Blog: How-Tos
Auditing AWS Security Groups – Part 2
Following on from my previous post on Auditing AWS Security Groups I’m still working on the same job as before with the AWS stuff that needs auditing, so I’ve made a few tweaks to the audit scripts for Security Groups, and added a new one for S3 buckets. This is the example usage for the two scripts:
$ perl aws-audit-secgroups.pl eu-west-1
Querying eu-west-1
Got instances…
Got security groups…
Group Name : HTTPSaccess
Description: Allow HTTPS access to the webserver
Used for these hosts: 54.370.257.301
dst ports 443/tcp, from source 0.0.0.0/0
…
Eagle-eyed readers will notice that the IP address is not valid.
The usage for the S3 bucket audit script is very similar. Again, the response data is fictional – I did check that the URL doesn’t work.
$ perl aws-audit-s3-buckets.pl us-east-1
Querying us-east-1
Got bucket list…
Owner jeff.bridges
Bucket whiterussian
Grantee/perm : jeff.bridges / READ
Grantee/perm : jeff.bridges / RITE
Grantee/perm : jeff.bridges / READ_ACP
Grantee/perm : jeff.bridges / RITE_ACP
Grantee/perm : All Users / READ
*** Could list contents via https://whiterussian.s3.amazonaws.com/
You can find the new audit Security Groups script here.
…and this is the brand spanking new S3 bucket audit script.
NB: Netflix have just released “security monkey” a day or two after I wrote these scripts. You could check that out as well – http://techblog.netflix.com/2011/07/netflix-simian-army.html
