読者です 読者をやめる 読者になる 読者になる

Security GroupをGraphvizで可視化する

EC2

とりあえず非VPCだけ。

ec2-describe-group | awk -F'\t' 'BEGIN{print "digraph G {"} /^GROUP/{vpc = $6 ? 1 : 0} $9~/CIDR/{src=$10} $9~/USER/{gsub(/NAME /,"",$11); src=$11} !vpc && /^PERMISSION/{dst=$3; pair=sprintf("\"%s\" -> \"%s\"",src,dst); label=$5":"$6":"$7; if (grants[pair]) {grants[pair]=grants[pair]" "label} else {grants[pair]=label}} END{for (pair in grants) {label=grants[pair]; printf("\t%s [label = \"%s\"]\n",pair,label)} print "}"}' | dot -Tpng > foo.png



Awkスクリプトはこんな感じ。

BEGIN {
  print "digraph G {"
}

/^GROUP/ {
  vpc = $6 ? 1 : 0
} 

$9 ~ /CIDR/ {
  src = $10
}

$9 ~ /USER/ {
  gsub(/NAME /, "", $11)
  src = $11
}

!vpc && /^PERMISSION/ {
  dst = $3
  pair = sprintf("\"%s\" -> \"%s\"", src, dst)
  label = $5":"$6":"$7

  if (grants[pair]) {
    grants[pair] = grants[pair]" "label
  } else {
    grants[pair] = label
  }
}

END{
  for (pair in grants) {
    label = grants[pair]
    printf("\t%s [label = \"%s\"]\n", pair, label)
  }

  print "}"
}