Skip to content

Instantly share code, notes, and snippets.

@garnaat
Created October 15, 2014 19:08
  • Star 9 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save garnaat/4123f1aefe7d65df9b48 to your computer and use it in GitHub Desktop.
A skew script to audit all security groups for non-whitelisted IP addresses
import skew
# Add whitelisted CIDR blocks here, e.g. 192.168.1.1/32.
# Any addresses not in this list will be flagged.
whitelist = []
for secgrp in skew.scan('arn:aws:ec2:*:*:security-group/*'):
for ipperms in secgrp.data['IpPermissions']:
for ip in ipperms['IpRanges']:
if ip['CidrIp'] not in whitelist:
print('%s: %s is not whitelisted' % (sg.arn, ip['CidrIp']))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment