setup-github-repo.ps1

# GitHub Repository Setup Script for sysops.aws.securitygroup
# PowerShell version for Windows users

# Colors for output
$Red = "Red"
$Green = "Green"
$Yellow = "Yellow"
$Blue = "Blue"

Write-Host "🚀 Setting up GitHub repository: sysops.aws.securitygroup" -ForegroundColor $Blue
Write-Host "================================================================"

# Check if gh CLI is installed
try {
    $ghVersion = gh --version
    Write-Host "✅ GitHub CLI is installed: $($ghVersion[0])" -ForegroundColor $Green
} catch {
    Write-Host "❌ GitHub CLI (gh) is not installed" -ForegroundColor $Red
    Write-Host "Please install GitHub CLI first: https://cli.github.com/" -ForegroundColor $Yellow
    exit 1
}

# Check if user is logged in to GitHub CLI
try {
    gh auth status 2>$null
    Write-Host "✅ GitHub CLI is authenticated" -ForegroundColor $Green
} catch {
    Write-Host "⚠️  Not logged in to GitHub CLI" -ForegroundColor $Yellow
    Write-Host "Please login first: gh auth login" -ForegroundColor $Yellow
    exit 1
}

# Verify we're in the correct directory
if (-not (Test-Path "security_group_analyzer.py")) {
    Write-Host "❌ Please run this script from the project root directory" -ForegroundColor $Red
    exit 1
}
Write-Host "✅ In correct project directory" -ForegroundColor $Green

# Initialize git repository if not already done
if (-not (Test-Path ".git")) {
    Write-Host "📦 Initializing Git repository..." -ForegroundColor $Yellow
    git init
    git branch -M main
    Write-Host "✅ Git repository initialized" -ForegroundColor $Green
} else {
    Write-Host "✅ Git repository already exists" -ForegroundColor $Green
}

# Add all files to git
Write-Host "📝 Adding files to Git..." -ForegroundColor $Yellow
git add .
git commit -m @"
Initial commit: AWS Security Groups Analysis Tool v1.0.0

- Multi-account security group analysis
- Interactive Streamlit dashboard  
- Risk assessment and compliance reporting
- Cross-account IAM role support
- Comprehensive CSV export functionality
- Network visualization and traffic mapping

Features:
- Identifies 0.0.0.0/0 public access rules
- Maps security group communications
- Analyzes port usage patterns
- Generates remediation recommendations
- Executive summary reporting
"@

Write-Host "✅ Files committed to Git" -ForegroundColor $Green

# Get current user
$currentUser = (gh api user | ConvertFrom-Json).login

# Create GitHub repository under Tranzact organization
Write-Host "🏗️  Creating GitHub repository under Tranzact organization..." -ForegroundColor $Yellow
gh repo create Tranzact/sysops.aws.securitygroup `
    --description "🔒 AWS Security Groups Traffic Analysis Tool - Comprehensive multi-account security group analysis and visualization dashboard for identifying vulnerabilities and mapping traffic patterns" `
    --homepage "https://github.com/Tranzact/sysops.aws.securitygroup" `
    --public `
    --push `
    --source . `
    --clone-url ssh

Write-Host "✅ Repository created successfully!" -ForegroundColor $Green

# Add repository topics
Write-Host "🏷️  Adding repository topics..." -ForegroundColor $Yellow
$topics = @{
    names = @(
        "aws",
        "security-groups", 
        "security-analysis",
        "aws-security",
        "security-audit",
        "multi-account",
        "traffic-analysis",
        "dashboard",
        "python",
        "streamlit",
        "security-tools",
        "aws-cli",
        "devops", 
        "sysops",
        "network-security"
    )
}

$topicsJson = $topics | ConvertTo-Json -Compress
$topicsJson | gh api "repos/Tranzact/sysops.aws.securitygroup/topics" --method PUT --input -

Write-Host "✅ Repository topics added" -ForegroundColor $Green

# Enable security features  
Write-Host "🔒 Enabling security features..." -ForegroundColor $Yellow
$securitySettings = @{
    security_and_analysis = @{
        secret_scanning = @{
            status = "enabled"
        }
        secret_scanning_push_protection = @{
            status = "enabled"  
        }
    }
}

$securityJson = $securitySettings | ConvertTo-Json -Depth 3 -Compress
$securityJson | gh api "repos/Tranzact/sysops.aws.securitygroup" --method PATCH --input -

Write-Host "✅ Security features enabled" -ForegroundColor $Green

# Create initial release
Write-Host "🎉 Creating initial release..." -ForegroundColor $Yellow

$releaseNotes = @"
# 🎉 Initial Release - AWS Security Groups Analysis Tool

## 🚀 Features

### Core Capabilities
- **Multi-Account Analysis**: Analyze security groups across 14 AWS accounts simultaneously
- **Cross-Account Access**: Secure IAM role assumption for multi-account environments  
- **Parallel Processing**: Efficient data collection across multiple regions
- **Interactive Dashboard**: Streamlit-based web interface with real-time visualization

### Security Analysis
- **Public Access Detection**: Automatically identifies 0.0.0.0/0 rules
- **Risk Scoring**: 0-100 risk assessment for each security group rule
- **Vulnerability Assessment**: Flags high-risk ports (SSH, RDP, databases)
- **Traffic Mapping**: Visual representation of security group communications

### Reporting & Export
- **CSV Reports**: Comprehensive data export for further analysis
- **Executive Summaries**: High-level compliance and risk reporting
- **Remediation Guides**: Specific recommendations for security improvements
- **Compliance Scoring**: Automated assessment against security best practices

## 🛠️ Installation

``````bash
git clone https://github.com/Tranzact/sysops.aws.securitygroup.git
cd sysops.aws.securitygroup
pip install -r requirements.txt
python quick_start.py
``````

## 🔧 Requirements

- Python 3.8+
- AWS CLI configured with appropriate credentials
- Cross-account IAM roles with SecurityAudit permissions

## 📊 Target Use Cases

- Security audits across multiple AWS accounts
- Compliance reporting and assessment  
- Network security visualization
- Remediation planning for security groups
- Regular security posture monitoring

## ⚠️ Important Notes

- **READ-ONLY**: This tool only analyzes existing configurations
- **No Modifications**: Cannot and will not modify AWS resources
- **Secure**: Uses AWS STS for safe cross-account access

## 📚 Documentation

Full documentation and setup instructions are available in the [README.md](README.md).

## 🤝 Contributing

We welcome contributions! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.

---

**Security Note**: This tool is designed for authorized security analysis only. Ensure you have proper permissions before analyzing AWS accounts.
"@

$releaseNotes | gh release create v1.0.0 `
    --title "AWS Security Groups Analysis Tool v1.0.0" `
    --notes-file -

Write-Host "✅ Initial release created" -ForegroundColor $Green

# Display repository information
Write-Host ""
Write-Host "🎊 Repository Setup Complete!" -ForegroundColor $Blue
Write-Host "================================================================"
Write-Host "Repository URL: https://github.com/Tranzact/sysops.aws.securitygroup" -ForegroundColor $Green
Write-Host "Clone URL (SSH): git@github.com:Tranzact/sysops.aws.securitygroup.git" -ForegroundColor $Green
Write-Host "Clone URL (HTTPS): https://github.com/Tranzact/sysops.aws.securitygroup.git" -ForegroundColor $Green
Write-Host ""
Write-Host "Next steps:" -ForegroundColor $Yellow
Write-Host "1. Review the repository settings on GitHub"
Write-Host "2. Add collaborators if needed"  
Write-Host "3. Set up AWS credentials for the CI/CD pipeline"
Write-Host "4. Test the analysis tool with your AWS accounts"
Write-Host "5. Share the repository with your team"
Write-Host ""
Write-Host "Happy analyzing! 🔒" -ForegroundColor $Green