SSH-Restricted deploys an SSH compliance rule (AWS Config) with auto-remediation via AWS Lambda if SSH access is public.

Related tags

Third-party APIs Wrapperspythonsshawssecurityaws-lambdapython3immutabilitycdkdevsecopsssh-accessauto-remediationawsconfigawscdk
Overview

SSH-Restricted

SSH-Restricted deploys an SSH compliance rule with auto-remediation via AWS Lambda if SSH access is public.

  • SSH-Auto-Restricted checks incoming SSH traffic configurations for security groups using AWS Config rule.
  • The rule is COMPLIANT when IP addresses of the incoming SSH traffic in the security groups are restricted (CIDR other than 0.0.0.0/0)
  • This rule applies only to IPv4.
  • If a security group is changed with SSH traffic CIDR equal to 0.0.0.0/0, the AWS Config rule becomes NON_COMPLIANT
  • The NON_COMPLIANT event triggers an Eventbridge rule which triggers an AWS Lambda function that removes the SSH incoming traffic

Architecture diagram of the app.

Deploying the App to AWS Cloud

Install CDK

$ npm install -g aws-cdk

Create Python Virtual Environment

python -m venv .venv
source .venv/bin/activate

Install Python-specific modules

pip install -r requirements.txt

Create Cloudformation from CDK

cdk synth

Deploy

cdk deploy

Useful commands

  • cdk ls list all stacks in the app
  • cdk synth emits the synthesized CloudFormation template
  • cdk deploy deploy this stack to your default AWS account/region
  • cdk diff compare deployed stack with current state
  • cdk docs open CDK documentation

Enjoy!

Owner
Adrian Hornsby
I am a Principal Developer Evangelist, Architecture, AWS - Breaking stuff mostly :-)
Adrian Hornsby
GitHub Repository
Send Informative, Concise Slack Notifications With Minimal Effort

slack-templates Send Informative, Concise Slack Notifications With Minimal Effort slack-templates Slack Integration Available Templates Usage Report t

9 Nov 03, 2022
Python Client for Instagram API

This project is not actively maintained. Proceed at your own risk! python-instagram A Python 2/3 client for the Instagram REST and Search APIs Install

Facebook Archive 2.9k Jan 01, 2023
Cogs version of iso6.9 with the help of thatOneArchUser

iso6.9-cogs (debloated) This is a cogs version of iso6.9 by αrchιshα#5518. iso6.9 is a Discord bot written in Python and is used to make your Discord

Kamilla Youver 2 Jun 10, 2022
Male' Map Telegram Bot

Male' Map TelegramBot A simple TelegramBot to fetch residential addresses in Male', Maldives. The bot can be queried inline or directly. sample .env f

Naail Abdul Rahman 12 Nov 25, 2022
Telegram bot to provide Telegram user/group/channel information

Whois-TeLeTiPs Telegram bot to provide Telegram user/group/channel information Deployment Methods Heroku Config Vars API_ID : Telegram API_ID, get it

11 Oct 21, 2022
Quickly and efficiently delete your entire tweet history with the help of your Twitter archive without worrying about the pointless 3200 tweet limit imposed by Twitter.

Twitter Nuke Quickly and efficiently delete your entire tweet history with the help of your Twitter archive without worrying about the puny and pointl

Mayur Bhoi 73 Dec 12, 2022
Easily report Instagram pages and close the page

Program Features - 📌 Delete target post on Instagram. - 📌 Delete Media Target post on Instagram - 📌 Complete deletion of the target account on Inst

hack4lx 11 Nov 25, 2022
Simple Bot With Python 3.8+ For Converstaion Your Media

Media-Conversation Simple Bot With Python 3.8+ For Converstaion Your Media

Farzin 2 Dec 06, 2021
A simple Python wrapper for the Amazon.com Product Advertising API ⛺

Amazon Simple Product API A simple Python wrapper for the Amazon.com Product Advertising API. Features An object oriented interface to Amazon products

Yoav Aviram 789 Dec 26, 2022
Minimal API for the COVID Booking System of the Offices at the UniPD Math Dep

Simple and easy to use python BOT for the COVID registration booking system of the math department @ unipd (torre archimede). This API creates an interface with the official website, with more useful

Guglielmo Camporese 4 Dec 24, 2021
A simple Spamming software made in python

Spam-qlk Warning!!! 'I' am not responsible for the 'damage or harm' caused by this 'Software'!!! Use at your own risk!!! Input the message. After you

Aditya kumar 1 Nov 30, 2021
A Telegram Userbot to play or streaming Audio and Video songs / files in Telegram Voice Chats.

Vcmusic-Userbot A Telegram Userbot to play or streaming Audio and Video songs / files in Telegram Voice Chats. It's made with PyTgCalls and Pyrogram R

3 Oct 23, 2021
Lumberjack-bot - A game bot written for Lumberjack game at Telegram platform

This is a game bot written for Lumberjack game at Telegram platform. It is devel

Uğur Uysal 6 Apr 07, 2022
Discord bot for user notes.

Noter A discord bot for handling notes for users. Want to keep track of things about your discord users? Then this bot is for you! Links DB Browser fo

Ori 2 Jun 05, 2022
Aria/qBittorrent Telegram mirror/leech bot

This is a Telegram Bot written in Python for mirroring files on the Internet to your Google Drive or Telegram. Based on python-aria-mirror-bot Feature

28 Dec 25, 2022
Shows VRML team stats of all players in your pubs

VRML Team Stat Searcher Displays Team Name, Team Rank (Worldwide), and tier of all the players in your pubs. GUI WIP: Username search works & pub name

Hamish 2 Dec 22, 2022
Send to Telegram, Vk, Discord

Triple send Версия для русских: здесь Demo: Telegram: @Triple_project_bot Discord: Triple project#0877 Vkontakte: @dev.santaspeen How to run Install r

2 Sep 27, 2022
Instagram Bot posting earthquakes with magnitude greater than or equal to 3.5.

Instagram Bot posting earthquakes with magnitude greater than or equal to 3.5

Alican Yüksel 4 Aug 22, 2022
Telegram Bot to Filter posts in Bot Inline search

Inline-Filter-Bot A Telegram Bot for filter in Inline Features Unlimited Filters Supports all type of filters Supports Alert Button Using Common Marku

Code X Botz 67 Dec 26, 2022
API Wrapper in Python for WeebyAPI

API Wrapper in Python for WeebyAPI

ashish 3 Feb 28, 2022