How to monitor AWS Security Groups changes ?


AllCloud Blog:
Cloud Insights and Innovation

Very often we want to know track changes in AWS Security Groups for all kinds of reasons

Here is a simple way to do it using Emind DevOps Tool Set

  1. Download aws-sec-group-monitor.sh from Emind Open Source
  2. Setup aws-sec-group-monitor.sh to run every 5 minutes in cron, and all your changes will appear in Syslog
* * * * * /root/aws-sec-group-monitor.sh -O <aws-key> -W <aws-secret> -r all

Sample output:

May 12 20:25:11 graylog aws-sec-group-monitor: Region=ec2.eu-west-1.amazonaws.com Change=ADD SecGrp=MMGS-LB DestProto=tcp DestPort=143 SrcType=CIDR SrcAddr=0.0.0.0/0 SrcGrpID=
May 12 20:25:11 graylog aws-sec-group-monitor: Region=ec2.eu-west-1.amazonaws.com Change=ADD SecGrp=MMGS-LB DestProto=tcp DestPort=25 SrcType=CIDR SrcAddr=0.0.0.0/0 SrcGrpID=
May 12 20:25:11 graylog aws-sec-group-monitor: Region=ec2.eu-west-1.amazonaws.com Change=ADD SecGrp=MMGS-LB DestProto=tcp DestPort=80 SrcType=CIDR SrcAddr=0.0.0.0/0 SrcGrpID=
May 12 20:25:21 graylog aws-sec-group-monitor: Region=ec2.us-east-1.amazonaws.com Change=DEL SecGrp=opensuse DestProto=tcp DestPort=80 SrcType=CIDR SrcAddr=0.0.0.0/0 SrcGrpID=

Enjoy,

Lahav Savir

Lahav Savir

Founder and CTO, Cloud Platforms

Read more posts by Lahav Savir

Copyright 2021 | AllCloud | All Rights Reserved