replace aws's security group unauthorized ports
It's a AWS's lambda function to help management your security groups.
If there are ports which ingress 0.0.0.0/0, this function will replace it to your authorized ip, you know full automatic.
- enable AWS's config to monitoring EC2 resources
- add a AWS's config rule which names VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS , it will evaluates your AWS resources(in there, Security Group)
- create a remediation action names PublishSNSNotification
- add s SNS topic to receive the notification
code likes this repo.
set a SNS trigger to the lambda function you created before.
Absolutely, the topic is what you created before too.
set a Environment variables to replace the 0.0.0.0/0 stuff.
like,
authorized_global_ipv4 8.8.8.8/32