Visualize your aws security groups.
Latest commit e051ad3 Aug 8, 2016 @anaynayak Updating dependencies
Failed to load latest commit information.
config Adding specs. restructuring code Feb 3, 2012
exe Allow using Fog credentials from environment or .fog Feb 25, 2016
images Updated with a sample image. Feb 8, 2012
spec Fix the spec namespace for fog/aws Feb 25, 2016
.gitignore #19 Added capability to exclude CIDR based on regexp Oct 20, 2015
.travis.yml Allowing alpha builds to be deployed to rubygems Oct 18, 2015 Fixed vagrant file Apr 6, 2016
Gemfile Converting to gem Oct 15, 2015 Create Sep 13, 2015
Rakefile Converting to gem Oct 15, 2015
Vagrantfile Fixed vagrant file Apr 6, 2016
aws_security_viz.gemspec Updating dependencies Aug 8, 2016

aws-security-viz -- A tool to visualize aws security groups

Build Status Gem Version License Code Climate Dependency Status


Need a quick way to visualize your current aws/amazon ec2 security group configuration? aws-security-viz does just that based on the EC2 security group ingress configuration.


  • Output to any of the formats that Graphviz supports.
  • EC2 classic and VPC security groups


  $ gem install aws_security_viz
  $ aws_security_viz --help


  • graphviz with triangulation brew install graphviz --with-gts
  • libxml2 brew install libxml2*


To generate the graph directly using AWS keys

  $ aws_security_viz -a your_aws_key -s your_aws_secret_key -f viz.svg --color=true

To generate the graph using an existing security_groups.json (created using aws-cli)

  $ aws_security_viz -o data/security_groups.json -f viz.svg --color

To generate a web view

  $ aws_security_viz -a your_aws_key -s your_aws_secret_key -f aws.json
  • Generates two files: aws.json and view.html.
  • The json file name needs to be passed in as a html fragment identifier.
  • The generated graph can be viewed in a webserver e.g. http://localhost:3000/view.html?aws.json by using python -m SimpleHTTPServer 3000


$ aws_security_viz --help
  -a, --access-key=<s>     AWS access key
  -s, --secret-key=<s>     AWS secret key
  -r, --region=<s>         AWS region to query (default: us-east-1)
  -o, --source-file=<s>    JSON source file containing security groups
  -f, --filename=<s>       Output file name (default: aws-security-viz.png)
  -c, --config=<s>         Config file (opts.yml) (default: opts.yml)
  -l, --color              Colored node edges
  -h, --help               Show this message

Advanced configuration

You can generate a configuration file using the following command:

  $ aws_security_viz setup [-c opts.yml]

The opts.yml file lets you define the following options:

  • Grouping of CIDR ips
  • Define exclusion patterns
  • Change graphviz format (neato, dot, sfdp etc)


To generate the graph with debug statements, execute the following command

$ DEBUG=true aws_security_viz -a your_aws_key -s your_aws_secret_key -f viz.svg

If it doesn't indicate the problem, please share the generated json file with me @

You can send me an obfuscated version using the following command:

$ DEBUG=true OBFUSCATE=true aws_security_viz -a your_aws_key -s your_aws_secret_key -f viz.svg

Execute the following command to generate the json. You will need aws-cli to execute the command

aws ec2 describe-security-groups


Graphviz export

Web view