AwsSecurityCzar
Manages changes to AWS EC2 Security Groups via YAML files.
Installation
Add this line to your application's Gemfile:
gem 'aws-security-czar'
And then execute:
$ bundle
Or install it yourself as:
$ gem install aws-security-czar
Setup
Install gems:
bundle install
Add your aws credentials to the environment config:
# config/aws_keys.yml
---
staging:
  access_key: YOUR_ACCESS_KEY
  secret_key: YOUR_SECRET_KEY
production:
  access_key: YOUR_ACCESS_KEY
  secret_key: YOUR_SECRET_KEY
Usage
Configure the rules:
Each file in config/ should match up with the name of a security group. Enter the rules in the following format:
---
description: App Servers for Taco Service
vpc: <%= environment == "production" ? 'vpc-wsad' : 'vpc-asdf' %>
region: <%= environment == "production" ? 'us-east-1' : 'us-west-2' %>
inbound:
-
  :zone: Private Subnet # Optional description
  :protocol: :any # Leave Blank for all protocols
  :port_range: 443 # Leave Blank for all ports
  :ip_ranges:
  - 10.0.0.0/24
outbound: # Inbound and outbound rules are separate
-
  :zone: Private Subnet
  :protocol: :tcp
  :port_range: 443
  :ip_ranges:
  - 10.0.0.0/24Update the rules on AWS:
aws-security-czar update [-r region_name] <environment_name>
Note: If no region is specified us-east-1 is assumed.
Contributing
- Fork it ( https://github.com/[my-github-username]/aws-security-czar/fork )
- Create your feature branch (git checkout -b my-new-feature)
- Commit your changes (git commit -am 'Add some feature')
- Push to the branch (git push origin my-new-feature)
- Create a new Pull Request