mil1i · mil1i · Aug 9, 2022 · Aug 9, 2022 · Aug 9, 2022
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -0,0 +1,3 @@
+{
+    "python.formatting.provider": "black"
+}
diff --git a/library/security_group_manager.py b/library/security_group_manager.py
diff --git a/main.py b/main.py
@@ -1,11 +1,15 @@
 #!/usr/bin/env python3
 
+
+import sys
+
 try:
     import boto3
     import botocore.exceptions
 except ImportError as e:
     boto3, botocore, botocore.exceptions = None, None, None
-    exit("You must install boto3 python module in order to run this tool!")
+    sys.exit("You must install boto3 python module in order to run this tool!")
+
 import argparse
 import os
 from library.security_group_manager import SecurityGroupManager
@@ -17,37 +21,95 @@ def main():
 
     # Parse arguments
     parser = argparse.ArgumentParser(description="Show unused security groups")
-    parser.add_argument("--profile", type=str, default=default_profile, help="AWS Profile to use for making the call")
-    parser.add_argument("-r", "--region", type=str, default=default_region, help="The default region is us-east-1.")
-    parser.add_argument("-p", "--ports", type=int, nargs="+",
-                        default=[20, 21, 22, 389, 53, 445, 1433, 1434, 3306, 3389, 4333, 5432, 5500],
-                        help="Specify ports deemed bad to be opened to the public to filter for. (seperate by space)")
-    parser.add_argument("--equals", type=str, nargs="+", dest="equals",
-                        default=["default", "eks-cluster-default"],
-                        help="Specify security group names to whitelist, exact match. (seperate by space)")
-    parser.add_argument("--starts-with", type=str, nargs="+", dest="startswith",
-                        default=["d-", "AWS-OpsWorks-", "aurora-rds-"],
-                        help="Specify security group names to whitelist, name starts with. (seperate by space)")
-    parser.add_argument("--ends-with", type=str, nargs="+", dest="endswith",
-                        default=["-ecs-service-sg", "-ecs-task-sg"],
-                        help="Specify security group names to whitelist, name ends with. (seperate by space)")
-    parser.add_argument("--outdir", type=str, default=None, help="Directory to dump security groups in json format")
-    parser.add_argument("--restore", type=str, default=None, help="Directory to use to restore SecurityGroups from")
-    parser.add_argument("--restore-ingress-rules", dest="restore_ingress_rules", action="store_true",
-                        help="Restore ingress rules to security group when restoring from backup")
-    parser.add_argument("--report", type=str, default=None, help="Directory to create the security output report in")
-    parser.add_argument("-b", "--bad-only", dest="badonly",
-                        help="Filter for only ports flagged as bad", action="store_true")
-    parser.add_argument("-d", "--delete", help="Delete security groups from AWS", action="store_true")
-    parser.add_argument("-m", "--mark", help="Mark security group for removal prior to deleting", action="store_true")
-    parser.add_argument("--remove-ingress-rules", dest="remove_ingress_rules", action="store_true",
-                        help="Remove ingress rules from security group when marking for deletion")
-    parser.add_argument("--dryrun", help="Enable the DryRun flag to not make changes to any resources",
-                        action="store_true")
+    parser.add_argument(
+        "--profile",
+        type=str,
+        default=default_profile,
+        help="AWS Profile to use for making the call",
+    )
+    parser.add_argument(
+        "-r", "--region", type=str, default=default_region, help="The default region is us-east-1."
+    )
+    parser.add_argument(
+        "-p",
+        "--ports",
+        type=int,
+        nargs="+",
+        default=[20, 21, 22, 389, 53, 445, 1433, 1434, 3306, 3389, 4333, 5432, 5500],
+        help="Specify ports deemed bad to be opened to the public to filter for. (seperate by space)",
+    )
+    parser.add_argument(
+        "--equals",
+        type=str,
+        nargs="+",
+        dest="equals",
+        default=["default", "eks-cluster-default"],
+        help="Specify security group names to whitelist, exact match. (seperate by space)",
+    )
+    parser.add_argument(
+        "--starts-with",
+        type=str,
+        nargs="+",
+        dest="startswith",
+        default=["d-", "AWS-OpsWorks-", "aurora-rds-"],
+        help="Specify security group names to whitelist, name starts with. (seperate by space)",
+    )
+    parser.add_argument(
+        "--ends-with",
+        type=str,
+        nargs="+",
+        dest="endswith",
+        default=["-ecs-service-sg", "-ecs-task-sg"],
+        help="Specify security group names to whitelist, name ends with. (seperate by space)",
+    )
+    parser.add_argument(
+        "--outdir", type=str, default=None, help="Directory to dump security groups in json format"
+    )
+    parser.add_argument(
+        "--restore", type=str, default=None, help="Directory to use to restore SecurityGroups from"
+    )
+    parser.add_argument(
+        "--restore-ingress-rules",
+        dest="restore_ingress_rules",
+        action="store_true",
+        help="Restore ingress rules to security group when restoring from backup",
+    )
+    parser.add_argument(
+        "--report", type=str, default=None, help="Directory to create the security output report in"
+    )
+    parser.add_argument(
+        "-b",
+        "--bad-only",
+        dest="badonly",
+        help="Filter for only ports flagged as bad",
+        action="store_true",
+    )
+    parser.add_argument(
+        "-d", "--delete", help="Delete security groups from AWS", action="store_true"
+    )
+    parser.add_argument(
+        "-m",
+        "--mark",
+        help="Mark security group for removal prior to deleting",
+        action="store_true",
+    )
+    parser.add_argument(
+        "--remove-ingress-rules",
+        dest="remove_ingress_rules",
+        action="store_true",
+        help="Remove ingress rules from security group when marking for deletion",
+    )
+    parser.add_argument(
+        "--dryrun",
+        help="Enable the DryRun flag to not make changes to any resources",
+        action="store_true",
+    )
     args = parser.parse_args()
 
     if args.mark and not args.outdir:
-        exit("Please specify a directory to backup security groups to before marking for deletion")
+        sys.exit(
+            "Please specify a directory to backup security groups to before marking for deletion"
+        )
 
     if args.profile:
         session = boto3.Session(profile_name=args.profile, region_name=args.region)
@@ -61,32 +123,35 @@ def main():
         ec2resource = session.resource("ec2", region_name=args.region)
         if len(sg_manager.marked_sgs) <= 0:
             print("No security groups marked for deletion!")
-            exit(0)
+            sys.exit(0)
         for sg in sg_manager.marked_sgs:
             delete_sg = ec2resource.SecurityGroup(sg["GroupId"])
             try:
                 delete_sg.delete(DryRun=args.dryrun)
                 print(f"{sg['GroupId']}: deleted security group")
             except botocore.exceptions.ClientError as error:
-                if error.response["Error"]["Code"] == 'DryRunOperation':
-                    print(f"DryRunOperation - DeleteSecurityGroup ({sg['GroupId']}):"
-                          f" {error.response['Error']['Message']}")
+                if error.response["Error"]["Code"] == "DryRunOperation":
+                    print(
+                        f"DryRunOperation - DeleteSecurityGroup ({sg['GroupId']}):"
+                        f" {error.response['Error']['Message']}"
+                    )
         print(f"Deleted {len(sg_manager.marked_sgs)} security groups")
-        exit(0)
+        sys.exit(0)
 
     if args.restore:
         sg_manager.load_from_file(args.restore)
         ec2resource = session.resource("ec2", region_name=args.region)
         sg_manager.restore_security_groups(ec2resource)
         print(f"Completed restoring security groups from '{args.restore}'")
-        exit(0)
+        sys.exit(0)
 
     sg_manager.get_unused_groups()
 
     if args.outdir:
         for sg in sg_manager.all_security_groups:
-            if sg["GroupId"] in sg_manager.delete_bad_groups or \
-                    (sg["GroupId"] in sg_manager.delete_groups and not args.badonly):
+            if sg["GroupId"] in sg_manager.delete_bad_groups or (
+                sg["GroupId"] in sg_manager.delete_groups and not args.badonly
+            ):
                 ec2client = session.client("ec2", region_name=args.region)
                 if not sg_manager.is_marked_for_deletion(ec2client, sg):
                     sg_manager.dump_to_file(args.outdir, sg)
@@ -98,34 +163,38 @@ def main():
         sg_manager.get_resources_using_group(args.report)
 
     if len(set(sg_manager.delete_groups)) > 0:
-        print("---------------")
-        print("Activity Report")
-        print("---------------")
-
-        print(u"Total number of EC2 Instances evaluated: {0:d}".format(len(sg_manager.instances)))
-        print(u"Total number of ECS Clusters evaluated: {0:d}".format(len(sg_manager.ecs_clusters)))
-        print(u"Total number of ECS Services evaluated: {0:d}".format(len(sg_manager.ecs_services)))
-        print(u"Total number of Load Balancers evaluated: {0:d}".format(len(sg_manager.elb_lbs) +
-                                                                        len(sg_manager.elbv2_lbs)))
-        print(u"Total number of RDS Instances evaluated: {0:d}".format(len(sg_manager.rds_instances)))
-        print(u"Total number of Network Interfaces evaluated: {0:d}".format(len(sg_manager.elastic_network_instances)))
-        print(u"Total number of Lambda Functions evaluated: {0:d}".format(len(sg_manager.lambda_functions)))
-
-        print("\n---------------")
-        print("SUMMARY")
-        print("---------------")
-        print(u"Total number of Security Groups evaluated: {0:d}".format(len(set(sg_manager.all_groups))))
-
-        print("\n---IN-USE----\n")
-        print(u"Total number of Security Groups in-use evaluated: {0:d}".format(len(set(sg_manager.groups_in_use))))
-        print(u"Total number of Bad Security Groups in-use evaluated: {0:d}".format(
-            len(set(sg_manager.bad_groups_in_use))))
-        print("\n--NOT-IN-USE--\n")
-        print(u"Total number of Unused Security Groups targeted for removal: {0:d}".
-              format(len(set(sg_manager.delete_groups))))
-        print(u"Total number of Unused Bad Security Groups targeted for removal: {0:d}".
-              format(len(set(sg_manager.delete_bad_groups))))
-        print("---------------")
+        print(
+            f"""
+---------------
+Activity Report
+---------------
+
+Total number of EC2 Instances evaluated: {len(sg_manager.instances):d}
+Total number of ECS Clusters evaluated: {len(sg_manager.ecs_clusters):d}
+Total number of ECS Services evaluated: {len(sg_manager.ecs_services):d}
+Total number of Load Balancers evaluated: {(len(sg_manager.elb_lbs) + len(sg_manager.elbv2_lbs)):d}
+Total number of RDS Instances evaluated: {len(sg_manager.rds_instances):d}
+Total number of Network Interfaces evaluated: {len(sg_manager.elastic_network_instances):d}
+Total number of Lambda Functions evaluated: {len(sg_manager.lambda_functions):d}
+
+---------------
+SUMMARY
+---------------
+Total number of Security Groups evaluated: {len(set(sg_manager.all_groups)):d}
+
+
+--IN-USE--
+
+Total number of Security Groups in-use evaluated: {len(set(sg_manager.groups_in_use)):d}
+Total number of Bad Security Groups in-use evaluated: {len(set(sg_manager.bad_groups_in_use)):d}
+
+--NOT-IN-USE--
+
+Total number of Unused Security Groups targeted for removal: {len(set(sg_manager.delete_groups)):d}"
+Total number of Unused Bad Security Groups targeted for removal: {len(set(sg_manager.delete_bad_groups)):d}
+---------------
+"""
+        )
 
 
 if __name__ == "__main__":