AWS: Security groups boto3 Reference



-- A security bunch controls the traffic that is permitted to reach and leave the assets it is related with. For instance, after a security bunch with an EC2 occurrence, it controls inbound and outbound traffic for that case. We can relate a security bunch just with the assets in the VPC for which it was made.

-- At the point when we make a VPC, it accompanies a default security bunch. We can make extra security bunches for each VPC.

-- There is no extra charge for utilizing security gatherings.

-- The accompanying outline a VPC with subnets in two Accessibility Zones, a Web Passage, and an Application Burden Balancer. Every accessibility zone has a public subnet for web servers and a private subnet for data set servers. There are isolated security bunches for the heap balancer, web servers, and information base servers. We can add rules to the heap balancer security gathering to permit HTTP and HTTPS traffic from the Web. We can add rules to a security bunch for web servers to permit traffic just from the heap balancer. We can add rules to the security bunch for data set servers to permit just data set demands from web servers.

What action can we perform using Boto3 for security group service? 

– We can perform following actions:

  • Get information about your security groups
  • Create a security group to access an Amazon EC2 instance
  • Delete an existing security group


Case study : to describe security group and filter it out using their attributes


--To retrieve the security group data we have to create an object for client EC2 through which we can perform various actions.

import boto3

// Ec2_Client as an object for client EC2 

Ec2_client = boto3.client('ec2')

//One of functionalities we can use is describe_security_groups

response = client.describe_security_groups(

    Filters=[

        {

// For Name we can use instance name or instanceID we have to just declare it in Name variable and put the value in the value variable

            'Name': 'string',

            'Values': [

                'string',

            ]

        }, ], GroupIds=[ 'string', ], GroupNames=[ 'string', ],)


Output - 

Link - https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2/client/describe_security_groups.html

– Basically the output is very long. It is in the dictionary or we can say JSON format. It describes all attributes associated with declared filters. Using this data we can further filter it out which can be classified as Non compliance and compliance. 


– Due to this the security aspect of AWS security group can be verified. It can be verified because we can implement auto-remediation to it.

– By following standard guidelines for a particular organisation we can implement it (same for all AWS services).

– As I have described in the previous blog about automation I want to add one more point. While creating an automation for some non-compliant resources we always look in the documentation whether the AWS is providing the SSM document or not. Basically SSM document is the YAML file which has the configuration scripted and we just have to implement that

Link - https://docs.aws.amazon.com/systems-manager/latest/userguide/automation-actions.html


Will discuss the case study on Configuration rules with an example and continue with boto3 documentation and how to implement it using Python Script in next week's Blog.


Thank You

Comments

Post a Comment

Popular posts from this blog

Data analysis with R

Image
Data analysis with R is a powerful approach, making it a popular choice among statisticians and data scientists. Example of data analysis using R, utilizing a dataset of student exam scores. Firstly, we need to import the dataset into R. Assuming our dataset is in a CSV file named "scores.csv," we can use the `read.csv` function: # Read the dataset data <- read.csv("exam_scores.csv") # Display the first few rows of the dataset head(data) # Summarize the dataset summary(data) # Calculate the average score average_score <- mean(data$Score) To visualize the distribution of scores, we can create a histogram: # Create a histogram hist(data$Score, main = "Exam Score Distribution", xlab = "Score") We can create a scatter plot: # Create a scatter plot plot(data$StudyHours, data$Score, main = "Study Hours vs. Exam Score", xlab = "Study Hours", ylab = "Score") These are just the basics; R offers a wide range of packages
Read more

Machine learning in Python

Image
Python has become a cornerstone in the field of machine learning due to its simplicity, versatility, and extensive ecosystem of libraries and frameworks. Python's syntax is easy to understand, making it accessible for beginners while powerful enough for experts. Key libraries like NumPy, pandas, and SciPy provide robust tools for data manipulation and analysis, which are crucial in preparing datasets for machine learning tasks. Frameworks such as TensorFlow, PyTorch, and scikit-learn simplify the implementation of machine learning algorithms. TensorFlow and PyTorch are particularly popular for deep learning applications, offering extensive support for building and training neural networks. Scikit-learn is widely used for more traditional machine learning methods, providing a user-friendly interface for implementing a range of algorithms from regression to clustering. Moreover, Python’s integration with Jupyter Notebooks facilitates interactive coding, visualization, and documentati
Read more

AWS: Config Rule & Compliance Check

Image
What is Config Rule? -- A config rule, also known as an AWS Config rule, is a customizable, automated process that evaluates the configuration of resources within an Amazon Web Services (AWS) account. The rule checks whether the resources conform to the desired configuration, and reports back on any discrepancies. Config rules can be used to ensure compliance with industry standards, security best practices, and company policies. -- To create a config rule, the user defines a set of conditions or constraints that must be met for the resource to be considered compliant. These conditions are specified using AWS Lambda functions, which can be written in Python. -- The Lambda function is triggered by the AWS Config service, which calls the function whenever a new resource is created, modified, or deleted. The function then performs the necessary checks, and returns a response indicating whether the resource is compliant or not. What are the functionality of the Config Rule? -- Config rules
Read more