How to visualize your aws security groups

[mylamour]

in this blog, i will show you how to visualized your aws security groups.

1. install cloudmapper

git clone https://github.com/duo-labs/cloudmapper.git
brew install autoconf automake awscli freetype jq libtool python3
cd cloudmapper/
python3 -m venv ./venv && source venv/bin/activate
pip3 install --prefer-binary -r requirements.txt

now you can run collect data and generate report
2. create a configure file

{  "accounts":
    [
        {"id": "your_account_id", "name": "your_account_name", "default": true}
    ],
    "cidrs":
    {
        "127.0.0.1/8": {"name": "Localhost"}
    }
}

3. collect data and show it

python3 cloudmapper.py collect --account your_account_name
python3 cloudmapper.py prepare --account your_account_name
python3 cloudmapper.py report --account your_account_name
python3 cloudmapper.py webserver --public

if there everything was going well , then you will got a report. and progress was interrupted when to render the security group. just to change code in 574 lines (/opt/cloudmapper/shared/nodes.py);

    @property
    def security_groups(self):
        return pyjq.all('.SecurityGroups[]?', self._json_blob)
        #       return pyjq.all(".Groups[].GroupId", self._json_blob)

then you will see the report on the browser, and due to some reason , i can't put the screenshot here. but you can find the demo in cloudmapper homepage

but sometimes you can't visualize it because of the node and edge is too large. in this case, we will use aws-security-viz to solve it.

firstly, install it. i suggested to use ubuntu to do that.

sudo apt install ruby graphviz
gem install aws_security_viz

then you need to generate the security group info form aws cli.

aws ec2 describe-security-groups

and if you have many profiles, you can working with aws ec2 describe-security-groups --profile yourprofile > secgroup.json

finally, you will get it after run aws_security_viz -o secgroup.json -f sg.svg.