SSM Network firewall audit

Hello!

Usually we would suggest using AWS Firewall Manager as this is the best way to have a single view for your Security Groups and enforce a baseline policy across applications/ many instances. This is described in detail under this documentation: https://aws.amazon.com/blogs/security/how-to-continuously-audit-and-limit-security-groups-with-aws-firewall-manager/ https://aws.amazon.com/firewall-manager/ AWS Firewall Manager may be more suitable for what you are trying to accomplish.

For your questions regarding this under SSM, I was not able to find the documentation which you are referring to. Could I please ask that you include a link here so that I can check on that for you?

Hi!

If you're looking to see if the security groups on the instances allow for overly permissive access (such as wide open 0/0), you could use Trusted Advisor: https://docs.aws.amazon.com/awssupport/latest/user/trusted-advisor-check-reference.html#security-groups-specific-ports-unrestricted. Trusted Advisor can be displayed in Systems Manager: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-trusted-advisor-and-phd.html.

If you're looking for something else, you could also use Systems Manager OpsCenter to configure alerts based off AWS Security Hub events: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html.

AWS Firewall Manager can offer more network security checks, but requires integration with more services (Organizations, possibly Network Firewall) and can be pricier as well.

And lastly, AWS Config offers the ability to check resources and their configuration as well: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html. It's possible to create your own custom Config rules too.