Traceroute53
A tool to investigate Route53, ELB, EC2 and Security Groups
Installation
Add this line to your application's Gemfile:
gem install traceroute53
Usage
traceroute53 <domain>
To pass credentials, set environment variables or specify --profile=PROFILE
option.
An example for healthy domain
Below is an example for healty domain. It show the ELB has a target instance and it can foward requests to it. Because the security group associated the instance allows LB's security group.
% traceroute53 foo-development.example.com
hosted zone: example.com.
dns name: internal-foo-aws-1-123456.us-east-1.elb.amazonaws.com.
load balancer: foo-aws-1 ["sg-0aaaaaaaaaaaaaa1", "sg-ccccccccccccccccc"]
listener[0]: port:443 arn:aws:elasticloadbalancing:us-east-1:567890123456:listener/app/foo-aws-1/7890123456789abc/0cdef01234567789
listener[0]action[0]: forward arn:aws:elasticloadbalancing:us-east-1:567890123456:targetgroup/foo-aws-1/89abcdef01234567
listener[0]action[0]target[0]: i-0cdef0123456789ab:8080 healthy
group_ids[0]: ["sg-09988776655443322", "sg-39393939"]
group_ids[0]sg[0]: sg-09988776655443322
group_ids[0]sg[0]ip[0]: port:8080 ["sg-ccccccccccccccccc"]
group_ids[0]sg[0]ip[1]: port:22 ["sg-05566778899aabbcc", "sg-f8e8d8c8"]
group_ids[0]sg[1]: sg-39393939
group_ids[0]sg[1]ip[0]: port:8080 ["sg-11223344"]
group_ids[0]sg[1]ip[1]: port:nil ["sg-f8f8f8f8"]
group_ids[0]sg[1]ip[2]: port:22 ["sg-33886655"]
An example for mismatched security groups
In this example Route53's hosted zone correctly have dns resource, which has correct dns_name, listener, target group but its 2nd security group's Permission set is empty.
% traceroute53 bar-blah.example.com
hosted zone: example.com.
dns name: internal-bar-blah-aws-tokyo-1-999888333.ap-northeast-1.elb.amazonaws.com.
load balancer: bar-blah-aws-tokyo-1 ["sg-0eeddccbbaa998877", "sg-06665554443332221"]
listener[0]: port:443 arn:aws:elasticloadbalancing:ap-northeast-1:567890123456:listener/app/bar-blah-aws-tokyo-1/ef0123456789abcd/cccaaabbb9996667
listener[0]action[0]: forward arn:aws:elasticloadbalancing:ap-northeast-1:567890123456:targetgroup/bar-blah-atyo-1/fedcba9876543210
listener[0]action[0]target[0]: i-0cc123456789abcd:8080 unhealthy
group_ids[0]: ["sg-c57c55cc", "sg-0336699ccff003366"]
group_ids[0]sg[0]: sg-c57c55cc
group_ids[0]sg[0]ip[0]: port:8080 ["sg-99776655"]
group_ids[0]sg[0]ip[1]: port:nil ["sg-11335577"]
group_ids[0]sg[0]ip[2]: port:22 ["sg-fe87dc65"]
group_ids[0]sg[1]: sg-0336699ccff003366
Development
After checking out the repo, run bin/setup
to install dependencies. Then, run rake spec
to run the tests. You can also run bin/console
for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install
. To release a new version, update the version number in version.rb
, and then run bundle exec rake release
, which will create a git tag for the version, push git commits and tags, and push the .gem
file to rubygems.org.
Contributing
Bug reports and pull requests are welcome on GitHub at https://github.com/nurse/traceroute53.
License
The gem is available as open source under the terms of the MIT License.