0

AWS CLI からの json 出力を解析するために「JQ」を使用することに夢中になっています。

JQ を適切に使用する方法をまだ理解していない可能性がありますが、インバウンドとアウトバウンドの両方のルールごとにフォーマットされた 1 つの文字列を持つ 2 つ (またはそれ以上) のセキュリティ グループを解析したいと考えています。

コマンドAWS CLIはこれについてです:

aws ec2 describe-security-groups --group-ids sg-0000001 sg-0000002

そして、出力jsonはこれについてです(プライバシーのためにいくつかの情報をランダムに編集しました):

{
    "SecurityGroups": [
        {
            "IpPermissionsEgress": [
                {
                    "IpProtocol": "-1",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "UserIdGroupPairs": []
                }
            ],
            "Description": "server-db",
            "Tags": [
                {
                    "Value": "server-db",
                    "Key": "Client"
                },
                {
                    "Value": "server-db",
                    "Key": "Name"
                }
            ],
            "IpPermissions": [
                {
                    "ToPort": 3389,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.12.0.0/16"
                        },
                        {
                            "CidrIp": "192.168.10.10/32"
                        }
                    ],
                    "UserIdGroupPairs": [],
                    "FromPort": 3389
                },
                {
                    "ToPort": 5666,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "192.168.10.10/32"
                        }
                    ],
                    "UserIdGroupPairs": [],
                    "FromPort": 5666
                },
                {
                    "IpProtocol": "-1",
                    "IpRanges": [],
                    "UserIdGroupPairs": [
                        {
                            "UserId": "121211212121",
                            "GroupId": "sg-00000001"
                        }
                    ]
                },
                {
                    "IpProtocol": "-1",
                    "IpRanges": [],
                    "UserIdGroupPairs": [
                        {
                            "UserId": "121211212121",
                            "GroupId": "sg-000000001"
                        }
                    ]
                },
                {
                    "ToPort": -1,
                    "IpProtocol": "icmp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.12.0.0/16"
                        },
                        {
                            "CidrIp": "192.168.10.10/32"
                        }
                    ],
                    "UserIdGroupPairs": [],
                    "FromPort": -1
                }
            ],
            "GroupName": "server-db",
            "VpcId": "vpc-0000001",
            "OwnerId": "121211212121",
            "GroupId": "sg-000000001"
        },
        {
            "IpPermissionsEgress": [
                {
                    "IpProtocol": "-1",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "UserIdGroupPairs": []
                }
            ],
            "Description": "server-as",
            "Tags": [
                {
                    "Value": "server-as",
                    "Key": "Name"
                },
                {
                    "Value": "server",
                    "Key": "Client"
                }
            ],
            "IpPermissions": [
                {
                    "IpProtocol": "-1",
                    "IpRanges": [],
                    "UserIdGroupPairs": [
                        {
                            "UserId": "121211212121",
                            "GroupId": "sg-00000001"
                        }
                    ]
                },
                {
                    "ToPort": 22,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.12.0.0/16"
                        },
                        {
                            "CidrIp": "192.168.10.10/32"
                        }
                    ],
                    "UserIdGroupPairs": [],
                    "FromPort": 22
                },
                {
                    "ToPort": 443,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.12.0.0/16"
                        },
                        {
                            "CidrIp": "192.168.60.10/32"
                        },
                        {
                            "CidrIp": "192.168.160.10/32"
                        },
                        {
                            "CidrIp": "192.168.130.10/32"
                        },
                        {
                            "CidrIp": "192.168.130.50/32"
                        },
                        {
                            "CidrIp": "192.168.130.150/32"
                        },
                        {
                            "CidrIp": "192.168.10.10/32"
                        },
                        {
                            "CidrIp": "192.168.80.150/32"
                        },
                        {
                            "CidrIp": "192.168.80.152/32"
                        },
                        {
                            "CidrIp": "192.168.80.155/32"
                        },
                        {
                            "CidrIp": "192.168.80.158/32"
                        }
                    ],
                    "UserIdGroupPairs": [],
                    "FromPort": 443
                },
                {
                    "IpProtocol": "-1",
                    "IpRanges": [],
                    "UserIdGroupPairs": [
                        {
                            "UserId": "121211212121",
                            "GroupId": "sg-00000002"
                        }
                    ]
                },
                {
                    "ToPort": -1,
                    "IpProtocol": "icmp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.12.0.0/16"
                        },
                        {
                            "CidrIp": "192.168.10.10/32"
                        }
                    ],
                    "UserIdGroupPairs": [],
                    "FromPort": -1
                }
            ],
            "GroupName": "server-as",
            "VpcId": "vpc-00000001",
            "OwnerId": "121211212121",
            "GroupId": "sg-00000001"
        }
    ]
}

id が必要とする形式は、次のようなものです。

SecurityGroupId - GroupName - InBound/OutBound - IpProtocol - Port - SourceRanges/DestinationRanges

誰でも私を助けることができますか?ありがとう

4

2 に答える 2

0

PERL で解決:

use JSON qw( decode_json );

sub creatab{
my $json = $dump; #dump from the AWS CLI
my $decoded = decode_json($json);

my @secgrp = @{ $decoded->{'SecurityGroups'} };
foreach my $f ( @secgrp ) {
 $description=$f->{"Description"};
 $groupname=$f->{"GroupName"};
 $vpcid=$f->{"VpcId"}; if ($vpcid eq "") {$vpcid = "EC2"}
 $groupid=$f->{"GroupId"};

#------INBOUND RULES------------------------
 my @ipperm = @{ $f->{'IpPermissions'} };
 foreach my $g ( @ipperm ) {
  $toport=$g->{'ToPort'};
  $fromport=$g->{'FromPort'};
  $proto=$g->{'IpProtocol'};

  my @cidr = @{ $g->{'IpRanges'} };
  foreach my $h ( @cidr ) {
   $cidr=$h->{'CidrIp'};
    if ($proto==-1) {$fromport="ALLPORTS"; $toport="ALLPORTS"; $proto="ALLPROTO";}
    $tabella .= "$groupid|$groupname|$description|$vpcid|INBOUND|$cidr|$fromport|$toport|$proto\n";
  }

  my @useridgrouppairs = @{ $g->{'UserIdGroupPairs'} };
  foreach my $h ( @useridgrouppairs ) {
   $useridgrouppairs=$h->{'GroupId'};
    if ($proto==-1) {$fromport="ALLPORTS"; $toport="ALLPORTS"; $proto="ALLPROTO";}
    $tabella .= "$groupid|$groupname|$description|$vpcid|INBOUND|$useridgrouppairs|$fromport|$toport|$proto\n";
  }
 }
#-------------------------------------------
#-------------OUTBOUND RULES----------------
 my @ipperm = @{ $f->{'IpPermissionsEgress'} };
 foreach my $g ( @ipperm ) {
  $toport=$g->{'ToPort'};
  $fromport=$g->{'FromPort'};
  $proto=$g->{'IpProtocol'};

  my @cidr = @{ $g->{'IpRanges'} };
  foreach my $h ( @cidr ) {
   $cidr=$h->{'CidrIp'};
    if ($proto==-1) {$fromport="ALLPORTS"; $toport="ALLPORTS"; $proto="ALLPROTO";}
    $tabella .= "$groupid|$groupname|$description|$vpcid|OUTBOUND|$cidr|$fromport|$toport|$proto\n";
  }

  my @useridgrouppairs = @{ $g->{'UserIdGroupPairs'} };
  foreach my $h ( @useridgrouppairs ) {
   $useridgrouppairs=$h->{'GroupId'};
    if ($proto==-1) {$fromport="ALLPORTS"; $toport="ALLPORTS"; $proto="ALLPROTO";}
    $tabella .= "$groupid|$groupname|$description|$vpcid|OUTBOUND|$useridgrouppairs|$fromport|$toport|$proto\n";
  }
 }
#------------------------------------------
}
return $tabella;
}
于 2014-10-30T14:53:58.990 に答える