AWS EC2 Firewall rules are defined within security groups. Security groups are attached to an instance. An instance can have up to 5 security groups. Essentially, this script gathers all the security groups associated with an instance, loops through them, and then outputs the ingress and egress rules of each security group to a file in a text format.
#!/bin/bash
# set variables
instanceid='i-xxxxxxxxxxxxxxxx'
region='us-east-1'
profile='sample'
# log and temp files
output="ec2-sg.log"
tmpfil="ec2-sg.tmp"
# empty log at start
> $output
# get sg ids
aws ec2 describe-instances \
--instance-ids $instanceid \
--region $region \
--profile $profile \
--query 'Reservations[*].Instances[*].SecurityGroups[*].[GroupId]' --output text > $tmpfil
while read -r id; do
echo '============================================' >> $output
echo $id >> $output
echo '============================================' >> $output
echo '---------------- INGRESS -------------------' >> $output
aws ec2 describe-security-groups \
--group-ids $id \
--profile $profile \
--region $region \
--output text \
--query 'SecurityGroups[].IpPermissions[].[FromPort,ToPort,IpProtocol,IpRanges[].CidrIp[]|[0]]' >> $output
echo '---------------- EGRESS --------------------' >> $output
aws ec2 describe-security-groups \
--group-ids $id \
--profile $profile \
--region $region \
--output text \
--query 'SecurityGroups[].IpPermissionsEgress[].[FromPort,ToPort,IpProtocol,IpRanges[].CidrIp[]|[0]]' >> $output
done < $tmpfil
Here's a sample output.
============================================
sg-xxxxxxxxxxxxxxx
============================================
---------------- INGRESS -------------------
5985 5985 tcp 10.0.0.220/32
10005 10005 tcp 10.0.0.164/32
---------------- EGRESS --------------------
80 80 tcp 10.0.0.14/32
40000 65535 udp 10.0.0.0/8
3389 3389 tcp 10.0.0.96/32
9389 9389 tcp 10.0.0.0/8
5985 5986 tcp 10.0.0.96/32