AWS EC2 Security Groups dump tool

Whenever I am on an AWS project I get the question from the Network and/or Security Team for a dump of the Security Groups in use. Getting an export of the security groups is not a big deal, but getting something ledgible is a different ask. The best free tool I have found to date is called ec2-security-groups-dumper. This project is located @ and is pretty self explainitory on it’s install and use. When I run this tool I usually have a small admin ec2 instance running in the environment with a role assigned that grants me access to dump the security groups being requested. 

High Level Instructions:

  1. Create an IAM policy with necessary permissions
  2. Create an IAM Role and attach your newly created policy to this role
  3. Assign the newly created IAM Role to your admin EC2 instance
  4. Run the following command to install ec2-security-groups-dumper “pip install ec2-security-groups-dumper”
  5. Once successfully installed you are ready to run the tool
$ ec2-security-groups-dumper --help

Dumps the EC2 firewall rules as a json or csv output. Redirect the output to a
file to dump it to this file.
Useful to keep track of the firewall changes in git.
Can also be used as a backup in case you lose some rules on EC2.

    ec2-security-groups-dumper --json [--region=<region>] [--profile=<profile>] [--vpc=<vpc>]
    ec2-security-groups-dumper --csv [--region=<region>] [--profile=<profile>] [--vpc=<vpc>]
    ec2-security-groups-dumper (-h | --help)

  -h --help     Show this screen.

    ec2-security-groups-dumper --csv > path/to/ec2-security-groups.csv
    ec2-security-groups-dumper --json > path/to/your-firewall-backup.json

One response to “AWS EC2 Security Groups dump tool”

  1. Tiago Cardoso

    bash: security-groups-dumper: command not found


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Website Powered by

%d bloggers like this: