Find out & update a particular IP in multiple SGs on AWS

Question

Wanted to list the SGs of a VPC that has a particular IP whitelisted. Update this IP to a different IP in all the SGs that contains it or create another rule in those SGs to add a new rule with the different IP.

Example:

 Consider 1.1.1.1/32 is present in 3 different SGs of a VPC namely: sg1, sg3, sg7. 

Out of a total of 10 SGs in the VPC, wanted to list & identify the 3 SGs that have the IP 1.1.1.1/32 whitelisted.

Trying the same via AWS CLI. Any help would be appreciated.

Answer 1

Wanted to list the SGs of a VPC that has a particular IP whitelisted

This command will return all SGs that has following IP whitelisted

Accepted variable

• IP
• Region

IP="1.1.1.1/32" && region=us-west-2 &&  aws ec2 describe-security-groups --region=$region  --filters Name=ip-permission.cidr,Values=$IP --query "SecurityGroups[*].{Name:GroupName,vpc:VpcId,sg:GroupId,Region:\``echo $region`\` }" --output table

Sample output

--------------------------------------------------------------------------------------------------------------------------------
|                                                    DescribeSecurityGroups                                                    |
+------------------------------------------------------------------------+------------+-----------------------+----------------+
|                                  Name                                  |  Region    |          sg           |      vpc       |
+------------------------------------------------------------------------+------------+-----------------------+----------------+
|  demo-sg                                                               |  us-west-2 |  sg-12345555555555555 |  vpc-12345  |