diff --git a/aws_visualizer/dot/graph_region.py b/aws_visualizer/dot/graph_region.py index ca920ce..72cc5a0 100644 --- a/aws_visualizer/dot/graph_region.py +++ b/aws_visualizer/dot/graph_region.py @@ -253,13 +253,13 @@ def load_assigned_security_groups(self): self.assigned_security_groups = {} for instance in self.instances: self.assigned_security_groups[instance] = list(map( - lambda g: SecurityGroup(g), instance['SecurityGroups'])) + lambda g: SecurityGroup(g), instance.get('SecurityGroups', []))) def load_assigned_lb_security_groups(self): self.assigned_lb_security_groups = {} for lb in self.loadbalancers: self.assigned_lb_security_groups[lb] = list(map( - lambda g: self.get_security_group_by_id(g), lb['SecurityGroups'])) + lambda g: self.get_security_group_by_id(g), lb.get('SecurityGroups', []))) def get_networks_of_rule_refering_to_external_address(self, vpc, rule): cidrs = rule['IpRanges'] if 'IpRanges' in rule else set() @@ -347,6 +347,12 @@ def _add_security_group_to_table(self, target, group): if 'UserIdGroupPairs' in rule: for group_pairs in rule['UserIdGroupPairs']: + + # ignore foreign Security Groups + if 'PeeringStatus' in group_pairs: + # print "skip peered SG", group['GroupId'], group_pairs['GroupId'] + continue + granted_group_id = self.get_security_group_by_id(group_pairs[ 'GroupId']) sources = self.find_instances_with_assigned_security_group( @@ -371,7 +377,7 @@ def load_security_table_of_vpc(self, vpc_id): self._add_security_group_to_table(instance, group) for loadbalancer in self.get_loadbalancers_in_vpc(vpc_id): - for sg in loadbalancer['SecurityGroups']: + for sg in loadbalancer.get('SecurityGroups', []): group = self.get_security_group_by_id(sg) self._add_security_group_to_table(loadbalancer, group)