-
Notifications
You must be signed in to change notification settings - Fork 2
/
index.js
54 lines (48 loc) · 1.92 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
var AWS = require('aws-sdk');
var ec2 = new AWS.EC2({region: "us-east-1"});
const filterTagName = "RevokeAllIngressAtMidnight";
const params = {
Filters: [
{ Name: "tag-key", Values: [ filterTagName ] },
{ Name: "tag-value", Values: [ "true" ] }
]
};
function resetSecurityGroupRules(event, context, callback) {
console.log("Describing security groups...");
ec2.describeSecurityGroups(params).promise().then(function(groups) {
console.log(`Successfully described security groups: ${JSON.stringify(groups)}`);
let promises = groups.SecurityGroups.map(revokeSecurityGroupIngress);
Promise.all(promises).then(resultArray => {
console.log(`Successfully revoked all permissions. resultArray=${JSON.stringify(resultArray)}`);
callback(null, `Successfully revoked all permissions. resultArray=${JSON.stringify(resultArray)}`);
})
}).catch(function(err) {
console.log(`ERROR revoking security groups. err=${JSON.stringify(err)}`);
callback(err);
})
}
function revokeSecurityGroupIngress(group) {
if (group.IpPermissions.length > 0) {
var revokeParams = {
IpPermissions: group.IpPermissions.map(mapIpPermissions),
GroupId: group.GroupId
};
console.log(`Promising to to revoke permissions with the following params: ${JSON.stringify(revokeParams)}`);
return ec2.revokeSecurityGroupIngress(revokeParams).promise().then(function(data) {
console.log(`Successfully revoked permissions on group "${group.GroupName}"`);
return `Successfully revoked permissions on group "${group.GroupName}"`;
});
} else {
console.log(`No permissions to revoke on group "${group.GroupName}"`);
return `No permissions to revoke on group "${group.GroupName}"`;
}
}
function mapIpPermissions(item) {
return {
FromPort: item.FromPort,
IpProtocol: item.IpProtocol,
IpRanges: item.IpRanges,
ToPort: item.ToPort
}
}
exports.handler = resetSecurityGroupRules;