Last active
August 19, 2020 01:12
-
-
Save davxiao/6731bd673727b33ba519d2637f95d68c to your computer and use it in GitHub Desktop.
construct AWS CLI commands to delete and add back NACL egress rules in VPC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| MY_VPC_ID=vpc-012f140a162878def; | |
| PROFILE_NAME=lab-acc1; | |
| REGION_NAME=us-east-1; | |
| date | |
| echo "This script needs AWS CLI to run properly. It looks up in the AWS environment and construct commands for you." | |
| echo "It requires read only privileges, it does NOT change anything on your AWS environment." | |
| echo "MY_VPC_ID=$MY_VPC_ID" | |
| echo "PROFILE_NAME=$PROFILE_NAME" | |
| echo "REGION_NAME=$REGION_NAME" | |
| TMP_NACL_LIST=`aws ec2 describe-network-acls --filters Name=vpc-id,Values=$MY_VPC_ID --profile $PROFILE_NAME --region $REGION_NAME|jq --raw-output '.NetworkAcls[] | .NetworkAclId'` | |
| if [ -z "$TMP_NACL_LIST" ] | |
| then | |
| echo "Something went wrong. Quit." | |
| exit 1 | |
| fi | |
| echo "#### To remove egress rules from NACLs, run the following ####" | |
| for s in $TMP_NACL_LIST; do echo " aws ec2 delete-network-acl-entry --egress --rule-number 100 --network-acl-id $s --profile $PROFILE_NAME --region $REGION_NAME;"; done | |
| echo "#### To add back egress rules to NACLs, run the following ####" | |
| for s in $TMP_NACL_LIST; do echo " aws ec2 create-network-acl-entry --egress --rule-number 100 --protocol -1 --cidr-block 0.0.0.0/0 --rule-action allow --network-acl-id $s --profile $PROFILE_NAME --region $REGION_NAME;"; done | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment