Blog: How Tos

Auditing AWS Security Groups – Part 2

Jamie Riden 07 Jul 2014

Following on from my previous post on Auditing AWS Security Groups I’m still working on the same job as before with the AWS stuff that needs auditing, so I’ve made a few tweaks to the audit scripts for Security Groups, and added a new one for S3 buckets. This is the example usage for the two scripts:

$ perl eu-west-1
Querying eu-west-1
Got instances…
Got security groups…
Group Name : HTTPSaccess
Description: Allow HTTPS access to the webserver
Used for these hosts: 54.370.257.301
dst ports 443/tcp, from source

Eagle-eyed readers will notice that the IP address is not valid.

The usage for the S3 bucket audit script is very similar. Again, the response data is fictional – I did check that the URL doesn’t work.

$ perl us-east-1
Querying us-east-1
Got bucket list…
Owner jeff.bridges
Bucket whiterussian
Grantee/perm : jeff.bridges / READ
Grantee/perm : jeff.bridges /  RITE
Grantee/perm : jeff.bridges / READ_ACP
Grantee/perm : jeff.bridges /  RITE_ACP
Grantee/perm : All Users / READ
*** Could list contents via

You can find the new audit Security Groups script here.

…and this is the brand spanking new S3 bucket audit script.

NB: Netflix have just released “security monkey” a day or two after I wrote these scripts. You could check that out as well –