lambda/guardduty_to_acl_lambda.py [122:164]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - def get_netacl_id(subnet_id): try: ec2 = boto3.client('ec2') response = ec2.describe_network_acls( Filters=[ { 'Name': 'association.subnet-id', 'Values': [ subnet_id, ] } ] ) netacls = response['NetworkAcls'][0]['Associations'] for i in netacls: if i['SubnetId'] == subnet_id: netaclid = i['NetworkAclId'] return netaclid except Exception as e: return [] # Get the current NACL rules in the range 71-80 def get_nacl_rules(netacl_id): ec2 = boto3.client('ec2') response = ec2.describe_network_acls( NetworkAclIds=[ netacl_id, ] ) naclrules = [] for i in response['NetworkAcls'][0]['Entries']: naclrules.append(i['RuleNumber']) naclrulesf = list(filter(lambda x: 71 <= x <= 80, naclrules)) return naclrulesf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - scripts/gd2acl-sync-check.py [58:100]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - def get_netacl_id(subnet_id): try: ec2 = boto3.client('ec2') response = ec2.describe_network_acls( Filters=[ { 'Name': 'association.subnet-id', 'Values': [ subnet_id, ] } ] ) netacls = response['NetworkAcls'][0]['Associations'] for i in netacls: if i['SubnetId'] == subnet_id: netaclid = i['NetworkAclId'] return netaclid except Exception as e: return [] def get_nacl_rules(netacl_id): ec2 = boto3.client('ec2') response = ec2.describe_network_acls( NetworkAclIds=[ netacl_id, ] ) naclrules = [] for i in response['NetworkAcls'][0]['Entries']: naclrules.append(i['RuleNumber']) naclrulesf = list(filter(lambda x: 71 <= x <= 80, naclrules)) return naclrulesf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -