blog
blog copied to clipboard
mylamour
How to visualize your aws security groups
in this blog, i will show you how to visualized your aws security groups.
- install cloudmapper
git clone https://github.com/duo-labs/cloudmapper.git
brew install autoconf automake awscli freetype jq libtool python3
cd cloudmapper/
python3 -m venv ./venv && source venv/bin/activate
pip3 install --prefer-binary -r requirements.txt
now you can run collect data and generate report 2. create a configure file
{ "accounts":
[
{"id": "your_account_id", "name": "your_account_name", "default": true}
],
"cidrs":
{
"127.0.0.1/8": {"name": "Localhost"}
}
}
- collect data and show it
python3 cloudmapper.py collect --account your_account_name
python3 cloudmapper.py prepare --account your_account_name
python3 cloudmapper.py report --account your_account_name
python3 cloudmapper.py webserver --public
if there everything was going well , then you will got a report. and progress was interrupted when to render the security group. just to change code in 574 lines (/opt/cloudmapper/shared/nodes.py);
@property
def security_groups(self):
return pyjq.all('.SecurityGroups[]?', self._json_blob)
# return pyjq.all(".Groups[].GroupId", self._json_blob)
then you will see the report on the browser, and due to some reason , i can't put the screenshot here. but you can find the demo in cloudmapper homepage
but sometimes you can't visualize it because of the node and edge is too large. in this case, we will use aws-security-viz to solve it.
firstly, install it. i suggested to use ubuntu to do that.
sudo apt install ruby graphviz
gem install aws_security_viz
then you need to generate the security group info form aws cli.
aws ec2 describe-security-groups
and if you have many profiles, you can working with aws ec2 describe-security-groups --profile yourprofile > secgroup.json
finally, you will get it after run aws_security_viz -o secgroup.json -f sg.svg.
