From d36a424e1505d79bc2024bc3884d94f6a3b638ca Mon Sep 17 00:00:00 2001 From: Peter Shipley Date: Sat, 1 Jun 2019 15:32:21 -0700 Subject: [PATCH 1/3] deal with ELB with out SecurityGroups --- aws_visualizer/dot/graph_region.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aws_visualizer/dot/graph_region.py b/aws_visualizer/dot/graph_region.py index ca920ce..16858d8 100644 --- a/aws_visualizer/dot/graph_region.py +++ b/aws_visualizer/dot/graph_region.py @@ -253,13 +253,13 @@ def load_assigned_security_groups(self): self.assigned_security_groups = {} for instance in self.instances: self.assigned_security_groups[instance] = list(map( - lambda g: SecurityGroup(g), instance['SecurityGroups'])) + lambda g: SecurityGroup(g), instance.get('SecurityGroups', []))) def load_assigned_lb_security_groups(self): self.assigned_lb_security_groups = {} for lb in self.loadbalancers: self.assigned_lb_security_groups[lb] = list(map( - lambda g: self.get_security_group_by_id(g), lb['SecurityGroups'])) + lambda g: self.get_security_group_by_id(g), lb.get('SecurityGroups', []))) def get_networks_of_rule_refering_to_external_address(self, vpc, rule): cidrs = rule['IpRanges'] if 'IpRanges' in rule else set() From bddb923ef889993c44964437fac5ad154cb3d4fc Mon Sep 17 00:00:00 2001 From: Peter Shipley Date: Sat, 1 Jun 2019 15:51:00 -0700 Subject: [PATCH 2/3] iDeal with ELB without SecurityGroups --- aws_visualizer/dot/graph_region.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws_visualizer/dot/graph_region.py b/aws_visualizer/dot/graph_region.py index 16858d8..9f50f5d 100644 --- a/aws_visualizer/dot/graph_region.py +++ b/aws_visualizer/dot/graph_region.py @@ -371,7 +371,7 @@ def load_security_table_of_vpc(self, vpc_id): self._add_security_group_to_table(instance, group) for loadbalancer in self.get_loadbalancers_in_vpc(vpc_id): - for sg in loadbalancer['SecurityGroups']: + for sg in loadbalancer.get('SecurityGroups', []): group = self.get_security_group_by_id(sg) self._add_security_group_to_table(loadbalancer, group) From f3769381c66a76daf991ac169f94dc041743f9ad Mon Sep 17 00:00:00 2001 From: Peter Shipley Date: Tue, 4 Jun 2019 14:39:55 -0700 Subject: [PATCH 3/3] added code to Ignore Sec Groups from peered connections Code was aborting when it was unable to loop up Sec Groups from peered connections --- aws_visualizer/dot/graph_region.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/aws_visualizer/dot/graph_region.py b/aws_visualizer/dot/graph_region.py index 9f50f5d..72cc5a0 100644 --- a/aws_visualizer/dot/graph_region.py +++ b/aws_visualizer/dot/graph_region.py @@ -347,6 +347,12 @@ def _add_security_group_to_table(self, target, group): if 'UserIdGroupPairs' in rule: for group_pairs in rule['UserIdGroupPairs']: + + # ignore foreign Security Groups + if 'PeeringStatus' in group_pairs: + # print "skip peered SG", group['GroupId'], group_pairs['GroupId'] + continue + granted_group_id = self.get_security_group_by_id(group_pairs[ 'GroupId']) sources = self.find_instances_with_assigned_security_group(