Security Groups can help isolate networks. Finding gaps and exposure may be tedious, so I’ve created a script to help.
This tool will help you scan for ALL rules within Security Groups quickly via Powershell CLI.
How to install is laid out within the AWS documentation here: How to install
Once done, you will need the following modules:
The script also works based on “profiles”. This is laid out in the documentation link above. Once you have these profiles, you can run this script.
If you would only like to scan specific regions, uncomment and edit lines
Once you are up and running, download the script from GitHub here…
Run the script, and enter the chosen profile:
The script will then scan through each region, and help spot ANY rules.
If it finds exposed, Ec2 instances, it will flag these:
Leave a Reply