是否存在aws-cli,以便列出API网关中与安全组类似的所有打开的端口,如此处https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-security-groups.html所述:
aws ec2 describe-security-groups --filters Name=ip-permission.from-port,Values=22 Name=ip-permission.to-port,Values=22 Name=ip-permission.cidr,Values='0.0.0.0/0' --query "SecurityGroups[*].{Name:GroupName}"
API网关中的策略的定义如下How to allow only an IP/range access to AWS API Gateway resources:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::<account_idA>:user/<user>",
"arn:aws:iam::<account_idA>:root"
]
},
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:us-east-1:<account_idB>:qxz8y9c8a4/*/*/*"
},
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:us-east-1:<account_idB>:qxz8y9c8a4/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "0.0.0.0/0"
}
}
}
]
}
一种解决方案可能是对查询使用list-policies-for-target,但如何找到网关等?
答案 0 :(得分:1)
我认为这可以做到
airflow next_execution [-h] [-sd SUBDIR] dag_id
您可以进一步修改grep命令以返回接受或拒绝的值。