No project description provided
Project description
# pysec-aws
Convert simple text-based list of IP addresses, to AWS CloudFormation templates.
## Sample Text File and Syntax
```
## File: MyInternalApi_Whitelisting_Production.txt
## Syntax: <ip-address>/<cidr>:<portFrom>-<portTo>^<protocol>
52.35.22.100/32:80-443^tcp
52.35.22.101/32:443^udp
52.35.23.0/21:80^tcp
```
## Usage
```python
>>> import pysec
>>> my_conversion = pysec.CFConversion(input_file_path='/mypath/MyInternalApi_Whitelisting_Production.txt')
[INFO] File loaded successfully - 3 ingress rules detected
>>> my_conversion
{'requests': [{'toPort': '443', 'ip': '52.35.22.100', 'cidr': '32', 'ipProtocol': 'tcp', 'fromPort': '80'}, {'toPort': '443', 'ip': '52.35.22.101', 'cidr': '32', 'ipProtocol': 'udp', 'fromPort': '443'}, {'toPort': '80', 'ip': '52.35.23.0', 'cidr': '21', 'ipProtocol': 'tcp', 'fromPort': '80'}]}
>> my_conversion.generate_template(group_name='MySecurityGroup', vpc='vpc-82c92af3')
[INFO] Generated Troposphere object
>>> my_conversion.to_file(output_file_path='/mypath/artifact.yaml', format='yml')
[INFO] CF Template flushed to disk: /mypath/artifact.yaml
>>> my_conversion.to_file(output_file_path='/mypath/artifact.json', format='json')
[INFO] CF Template flushed to disk: /mypath/artifact.json
```
### Artifacts
```yaml
Outputs:
SecurityGroupId:
Description: Security Group Id
Value: !Ref 'MySecurityGroup'
Resources:
MySecurityGroup:
Properties:
GroupDescription: Security group created by automated process - MySecurityGroup
SecurityGroupIngress:
- CidrIp: 52.35.22.100/32
FromPort: '80'
IpProtocol: tcp
ToPort: '443'
- CidrIp: 52.35.22.101/32
FromPort: '443'
IpProtocol: udp
ToPort: '443'
- CidrIp: 52.35.23.0/21
FromPort: '80'
IpProtocol: tcp
ToPort: '80'
VpcId: vpc-82c92af3
Type: AWS::EC2::SecurityGroup
```
## Use cases
If you need to manage a lot of dynamic security group that allow access between multiple AWS accounts, you can use this to keep simple ip lists in your repo per environment / branch, and build them into cloudformation templates during your CICD template, this is easier to manage then making changes directly to a template stored on git.
Alternatively, one could automate the process of building CF templates using this tool -- pull requests can trigger build and update of existing stack (this will require contributions to this tool).
## Notes
Contributions welcome, no pip packages yet.
Plan is to expand this tool to help manage security groups.
Convert simple text-based list of IP addresses, to AWS CloudFormation templates.
## Sample Text File and Syntax
```
## File: MyInternalApi_Whitelisting_Production.txt
## Syntax: <ip-address>/<cidr>:<portFrom>-<portTo>^<protocol>
52.35.22.100/32:80-443^tcp
52.35.22.101/32:443^udp
52.35.23.0/21:80^tcp
```
## Usage
```python
>>> import pysec
>>> my_conversion = pysec.CFConversion(input_file_path='/mypath/MyInternalApi_Whitelisting_Production.txt')
[INFO] File loaded successfully - 3 ingress rules detected
>>> my_conversion
{'requests': [{'toPort': '443', 'ip': '52.35.22.100', 'cidr': '32', 'ipProtocol': 'tcp', 'fromPort': '80'}, {'toPort': '443', 'ip': '52.35.22.101', 'cidr': '32', 'ipProtocol': 'udp', 'fromPort': '443'}, {'toPort': '80', 'ip': '52.35.23.0', 'cidr': '21', 'ipProtocol': 'tcp', 'fromPort': '80'}]}
>> my_conversion.generate_template(group_name='MySecurityGroup', vpc='vpc-82c92af3')
[INFO] Generated Troposphere object
>>> my_conversion.to_file(output_file_path='/mypath/artifact.yaml', format='yml')
[INFO] CF Template flushed to disk: /mypath/artifact.yaml
>>> my_conversion.to_file(output_file_path='/mypath/artifact.json', format='json')
[INFO] CF Template flushed to disk: /mypath/artifact.json
```
### Artifacts
```yaml
Outputs:
SecurityGroupId:
Description: Security Group Id
Value: !Ref 'MySecurityGroup'
Resources:
MySecurityGroup:
Properties:
GroupDescription: Security group created by automated process - MySecurityGroup
SecurityGroupIngress:
- CidrIp: 52.35.22.100/32
FromPort: '80'
IpProtocol: tcp
ToPort: '443'
- CidrIp: 52.35.22.101/32
FromPort: '443'
IpProtocol: udp
ToPort: '443'
- CidrIp: 52.35.23.0/21
FromPort: '80'
IpProtocol: tcp
ToPort: '80'
VpcId: vpc-82c92af3
Type: AWS::EC2::SecurityGroup
```
## Use cases
If you need to manage a lot of dynamic security group that allow access between multiple AWS accounts, you can use this to keep simple ip lists in your repo per environment / branch, and build them into cloudformation templates during your CICD template, this is easier to manage then making changes directly to a template stored on git.
Alternatively, one could automate the process of building CF templates using this tool -- pull requests can trigger build and update of existing stack (this will require contributions to this tool).
## Notes
Contributions welcome, no pip packages yet.
Plan is to expand this tool to help manage security groups.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
No source distribution files available for this release.See tutorial on generating distribution archives.
Built Distribution
pysec_aws-0.1-py2.7.egg
(6.7 kB
view hashes)
