Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → jeanlouisferey → Aws Securitygroup Grapher

jeanlouisferey / Aws Securitygroup Grapher

Licence: apache-2.0

This ansible role gets information from an AWS VPC and generate a graphical representation of security groups

Labels

html security aws ansible security-tools graph security-audit role group

Projects that are alternatives of or similar to Aws Securitygroup Grapher

Electriceye

Continuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availability. All results will be sent to Security Hub for further aggregation and analysis.

Stars: ✭ 255 (+174.19%)

Mutual labels: aws, security-tools, security-audit

Kubestriker

A Blazing fast Security Auditing tool for Kubernetes

Stars: ✭ 213 (+129.03%)

Mutual labels: aws, security-tools, security-audit

Aaia

AWS Identity and Access Management Visualizer and Anomaly Finder

Stars: ✭ 218 (+134.41%)

Mutual labels: aws, graph, security-tools

Prowler

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.

Stars: ✭ 4,561 (+4804.3%)

Mutual labels: aws, security-tools, security-audit

Ansible Playbook

Ansible playbook to deploy distributed technologies

Stars: ✭ 61 (-34.41%)

Mutual labels: aws, ansible

Cloud Portal

Self service web portal for different Cloud platforms like Azure, AWS and VMWare vSphere.

Stars: ✭ 60 (-35.48%)

Mutual labels: aws, ansible

Lynis

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Stars: ✭ 9,137 (+9724.73%)

Mutual labels: security-tools, security-audit

Purify

All-in-one tool for managing vulnerability reports from AppSec pipelines

Stars: ✭ 72 (-22.58%)

Mutual labels: security-tools, security-audit

Cornerstone

Linux命令转发记录

Stars: ✭ 51 (-45.16%)

Mutual labels: security-tools, security-audit

Vuls

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Stars: ✭ 8,844 (+9409.68%)

Mutual labels: security-tools, security-audit

Molecule Ansible Docker Aws

Example project showing how to test Ansible roles with Molecule using Testinfra and a multiscenario approach with Docker, Vagrant & AWS EC2 as infrastructure providers

Stars: ✭ 72 (-22.58%)

Mutual labels: aws, ansible

Manageiq

ManageIQ Open-Source Management Platform

Stars: ✭ 1,089 (+1070.97%)

Mutual labels: aws, ansible

Audit scripts

Scripts to gather system configuration information for offline/remote auditing

Stars: ✭ 55 (-40.86%)

Mutual labels: security-tools, security-audit

Resources

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Stars: ✭ 62 (-33.33%)

Mutual labels: security-tools, security-audit

Ansible Role Memcached

Ansible Role - Memcached

Stars: ✭ 54 (-41.94%)

Mutual labels: ansible, role

Cloud Security Audit

A command line security audit tool for Amazon Web Services

Stars: ✭ 68 (-26.88%)

Mutual labels: aws, security-audit

Splunkenizer

Ansible framework providing a fast and simple way to spin up complex Splunk environments.

Stars: ✭ 73 (-21.51%)

Mutual labels: aws, ansible

Notruler

The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange.

Stars: ✭ 72 (-22.58%)

Mutual labels: security-tools, security-audit

Ansible Role Ruby

Ansible Role - Ruby

Stars: ✭ 77 (-17.2%)

Mutual labels: ansible, role

Mikado

🤖💨Mikado helps managing your AWS infrastructure for WordPress sites by defining an out-of-box, highly available, easy-to-deploy setup

Stars: ✭ 80 (-13.98%)

Mutual labels: aws, ansible

View All Similar Projects ➔

aws-securitygroup-grapher

This ansible role gets information from an aws VPC and generate a graphical representation of security groups through a dot file rendered by Graphviz.

This role is inspired by https://github.com/jeanlouisferey/openstack-securitygroup-grapher which do the same for Openstack Tenants.

Requirements

Ansible, of course, because it's an Ansible role.

Boto library needs to be installed, as that is required by the EC2 Ansible modules.

To render (i.e. to draw and obtain a graphic file), Graphviz needs to be installed.

Role Variables

Variable	Content
asggrapherAwsRegion	Name of aws region where your VPC is deployed. (mandatory)
asggrapherAwsVPC	Name of your VPC. (mandatory)
asggrapherShowDefault	Do you want to see default security group, default value: false
asggrapherShowInstances	Do you want to see instances with their security groups, default value: false
asggrapherServerLabel	Label for instances, used when asggrapherShowInstances = true, default value: Servers
asggrapherRankdir	See https://www.graphviz.org/doc/info/attrs.html#d:rankdir, default value: LR
asggrapherDotFileToRender	Path and name of generated dot file , default value: "./awsCloudGrapher.dot"
asggrapherFileToRender	Path and name of generated image file, default value: "./awsCloudGrapher.png"

Example Playbook

aws-sg-grapher.yml:

---
  - name: AWS Security group grapher
    hosts: localhost
    connection: local
    gather_facts: false
    roles:
      - role: aws-securitygroup-grapher
        asggrapherAwsRegion: "eu-west-1"
        asggrapherAwsVPC: "TEST-VPC"

Run it with:

ansible-playbook aws-sg-grapher.yml

After some time, you'll have a awsCloudGrapher.png file with your sg graph.

Examples of generated images

How to read the graph

Ellipses are security groups.

The red arrows represent egress flows: for example, the UDP stream 53 is authorized as output of SG-VPC-INTERNAL to 10.xxx.yyy.zza.

The blue arrows represent ingress flows: for example, tcp stream 443 is allowed as input of SG-VPC-LB from any (0.0.0.0/0)

The arrow head is always on the security group which contains the rule represented by the arrow.

Full example

It shows a tenant with several security groups corresponding to the different functions of the machines present in the project.

Simpler example

It shows in particular a SG that accepts any input from any source and a SG that allows any output to any destination.

asggrapherShowDefault

With asggrapherShowDefault: true, you'll have on your graph all the SGs, included the default AWS SG:

asggrapherShowInstances

With asggrapherShowInstances: true, you'll have on your graph all the instances (VM) within SGs used by these instances.

asggrapherRankdir

With asggrapherRankdir: LR, left to right, RL, right to left, TB, top to bottom, BT, bottom to top, you can change the way to draw the graph.

LR example

TB example

Author Information

Jean-Louis FEREY

Stargazers over time

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 93

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (0) 🔗