SSH-Restricted deploys an SSH compliance rule (AWS Config) with auto-remediation via AWS Lambda if SSH access is public.

Related tags

Third-party APIs Wrapperspythonsshawssecurityaws-lambdapython3immutabilitycdkdevsecopsssh-accessauto-remediationawsconfigawscdk
Overview

SSH-Restricted

SSH-Restricted deploys an SSH compliance rule with auto-remediation via AWS Lambda if SSH access is public.

  • SSH-Auto-Restricted checks incoming SSH traffic configurations for security groups using AWS Config rule.
  • The rule is COMPLIANT when IP addresses of the incoming SSH traffic in the security groups are restricted (CIDR other than 0.0.0.0/0)
  • This rule applies only to IPv4.
  • If a security group is changed with SSH traffic CIDR equal to 0.0.0.0/0, the AWS Config rule becomes NON_COMPLIANT
  • The NON_COMPLIANT event triggers an Eventbridge rule which triggers an AWS Lambda function that removes the SSH incoming traffic

Architecture diagram of the app.

Deploying the App to AWS Cloud

Install CDK

$ npm install -g aws-cdk

Create Python Virtual Environment

python -m venv .venv
source .venv/bin/activate

Install Python-specific modules

pip install -r requirements.txt

Create Cloudformation from CDK

cdk synth

Deploy

cdk deploy

Useful commands

  • cdk ls list all stacks in the app
  • cdk synth emits the synthesized CloudFormation template
  • cdk deploy deploy this stack to your default AWS account/region
  • cdk diff compare deployed stack with current state
  • cdk docs open CDK documentation

Enjoy!

Owner
Adrian Hornsby
I am a Principal Developer Evangelist, Architecture, AWS - Breaking stuff mostly :-)
Adrian Hornsby
GitHub Repository
Fully Automated Omegle Chatbot

omegle-bot tutorial features fast runs in background can run multiple instances at once Requirement Run this command in cmd, terminal or PowerShell (i

6 Aug 07, 2021
A program that automates the boring parts of completing the Daily accounting spreadsheet at Taos Ski Valley

TSV_Daily_App A program that automates the boring parts of completing the Daily accounting spreadsheet at my old job. To see how it works you will nee

Devin Beck 2 Jan 01, 2022
Bot for Telegram data Analysis

Bot Scraper for telegram This bot use an AI to Work powered by BOG Team you must do the following steps to make the bot functional: Install the requir

8 Nov 28, 2022
A discord bot that utilizes Google's Rest API for Calendar, Drive, and Sheets

Bott This is a discord bot that utilizes Google's Rest API for Calendar, Drive, and Sheets. The bot first takes the sheet from the schedule manager in

1 Dec 04, 2021
A slack bot that notifies you when a restaurant is available for orders

Slack Wolt Notifier A Slack bot that notifies you when a Wolt restaurant or venue is available for orders. How does it work? Slack supports bots that

Gil Matok 8 Oct 24, 2022
Apex lets you build, deploy, and manage AWS Lambda functions with ease.

No longer maintained This software is no longer being maintainted and should not be chosen for new projects. See this issue for more information Apex

Apex 25 Dec 23, 2022
Signs the target email up to over 1000 different mailing lists to get spammed each day.

Email Bomber Say goodbye to that email Features Signs up to over 1k different mailing lists Written in python so the program is lightweight Easy to us

Loxdr 1 Nov 30, 2021
Roaster - this gui app + program bundle roasts.

Roaster - this gui app + program bundle roasts.

Harsh ADV) 1 Jan 04, 2022
Jalali version of python calendar :date:

jcalendar jcalendar is Jalali implementation of Python's calendar module Status Install pip install jcalendar Documents This module almost follows Py

Iman Kermani 7 Aug 09, 2022
universal messaging & notifications api

Pronounced "boat-shahft" What is botschaft? Botschaft is unified messaging & notifications appliance. Want to text yourself when a long-running task c

Tyler M. Kontra 25 Aug 16, 2022
A Characther powerful in saints saiya anime and modular telegram group management bot built using python3

Kaneki Ken A Powerful and Modular Saint Aries is a Characther powerful in saints saiya anime and modular telegram group management bot built using pyt

1 Dec 21, 2021
A Python wrapper for the Yelp API v2

python-yelp-v2 A Python wrapper for the Yelp API v2. The structure for this was inspired by the python-twitter library, and some internal methods are

Matthew Conlen 12 Oct 24, 2017
Hack WhatsApp Account Easily(Android)

X-Whatsapp Hack WhatsApp Account Easily(Android) HOW TO RUN 👇 (Termux) pkg update && pkg upgrade pkg install python pkg install git git clone https:/

KiLL3R_xRO 72 Dec 21, 2022
An implementation of webhook used to notify GitHub repository events to DingTalk.

GitHub to DingTask An implementation of webhook used to notify GitHub repository events to DingTalk.

Prodesire 5 Oct 02, 2022
A Rich renderable for viewing Multiple Sequence Alignments in the terminal.

rich-msa A simple module to render colorful Multiple Sequence Alignment with rich in the terminal. 🔧 Installing Install the rich-msa package directly

Martin Larralde 64 Dec 04, 2022
EpikCord.py - This is an API Wrapper for Discord's API for Python

EpikCord.py - This is an API Wrapper for Discord's API for Python! We've decided not to fork discord.py and start completely from scratch for a new, better structuring system!

EpikHost 28 Oct 10, 2022
A telegram bot providing recon and research functions for bug bounty research

Bug Bounty Bot A telegram bot with commands to simplify bug bounty tasks Installation Use Road Map Installation BugBountyBot is open-source so you can

Tyler Butler 1 Oct 23, 2021
Daxcez-mirror-leech-telegram-bot - A Telegram Bot written in Python for mirroring files on the Internet to your Google Drive or Telegram

This is a Telegram Bot written in Python for mirroring files on the Internet to

1 Feb 18, 2022
The first open-source PyTgCalls-based project.

Calls Music — Telegram bot + userbot for streaming audio in group calls ✍🏻 Requirements FFmpeg Python 3.7+ 🚀 Deployment 🛠 Configuration Copy exampl

Calls Music 74 Nov 19, 2022
ApiMoedas - This API is a extesion of API

🪙 Api Moeda 🪙 Este projeto é uma extensão da API Awesome API. Basicamente, ele mostra todas as moedas que a Awesome API tem e todas as suas conversõ

Abel 4 May 29, 2022