GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → anaynayak → Aws Security Viz

anaynayak / Aws Security Viz

Licence: mit
Visualize your aws security groups.

Programming Languages

ruby
36898 projects - #4 most used programming language

Labels

securityjsonawsvisualizationgraphgraphvizec2aws-cli

Projects that are alternatives of or similar to Aws Security Viz

Aws
A collection of bash shell scripts for automating various tasks with Amazon Web Services using the AWS CLI and jq.
Stars: ✭ 493 (-3.52%)
Mutual labels:  aws, ec2, aws-cli, json
Perun
A command-line validation tool for AWS Cloud Formation that allows to conquer the cloud faster!
Stars: ✭ 82 (-83.95%)
Mutual labels:  aws, aws-cli, json
Awscloudformation Samples
Sample AWS CloudFormation templates
Stars: ✭ 153 (-70.06%)
Mutual labels:  aws, ec2, json
Awesome Aws
A curated list of awesome Amazon Web Services (AWS) libraries, open source repos, guides, blogs, and other resources. Featuring the Fiery Meter of AWSome.
Stars: ✭ 9,895 (+1836.4%)
Mutual labels:  aws, ec2, aws-cli
Aws Cost Saver
A tiny CLI tool to help save costs in development environments when you're asleep and don't need them!
Stars: ✭ 178 (-65.17%)
Mutual labels:  aws, ec2, aws-cli
Cloud Reports
Scans your AWS cloud resources and generates reports. Check out free hosted version:
Stars: ✭ 255 (-50.1%)
Mutual labels:  aws, json
Spark Jupyter Aws
A guide on how to set up Jupyter with Pyspark painlessly on AWS EC2 clusters, with S3 I/O support
Stars: ✭ 259 (-49.32%)
Mutual labels:  aws, ec2
Cloudiscovery
The tool to help you discover resources in the cloud environment
Stars: ✭ 298 (-41.68%)
Mutual labels:  aws, aws-cli
Aws Demos
A hands on repo with multiple demonstrations on AWS 🎓
Stars: ✭ 324 (-36.59%)
Mutual labels:  aws, aws-cli
Komiser
☁️ Cloud Environment Inspector 👮🔒 💰
Stars: ✭ 2,684 (+425.24%)
Mutual labels:  aws, ec2
Prowler
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+792.56%)
Mutual labels:  aws, aws-cli
Nodb
NoDB isn't a database.. but it sort of looks like one.
Stars: ✭ 353 (-30.92%)
Mutual labels:  aws, json
aws-ssm-ec2-proxy-command
AWS SSM EC2 SSH Proxy Command
Stars: ✭ 115 (-77.5%)
Mutual labels:  ec2, aws-cli
Aws Toolkit Eclipse
AWS Toolkit for Eclipse – an open-source plugin for developing, deploying, and managing AWS applications.
Stars: ✭ 252 (-50.68%)
Mutual labels:  aws, ec2
Aws Gate
Better AWS SSM Session manager CLI client
Stars: ✭ 294 (-42.47%)
Mutual labels:  aws, ec2
Laravel Aws Eb
Ready-to-deploy configuration to run Laravel on AWS Elastic Beanstalk.
Stars: ✭ 247 (-51.66%)
Mutual labels:  aws, ec2
Ec2instances.info
Amazon EC2 instance comparison site
Stars: ✭ 3,619 (+608.22%)
Mutual labels:  aws, ec2
Devops Python Tools
80+ DevOps & Data CLI Tools - AWS, GCP, GCF Python Cloud Function, Log Anonymizer, Spark, Hadoop, HBase, Hive, Impala, Linux, Docker, Spark Data Converters & Validators (Avro/Parquet/JSON/CSV/INI/XML/YAML), Travis CI, AWS CloudFormation, Elasticsearch, Solr etc.
Stars: ✭ 406 (-20.55%)
Mutual labels:  aws, json
Bastillion Ec2
A web-based SSH console to execute commands and manage multiple EC2 instances simultaneously running on Amazon Web Services (AWS).
Stars: ✭ 410 (-19.77%)
Mutual labels:  aws, ec2
Inframap
Read your tfstate or HCL to generate a graph specific for each provider, showing only the resources that are most important/relevant.
Stars: ✭ 430 (-15.85%)
Mutual labels:  aws, graph
View All Similar Projects ➔

aws-security-viz -- A tool to visualize aws security groups

Build Status Gem Version License Code Climate Docker image Dependency Status

DESCRIPTION

Need a quick way to visualize your current aws/amazon ec2 security group configuration? aws-security-viz does just that based on the EC2 security group ingress configuration.

FEATURES

  • Output to any of the formats that Graphviz supports.
  • EC2 classic and VPC security groups

INSTALLATION

  $ gem install aws_security_viz
  $ aws_security_viz --help

DEPENDENCIES

  • graphviz brew install graphviz

USAGE (See Examples section below for more)

To generate the graph directly using AWS keys

  $ aws_security_viz -a your_aws_key -s your_aws_secret_key -f viz.svg --color=true

To generate the graph using an existing security_groups.json (created using aws-cli)

  $ aws_security_viz -o data/security_groups.json -f viz.svg --color

To generate a web view

  $ aws_security_viz -a your_aws_key -s your_aws_secret_key -f aws.json --renderer navigator
  • Generates two files: aws.json and navigator.html.
  • The json file name needs to be passed in as a html fragment identifier.
  • The generated graph can be viewed in a webserver e.g. http://localhost:3000/navigator.html#aws.json by using ruby -run -e httpd -- -p 3000

DOCKER USAGE

If you don't want to install the dependencies and ruby libs you can execute aws-security-viz inside a docker container. To do so, follow these steps:

  1. Clone this repository, open it in a console.
  2. Build the docker container: docker build -t sec-viz .

3.a With aws-vault (Recommended):

aws-vault exec tldev -- docker run -i -e AWS_REGION -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_SESSION_TOKEN -e AWS_SECURITY_TOKEN --rm -t -p 3000:3000 -v (pwd)/aws-viz:/aws-security-viz --name sec-viz sec-viz /usr/local/bundle/bin/aws_security_viz --renderer navigator --serve 3000 .

You can open it with your local browser at http://localhost:3000/navigator.html#aws-security-viz.png.

3.b With AWS credentials passed as parameters:

docker run -i --rm -t -p 3000:3000 -v (pwd)/aws-viz:/aws-security-viz --name sec-viz sec-viz /usr/local/bundle/bin/aws_security_viz -a REPLACE_AWS_ACCESS_KEY_ID -s REPLACE_SECRET --renderer navigator --serve 3000.

You can open it with your local browser at http://localhost:3000/navigator.html#aws-security-viz.png.

Parameters passed to the docker command:

  • -v $(pwd)/aws-viz:aws-security-viz local directory where output will be generated.
  • -i interactive shell
  • --rm remove the container after usage
  • -t attach this terminal to it
  • -p 3000:3000 we expose port 3000 for the HTTP server
  • -name sec-viz the container will have the same name as the image we will start

You can also use other parameters as specified in usage

Help

$ aws_security_viz --help
Options:
  -a, --access-key=<s>       AWS access key
  -s, --secret-key=<s>       AWS secret key
  -e, --session-token=<s>    AWS session token
  -r, --region=<s>           AWS region to query (default: us-east-1)
  -v, --vpc-id=<s>           AWS VPC id to show
  -o, --source-file=<s>      JSON source file containing security groups
  -f, --filename=<s>         Output file name (default: aws-security-viz.png)
  -c, --config=<s>           Config file (opts.yml) (default: opts.yml)
  -l, --color                Colored node edges
  -u, --source-filter=<s>    Source filter
  -t, --target-filter=<s>    Target filter
  --serve=<i>                Serve a HTTP server at specified port
  -h, --help                 Show this message

Configuration

aws-security-viz only uses the ec2:DescribeSecurityGroups api so a minimal IAM policy which grants only ec2:DescribeSecurityGroups access should be enough.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "ec2:DescribeSecurityGroups",
            "Resource": "*"
        }
    ]
}

Alternatively you can use aws-vault and run it using short lived temporary credentials.

$ aws-vault exec <profile> -- aws_security_viz -f aws.json --renderer navigator

Advanced configuration

You can generate a configuration file using the following command:

  $ aws_security_viz setup [-c opts.yml]

The opts.yml file lets you define the following options:

  • Grouping of CIDR ips
  • Define exclusion patterns
  • Change graphviz format (neato, dot, sfdp etc)

DEBUGGING

To generate the graph with debug statements, execute the following command

$ DEBUG=true aws_security_viz -a your_aws_key -s your_aws_secret_key -f viz.svg

If it doesn't indicate the problem, please share the generated json file with me @ [email protected]

You can send me an obfuscated version using the following command:

$ DEBUG=true OBFUSCATE=true aws_security_viz -a your_aws_key -s your_aws_secret_key -f viz.svg

Execute the following command to generate the json. You will need aws-cli to execute the command

aws ec2 describe-security-groups

EXAMPLES

Graphviz export

Navigator view (useful with very large number of nodes)

Via navigator renderer aws_security_viz -a your_aws_key -s your_aws_secret_key -f aws.json --renderer navigator

JSON view

Via json renderer aws_security_viz -a your_aws_key -s your_aws_secret_key -f aws.json --renderer json

Additional examples

Generate aws-security-viz.png image for us-west-1 region

  $ aws_security_viz --region us-west-1 -f aws-security-viz.png

Generate visualization for us-west-1 with target filter as sec-group-1. This will display all routes through which we can arrive at sec-group-1 

  $ aws_security_viz --region us-west-1 --target-filter=sec-group-1

Generate visualization for us-west-1 restricted to vpc-id vpc-12345 

  $ aws_security_viz --region us-west-1 --vpc-id=vpc-12345

Generate visualization for us-west-1 restricted to vpc-id vpc-12345 

  $ aws_security_viz --region us-west-1 --vpc-id=vpc-12345

Serve webserver for the navigator view at port 3000

  $ aws_security_viz -a your_aws_key -s your_aws_secret_key -f aws.json --renderer navigator --serve 3000

The browser link to the view is printed on the CLI

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].