From 0e2f03627b19e295815c63c22fc0374de0913228 Mon Sep 17 00:00:00 2001
From: Sayeed Joseph <sayeedjoseph@Sayeeds-MacBook-Pro.local>
Date: Tue, 29 Jul 2025 12:27:01 -0400
Subject: [PATCH 1/2] feat: add support for deleting IP from a rds security
 group

---
 scripts/delete-rds-ip.sh | 99 ++++++++++++++++++++++++++++++----------
 scripts/toolbox.sh       | 15 ++++--
 2 files changed, 87 insertions(+), 27 deletions(-)

diff --git a/scripts/delete-rds-ip.sh b/scripts/delete-rds-ip.sh
index 74ffad1..dd0c684 100755
--- a/scripts/delete-rds-ip.sh
+++ b/scripts/delete-rds-ip.sh
@@ -1,55 +1,108 @@
 #!/bin/bash
 
+# Import common utility scripts
+source "./../utils/common.sh"
+source "$SCRIPT_DIR/../utils/colors.sh"
+
 # Store the first argument as the RDS DB Identifier
 RDS_DB_IDENTIFIER=$1
 shift 
 
-#  Initialize default values:
-IP_TO_DELETE=""
-PORT_TO_DELETE=5432
-PROTOCOL_TO_DELETE="tcp"
+# Initialize default values"
+CIDR="32"
+IP_TO_DELETE=$("$SCRIPT_DIR/get-ip.sh")
+PORT=5432
+PROTOCOL="tcp"
 DELETE_ALL=false
+IP_AND_CIDR="$IP_TO_DELETE/$CIDR"
 
 while [[ $# -gt 0 ]]; do
     case "$1" in 
-      --ip)
-        IP_TO_DELETE=$2
-        echo "delete $IP_TO_DELETE"
-        shift 2
-        ;;
-      --port)
-        PORT_TO_DELETE=$2
-        shift 2
-        echo "delete $PORT_TO_DELETE"
-        ;;
-      --protocol)
-        PROTOCOL_TO_DELETE=$2
-        echo "delete $PROTOCOL_TO_DELETE"
-        shift 2
-        ;;
       --all)
         DELETE_ALL=true
         shift
         ;;
+      --ip)
+        IP_TO_DELETE=$2
+        shift 2
+        ;;
       *)
       echo "Unknown flag: $1"
-      shift
       exit 1
       ;;
     esac
 done
 
+# Look up the security group for the given RDS DB
+SECURITY_GROUP_ID=$(aws rds describe-db-instances \
+ --db-instance-identifier "$RDS_DB_IDENTIFIER" \
+ --query "DBInstances[0].VpcSecurityGroups[0].VpcSecurityGroupId" --output text 2>/dev/null)
 
-# Optionally allow user to pass a specific IP to delete (otherwise use current public IP)
+if [ -z "$SECURITY_GROUP_ID" ] || [ "$SECURITY_GROUP_ID" == "None" ]; then
+  error "Could not find security group ID for RDS Database: $RDS_DB_IDENTIFIER"
+  echo -e "${BLUE}📋 Here are the available RDS DB Identifiers:${NC}"
+  aws rds describe-db-instances --query "DBInstances[*].DBInstanceIdentifier" --output text
+  exit 1
+fi
 
-# Look up the security group for the given RDS DB
+# Check if all flag is true to delete all IPs in the list.
+if [[ $DELETE_ALL == true ]]; then
+  read -p "⚠️  Are you sure you want to delete all IPs for security group: $SECURITY_GROUP_ID (y/N): " CONFIRMATION
+  
+  if [[ ! $CONFIRMATION =~ ^[Yy]$ ]]; then
+    echo "Deletion aborted."
+    exit 0
+  fi  
+
+  # TODO: refactor to complete full delete for DEV only
+  echo "Deleted All" 
+  exit 0
+fi
 
 # Check if IP includes the CIDR
+if [[ ! $IP_TO_DELETE == */* ]]; then 
+  echo "No CIDR provided. Defaulting to: $IP_TO_DELETE/$CIDR"
+  read -p "Do you want to change the CIDR: $CIDR? (y/N): " response
+  if [[ "$response" =~ ^[Yy]$ ]]; then
+    read -p  "Enter new CIDR (e.g. 24):" CIDR_OVERRIDE
+    CIDR=$CIDR_OVERRIDE
+  fi 
+  IP_AND_CIDR="$IP_TO_DELETE/$CIDR"
+else 
+  IP_AND_CIDR="$IP_TO_DELETE"
+fi
+
+# Prompt the user for the delete action
+warning "Are sure you want to delete the following IP rule: "$IP_AND_CIDR" from the following security Group: "$SECURITY_GROUP_ID"?  [y/N]"
+read -r CONFIRMATION
+
+if [[ ! $CONFIRMATION =~ ^[Yy]$ ]]; then
+  echo "❌ Deletion Canceled."
+  exit 0
+fi 
 
 # Check if the IP exists in the SG rules
+ALLOWED_IPS=$(aws ec2 describe-security-groups \
+ --group-id "$SECURITY_GROUP_ID" \
+ --query  "SecurityGroups[0].IpPermissions[*].IpRanges[*].CidrIp" \
+ --output text)
+
+if [[ ! "$ALLOWED_IPS" == *"$IP_AND_CIDR"* ]]; then
+  success "IP address doesn't exist in allow list"
+  exit 0
+fi
 
 # Delete the matching ingress rule if it exists
+REVOKE_OUTPUT=$(aws ec2 revoke-security-group-ingress \
+ --group-id "$SECURITY_GROUP_ID" \
+ --port $PORT \
+ --protocol $PROTOCOL \
+ --cidr "$IP_AND_CIDR" 2>&1)
 
-# Print success/failure messages with color
+if [[ $? -ne 0 ]]; then
+  error "Failed to delete IP rule: $REVOKE_OUTPUT"
+else 
+  success "Deleted IP Rule: $IP_AND_CIDR from security group: $SECURITY_GROUP_ID"
+fi
 
 exit 0
\ No newline at end of file
diff --git a/scripts/toolbox.sh b/scripts/toolbox.sh
index 8c6bbb9..fd12153 100755
--- a/scripts/toolbox.sh
+++ b/scripts/toolbox.sh
@@ -1,4 +1,5 @@
 #!/bin/bash 
+
 source "./../utils/common.sh"
 source "$SCRIPT_DIR/../utils/colors.sh"
 
@@ -7,7 +8,8 @@ CRUD_OPERATION=$1
 
 # Operations
 ADD_RDS_IP_RULE="add-rds-ip"
-# DELETE_RDS_IP_RULE="delete-rds-ip"
+DELETE_RDS_IP_RULE="delete-rds-ip"
+# VIEW_RDS_IP_RULES="view-rds-ips"
 
 # Call CRUD Operation
 if [[ "$CRUD_OPERATION"  == "$ADD_RDS_IP_RULE" ]]; then
@@ -15,9 +17,14 @@ if [[ "$CRUD_OPERATION"  == "$ADD_RDS_IP_RULE" ]]; then
     shift
     # All remaining arguments are passed down.
     ./add-rds-ip.sh "$@"
-# elif [[ "$CRUD_OPERATION"  == "$DELETE_RDS_IP_RULE" ]]; then
+elif [[ "$CRUD_OPERATION"  == "$DELETE_RDS_IP_RULE" ]]; then
+    shift 
+    ./delete-rds-ip.sh "$@"
+# elif [[ "$CRUD_OPERATION" == "$VIEW_RDS_IP_RULE" ]]; then
 #     shift 
-#     ./delete-rds-ip.sh "$@"
+#     ./view-rds-ips.sh "$@"
 else
     info "./toolbox.sh <"$ADD_RDS_IP_RULE"|"$DELETE_RDS_IP_RULE"> <db-identifier> [--flags]"
-fi 
\ No newline at end of file
+fi 
+
+exit 0
\ No newline at end of file

From c40b37cf2942e7419c99b33828f37a61ea4f8200 Mon Sep 17 00:00:00 2001
From: Sayeed Joseph <sayeedjoseph@Sayeeds-MacBook-Pro.local>
Date: Tue, 29 Jul 2025 12:28:03 -0400
Subject: [PATCH 2/2] refactor: set PORT and PROTOCOL defaults and update with
 todos

---
 scripts/add-rds-ip.sh | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/scripts/add-rds-ip.sh b/scripts/add-rds-ip.sh
index c05a857..feb4592 100755
--- a/scripts/add-rds-ip.sh
+++ b/scripts/add-rds-ip.sh
@@ -7,6 +7,15 @@ source "$SCRIPT_DIR/../utils/colors.sh"
 # Store passed RDS Database Identifier
 RDS_DB_IDENTIFIER=$1
 
+# TODO: Give flags to set port and protocol 
+
+# Set PORT and PROTOCOL Defaults
+PORT="5432"
+PROTOCOL="tcp"
+CIDR="32"
+# Use shift to find all the proceeding flags
+# update the variables
+
 # Check that the user passed a security group ID
 if [ -z "$RDS_DB_IDENTIFIER" ]; then
     error "Error: Please provide the RDS database Identifier"
@@ -52,9 +61,10 @@ if [[ "$ALLOWED_IPS" == *"$CURRENT_IP"* ]]; then
     exit 0
 fi 
 
-aws ec2 authorize-security-group-ingress --group-id "$SECURITY_GROUP_ID"   --protocol tcp --port 5432 --cidr "$CURRENT_IP/32"
-
-exit 0
+aws ec2 authorize-security-group-ingress --group-id "$SECURITY_GROUP_ID"   --protocol "$PROTOCOL" --port "$PORT" --cidr "$CURRENT_IP/$CIDR"
 
+# TODO: Check if operation failed.
 
+success "Added IP Rule: $CURRENT_IP/$CIDR to security group: $SECURITY_GROUP_ID"
 
+exit 0
\ No newline at end of file