| agent: |
Audit and Compliance Check for AWS Security Groups with Open SSH Ports
The workflow involves identifying AWS security groups that have incoming SSH traffic (port 22) open to the public, specifically to IP addresses 0.0.0.0/0 or ::/0. These security groups are flagged as NON_COMPLIANT due to the potential security risk of unrestricted access. Conversely, security groups that do not have such open access are marked as COMPLIANT. This process ensures that security groups adhere to best practices for network security by restricting unnecessary public access. The outcome is a clear distinction between compliant and non-compliant security configurations, aiding in maintaining a secure AWS environment.
- 1uwE75Pt6Ww5MobrdBQ7MList and Identify AWS security groups where incoming SSH traffic (port 22) is open to 0.0.0.0/0 or ::/0 and flag them as NON_COMPLIANT, while marking others as COMPLIANT.
1
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.The script lists AWS security groups and checks if SSH access is open to the world, marking them as NON_COMPLIANT or COMPLIANT.
inputsoutputsimport boto3 import json # Initialize boto3 client for EC2 client = boto3.client('ec2', region_name='us-east-2', aws_access_key_id=getEnvVar('AWS_ACCESS_KEY_ID'), aws_secret_access_key=getEnvVar('AWS_SECRET_ACCESS_KEY')) # Retrieve all security groups response = client.describe_security_groups() security_groups = response.get('SecurityGroups', []) # Prepare table compliance_table = context.newtable() compliance_table.num_rows = len(security_groups) + 1 compliance_table.num_cols = 3 compliance_table.title = "Security Group Compliance" compliance_table.has_header_row = True # Set header row compliance_table.setval(0, 0, "Security Group ID") compliance_table.setval(0, 1, "Security Group Name") compliance_table.setval(0, 2, "Compliance Status") # Check each security group for SSH access open to the world for idx, sg in enumerate(security_groups, start=1): sg_id = sg.get('GroupId', 'Unknown') sg_name = sg.get('GroupName', 'Unknown') compliance_status = "COMPLIANT" for permission in sg.get('IpPermissions', []): if permission.get('FromPort') == 22 and permission.get('ToPort') == 22: for ip_range in permission.get('IpRanges', []): if ip_range.get('CidrIp') == '0.0.0.0/0': compliance_status = "NON_COMPLIANT" for ipv6_range in permission.get('Ipv6Ranges', []): if ipv6_range.get('CidrIpv6') == '::/0': compliance_status = "NON_COMPLIANT" # Set values in the table compliance_table.setval(idx, 0, sg_id) compliance_table.setval(idx, 1, sg_name) compliance_table.setval(idx, 2, compliance_status) print("Security Group Compliance Table Created Successfully")copied1