A repository of small gists and scripts to accomplish tasks. (Meant to mimic GH's Gists)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 

50 lines
2.5 KiB

import boto3
# Source AWS profile and security group information
source_profile_name = "SOURCE_PROFILE_NAME"
source_region_name = "SOURCE_REGION_NAME"
source_security_group_id = "SOURCE_SECURITY_GROUP_ID"
# Destination AWS profile and VPC information
destination_profile_name = "DESTINATION_PROFILE_NAME"
destination_region_name = "DESTINATION_REGION_NAME"
destination_vpc_id = "DESTINATION_VPC_ID"
# Create boto3 sessions for source and destination AWS profiles
source_session = boto3.Session(profile_name=source_profile_name, region_name=source_region_name)
destination_session = boto3.Session(profile_name=destination_profile_name, region_name=destination_region_name)
# Create boto3 clients for source and destination AWS accounts
source_ec2 = source_session.client('ec2')
destination_ec2 = destination_session.client('ec2')
# Retrieve source security group information
response = source_ec2.describe_security_groups(GroupIds=[source_security_group_id])
# Create a new security group in the destination VPC with the same name as the source security group
new_security_group = destination_ec2.create_security_group(GroupName=response['SecurityGroups'][0]['GroupName'],
Description=response['SecurityGroups'][0]['Description'],
VpcId=destination_vpc_id)
# Add the inbound and outbound rules from the source security group to the new security group
for ip_permission in response['SecurityGroups'][0]['IpPermissions']:
try:
destination_ec2.authorize_security_group_ingress(GroupId=new_security_group['GroupId'],
IpPermissions=[ip_permission])
except destination_ec2.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidPermission.Duplicate':
print(f"Rule already exists in new security group: {ip_permission}")
else:
raise e
for ip_permission in response['SecurityGroups'][0]['IpPermissionsEgress']:
try:
destination_ec2.authorize_security_group_egress(GroupId=new_security_group['GroupId'],
IpPermissions=[ip_permission])
except destination_ec2.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidPermission.Duplicate':
print(f"Rule already exists in new security group: {ip_permission}")
else:
raise e
print(f"Security group copied successfully! New security group ID: {new_security_group['GroupId']}")