Blog: How-Tos

Auditing AWS Security Groups – Part 2

Jamie Riden 07 Jul 2014

aws-code
Following on from my previous post on Auditing AWS Security Groups I’m still working on the same job as before with the AWS stuff that needs auditing, so I’ve made a few tweaks to the audit scripts for Security Groups, and added a new one for S3 buckets. This is the example usage for the two scripts:

$ perl aws-audit-secgroups.pl eu-west-1
Querying eu-west-1
Got instances…
Got security groups…
Group Name : HTTPSaccess
Description: Allow HTTPS access to the webserver
Used for these hosts: 54.370.257.301
dst ports 443/tcp, from source 0.0.0.0/0

Eagle-eyed readers will notice that the IP address is not valid.

The usage for the S3 bucket audit script is very similar. Again, the response data is fictional – I did check that the URL doesn’t work.

$ perl aws-audit-s3-buckets.pl us-east-1
Querying us-east-1
Got bucket list…
Owner jeff.bridges
Bucket whiterussian
Grantee/perm : jeff.bridges / READ
Grantee/perm : jeff.bridges /  RITE
Grantee/perm : jeff.bridges / READ_ACP
Grantee/perm : jeff.bridges /  RITE_ACP
Grantee/perm : All Users / READ
*** Could list contents via https://whiterussian.s3.amazonaws.com/

You can find the new audit Security Groups script here.

…and this is the brand spanking new S3 bucket audit script.

NB: Netflix have just released “security monkey” a day or two after I wrote these scripts. You could check that out as well – http://techblog.netflix.com/2011/07/netflix-simian-army.html