寻找命令以使用AWS CLI提取AWS安全组及其入站/出站规则列表
到目前为止,已经能够提取SG,但无法提取其关联规则。已尝试使用Powershell for AWS,但返回的结果不完整,即未显示所有SG。
答案 0 :(得分:0)
您将需要致电describe-security-groups来获取安全组列表。
这是我的一个安全组的示例输出:
{
"SecurityGroups": [
{
"Description": "SSH & Windows",
"GroupName": "SSHWin-SG",
"IpPermissions": [
{
"FromPort": 22,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "73.21.198.65/32"
},
{
"CidrIp": "54.240.123.1/32"
},
{
"CidrIp": "167.129.152.56/32"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 22,
"UserIdGroupPairs": []
},
{
"FromPort": 3389,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "73.21.198.65/32"
},
{
"CidrIp": "54.240.123.1/32"
},
{
"CidrIp": "167.129.152.56/32"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 3389,
"UserIdGroupPairs": []
}
],
"OwnerId": "123456789012",
"GroupId": "sg-91cb39d6",
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"UserIdGroupPairs": []
}
],
"Tags": [
{
"Key": "Name",
"Value": "Ops"
}
],
"VpcId": "vpc-7d097214"
}
]
}
IpPermissions部分返回入站权限,而IpPermissionsEgress部分返回出站权限。