Coder Social home page Coder Social logo

matttunny / watch-security-group Goto Github PK

View Code? Open in Web Editor NEW
7.0 3.0 2.0 1.13 MB

SAM package for creating a cloudwatch event when ever someone modifies a security group and post into MS Teams/Slack.

License: MIT License

Python 100.00%
msteams chatops aws-sam-cli slack aws

watch-security-group's Introduction

Security Group Watcher for MS Teams/Slack

I work for @AWSCloud & my opinions are my own.

Basic Intro

SAM package for creating a cloudwatch event whenever someone modifies a security group and posts into MS Teams/Slack in near real time.
This is a simple example that posts the event. You might be asking isn't this the same as sending alerts to email? Correct, however it's what you do after the event has triggered where it becomes much more powerful then email.
You could add features like:

  • Only alarm when certain risky ports/ranges/vpc's are entered (22,3389 to 0.0.0.0/0 etc)
  • Create policy’s that enforce these rules automatically, enabling teams to move faster while still having visibility into what they are doing.

Requirements

  • Python
  • AWS SAM CLI
  • AWS Account
  • MS Teams or Slack account with permissions to install webhooks
  • One S3 bucket to store your files

Demo

  • I add a new rule in my security group to: Allow all traffic on all ports (sigh, if only people never did this)

  • This triggers a cloudwatch event and MS Teams sends a notification

  • Inside Teams:

  • Inside Slack:

Install Steps:

Clone repo

git clone https://github.com/MattTunny/watch-security-group.git

Pre Account Setup

  • Make a s3 bucket for your lambda's: aws s3 mb s3://your-unique-bucket-name --region ap-southeast-2

Create MS Teams Webhook

  • Log into your MS Teams account and select the channel you want to install the webhook

  • Select Connectors

  • Click Add/Manage on Incoming Webhook

  • Give your webhook a name and picture and click create

  • Copy your webhook url

  • Paste your webhook url into the default value in template.yaml and if you want to test locally paste it into vars.json

Deploy App

  • run sam package to s3 bucket you created earlier:
sam package --template-file template.yaml --s3-bucket your-s3-bucket --output-template sam-output.yaml
  • run sam deploy:
sam deploy --template-file sam-output.yaml --stack-name WatchSecurityGroup --capabilities CAPABILITY_IAM

Testing App

Testing is really easy with sam-cli, you just give it the function and event you want to invoke.

Note: you need to modify the "groupId" value in the sample events with a real security group for testing, also add a real webhook value in vars.json.

  • run sam test:
sam local invoke -e events/event_iam.json WatchSecurityGroupFunction -n vars.json

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.