def ec2_security_groups_with_in_use_flag(): """Returns security groups with an additional "InUse" key, which is True if it is associated with at least one resource. Possible resources: - EC2 - ELBs (v1 and v2) - RDS - Redshift - ElasticCache - ElasticSearchService - AutoScaling """ sec_groups = ec2_security_groups() in_use_sec_group_ids = defaultdict(int) # These resources have their security groups under 'SecurityGroups'. # Most of these are a list of dictionaries which include either SecurityGroupId # or GroupId, but some have just a list of group ids. resources = sum([ ec2_instances(), elbs(), elbs_v2(), elasticache_clusters(), autoscaling_launch_configurations() ], []) for resource in resources: for attached_sec_group in resource.get('SecurityGroups', []): if isinstance(attached_sec_group, dict): for key in ['SecurityGroupId', 'GroupId']: if key in attached_sec_group: in_use_sec_group_ids[attached_sec_group[key]] += 1 elif isinstance(attached_sec_group, str): in_use_sec_group_ids[attached_sec_group] += 1 else: raise Exception("Got security group value with a type of %s" % type(attached_sec_group)) # These resources have two types of security groups, therefore # the Vpc ones are namespaced under "VpcSecurityGroups" vpc_namespaced_resources = sum( [rds_db_instances(), redshift_clusters()], []) for resource in vpc_namespaced_resources: for attached_sec_group in resource.get('VpcSecurityGroups', []): in_use_sec_group_ids[attached_sec_group['VpcSecurityGroupId']] += 1 # ElasticSearchService does it a little differently for domain in elasticsearch_domains(): if 'VPCOptions' in domain: for attached_sec_group in domain['VPCOptions']['SecurityGroupIds']: in_use_sec_group_ids[attached_sec_group] += 1 for sec_group in sec_groups: if sec_group["GroupId"] in in_use_sec_group_ids.keys(): sec_group["InUse"] = True else: sec_group["InUse"] = False return sec_groups
import pytest from helpers import get_param_id from aws.elb.resources import elbs @pytest.mark.elb @pytest.mark.parametrize( "elb", elbs(), ids=lambda e: get_param_id(e, "LoadBalancerName"), ) def test_elb_instances_attached(elb): """ Checks to see that an ELB has attached instances and fails if there are 0 """ assert len(elb["Instances"]) > 0, "ELB has zero attached instances"