{"id":26299235,"url":"https://github.com/trackit/aws-sg-tools","last_synced_at":"2025-07-30T12:06:12.367Z","repository":{"id":89792991,"uuid":"106407928","full_name":"trackit/aws-sg-tools","owner":"trackit","description":"A set of tools for auditing and analysing AWS security groups","archived":false,"fork":false,"pushed_at":"2017-10-10T11:54:51.000Z","size":6,"stargazers_count":5,"open_issues_count":0,"forks_count":2,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-06-16T23:36:58.381Z","etag":null,"topics":["auditing","aws","aws-sg","security-hardening","security-tools"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trackit.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-10-10T11:24:56.000Z","updated_at":"2023-08-16T23:40:28.000Z","dependencies_parsed_at":null,"dependency_job_id":"67e3ec18-b053-4d32-a6a0-8e5632f88a25","html_url":"https://github.com/trackit/aws-sg-tools","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/trackit/aws-sg-tools","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trackit%2Faws-sg-tools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trackit%2Faws-sg-tools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trackit%2Faws-sg-tools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trackit%2Faws-sg-tools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trackit","download_url":"https://codeload.github.com/trackit/aws-sg-tools/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trackit%2Faws-sg-tools/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267865893,"owners_count":24157343,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-30T02:00:09.044Z","response_time":70,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auditing","aws","aws-sg","security-hardening","security-tools"],"created_at":"2025-03-15T06:47:52.365Z","updated_at":"2025-07-30T12:06:12.312Z","avatar_url":"https://github.com/trackit.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Security Groups compliance checker \u0026 Security groups mapping to resources\n\nThose tools allow for auditing and analysing security groups.\n\nBoth tools are packaged inside `sg-tools` and can be accessed via subcommands.\n\nThe first tool `sg-tools compliance` will check all security rules on VPC to check for rules that are too broad, i.e. rules that allow for connections on all port, with either incomming our outgoing traffic. \n\nThe second tool `sg-tools sgmapping` will create a mapping between security groups and resources, to be able to see which resources has which security groups attached to it.\n\n## Requirements\n\nBelow are requirements for a standalone installation. If you wish, a Dockerfile is available to run in a container. Those instructions are available below.\n\n### System packages\n\nThe only requirement for the script to work is `Python 2.7`\n\n### Python packages\n\nThe python packages dependencies are listed in `requirements.txt`\n\nThe only dependency is `boto3`\n\nDependencies can be installed via :\n\n```\npip install -r requirements.txt\n```\n\n## Usage\n\n## Docker container\n\nYou will need to have [Docker](https://www.docker.com) installed.\n\nAfter that, you can build the image from the Dockerfile `docker build -t dockerfile/sgtools .`\n\nYou can then run the docker container :\n```\ndocker run -it --rm \\\n--env AWS_ACCESS_KEY_ID={Your AWS access key} \\\n--env AWS_SECRET_ACCESS_KEY={Your AWS secret key} \\\n--env AWS_DEFAULT_REGION={Default region} \\\ndockerfile/sgtools {Your command}\n```\n\n---\n\nThe available commands are listed below, they are `sgcompliance` and `sgmapping`\n\nBoto3 will use the credentials configures by AWS CLI. If you do not have credentials setup, you will need to run `aws configure`.\n\nYou can specify an aws profile via the option `--profile [PROFILE]`.\n\nYou can also run the program against all AWS regions via the option `--all-regions`.\n\n### Sgcompliance\n\nOnce your credentials are set just launch the script via `./sg-tools compliance`.\n\nIf problematic rules are found, the will be printed on `stdout`. If none are found, the script will not output anything\n\n### Sgmapping\n\nOnce your credentials are set, you can launch the script via `./sg-tools mapping [--reverse-direction]`.\n\nThe default behaviour is : `Security group XXXXXX mapped to resources X / Y / Z`.\n\nWhen passing `--reverse-direction` to the program, it will reverse the mapping direction, which will be :\n`Resource XXXXXX mapped to security groups X / Y / Z`\n\nIt should be noted that, for now, this script will only consider the following resources : `EC2`, `RDS`, `ELB`.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrackit%2Faws-sg-tools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrackit%2Faws-sg-tools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrackit%2Faws-sg-tools/lists"}