security-group-manager

command module
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 11, 2020 License: MIT Imports: 8 Imported by: 0

README

security-group-manager

Release Go Report Card Build License

An AWS Lambda to maintain whitelist rules on Security Groups.

PIC

Features

  • Manage trusted CIDRs in one place.
  • Manage some or all of the rules in a security group automatically.
  • Mix multiple protocols on a security group.
  • Define your own custom protocols.

Manual

Tag a security group with <protocol-name>=managed that matches of the protocols from a configuration.

Install

  1. Download latest release and extract the archive

  2. Create AWS Secrets Manager Secret with the sample/custom configuration:

    Sample Configuration 
    {
    "protocols": {
        "http": {
            "transport": "tcp",
            "from_port": 80,
            "to_port": 80
        },
        "https": {
            "transport": "tcp",
            "from_port": 443,
            "to_port": 443
        },
        "ssh": {
            "transport": "tcp",
            "from_port": 22,
            "to_port": 22
        },
        "rdp": {
            "transport": "tcp",
            "from_port": 3389,
            "to_port": 3389
        }
    },
    "rules": [
        {
            "cidr": "34.226.14.13/32",
            "note": "Primary VPN"
        },
        {
            "cidr": "52.15.127.128/27",
            "note": "UK Office"
        },
        {
            "cidr": "35.158.136.0/22",
            "note": "US Office"
        },
        {
            "cidr": "52.57.254.0/29",
            "note": "IL Office"
        },
        {
            "cidr": "13.54.63.128/32",
            "note": "Backup VPN"
        }
    ]
}

  3. Update serverless.yaml

    • Secret Name: Fill in you secret name under environment/SECRET
    • Secrets Manager Permissions: Update iamRoleStatements/Resource to contain your secret name or full ARN.
    • Lambda is configured to run periodically every half an hour, you may change that under functions/app/schedule.
    Optional Configuration

    You may tweak the Lambda's behavior via additional environmental variables:

    • DEBUG=true - Enable verbose logs
    • LOCAL=true - Toggle to execute outside of AWS Lambda environment (useful during local development)

  4. Deploy with: serverless deploy --stage prod or create Lambda manually

In order to use latest version (master branch), you may clone the repository and compile the project by running make release before deploying it

Notes

  • You may build the project for linux/amd64 using Go or handy make scripts on Linux/MacOS workstation:
    • make lint - Lint project
    • make test - Execute unit tests
    • make - Lint + Unit Test + Vendor
    • make codecov - Open code-coverage report
    • make release - Compile project

License

MIT © 2020 Reason Cybersecurity Ltd.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
internal
app
pkg
sg

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.