query', :default => 'us-east-1', :type => :string
+  opt :source_file, 'JSON source file containing security groups', :type => :string
+  opt :filename, 'Output file name', :type => :string, :default => 'aws-security-viz.png'
+  opt :color, 'Colored node edges', :default => false
+end
+if opts[:source_file].nil?
+  Trollop::die :access_key, 'is required' if opts[:access_key].nil?
+  Trollop::die :secret_key, 'is required' if opts[:secret_key].nil?
+end
+
+VisualizeAws.new(AwsConfig.load, opts).unleash(opts[:filename])
+
+

data/lib/aws_config.rb

@@ -0,0 +1,22 @@
+class AwsConfig
+  def initialize(opts={})
+    @opts = opts
+  end
+
+  def exclusions
+    @exclusions ||=Exclusions.new(@opts[:exclude])
+  end
+
+  def groups
+    @opts[:groups] || {}
+  end
+
+  def format
+    @opts[:format] || 'dot'
+  end
+
+  def self.load
+    config_opts = File.exist?('opts.yml') ? YAML.load_file('opts.yml') : {}
+    AwsConfig.new(config_opts)
+  end
+end

data/lib/aws_security_viz.rb

@@ -0,0 +1,44 @@
+require_relative 'ec2/security_groups'
+require_relative 'provider/json'
+require_relative 'provider/ec2'
+require_relative 'graph'
+require_relative 'exclusions'
+require_relative 'debug_graph'
+require_relative 'color_picker'
+require_relative 'aws_config'
+
+class VisualizeAws
+  def initialize(config, options={})
+    @options = options
+    @config = config
+    provider = options[:source_file].nil? ? Ec2Provider.new(options) : JsonProvider.new(options)
+    @security_groups = SecurityGroups.new(provider, config)
+  end
+
+  def unleash(output_file)
+    g = build
+    render(g, output_file)
+  end
+
+  def build
+    g = ENV["OBFUSCATE"] ? DebugGraph.new : Graph.new 
+    @security_groups.each_with_index { |group, index|
+      picker = ColorPicker.new(@options[:color])
+      g.add_node(group.name)
+      group.traffic.each { |traffic|
+       if traffic.ingress
+          g.add_edge(traffic.from, traffic.to, :color => picker.color(index, traffic.ingress), :style => 'bold', :label => traffic.port_range)
+        else
+          g.add_edge(traffic.to, traffic.from, :color => picker.color(index, traffic.ingress), :style => 'bold', :label => traffic.port_range)
+        end
+      }
+    }
+    g
+  end
+
+  def render(g, output_file)
+    extension = File.extname(output_file)
+    g.output(extension[1..-1].to_sym => output_file, :use => @config.format)
+  end
+end
+

data/lib/color_picker.rb

@@ -0,0 +1,18 @@
+class ColorPicker
+  def initialize(colored)
+    @picker = colored ? NodeColors.new : DefaultColors.new
+  end
+  def color(index, ingress)
+    @picker.color(index, ingress)
+  end
+  class NodeColors
+    def color(index, ingress)
+      GraphViz::Utils::Colors::COLORS.keys[index]
+    end
+  end
+  class DefaultColors
+    def color(index, ingress)
+      ingress ? :blue : :red
+    end
+  end
+end