2 Answers
- Newest
- Most votes
- Most comments
0
AWS Config query to list all instances where the security group allows ingress port 22 from 0.0.0.0:
SELECT
ec2Instance.instanceId,
ec2Instance.instanceType,
ec2SecurityGroup.groupId,
ec2SecurityGroup.groupName
WHERE
ec2SecurityGroup.ipPermissions IN (
{
'ipProtocol': 'tcp',
'fromPort': 22,
'toPort': 22,
'ipRanges': [
{
'cidrIp': '0.0.0.0/0'
}
]
}
)
This query uses the AWS Config ec2Instance and ec2SecurityGroup resources to find instances with security groups that allow inbound traffic on port 22 from any IP address (0.0.0.0/0).
You can run this query in the AWS Management Console or using the AWS CLI command aws configservice select-resources --expression <query>.
Hi Sandeep, Executing the SQL in config is giving below error:
Error syntax error at line 7, column 34
that you're experiencing a syntax error in your SQL configuration. To better assist you, could you please share the SQL statement that's causing the error, especially around line 7, column 34?
Relevant content
- asked 10 months ago
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 5 months ago
Hi Yaniv, this should show all the security groups that have the ssh over for 0.0.0.0, however, how to add the third attribute which is instance IP.
Virender, I just posted an article that describes how you can detect which instances that have such security group associated with them. I hope it helps.
Hi Yaniv, I went through the document and thanks for creating the script. I will try executing and see how it goes.
Thanks Virender, please report back if it works for you. If so, kindly accept the answer so others can benefit from this too.