We had a situation where an incorrect AWS firewall rule buried in our configuration was causing some headaches. After a few days we found the rule and fixed it. Does anyone know of a good way to audit Amazon AWS firewall configurations to better visualize configurations to get in front of these issues before they become a problem?
Asked
Active
Viewed 232 times
1 Answers
0
What you are looking for is called AWS Security Group visualization. It's essentially turning your security groups, their rules, and their relationships into a diagram or set of diagrams.
Commercial solutions like Dome9 and VisualOps IDEprovide visualizations given access to your accounts: http://www.dome9.com/clarity https://medium.com/@visualops/visualize-your-aws-vpc-4668790162b3
There are also open source solutions to this: http://shokunin.co/blog/2013/04/04/ec2secviz.html
YMMV with very complex rule sets. We have over 80 security groups and the visualizations get tangly fast.
Alain O'Dea
- 645
- 3
- 12
- 27