/
AWSRecreateSG.yml
71 lines (71 loc) · 1.98 KB
/
AWSRecreateSG.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
args:
- description: EC2 Instance ID.
name: instance_id
required: true
- description: TCP/UDP port to be restricted.
name: port
required: true
- description: Protocol of the port to be restricted.
auto: PREDEFINED
name: protocol
predefined:
- tcp
- udp
required: true
- description: Public IP address of the EC2 instance.
name: public_ip
required: true
- description: Name of an AWS role to assume (should be the same for all organizations).
name: assume_role
- description: Region where EC2 instance is present.
name: region
auto: PREDEFINED
predefined:
- us-east-1
- us-east-2
- us-west-1
- us-west-2
- ca-central-1
- eu-west-1
- eu-central-1
- eu-west-2
- ap-northeast-1
- ap-northeast-2
- ap-southeast-1
- ap-southeast-2
- ap-south-1
- sa-east-1
- eu-north-1
- eu-west-3
- us-gov-east-1
- us-gov-west-1
comment: Automation to determine which interface on an EC2 instance has an over-permissive security group, determine which security groups have over-permissive rules, and replace them with a copy of the security group that has only the over-permissive portion removed. Over-permissive is defined as sensitive ports (SSH, RDP, etc) being exposed to the internet via IPv4.
commonfields:
id: AWSRecreateSG
version: -1
dependson:
must:
- AWS - EC2|||aws-ec2-describe-instances
- AWS - EC2|||aws-ec2-create-security-group
- AWS - EC2|||aws-ec2-authorize-security-group-ingress-rule
- AWS - EC2|||aws-ec2-authorize-security-group-egress-rule
- AWS - EC2|||aws-ec2-revoke-security-group-ingress-rule
- AWS - EC2|||aws-ec2-revoke-security-group-egress-rule
dockerimage: demisto/python3:3.10.13.87159
enabled: true
name: AWSRecreateSG
runas: DBotWeakRole
script: ''
scripttarget: 0
subtype: python3
tags: []
type: python
fromversion: 6.5.0
tests:
- No tests (auto formatted)
engineinfo: {}
runonce: false
outputs:
- contextPath: awssgrecreated
description: Sets the value to true or false if the security group is created.
type: boolean