Tracking what is using a security group

0

Hello, I am still at trying to clean up AWS account, and am needing some advice.

In AWS - EC2 - Security Groups - I have several critical vulnerabilities there, and in lieu of just nixing the issues, as im SURE it will blow something up, how do I find what function(s) are using this security group. So I can chase it back to its roots, see if they can be safely removed, or changed so the security value that is a vulnerability can be removed. THANKS

4 Answers
1

Check out this document. You can do it via the console as shown in the document or via the CLI:

aws ec2 describe-network-interfaces --filters Name=group-id,Values=<group-id> --region <region> --output json

Hope this helps

AWS
AWSJoe
answered 2 years ago
  • Unfortunately this will only catch resources in the current account, but if you have VPC peering you could have SG in a different account referencing it. You should loop on every account having a peering in fact.

1

Hello @BigD63

We answered your question in the latest episode of AWS Supports You. Please take a look at the YouTube video here, and we hope it helps answer your question! https://www.youtube.com/watch?v=lzadlmq4LcM

Please don't hesitate to comment here if you have any follow up questions. If this helped to answer your question, please make sure to mark this question as answered.

Have a great day!

profile pictureAWS
EXPERT
Rob_H
answered 2 years ago
0

This will definitely show you all the resources your security group is associate with aws ec2 describe-network-interfaces --filters Name=group-id,Values=<group-id> --region <region> --output json --query 'NetworkInterfaces'

profile pictureAWS
answered a year ago
0

Hey, does checking into network interfaces cover all cases? or there might be some cases further left and we end up deleting the wrong one. Couple of things on top of my head

  1. What if a security group is referenced by another security group but not there in a network interface
  2. What if security group is used by another account?

there might be other cases ,how can we make sure that these cases are also handled or am i just being too much paranoid?

Thanks

answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions