AWS Check IP Whitelisting

Python Boto3 script to print all SG rules attached to a LoadBalancer

• How to list or check all the Security group rules attached to ELB/ALB
• How to find out if specific IP is whitelisted or not

Solution :  https://github.com/vettom/Aws-Boto3/blob/master/lb-whitelistcheck.py

AWS Boto3 script will take Loadbalancer as argument and loop through all Security groups attached and print or check if IP provided are whitelisted or not.

Help is available by run -h at anypoint

• Listing all Security Group rules attached to an ALB

   ./lb-whitelistcheck.py alb -l vettomalb1 -p vettomprofile -r eu-central-1

  INFO : Printing SG rules attached to ALB vettomalb1 using Profile=vettomprofile, Region=eu-central-1

  Procssing SG ['sg-00bb3ba21b32d6e', 'sg-07677a1dea9c6a']

 sg-003ba21b7832d6e  54.20.13.152/32  80 - 443

 sg-00bba21b7832d6e  54.28.231.43/32  80 - 443

 sg-00bb3bab7832d6e  56.208.110.37/32  80 - 443

 sg-07d7dd42ae859cd  192.150.3.2/32  22 - 443

• Check if provided IP are whitelisted or not

./lb-whitelistcheck.py albcheck -l vettomalb1 -p vettomprofile -r eu-central-1 -s 192.147.118.254 192.168.3.2 10.50.0.0

192.147.118.254 allowed in SG=sg-07d7f2ae859cd Rule=192.147.118.254/32 Ports 22-443

192.168.3.2 not whitelisted.

10.50.0.0 allowed in SG=sg-0f9f542ae859cd Rule=10.50.0.0/24 Ports 22-22