{"id":25738329,"url":"https://github.com/reasonsoftware/security-group-manager","last_synced_at":"2025-05-08T03:57:54.833Z","repository":{"id":38462187,"uuid":"261866879","full_name":"ReasonSoftware/security-group-manager","owner":"ReasonSoftware","description":":closed_lock_with_key: AWS Security Group Management Lambda :closed_lock_with_key:","archived":false,"fork":false,"pushed_at":"2024-11-25T14:05:13.000Z","size":5450,"stargazers_count":4,"open_issues_count":1,"forks_count":0,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-05-08T03:57:48.984Z","etag":null,"topics":["aws","devops","firewall","lambda","security","whitelist"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ReasonSoftware.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-05-06T20:06:16.000Z","updated_at":"2024-07-23T23:13:06.000Z","dependencies_parsed_at":"2023-02-08T06:31:27.177Z","dependency_job_id":"c604ec1f-b51d-4fa9-b6f3-5e5c8cad7d45","html_url":"https://github.com/ReasonSoftware/security-group-manager","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ReasonSoftware%2Fsecurity-group-manager","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ReasonSoftware%2Fsecurity-group-manager/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ReasonSoftware%2Fsecurity-group-manager/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ReasonSoftware%2Fsecurity-group-manager/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ReasonSoftware","download_url":"https://codeload.github.com/ReasonSoftware/security-group-manager/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252996334,"owners_count":21837621,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","devops","firewall","lambda","security","whitelist"],"created_at":"2025-02-26T07:29:58.327Z","updated_at":"2025-05-08T03:57:54.818Z","avatar_url":"https://github.com/ReasonSoftware.png","language":"Go","readme":"# security-group-manager\n\n[![Release](https://img.shields.io/github/v/release/ReasonSoftware/security-group-manager)](https://github.com/ReasonSoftware/security-group-manager/releases/latest)\n[![Go Report Card](https://goreportcard.com/badge/github.com/ReasonSoftware/security-group-manager)](https://goreportcard.com/report/github.com/ReasonSoftware/security-group-manager)\n[![Release](https://github.com/ReasonSoftware/security-group-manager/workflows/release/badge.svg)](https://github.com/ReasonSoftware/security-group-manager/actions)\n[![License](https://img.shields.io/github/license/ReasonSoftware/security-group-manager)](LICENSE.md)\n\nAn AWS **Lambda** to maintain whitelist rules on **Security Groups**.\n\n![PIC](docs/images/demo.gif)\n\n## Features\n\n- Manage trusted CIDRs in one place.\n- Manage some or all of the rules in a security group automatically.\n- Mix multiple protocols on a security group.\n- Define your own custom protocols.\n\n## Manual\n\nTag a security group with `\u003cprotocol-name\u003e=managed` that matches of the protocols from a configuration.\n\n## Install\n\n1. Download [latest release](https://github.com/ReasonSoftware/security-group-manager/releases/latest) and extract the archive\n2. Create **AWS Secrets Manager** Secret with the sample/custom configuration:\n\n    \u003cdetails\u003e\u003csummary\u003eSample Configuration\u003c/summary\u003e\n\n    ```json\n    {\n        \"protocols\": {\n            \"http\": {\n                \"transport\": \"tcp\",\n                \"from_port\": 80,\n                \"to_port\": 80\n            },\n            \"https\": {\n                \"transport\": \"tcp\",\n                \"from_port\": 443,\n                \"to_port\": 443\n            },\n            \"ssh\": {\n                \"transport\": \"tcp\",\n                \"from_port\": 22,\n                \"to_port\": 22\n            },\n            \"rdp\": {\n                \"transport\": \"tcp\",\n                \"from_port\": 3389,\n                \"to_port\": 3389\n            }\n        },\n        \"rules\": [\n            {\n                \"cidr\": \"34.226.14.13/32\",\n                \"note\": \"Primary VPN\"\n            },\n            {\n                \"cidr\": \"52.15.127.128/27\",\n                \"note\": \"UK Office\"\n            },\n            {\n                \"cidr\": \"35.158.136.0/22\",\n                \"note\": \"US Office\"\n            },\n            {\n                \"cidr\": \"52.57.254.0/29\",\n                \"note\": \"IL Office\"\n            },\n            {\n                \"cidr\": \"13.54.63.128/32\",\n                \"note\": \"Backup VPN\"\n            }\n        ]\n    }\n    ```\n\n    \u003c/details\u003e\n\n3. Update `serverless.yaml`\n    - **Secret Name**: Fill in you secret name under `environment/SECRET`\n    - **Secrets Manager Permissions**: Update `iamRoleStatements/Resource` to contain your secret name or full ARN.\n    - Lambda is configured to run periodically every half an hour, you may change that under `functions/app/schedule`.\n\n    \u003cdetails\u003e\u003csummary\u003eOptional Configuration\u003c/summary\u003e\n\n    You may tweak the Lambda's behavior via additional environmental variables:\n\n    - `DEBUG=true` - Enable verbose logs\n    - `LOCAL=true` - Toggle to execute outside of AWS Lambda environment (useful during local development)\n    - `OPERATIONAL_REGION=\u003cregion\u003e` - Region in which lambda should manage the security groups. This allows to manage multiple regions from multiple lambdas deployed in a single region (default: `us-east-1`)\n    - `SECRET_REGION=\u003cregion\u003e` - **Secrets Manager** region in which a *whitelist* secret is created. Allows to maintain a single *source of truth* for lambdas deployed in multiple regions (default: `us-east-1`)\n\n    \u003c/details\u003e\n\n4. Deploy with: `serverless deploy --stage prod` or create Lambda manually\n\n*In order to use latest version (master branch), you may clone the repository and compile the project by running `make release` before deploying it*\n\n## Notes\n\n- You may build the project for `linux/amd64` using `Go` or handy `make` scripts on Linux/MacOS workstation:\n  - `make lint` - Lint project\n  - `make test` - Execute unit tests\n  - `make` - Lint + Unit Test + Vendor\n  - `make codecov` - Open code-coverage report\n  - `make release` - Compile project\n\n## License\n\n[MIT](LICENSE.md) © 2020 Reason Cybersecurity Ltd.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freasonsoftware%2Fsecurity-group-manager","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Freasonsoftware%2Fsecurity-group-manager","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freasonsoftware%2Fsecurity-group-manager/lists"}