extract json

terraform · Mar 18, 2026 · c0a3e3f · c0a3e3f
1 parent 692b2cf
commit c0a3e3f
Showing 1 changed file with 23 additions and 10 deletions.
diff --git a/local-app/python-tools/cross-organization/check_security_groups.py b/local-app/python-tools/cross-organization/check_security_groups.py
@@ -1,14 +1,16 @@
 import boto3
 import csv
 import os
+import json
 from datetime import datetime
 
 # --- VERSIONING ---
-__version__ = "1.1.0"
+__version__ = "1.2.0"
 
 def account_task(account_session, account_id, account_name, region):
     """
-    Scans each region for Security Groups and generates a per-account CSV.
+    Scans for SGs, generates a per-account CSV, and saves individual 
+    JSON files in a structured directory tree.
     """
     results = {"alias": "N/A", "data": {}}
     csv_rows = []
@@ -25,7 +27,7 @@ def account_task(account_session, account_id, account_name, region):
                     for sg in page['SecurityGroups']:
                         group_id = sg['GroupId']
 
-                        # Extract and flatten tags for CSV
+                        # Prepare data structures
                         tags_dict = {t['Key']: t['Value'] for t in sg.get('Tags', [])}
                         tags_str = "|".join([f"{k}={v}" for k, v in tags_dict.items()])
 
@@ -37,33 +39,44 @@ def account_task(account_session, account_id, account_name, region):
                             "group_id": group_id,
                             "group_name": sg.get('GroupName', 'N/A'),
                             "description": sg.get('Description', 'N/A'),
-                            "tags": tags_str
+                            "tags": tags_str,
+                            "ip_permissions": sg.get('IpPermissions', []),
+                            "ip_permissions_egress": sg.get('IpPermissionsEgress', [])
                         }
+
+                        # 1. Save individual JSON file in structured path
+                        # Path: security_groups/{account_id}/{region}/{group_id}.json
+                        path = os.path.join("security_groups", account_id, reg)
+                        os.makedirs(path, exist_ok=True)
 
-                        # JSON data structure
+                        file_path = os.path.join(path, f"{group_id}.json")
+                        with open(file_path, 'w') as jf:
+                            json.dump(sg_data, jf, indent=2)
+
+                        # 2. Collect data for JSON result and CSV
                         results["data"][f"{reg}:{group_id}"] = {
                             "resource": f"arn:aws:ec2:{reg}:{account_id}:security-group/{group_id}",
                             **sg_data,
-                            "raw_tags": tags_dict # Keep dict for easier JSON processing
+                            "raw_tags": tags_dict
                         }
-
                         csv_rows.append(sg_data)
 
             except Exception:
                 continue
 
-        # Generate per-account CSV file
+        # 3. Generate per-account CSV file
         if csv_rows:
             ds = datetime.now().strftime("%Y%m%dT%H%M%S")
             csv_file = f"security_groups_{account_id}_{ds}.csv"
             fields = ["account_id", "region", "vpc_id", "owner_id", "group_id", "group_name", "description", "tags"]
 
             with open(csv_file, 'w', newline='') as f:
-                writer = csv.DictWriter(f, fieldnames=fields)
+                # Use extrasaction='ignore' to skip the raw rule lists in the CSV
+                writer = csv.DictWriter(f, fieldnames=fields, extrasaction='ignore')
                 writer.writeheader()
                 writer.writerows(csv_rows)
 
-            print(f"  Created: {csv_file}")
+            print(f"  Account {account_id}: CSV and {len(csv_rows)} JSON files created.")
 
         results["data"]["account_summary"] = {"_summary": f"SG_COUNT:{len(results['data'])-1}"}