Working towards #20

fireflycons · Jul 9, 2019 · cbad5c8 · cbad5c8
1 parent 57d576e
commit cbad5c8
Show file tree

Hide file tree

Showing 5 changed files with 135 additions and 39 deletions.
diff --git a/RELEASENOTES.md b/RELEASENOTES.md
@@ -1,5 +1,10 @@
 # Release Notes
 
+## 0.15.0
+
+* New Command `Get-ATEC2SecurityGroupDependencies`. Given a security group ID or IDs, find all network interfaces and other security groups that refer to the input IDs.
+Useful before trying to delete a group, as it will not delete if it has any dependecies.
+
 ## 0.14.1
 
 * Fix a bug that arose today. Seems AWS have changed S3 URL format for urls with region in. Was s3-eu-west-1, now s3.eu-west-1. Either way, support both.

diff --git a/aws-toolbox/Private/EC2/Get-SecurityGroupWithStack.ps1 b/aws-toolbox/Private/EC2/Get-SecurityGroupWithStack.ps1
@@ -0,0 +1,52 @@
+function Get-SecurityGroupWithStack
+{
+    <#
+        .SYNOPSIS
+            Return security group ID with the name of the stack that created the group
+            Helps us to spot default SGs created by EB
+    #>
+    [CmdletBinding()]
+    param
+    (
+        [Parameter(ValueFromPipelineByPropertyName)]
+        [string[]]$GroupId
+    )
+
+    begin
+    {}
+
+    process
+    {
+        $GroupId |
+        ForEach-Object {
+            $sg = Get-EC2SecurityGroup -GroupId $_
+
+            if ($null -ne $sg)
+            {
+                # Determine how it was created from tags
+                $stackName = $sg.Tags |
+                Where-Object {
+                    $_.Key -ieq 'aws:cloudformation:stack-name'
+                } |
+                Select-Object -ExpandProperty Value
+
+                if (-not $stackName)
+                {
+                    $stackName = '*NONE*'
+                }
+
+                New-Object PSObject -Property @{
+                    SecurityGroupId = $_
+                    OwningStack     = $stackName
+                } |
+                Add-Member -PassThru -MemberType ScriptMethod -Name ToString -Force -Value {
+                    "$($this.SecurityGroupId) ($($this.OwningStack))"
+                }
+            }
+        }
+    }
+
+    end
+    {}
+}
+
diff --git a/aws-toolbox/Public/EB/Get-ATEBEnvironmentResourceList.ps1 b/aws-toolbox/Public/EB/Get-ATEBEnvironmentResourceList.ps1
@@ -60,44 +60,6 @@ function Get-ATEBEnvironmentResourceList
         [switch]$AsText
     )
 
-    function Get-SecurityGroupWithStack
-    {
-        <#
-            .SYNOPSIS
-                Return security group ID with the name of the stack that created the group
-                Helps us to spot default SGs created by EB
-        #>
-        param
-        (
-            [string[]]$GroupId
-        )
-
-        $GroupId |
-            ForEach-Object {
-            $sg = Get-EC2SecurityGroup -GroupId $_
-
-            # Determine how it was created from tags
-            $stackName = $sg.Tags |
-                Where-Object {
-                $_.Key -ieq 'aws:cloudformation:stack-name'
-            } |
-                Select-Object -ExpandProperty Value
-
-            if (-not $stackName)
-            {
-                $stackName = '*NONE*'
-            }
-
-            New-Object PSObject -Property @{
-                SecurityGroupId = $_
-                OwningStack     = $stackName
-            } |
-                Add-Member -PassThru -MemberType ScriptMethod -Name ToString -Force -Value {
-                "$($this.SecurityGroupId) ($($this.OwningStack))"
-            }
-        }
-    }
-
     # Pass relevant arguments from function call to Get-EBEnvironment
     $envArgs = @{}
 

diff --git a/aws-toolbox/Public/EC2/Get-ATEC2SecurityGroupDependencies.ps1 b/aws-toolbox/Public/EC2/Get-ATEC2SecurityGroupDependencies.ps1
@@ -0,0 +1,76 @@
+function Get-ATEC2SecurityGroupDependencies
+{
+    param
+    (
+        [Parameter(ValueFromPipeline)]
+        [string[]]$GroupId,
+
+        [switch]$AsText
+    )
+
+    begin
+    {
+        function Get-ENIDetails
+        {
+            [CmdletBinding()]
+            param
+            (
+                [Parameter(ValueFromPipelineByPropertyName)]
+                [string[]]$NetworkInterfaceId
+            )
+
+            begin
+            { }
+
+            process
+            {
+                $NetworkInterfaceId |
+                Foreach-Object {
+                    New-Object PSObject -Property @{
+                        NetworkInterface = $_
+                        Instance         = Get-EC2Instance -Filter @{ Name = 'network-interface.network-interface-id'; Values = $_ } |
+                        Select-Object -ExpandProperty Instances |
+                        Select-Object -ExpandProperty InstanceId
+                    }
+                }
+            }
+        }
+    }
+
+    process
+    {
+        $GroupId |
+        Foreach-Object {
+
+            $sgs = Get-SecurityGroupWithStack -GroupId $_
+
+            if ($null -ne $sgs)
+            {
+                $sg = $sgs.SecurityGroupId
+
+                New-Object PSObject -Property @{
+                    SecurityGroup     = $sgs
+                    NetworkInterfaces = Get-EC2NetworkInterface -Filter @{ Name = 'group-id'; Values = $sg } |
+                    Get-ENIDetails
+
+                    IngressReferences = Get-EC2SecurityGroup -Filter @{ Name = 'ip-permission.group-id'; Values = $sg } |
+                    Get-SecurityGroupWithStack |
+                    Where-Object {
+                        $_.SecurityGroupId -ne $sgs.SecurityGroupId
+                    }
+
+                    EgressReferences  = Get-EC2SecurityGroup -Filter @{ Name = 'egress.ip-permission.group-id'; Values = $sg } |
+                    Get-SecurityGroupWithStack |
+                    Where-Object {
+                        $_.SecurityGroupId -ne $sgs.SecurityGroupId
+                    }
+                }
+            }
+        }
+    }
+
+    end
+    {
+
+    }
+}
diff --git a/aws-toolbox/aws-toolbox.psd1 b/aws-toolbox/aws-toolbox.psd1
@@ -11,7 +11,7 @@
     RootModule        = 'aws-toolbox.psm1'
 
     # Version number of this module.
-    ModuleVersion     = '0.14.1'
+    ModuleVersion     = '0.15.0'
 
     # ID used to uniquely identify this module
     GUID              = 'e3c04d58-4e7d-4572-9e81-3b3a93f1a518'
@@ -52,6 +52,7 @@
         'Compress-ATLMLambdaPackage'
         'Set-ATConfigurationItem'
         'Invoke-ATDiffTool'
+        'Get-ATEC2SecurityGroupDependencies'
         )
 
     # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.