Very often we want to know track changes in AWS Security Groups for all kinds of reasons
Here is a simple way to do it using Emind DevOps Tool Set
- Download aws-sec-group-monitor.sh from Emind Open Source
- Setup aws-sec-group-monitor.sh to run every 5 minutes in cron, and all your changes will appear in Syslog
* * * * * /root/aws-sec-group-monitor.sh -O <aws-key> -W <aws-secret> -r all
Sample output:
May 12 20:25:11 graylog aws-sec-group-monitor: Region=ec2.eu-west-1.amazonaws.com Change=ADD SecGrp=MMGS-LB DestProto=tcp DestPort=143 SrcType=CIDR SrcAddr=0.0.0.0/0 SrcGrpID= May 12 20:25:11 graylog aws-sec-group-monitor: Region=ec2.eu-west-1.amazonaws.com Change=ADD SecGrp=MMGS-LB DestProto=tcp DestPort=25 SrcType=CIDR SrcAddr=0.0.0.0/0 SrcGrpID= May 12 20:25:11 graylog aws-sec-group-monitor: Region=ec2.eu-west-1.amazonaws.com Change=ADD SecGrp=MMGS-LB DestProto=tcp DestPort=80 SrcType=CIDR SrcAddr=0.0.0.0/0 SrcGrpID= May 12 20:25:21 graylog aws-sec-group-monitor: Region=ec2.us-east-1.amazonaws.com Change=DEL SecGrp=opensuse DestProto=tcp DestPort=80 SrcType=CIDR SrcAddr=0.0.0.0/0 SrcGrpID=
Enjoy,
Lahav Savir