如何遍歷所有aws區域以獲取安全組信息

Question

我無法遍歷我提供的AWS區域列表&我很困惑爲什麼列表從逆序開始？

此代碼基本上連接至所有AWS地區一個接一個，然後打印安全組的詳細信息：

regions = ['us-east-1','us-west-1','us-west-2','eu-west-1','sa-east-1','ap-southeast-1','ap-southeast-2','ap-northeast-1'] 
for region in regions: 
    connection=ec2.connect_to_region(region) 
    sg.extend(connection.get_all_security_groups()) 


def getTag(instanceId): 

    reservations=connection.get_all_instances(filters={'instance_id':instanceId}) 
    for res in reservations: 
     for instance in res.instances: 
      return instance.tags['Name'],instance.private_ip_address,instance.region 

try: 

    for securityGroup in sg: 
     for rule in securityGroup.rules: 
      global instanceId; 
      if rule.to_port == '22' and '0.0.0.0/0' in str(rule.grants): 
       for instanceid in securityGroup.instances(): 
        instanceId=str(instanceid) 
        print "Port 22 is open for 0.0.0.0/0:, SecurityGroupName: %s Instance Details --> : %s " %(securityGroup.name, getTag(instanceId.split(':')[1])) 

基於答案，我現在無法獲得實例的詳細信息，其結果是

Port 22 is open for 0.0.0.0/0:, SecurityGroupName: interview-linux Instance Details --> : None 
Port 22 is open for 0.0.0.0/0:, SecurityGroupName: interview-linux Instance Details --> : None 
Port 22 is open for 0.0.0.0/0:, SecurityGroupName: launch-wizard-mingjun Instance Details --> : None 
Port 22 is open for 0.0.0.0/0:, SecurityGroupName: SSH+HTTPS Instance Details --> : None 
Port 22 is open for 0.0.0.0/0:, SecurityGroupName: temp-engg-logi Instance Details --> : None 
Port 22 is open for 0.0.0.0/0:, SecurityGroupName: na-prod-1w-secgroup Instance Details --> : None 
Port 22 is open for 0.0.0.0/0:, SecurityGroupName: na-prod-1w-secgroup Instance Details --> : None 
Port 22 is open for 0.0.0.0/0:, SecurityGroupName: na-trial-1w-secgroup Instance Details --> : None 
Port 22 is open for 0.0.0.0/0:, SecurityGroupName: na-trial-1w-secgroup Instance Details --> : Non 

Answer 1

因爲在您的for region in regions:循環中，每次迭代都會覆蓋sg。你可能想要的是

sg = list() 
for region in regions: 
    connection=ec2.connect_to_region(region) 
    sg.extend(connection.get_all_security_groups()) 

編輯：（實例詳細信息 - >：無）

這裏的問題是，在我前面提到的循環，要覆蓋connection也即connection=ec2.connect_to_region(region)。

因此，當您在您的getTag方法中做connection.get_all_instances(filters={'instance_id':instanceId})時，instanceId只能在最後一個區域查找，即ap-northeast-1。由於實例不屬於這個區域，所以你得到None。

您需要重新安排你的代碼像

def getTag(connection, instanceId): 
    reservations=connection.get_all_instances(filters={'instance_id':instanceId}) 
    for res in reservations: 
     for instance in res.instances: 
      return instance.tags['Name'],instance.private_ip_address,instance.region 

regions = ['us-east-1','us-west-1','us-west-2','eu-west-1','sa-east-1','ap-southeast-1','ap-southeast-2','ap-northeast-1'] 
for region in regions: 
    connection=ec2.connect_to_region(region) 
    sg = connection.get_all_security_groups() 
    try: 
     for securityGroup in sg: 
      for rule in securityGroup.rules: 
       if rule.to_port == '22' and '0.0.0.0/0' in str(rule.grants): 
        for instanceid in securityGroup.instances(): 
         instanceId=str(instanceid) 
         print "Port 22 is open for 0.0.0.0/0:, SecurityGroupName: %s Instance Details --> : %s " %(securityGroup.name, getTag(connection, instanceId.split(':')[1]))