-
Notifications
You must be signed in to change notification settings - Fork 2
/
region_kill_switch.py
66 lines (62 loc) · 2.3 KB
/
region_kill_switch.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
import boto3
import sys
from random import randint
def vpc(region='us-west-2'):
print('Processing VPCs')
client = boto3.client('ec2',region_name=region)
ec2 = boto3.resource('ec2',region_name=region)
vpcs = client.describe_vpcs()
for vpc in vpcs['Vpcs']:
ID = vpc['VpcId']
nacl_filter = [{'Name':'vpc-id', 'Values': [ID] }]
network_acls = client.describe_network_acls(Filters=nacl_filter)
nacls = network_acls['NetworkAcls']
if nacls:
for nacl in nacls:
print('{}'.format(nacl['NetworkAclId']))
# Block all Inbound traffic
client.create_network_acl_entry(
DryRun=True,
CidrBlock='0.0.0.0/0',
Egress=False,
Protocol='-1',
RuleAction='deny',
RuleNumber=1,
NetworkAclId=nacl['NetworkAclId']
)
client.create_network_acl_entry(
DryRun=True,
Ipv6CidrBlock='::0/0',
Egress=False,
Protocol='-1',
RuleAction='deny',
RuleNumber=2,
NetworkAclId=nacl['NetworkAclId']
)
# Block all Outbound traffic
client.create_network_acl_entry(
DryRun=True,
CidrBlock='0.0.0.0/0',
Egress=True,
Protocol='-1',
RuleAction='deny',
RuleNumber=1,
NetworkAclId=nacl['NetworkAclId']
)
client.create_network_acl_entry(
DryRun=True,
Ipv6CidrBlock='::0/0',
Egress=True,
Protocol='-1',
RuleAction='deny',
RuleNumber=2,
NetworkAclId=nacl['NetworkAclId']
)
#make them verify a random number because it will block traffic for all VPCs in that region.
rannum=randint(1000, 9999)
print("Please enter the following number to continue {}: ".format(rannum))
data = input()
if int(data) != rannum:
print('Error: verification number does not match')
sys.exit(1)
vpc('us-west-2')