-
Notifications
You must be signed in to change notification settings - Fork 0
/
create-v2-sg-rule-imports.sh
executable file
·125 lines (94 loc) · 8.29 KB
/
create-v2-sg-rule-imports.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
#!/usr/bin/env bash
set -euxo pipefail
name_prefix="${1-}"
mesh_env="${2-}"
region="${3-eu-west-2}"
function usage() {
echo "
please supply the module name_prefix and mesh_env, (production|integration)
usage ./create-v2-sg-rule-imports.sh {name_prefix} [production|integration]
"
}
if [[ -z "${name_prefix}" ]]; then
usage
exit 1
fi
if [[ "${mesh_env}" != "production" && "${mesh_env}" != "integration" ]]; then
usage
exit 1
fi
sg_check_send="${name_prefix}-mesh-check-send-parameters"
sg_fetch_chunk="${name_prefix}-mesh-fetch-message-chunk"
sg_poll_mailbox="${name_prefix}-mesh-poll-mailbox"
sg_send_chunk="${name_prefix}-mesh-send-message-chunk"
sg_check_send_id="$(aws ec2 describe-security-groups --region="${region}" --filters="Name=group-name,Values=${sg_check_send}" --query=SecurityGroups[0].GroupId --output text)"
sg_fetch_chunk_id="$(aws ec2 describe-security-groups --region="${region}" --filters="Name=group-name,Values=${sg_fetch_chunk}" --query=SecurityGroups[0].GroupId --output text)"
sg_poll_mailbox_id="$(aws ec2 describe-security-groups --region="${region}" --filters="Name=group-name,Values=${sg_poll_mailbox}" --query=SecurityGroups[0].GroupId --output text)"
sg_send_chunk_id="$(aws ec2 describe-security-groups --region="${region}" --filters="Name=group-name,Values=${sg_send_chunk}" --query=SecurityGroups[0].GroupId --output text)"
echo "
found sg ids:
${sg_check_send}: ${sg_check_send_id}
${sg_fetch_chunk}: ${sg_fetch_chunk_id}
${sg_poll_mailbox}: ${sg_poll_mailbox_id}
${sg_send_chunk}: ${sg_send_chunk_id}
"
if [[ -z "${sg_check_send_id}" || -z "${sg_fetch_chunk_id}" || -z "${sg_poll_mailbox_id}" || -z "${sg_send_chunk_id}" ]]; then
echo "sg not found"
exit 1
fi
if [[ "${sg_check_send_id}" == "None" || "${sg_fetch_chunk_id}" == "None" || "${sg_poll_mailbox_id}" == "None" || "${sg_send_chunk_id}" == "None" ]]; then
echo "sg not found"
exit 1
fi
s3_prefix_list_id=$(aws ec2 describe-prefix-lists --region="${region}" --filters="Name=prefix-list-name,Values=com.amazonaws.${region}.s3" --query=PrefixLists[0].PrefixListId --output text)
if [[ -z "${s3_prefix_list_id}" || "${s3_prefix_list_id}" == "None" ]]; then
echo "s3 prefix list id not found"
exit 1
fi
int_mesh_cidrs="3.11.177.31/32_35.177.15.89/32_3.11.199.83/32_35.178.64.126/32_18.132.113.121/32_18.132.31.159/32"
prod_mesh_cidrs="18.132.56.40/32_3.11.193.200/32_35.176.248.137/32_3.10.194.216/32_35.176.231.190/32_35.179.50.16/32"
mesh_cidrs="${prod_mesh_cidrs}"
if [[ "${mesh_env}" == "integration" ]]; then
mesh_cidrs="${int_mesh_cidrs}"
fi
ssm_sg_id="$(aws ec2 describe-vpc-endpoints --region="${region}" --filters="Name=service-name,Values=com.amazonaws.${region}.ssm" --query=VpcEndpoints[0].Groups[0].GroupId --output text)"
sfn_sg_id="$(aws ec2 describe-vpc-endpoints --region="${region}" --filters="Name=service-name,Values=com.amazonaws.${region}.states" --query=VpcEndpoints[0].Groups[0].GroupId --output text)"
logs_sg_id="$(aws ec2 describe-vpc-endpoints --region="${region}" --filters="Name=service-name,Values=com.amazonaws.${region}.logs" --query=VpcEndpoints[0].Groups[0].GroupId --output text)"
kms_sg_id="$(aws ec2 describe-vpc-endpoints --region="${region}" --filters="Name=service-name,Values=com.amazonaws.${region}.kms" --query=VpcEndpoints[0].Groups[0].GroupId --output text)"
lambda_sg_id="$(aws ec2 describe-vpc-endpoints --region="${region}" --filters="Name=service-name,Values=com.amazonaws.${region}.lambda" --query=VpcEndpoints[0].Groups[0].GroupId --output text)"
secrets_sg_id="$(aws ec2 describe-vpc-endpoints --region="${region}" --filters="Name=service-name,Values=com.amazonaws.${region}.secretsmanager" --query=VpcEndpoints[0].Groups[0].GroupId --output text)"
echo "
# IMPORTS >>
terraform import 'module.mesh.aws_security_group_rule.check_send_mesh' '${sg_check_send_id}_egress_tcp_443_443_${mesh_cidrs}'
terraform import 'module.mesh.aws_security_group_rule.fetch_message_mesh' '${sg_fetch_chunk_id}_egress_tcp_443_443_${mesh_cidrs}'
terraform import 'module.mesh.aws_security_group_rule.poll_mailbox_mesh' '${sg_poll_mailbox_id}_egress_tcp_443_443_${mesh_cidrs}'
terraform import 'module.mesh.aws_security_group_rule.send_message_mesh' '${sg_send_chunk_id}_egress_tcp_443_443_${mesh_cidrs}'
terraform import 'module.mesh.aws_security_group_rule.check_send_s3' '${sg_check_send_id}_egress_tcp_443_443_${s3_prefix_list_id}'
terraform import 'module.mesh.aws_security_group_rule.fetch_message_s3' '${sg_fetch_chunk_id}_egress_tcp_443_443_${s3_prefix_list_id}'
terraform import 'module.mesh.aws_security_group_rule.poll_mailbox_s3' '${sg_poll_mailbox_id}_egress_tcp_443_443_${s3_prefix_list_id}'
terraform import 'module.mesh.aws_security_group_rule.send_message_s3' '${sg_send_chunk_id}_egress_tcp_443_443_${s3_prefix_list_id}'
terraform import 'module.mesh.aws_security_group_rule.check_send_endpoints[\"${ssm_sg_id}\"]' '${sg_check_send_id}_egress_tcp_443_443_${ssm_sg_id}'
terraform import 'module.mesh.aws_security_group_rule.fetch_message_endpoints[\"${ssm_sg_id}\"]' '${sg_fetch_chunk_id}_egress_tcp_443_443_${ssm_sg_id}'
terraform import 'module.mesh.aws_security_group_rule.poll_mailbox_endpoints[\"${ssm_sg_id}\"]' '${sg_poll_mailbox_id}_egress_tcp_443_443_${ssm_sg_id}'
terraform import 'module.mesh.aws_security_group_rule.send_message_endpoints[\"${ssm_sg_id}\"]' '${sg_send_chunk_id}_egress_tcp_443_443_${ssm_sg_id}'
terraform import 'module.mesh.aws_security_group_rule.check_send_endpoints[\"${sfn_sg_id}\"]' '${sg_check_send_id}_egress_tcp_443_443_${sfn_sg_id}'
terraform import 'module.mesh.aws_security_group_rule.fetch_message_endpoints[\"${sfn_sg_id}\"]' '${sg_fetch_chunk_id}_egress_tcp_443_443_${sfn_sg_id}'
terraform import 'module.mesh.aws_security_group_rule.poll_mailbox_endpoints[\"${sfn_sg_id}\"]' '${sg_poll_mailbox_id}_egress_tcp_443_443_${sfn_sg_id}'
terraform import 'module.mesh.aws_security_group_rule.send_message_endpoints[\"${sfn_sg_id}\"]' '${sg_send_chunk_id}_egress_tcp_443_443_${sfn_sg_id}'
terraform import 'module.mesh.aws_security_group_rule.check_send_endpoints[\"${logs_sg_id}\"]' '${sg_check_send_id}_egress_tcp_443_443_${logs_sg_id}'
terraform import 'module.mesh.aws_security_group_rule.fetch_message_endpoints[\"${logs_sg_id}\"]' '${sg_fetch_chunk_id}_egress_tcp_443_443_${logs_sg_id}'
terraform import 'module.mesh.aws_security_group_rule.poll_mailbox_endpoints[\"${logs_sg_id}\"]' '${sg_poll_mailbox_id}_egress_tcp_443_443_${logs_sg_id}'
terraform import 'module.mesh.aws_security_group_rule.send_message_endpoints[\"${logs_sg_id}\"]' '${sg_send_chunk_id}_egress_tcp_443_443_${logs_sg_id}'
terraform import 'module.mesh.aws_security_group_rule.check_send_endpoints[\"${kms_sg_id}\"]' '${sg_check_send_id}_egress_tcp_443_443_${kms_sg_id}'
terraform import 'module.mesh.aws_security_group_rule.fetch_message_endpoints[\"${kms_sg_id}\"]' '${sg_fetch_chunk_id}_egress_tcp_443_443_${kms_sg_id}'
terraform import 'module.mesh.aws_security_group_rule.poll_mailbox_endpoints[\"${kms_sg_id}\"]' '${sg_poll_mailbox_id}_egress_tcp_443_443_${kms_sg_id}'
terraform import 'module.mesh.aws_security_group_rule.send_message_endpoints[\"${kms_sg_id}\"]' '${sg_send_chunk_id}_egress_tcp_443_443_${kms_sg_id}'
terraform import 'module.mesh.aws_security_group_rule.check_send_endpoints[\"${lambda_sg_id}\"]' '${sg_check_send_id}_egress_tcp_443_443_${lambda_sg_id}'
terraform import 'module.mesh.aws_security_group_rule.fetch_message_endpoints[\"${lambda_sg_id}\"]' '${sg_fetch_chunk_id}_egress_tcp_443_443_${lambda_sg_id}'
terraform import 'module.mesh.aws_security_group_rule.poll_mailbox_endpoints[\"${lambda_sg_id}\"]' '${sg_poll_mailbox_id}_egress_tcp_443_443_${lambda_sg_id}'
terraform import 'module.mesh.aws_security_group_rule.send_message_endpoints[\"${lambda_sg_id}\"]' '${sg_send_chunk_id}_egress_tcp_443_443_${lambda_sg_id}'
terraform import 'module.mesh.aws_security_group_rule.check_send_endpoints[\"${secrets_sg_id}\"]' '${sg_check_send_id}_egress_tcp_443_443_${secrets_sg_id}'
terraform import 'module.mesh.aws_security_group_rule.fetch_message_endpoints[\"${secrets_sg_id}\"]' '${sg_fetch_chunk_id}_egress_tcp_443_443_${secrets_sg_id}'
terraform import 'module.mesh.aws_security_group_rule.poll_mailbox_endpoints[\"${secrets_sg_id}\"]' '${sg_poll_mailbox_id}_egress_tcp_443_443_${secrets_sg_id}'
terraform import 'module.mesh.aws_security_group_rule.send_message_endpoints[\"${secrets_sg_id}\"]' '${sg_send_chunk_id}_egress_tcp_443_443_${secrets_sg_id}'
"