awscliで出力したSecurityGroupRuleをcsvに変換するPowerShellスクリプト

2023-4-20 読み終える時間: ~1 分

aws ec2 describe-security-group-rules > ec2_describe-security-group-rules.json

からの

$sgr = Get-Content .\ec2_describe-security-group-rules.json | ConvertFrom-Json
$sgrlist = @(
  @($sgr.SecurityGroupRules.SecurityGroupRuleId), ###[0]
  @($sgr.SecurityGroupRules.GroupId),             ###[1]
  @($sgr.SecurityGroupRules.IsEgress),            ###[2]
  @($sgr.SecurityGroupRules.IpProtocol),          ###[3]
  @($sgr.SecurityGroupRules.FromPort),            ###[4]
  @($sgr.SecurityGroupRules.ToPort),              ###[5]
  @($sgr.SecurityGroupRules.CidrIpv4),            ###[6]
  @($sgr.SecurityGroupRules.CidrIpv6),            ###[7]
  @($sgr.SecurityGroupRules.Description)          ###[8]
)

### header write
echo "SecurityGroupRuleId,GroupId,IsEgress,IpProtocol,FromPort,ToPort,CidrIpv4,CidrIpv6,Description" | Out-File -Encoding oem -Force .\sgrule-list.csv

for ($i = 0; $i -lt $sgrlist[0].Length; $i++ ) {
  ### Null to N/A
  if ($sgrlist[6][$i] -eq $nul) {$ipv4 = "N/A"}else{$ipv4 = $sgrlist[6][$i]}
  if ($sgrlist[7][$i] -eq $nul) {$ipv6 = "N/A"}else{$ipv6 = $sgrlist[7][$i]}
  if ($sgrlist[8][$i] -eq $nul) {$descr = "N/A"}else{$descr = $sgrlist[8][$i]}
  ### Input csv
  $line = $sgrlist[0][$i] + "," + $sgrlist[1][$i] + "," +  $sgrlist[2][$i] + "," +  $sgrlist[3][$i] + "," +  $sgrlist[4][$i] + "," +  $sgrlist[5][$i] + "," +  $ipv4 + "," +  $ipv6 + "," +  $descr
  $line | Out-File -Encoding oem -Append .\sgrule-list.csv
}

で、ルールだけ消すときはこうする、と

インバウンドの場合

aws --profile addrle ec2 revoke-security-group-ingress --group-id sg-0113793ba0362d9a0 --security-group-rule-ids sgr-0b142f3c7151c1f38

アウトバウンドの場合

aws --profile addrle ec2 revoke-security-group-egress --group-id sg-0113793ba0362d9a0 --security-group-rule-ids sgr-0a391a55503a18e74

---

今回はここまで

---