Hey everyone! I'm looking to review my security groups and would love to find a tool that can help me determine which permissions are available on my instances. Specifically, I want to know which ports are open to the public internet and which are accessible over private networks. Although I can write scripts to get this info, it seems like such a basic need that there should already be something out there. I've been trying to search, but most of what I find is just ads or irrelevant links about how to create security groups.
To clarify, I'm looking for a way to generate a report that would look something like this:
```
i-1234abcd1234abcd
public internet
port 80 all
port 443 all
port 22 1.2.3.0/24
private subnet-1234abcd1234abcd
port 22 all
port 80 all
private subnet-abcd1234abcd1234
port all all
i-abcd1234abcd1234
public internet
port all all
```
That's just a random example, and I don't care much about formatting. I'm mainly just looking for any recommendations for tools that could help me with this. Thanks a lot!
3 Answers
You might want to check out AWS Config! It can help you verify if your instances or network interfaces have any unwanted security group rules and create reports based on that. Also, there's a project on GitHub named AWS-SG-Analyzer that could provide the exact result you're looking for. Just be sure to review the code yourself before using it—always a good idea to ensure it suits your needs!
Have you looked into Steampipe? It could be exactly what you're after! Here's the link: https://hub.steampipe.io/plugins/turbot/aws/tables/aws_vpc_security_group. Give it a shot and see if it meets your requirements!
Honestly, I’ve been using ChatGPT to whip up some scripts that utilize the AWS SDK. It does a decent job generating the kind of formatted list you're after. If you're comfortable with some coding, you could easily make it work for you!
How did you even find that? My search engine feels cursed sometimes! Thanks for the tip, though!