From c0a3e3f26b14aa0fd464f422c08aee206054c5de Mon Sep 17 00:00:00 2001 From: badra001 Date: Wed, 18 Mar 2026 13:09:57 -0400 Subject: [PATCH] extract json --- .../check_security_groups.py | 33 +++++++++++++------ 1 file changed, 23 insertions(+), 10 deletions(-) diff --git a/local-app/python-tools/cross-organization/check_security_groups.py b/local-app/python-tools/cross-organization/check_security_groups.py index b5ecbee2..5b379ee7 100644 --- a/local-app/python-tools/cross-organization/check_security_groups.py +++ b/local-app/python-tools/cross-organization/check_security_groups.py @@ -1,14 +1,16 @@ import boto3 import csv import os +import json from datetime import datetime # --- VERSIONING --- -__version__ = "1.1.0" +__version__ = "1.2.0" def account_task(account_session, account_id, account_name, region): """ - Scans each region for Security Groups and generates a per-account CSV. + Scans for SGs, generates a per-account CSV, and saves individual + JSON files in a structured directory tree. """ results = {"alias": "N/A", "data": {}} csv_rows = [] @@ -25,7 +27,7 @@ def account_task(account_session, account_id, account_name, region): for sg in page['SecurityGroups']: group_id = sg['GroupId'] - # Extract and flatten tags for CSV + # Prepare data structures tags_dict = {t['Key']: t['Value'] for t in sg.get('Tags', [])} tags_str = "|".join([f"{k}={v}" for k, v in tags_dict.items()]) @@ -37,33 +39,44 @@ def account_task(account_session, account_id, account_name, region): "group_id": group_id, "group_name": sg.get('GroupName', 'N/A'), "description": sg.get('Description', 'N/A'), - "tags": tags_str + "tags": tags_str, + "ip_permissions": sg.get('IpPermissions', []), + "ip_permissions_egress": sg.get('IpPermissionsEgress', []) } + + # 1. Save individual JSON file in structured path + # Path: security_groups/{account_id}/{region}/{group_id}.json + path = os.path.join("security_groups", account_id, reg) + os.makedirs(path, exist_ok=True) - # JSON data structure + file_path = os.path.join(path, f"{group_id}.json") + with open(file_path, 'w') as jf: + json.dump(sg_data, jf, indent=2) + + # 2. Collect data for JSON result and CSV results["data"][f"{reg}:{group_id}"] = { "resource": f"arn:aws:ec2:{reg}:{account_id}:security-group/{group_id}", **sg_data, - "raw_tags": tags_dict # Keep dict for easier JSON processing + "raw_tags": tags_dict } - csv_rows.append(sg_data) except Exception: continue - # Generate per-account CSV file + # 3. Generate per-account CSV file if csv_rows: ds = datetime.now().strftime("%Y%m%dT%H%M%S") csv_file = f"security_groups_{account_id}_{ds}.csv" fields = ["account_id", "region", "vpc_id", "owner_id", "group_id", "group_name", "description", "tags"] with open(csv_file, 'w', newline='') as f: - writer = csv.DictWriter(f, fieldnames=fields) + # Use extrasaction='ignore' to skip the raw rule lists in the CSV + writer = csv.DictWriter(f, fieldnames=fields, extrasaction='ignore') writer.writeheader() writer.writerows(csv_rows) - print(f" Created: {csv_file}") + print(f" Account {account_id}: CSV and {len(csv_rows)} JSON files created.") results["data"]["account_summary"] = {"_summary": f"SG_COUNT:{len(results['data'])-1}"}