SSH-Restricted deploys an SSH compliance rule (AWS Config) with auto-remediation via AWS Lambda if SSH access is public.

Adrian Hornsby

Last update: Nov 8, 2022

Overview

SSH-Restricted

SSH-Restricted deploys an SSH compliance rule with auto-remediation via AWS Lambda if SSH access is public.

SSH-Auto-Restricted checks incoming SSH traffic configurations for security groups using AWS Config rule.
The rule is COMPLIANT when IP addresses of the incoming SSH traffic in the security groups are restricted (CIDR other than 0.0.0.0/0)
This rule applies only to IPv4.
If a security group is changed with SSH traffic CIDR equal to 0.0.0.0/0, the AWS Config rule becomes NON_COMPLIANT
The NON_COMPLIANT event triggers an Eventbridge rule which triggers an AWS Lambda function that removes the SSH incoming traffic

Architecture diagram of the app.

Deploying the App to AWS Cloud

Install CDK

$ npm install -g aws-cdk

Create Python Virtual Environment

python -m venv .venv
source .venv/bin/activate

Install Python-specific modules

pip install -r requirements.txt

Create Cloudformation from CDK

cdk synth

Deploy

cdk deploy

Useful commands

cdk ls list all stacks in the app
cdk synth emits the synthesized CloudFormation template
cdk deploy deploy this stack to your default AWS account/region
cdk diff compare deployed stack with current state
cdk docs open CDK documentation

Enjoy!

AWS Lambda - Parsing Cloudwatch Data and sending the response via email.

AWS Lambda - Parsing Cloudwatch Data and sending the response via email. Author: Evan Erickson Language: Python Backend: AWS / Serverless / AWS Lambda

1 Nov 14, 2021

CloudFormation Drift Remediation - Use Cloud Control API to remediate drift that was detected on a CloudFormation stack

36 Dec 11, 2022

A simple telegram bot to save restricted content with custom thumbmail support by Mahesh Chauhan

Save Restricted Content Bot A simple telegram bot to save restricted content with custom thumbmail support by Mahesh Chauhan. Variables API_ID API_HAS

532 Jan 2, 2023

A stable telegram bot to get restricted messages with custom thumbnail support

Save restricted content Bot A stable telegram bot to get restricted messages with custom thumbnail support

3 Feb 9, 2022

Zalo AI challenge 2021 5K-Compliance

Zalo AI challenge 2021 5K-Compliance Prepare data: Dữ liệu của ban tổ chức cung

32 Nov 21, 2022

AWS Auto Inventory allows you to quickly and easily generate inventory reports of your AWS resources.

Photo by Denny Müller on Unsplash AWS Automated Inventory ( aws-auto-inventory ) Automates creation of detailed inventories from AWS resources. Table

123 Dec 26, 2022

Criando Lambda Functions para Ingerir Dados de APIs com AWS CDK

LIVE001 - AWS Lambda para Ingerir Dados de APIs Fazer o deploy de uma função lambda com infraestrutura como código Lambda vai numa API externa e extra

12 Nov 20, 2022

A python library for creating Slack slash commands using AWS Lambda Functions

slashbot Slashbot makes it easy to create slash commands using AWS Lambda functions. These can be handy for creating a secure way to execute automated

17 Oct 21, 2022

AWS SQS event redrive Lambda With Python

AWS SQS event redrive Lambda This repository contains one simple AWS Lambda function in Python to redrive AWS SQS events from source queue to destinat

1 Oct 19, 2021

Comments

Managed Policy AWSConfigRole is deprected and replaced by AWS_ConfigRole

Managed Policy AWSConfigRole is deprected and replaced by AWS_ConfigRole. https://aws.amazon.com/blogs/mt/service-notice-upcoming-changes-required-for-aws-config/

Need to change the app.py else the CDK stack while deploying is giving error

opened by mayurbhagia 0

SSH-Restricted deploys an SSH compliance rule (AWS Config) with auto-remediation via AWS Lambda if SSH access is public.

Related tags

Overview

SSH-Restricted

SSH-Restricted deploys an SSH compliance rule with auto-remediation via AWS Lambda if SSH access is public.

Architecture diagram of the app.

Deploying the App to AWS Cloud

Install CDK

Create Python Virtual Environment

Install Python-specific modules

Create Cloudformation from CDK

Deploy

Useful commands

You might also like...

AWS Lambda - Parsing Cloudwatch Data and sending the response via email.

CloudFormation Drift Remediation - Use Cloud Control API to remediate drift that was detected on a CloudFormation stack

A simple telegram bot to save restricted content with custom thumbmail support by Mahesh Chauhan

A stable telegram bot to get restricted messages with custom thumbnail support

Zalo AI challenge 2021 5K-Compliance

AWS Auto Inventory allows you to quickly and easily generate inventory reports of your AWS resources.

Criando Lambda Functions para Ingerir Dados de APIs com AWS CDK

A python library for creating Slack slash commands using AWS Lambda Functions

AWS SQS event redrive Lambda With Python

Comments

Managed Policy AWSConfigRole is deprected and replaced by AWS_ConfigRole

Owner

Adrian Hornsby

Access Undenied parses AWS AccessDenied CloudTrail events, explains the reasons for them, and offers actionable remediation steps. Open-sourced by Ermetic.

aws-lambda-scheduler lets you call any existing AWS Lambda Function you have in a future time.

Python + AWS Lambda Hands OnPython + AWS Lambda Hands On

Aws-lambda-requests-wrapper - Request/Response wrapper for AWS Lambda with API Gateway

Lambda-function - Python codes that allow notification of changes made to some services using the AWS Lambda Function

Automatically compile an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance frameworks.

Auto Liker, Auto Reaction, Auto Comment, Auto Follower Tool. RajeLiker Credit Hacker.

AWS-serverless-starter - AWS Lambda serverless stack via Serverless framework

A suite of utilities for AWS Lambda Functions that makes tracing with AWS X-Ray, structured logging and creating custom metrics asynchronously easier

POC de uma AWS lambda que executa a consulta de preços de criptomoedas, e é implantada na AWS usando Github actions.