Delete rds ip

scripts/add-rds-ip.sh

@@ -7,6 +7,15 @@ source "$SCRIPT_DIR/../utils/colors.sh"
 # Store passed RDS Database Identifier
 RDS_DB_IDENTIFIER=$1
 
+# TODO: Give flags to set port and protocol 
+
+# Set PORT and PROTOCOL Defaults
+PORT="5432"
+PROTOCOL="tcp"
+CIDR="32"
+# Use shift to find all the proceeding flags
+# update the variables
+
 # Check that the user passed a security group ID
 if [ -z "$RDS_DB_IDENTIFIER" ]; then
     error "Error: Please provide the RDS database Identifier"
@@ -52,9 +61,10 @@ if [[ "$ALLOWED_IPS" == *"$CURRENT_IP"* ]]; then
     exit 0
 fi 
 
-aws ec2 authorize-security-group-ingress --group-id "$SECURITY_GROUP_ID"   --protocol tcp --port 5432 --cidr "$CURRENT_IP/32"
-
-exit 0
+aws ec2 authorize-security-group-ingress --group-id "$SECURITY_GROUP_ID"   --protocol "$PROTOCOL" --port "$PORT" --cidr "$CURRENT_IP/$CIDR"
 
+# TODO: Check if operation failed.
 
+success "Added IP Rule: $CURRENT_IP/$CIDR to security group: $SECURITY_GROUP_ID"
 
+exit 0

scripts/delete-rds-ip.sh

@@ -1,55 +1,108 @@
 #!/bin/bash
 
+# Import common utility scripts
+source "./../utils/common.sh"
+source "$SCRIPT_DIR/../utils/colors.sh"
+
 # Store the first argument as the RDS DB Identifier
 RDS_DB_IDENTIFIER=$1
 shift 
 
-#  Initialize default values:
-IP_TO_DELETE=""
-PORT_TO_DELETE=5432
-PROTOCOL_TO_DELETE="tcp"
+# Initialize default values"
+CIDR="32"
+IP_TO_DELETE=$("$SCRIPT_DIR/get-ip.sh")
+PORT=5432
+PROTOCOL="tcp"
 DELETE_ALL=false
+IP_AND_CIDR="$IP_TO_DELETE/$CIDR"
 
 while [[ $# -gt 0 ]]; do
     case "$1" in 
-      --ip)
-        IP_TO_DELETE=$2
-        echo "delete $IP_TO_DELETE"
-        shift 2
-        ;;
-      --port)
-        PORT_TO_DELETE=$2
-        shift 2
-        echo "delete $PORT_TO_DELETE"
-        ;;
-      --protocol)
-        PROTOCOL_TO_DELETE=$2
-        echo "delete $PROTOCOL_TO_DELETE"
-        shift 2
-        ;;
       --all)
         DELETE_ALL=true
         shift
         ;;
+      --ip)
+        IP_TO_DELETE=$2
+        shift 2
+        ;;
       *)
       echo "Unknown flag: $1"
-      shift
       exit 1
       ;;
     esac
 done
 
+# Look up the security group for the given RDS DB
+SECURITY_GROUP_ID=$(aws rds describe-db-instances \
+ --db-instance-identifier "$RDS_DB_IDENTIFIER" \
+ --query "DBInstances[0].VpcSecurityGroups[0].VpcSecurityGroupId" --output text 2>/dev/null)
 
-# Optionally allow user to pass a specific IP to delete (otherwise use current public IP)
+if [ -z "$SECURITY_GROUP_ID" ] || [ "$SECURITY_GROUP_ID" == "None" ]; then
+  error "Could not find security group ID for RDS Database: $RDS_DB_IDENTIFIER"
+  echo -e "${BLUE}📋 Here are the available RDS DB Identifiers:${NC}"
+  aws rds describe-db-instances --query "DBInstances[*].DBInstanceIdentifier" --output text
+  exit 1
+fi
 
-# Look up the security group for the given RDS DB
+# Check if all flag is true to delete all IPs in the list.
+if [[ $DELETE_ALL == true ]]; then
+  read -p "⚠️  Are you sure you want to delete all IPs for security group: $SECURITY_GROUP_ID (y/N): " CONFIRMATION
+
+  if [[ ! $CONFIRMATION =~ ^[Yy]$ ]]; then
+    echo "Deletion aborted."
+    exit 0
+  fi  
+
+  # TODO: refactor to complete full delete for DEV only
+  echo "Deleted All" 
+  exit 0
+fi
 
 # Check if IP includes the CIDR
+if [[ ! $IP_TO_DELETE == */* ]]; then 
+  echo "No CIDR provided. Defaulting to: $IP_TO_DELETE/$CIDR"
+  read -p "Do you want to change the CIDR: $CIDR? (y/N): " response
+  if [[ "$response" =~ ^[Yy]$ ]]; then
+    read -p  "Enter new CIDR (e.g. 24):" CIDR_OVERRIDE
+    CIDR=$CIDR_OVERRIDE
+  fi 
+  IP_AND_CIDR="$IP_TO_DELETE/$CIDR"
+else 
+  IP_AND_CIDR="$IP_TO_DELETE"
+fi
+
+# Prompt the user for the delete action
+warning "Are sure you want to delete the following IP rule: "$IP_AND_CIDR" from the following security Group: "$SECURITY_GROUP_ID"?  [y/N]"
+read -r CONFIRMATION
+
+if [[ ! $CONFIRMATION =~ ^[Yy]$ ]]; then
+  echo "❌ Deletion Canceled."
+  exit 0
+fi 
 
 # Check if the IP exists in the SG rules
+ALLOWED_IPS=$(aws ec2 describe-security-groups \
+ --group-id "$SECURITY_GROUP_ID" \
+ --query  "SecurityGroups[0].IpPermissions[*].IpRanges[*].CidrIp" \
+ --output text)
+
+if [[ ! "$ALLOWED_IPS" == *"$IP_AND_CIDR"* ]]; then
+  success "IP address doesn't exist in allow list"
+  exit 0
+fi
 
 # Delete the matching ingress rule if it exists
+REVOKE_OUTPUT=$(aws ec2 revoke-security-group-ingress \
+ --group-id "$SECURITY_GROUP_ID" \
+ --port $PORT \
+ --protocol $PROTOCOL \
+ --cidr "$IP_AND_CIDR" 2>&1)
 
-# Print success/failure messages with color
+if [[ $? -ne 0 ]]; then
+  error "Failed to delete IP rule: $REVOKE_OUTPUT"
+else 
+  success "Deleted IP Rule: $IP_AND_CIDR from security group: $SECURITY_GROUP_ID"
+fi
 
 exit 0

scripts/toolbox.sh

@@ -1,4 +1,5 @@
 #!/bin/bash 
+
 source "./../utils/common.sh"
 source "$SCRIPT_DIR/../utils/colors.sh"
 
@@ -7,17 +8,23 @@ CRUD_OPERATION=$1
 
 # Operations
 ADD_RDS_IP_RULE="add-rds-ip"
-# DELETE_RDS_IP_RULE="delete-rds-ip"
+DELETE_RDS_IP_RULE="delete-rds-ip"
+# VIEW_RDS_IP_RULES="view-rds-ips"
 
 # Call CRUD Operation
 if [[ "$CRUD_OPERATION"  == "$ADD_RDS_IP_RULE" ]]; then
     # Remove the crud operation from the argument list
     shift
     # All remaining arguments are passed down.
     ./add-rds-ip.sh "$@"
-# elif [[ "$CRUD_OPERATION"  == "$DELETE_RDS_IP_RULE" ]]; then
+elif [[ "$CRUD_OPERATION"  == "$DELETE_RDS_IP_RULE" ]]; then
+    shift 
+    ./delete-rds-ip.sh "$@"
+# elif [[ "$CRUD_OPERATION" == "$VIEW_RDS_IP_RULE" ]]; then
 #     shift 
-#     ./delete-rds-ip.sh "$@"
+#     ./view-rds-ips.sh "$@"
 else
     info "./toolbox.sh <"$ADD_RDS_IP_RULE"|"$DELETE_RDS_IP_RULE"> <db-identifier> [--flags]"
-fi 
+fi 
+
+exit 0