Enhanced Security Group Analysis for EC2 Instances, Load Balancers, and VPC Endpoints. #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Changelog - Added support for analyzing security groups attached to AWS Application Load Balancers and VPC Endpoints, in addition to EC2 instances. - Refactored the code to make it more modular and easier to maintain. - Added the resource type (instance, load balancer, or endpoint) as a new column in the output DataFrame and Excel file. - Improved the function `get_name` to handle the names for load balancers and VPC endpoints. - Created the `get_sg_name` function to fetch the security group name using the group ID and region. - Processed inbound and outbound rules separately and appended them to the DataFrame in a more efficient way.
- Expanded the permissions in the AWS IAM policy to support the new features in the script. - Added the `ec2:DescribeRegions` permission to allow the script to fetch the list of AWS regions. - Added the `ec2:DescribeVpcEndpoints` permission to allow the script to retrieve information about VPC endpoints. - Added the `elasticloadbalancing:DescribeLoadBalancers` permission to enable the script to access information about Application Load Balancers.
Error handling was added when any service was not present
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue #, if available:
N/A
Description of changes:
This pull request includes several improvements to the original script, enhancing its functionality and coverage. The key changes are:
Extended resource support: The script now analyzes security groups not only for EC2 instances but also for Application Load Balancers and VPC endpoints. This provides a more comprehensive view of the security group landscape across various AWS resources.
Regional coverage: The script now automatically retrieves the list of available AWS regions, ensuring that security group information is collected from every region. This feature increases the scope of the analysis and can be easily customized by specifying a subset of regions.
Improved data structure: The script now generates a cleaner and more informative DataFrame, including additional columns such as Resource Type, Resource Name, and Resource-ID. This improvement enhances the readability and usefulness of the output.
Optimized code structure: Functions have been refactored and reorganized to improve the overall structure and readability of the code. This update makes the script more maintainable and easier to understand.
Updated IAM policy: The required IAM policy has been updated to include new permissions that allow the script to access information about Application Load Balancers and VPC endpoints. This change ensures that the script has the necessary permissions to function correctly.
These improvements provide a more comprehensive and user-friendly tool for analyzing and reporting on security groups across various AWS resources and regions.