Whenever I am on an AWS project I get the question from the Network and/or Security Team for a dump of the Security Groups in use. Getting an export of the security groups is not a big deal, but getting something ledgible is a different ask. The best free tool I have found to date is called ec2-security-groups-dumper. This project is located @ https://github.com/percolate/ec2-security-groups-dumper and is pretty self explainitory on it’s install and use. When I run this tool I usually have a small admin ec2 instance running in the environment with a role assigned that grants me access to dump the security groups being requested.
High Level Instructions:
- Create an IAM policy with necessary permissions
- Create an IAM Role and attach your newly created policy to this role
- Assign the newly created IAM Role to your admin EC2 instance
- Run the following command to install ec2-security-groups-dumper “pip install ec2-security-groups-dumper”
- Once successfully installed you are ready to run the tool
$ ec2-security-groups-dumper --help ec2-security-groups-dumper Dumps the EC2 firewall rules as a json or csv output. Redirect the output to a file to dump it to this file. Useful to keep track of the firewall changes in git. Can also be used as a backup in case you lose some rules on EC2. Usage: ec2-security-groups-dumper --json [--region=<region>] [--profile=<profile>] [--vpc=<vpc>] ec2-security-groups-dumper --csv [--region=<region>] [--profile=<profile>] [--vpc=<vpc>] ec2-security-groups-dumper (-h | --help) Options: -h --help Show this screen. Examples: ec2-security-groups-dumper --csv > path/to/ec2-security-groups.csv ec2-security-groups-dumper --json > path/to/your-firewall-backup.json