A comprehensive Python-based dashboard for analyzing AWS Security Groups across multiple accounts to identify traffic patterns, security vulnerabilities (especially 0.0.0.0/0 rules), and create communication maps between security groups.
This tool performs security audits and traffic analysis across 14 AWS accounts to:
- Identify and analyze 0.0.0.0/0 (public access) rules
- Map security group communications
- Analyze ports, protocols, and IP patterns
- Generate comprehensive security reports
- Provide interactive visualization dashboard
-
SecurityGroupAnalyzer (
security_group_analyzer.py)- Main analysis engine
- Multi-account data collection
- Cross-account role assumption
- Parallel processing for efficiency
-
Interactive Dashboard (
dashboard.py)- Streamlit-based web interface
- Real-time data visualization
- Network communication graphs
- Filtering and export capabilities
-
Data Models
- SecurityGroupRule dataclass for structured data
- Comprehensive rule analysis
- Traffic pattern identification
- Public Access Detection: Automatically identifies 0.0.0.0/0 rules
- Communication Mapping: Maps inter-security-group communications
- Port Analysis: Analyzes port usage patterns across accounts
- Protocol Distribution: Breaks down traffic by protocol types
- Interactive Visualizations: Network graphs, charts, and metrics
- Multi-Account Support: Analyze across all 14 target accounts
- Real-time Filtering: Filter by account, region, protocol
- Export Functionality: Generate CSV reports for further analysis
Target AWS Accounts:
- 549166761550, 025381531841, 138351723750, 852584260383
- 790679477109, 144196841275, 174436502675, 575045511530
- 713037428386, 856231879353, 338589391164, 147367150109
- 270134153674, 106363003370 (root)
- Python 3.8 or higher
- AWS CLI configured with appropriate credentials
- Cross-account IAM roles set up for security analysis
-
Clone and navigate to the project:
cd c:\ps\awsMapper
-
Install Python dependencies:
pip install -r requirements.txt -
Configure AWS credentials:
- Ensure AWS CLI is configured with credentials that can assume cross-account roles
- Set up IAM roles in each target account with SecurityAudit permissions
For each target account, create an IAM role named SecurityAuditRole with:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeSecurityGroups",
"ec2:DescribeVpcs",
"ec2:DescribeRegions"
],
"Resource": "*"
}
]
}Trust policy to allow cross-account access:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::106363003370:root"
},
"Action": "sts:AssumeRole"
}
]
}Run the security group analyzer directly:
python security_group_analyzer.pyThis will:
- Collect security group data from all accounts and regions
- Generate CSV reports in the
./reportsdirectory - Display summary statistics
Launch the Streamlit dashboard:
streamlit run dashboard.pyThe dashboard provides:
- Overview: Key metrics and alerts
- Public Rules: Detailed view of 0.0.0.0/0 rules
- Communication Map: Network visualization of SG communications
- Port Analysis: Port usage patterns and statistics
- Charts & Graphs: Visual analysis by account and region
- Raw Data: Export functionality and raw data access
- Total rules count across all accounts
- Public rules identification and alerts
- Account and security group summaries
- Detailed list of all 0.0.0.0/0 rules
- Filtering by account and protocol
- Export capabilities for remediation planning
- Interactive network graph showing SG communications
- Detailed communication matrix
- Protocol and port information
- Most commonly used ports
- Protocol distribution charts
- Security implications of port usage
- Rules distribution by account
- Regional analysis
- Security posture comparisons
The tool generates several CSV reports:
- all_security_group_rules_[timestamp].csv: Complete rule inventory
- public_rules_[timestamp].csv: All rules allowing 0.0.0.0/0 access
- communication_map_[timestamp].csv: Inter-SG communication matrix
- port_analysis_[timestamp].csv: Port usage analysis
- READ-ONLY: This tool only reads security group configurations
- No Modifications: Cannot and will not modify any security groups
- Audit Trail: All analysis activities are logged
- Secure Credentials: Uses AWS STS for secure cross-account access
- Permissions Required: Ensure proper IAM roles are configured
- Rate Limiting: The tool implements appropriate API throttling
- Large Datasets: Analysis may take several minutes for all accounts
- Network Requirements: Requires internet access to AWS APIs
Modify the regions parameter in SecurityGroupAnalyzer:
regions = ['us-east-1', 'us-west-2', 'eu-west-1', 'your-new-region']Extend the SecurityGroupRule dataclass to capture additional metadata:
@dataclass
class SecurityGroupRule:
# ... existing fields ...
custom_field: str = ""-
Authentication Errors
- Verify AWS credentials are configured
- Check cross-account role permissions
- Ensure STS is allowed in your region
-
No Data Retrieved
- Verify account IDs are correct
- Check regional availability
- Confirm security group permissions
-
Dashboard Not Loading
- Ensure all dependencies are installed
- Check Python version compatibility
- Verify Streamlit installation
Enable detailed logging by modifying the log level:
logging.basicConfig(level=logging.DEBUG)This project is intended for internal security analysis purposes.
- Follow existing code structure
- Add comprehensive error handling
- Update documentation for new features
- Test with multiple accounts before deployment
For issues or questions:
- Check the troubleshooting section
- Review AWS IAM configurations
- Verify account access permissions
- Check regional service availability