Find unused firewall rules in AWS

Comments

2 comments

  • Avatar
    Graham Watts

    Hey Mike, 

    This forum post might be helpful here:

    https://stackoverflow.com/questions/24685508/how-to-find-unused-amazon-ec2-security-groups 

    0
    Comment actions Permalink
  • Avatar
    Mike Unknown

    I appreciate the response, but that post only shows how to find unused security groups. I am looking for unused security rules within the groups.

    Since my initial post and the first response,  I have been using a 3rd party app, which is not very good, so I am still looking for a better solution. What I am trying to find is a list of security rules within an active security groups-  that had no activity (pass or denied traffic) within some specified time range (such as the last 6 months). The assumption would be that if no traffic has hit that security rule in the last 6 months, then it might be a rule that is not needed and can be removed from the security group - improving security.

    It is a common feature in most 3rd party firewalls to be able to show this type of information, but I have not seen any cloud provider provide this information with their cloud native security solutions.  I have looked for 3rd party cloud tools, but the only one I found isn't any good - meaning I found a tool on the AWS marketplace called piasoft flowlogs - but it is too buggy and not reliable. So I am am still wondering if anyone has created a query or app for Sumologic that can do this.

    If I find something, I will post it here but if anyone else knows of a solution, please let me know.

     

    0
    Comment actions Permalink

Please sign in to leave a comment.