SSH-Restricted deploys an SSH compliance rule (AWS Config) with auto-remediation via AWS Lambda if SSH access is public.

Related tags

Third-party APIs Wrapperspythonsshawssecurityaws-lambdapython3immutabilitycdkdevsecopsssh-accessauto-remediationawsconfigawscdk
Overview

SSH-Restricted

SSH-Restricted deploys an SSH compliance rule with auto-remediation via AWS Lambda if SSH access is public.

  • SSH-Auto-Restricted checks incoming SSH traffic configurations for security groups using AWS Config rule.
  • The rule is COMPLIANT when IP addresses of the incoming SSH traffic in the security groups are restricted (CIDR other than 0.0.0.0/0)
  • This rule applies only to IPv4.
  • If a security group is changed with SSH traffic CIDR equal to 0.0.0.0/0, the AWS Config rule becomes NON_COMPLIANT
  • The NON_COMPLIANT event triggers an Eventbridge rule which triggers an AWS Lambda function that removes the SSH incoming traffic

Architecture diagram of the app.

Deploying the App to AWS Cloud

Install CDK

$ npm install -g aws-cdk

Create Python Virtual Environment

python -m venv .venv
source .venv/bin/activate

Install Python-specific modules

pip install -r requirements.txt

Create Cloudformation from CDK

cdk synth

Deploy

cdk deploy

Useful commands

  • cdk ls list all stacks in the app
  • cdk synth emits the synthesized CloudFormation template
  • cdk deploy deploy this stack to your default AWS account/region
  • cdk diff compare deployed stack with current state
  • cdk docs open CDK documentation

Enjoy!

Owner
Adrian Hornsby
I am a Principal Developer Evangelist, Architecture, AWS - Breaking stuff mostly :-)
Adrian Hornsby
GitHub Repository
SEBUAH TOOLS CRACK FACEBOOK & INSTAGRAM DENGAN FITUR YANGMENDUKUNG

SEBUAH TOOLS CRACK FACEBOOK & INSTAGRAM DENGAN FITUR YANGMENDUKUNG

Jeeck X Nano 1 Dec 27, 2021
Simple library for logging to Loggly

#Hoover A python wrapper used to hit the Loggly. API For more information on Hoover see http://wiki.loggly.com/hooverguide ##Install With this git rep

Hoover Loggly 34 May 19, 2021
A file-based quote bot written in Python

Let's Write a Python Quote Bot! This repository will get you started with building a quote bot in Python. It's meant to be used along with the Learnin

1 Jan 15, 2022
Easily report Instagram pages and close the page

Program Features - πŸ“Œ Delete target post on Instagram. - πŸ“Œ Delete Media Target post on Instagram - πŸ“Œ Complete deletion of the target account on Inst

hack4lx 11 Nov 25, 2022
A pypi package that helps in generating discord bots.

A pypi package that helps in generating discord bots.

KlevrHQ 3 Nov 17, 2021
A Simple, LightWeight, Statically-Typed Python3 API wrapper for GogoAnime.

AniKimi API A Simple, LightWeight, Statically-Typed Python3 API wrapper for GogoAnime The v2 of gogoanimeapi (depreciated) Made with JavaScript and Py

17 Dec 09, 2022
This is a Telegram video compress bot repo. By Binary TechπŸ’«

This is a Telegram Video Compress Bot. Prouduct By Binary Tech πŸ’« Features Compresse videos and generate screenshots too.You can set custom video name

silentz lk 7 Mar 03, 2022
Simple Telegram Bot To Get Feedback from users & Some Other Features

FeedbackBot Simple Telegram Bot To Get Feedback from users & Some Other Features. Features Get Feedback from users Reply to user's feedback Customisab

Arun 18 Dec 29, 2022
Quickly edit your slack posts.

Lightning Edit Quickly edit your Slack posts. Heavily inspired by @KhushrajRathod's LightningDelete. Usage: Note: Before anything, be sure to head ove

Cole Wilson 14 Nov 19, 2021
Replace sequence_IDs in gff3 based on given genome.fasta

gff-rename Replace the sequence IDs in a gff3 file with a set of provided sequence IDs from a genom.fasta. This is useful when a gff3 file is retrieve

tolkit 1 Nov 12, 2021
The Easy-to-use Dialogue Response Selection Toolkit for Researchers

Easy-to-use toolkit for retrieval-based Chatbot Our released data can be found at this link. Make sure the following steps are adopted to use our code

GMFTBY 32 Nov 13, 2022
a discord bot that pulls the latest or most relevant research papers from arxiv.org

AI arxiver a discord bot that pulls the latest or most relevant research papers from arxiv.org invite link : Arxiver bot link works in progress Usage

Ensias AI 14 Sep 03, 2022
AWS Quick Start Team

EKS CDK Quick Start (in Python) DEVELOPER PREVIEW NOTE: Thise project is currently available as a preview and should not be considered for production

AWS Quick Start 83 Sep 18, 2022
Mixcloud API wrapper for Python and Async IO

aiomixcloud Mixcloud API wrapper for Python and Async IO aiomixcloud is a wrapper library for the HTTP API of Mixcloud. It supports asynchronous opera

Aristotelis Mikropoulos 26 Dec 31, 2022
An advanced QR Code telegram bot with more features.

QR Code Bot A telegram qr code encode and decode bot Advanced Features 1. Database ( MongoDB ) Support 2. Broadcast Support 3. Status Command 4. Setti

Fayas Noushad 16 Nov 12, 2022
Revolt.py - An async library to interact with the https://revolt.chat api.

Revolt.py An async library to interact with the https://revolt.chat api. This library will be focused on making bots and i will not implement anything

Zomatree 0 Oct 08, 2022
VideocompBot - This is TG Video Compress BoT. Prouduct By BINARY Tech πŸ’«

VideocompBot - This is TG Video Compress BoT. Prouduct By BINARY Tech πŸ’«

1 Jan 04, 2022
Muzan-Discord-Nuker - A simple discord server nuker in python

Muzan-Discord-Nuker This is Just a simple discord server nuker in python. ✨ Feat

Afnan 3 May 14, 2022
Group Management Bot

❀️ π—¦π—›π—”π——π—œπ—¬π—’ ❀️ A Powerful, Smart And Advance Group Manager ... Written with AioGram , Pyrogram and Telethon... ⭐️ Thanks to everyone who starred

Abdisamad Omar Mohamed 4 Dec 01, 2021
DonLee Robot

πŸ€– πƒπŽπ 𝐋𝐄𝐄 π‘πŽππŽπ“ π•πŸ πŸ€– πŸ‘‹ Hey Muhammed, Iam DonLee RoBoT Make me an admin for your group and channel then connect me.... πŸŽ‰ πŸ™‚ To build a

Muhammed 27 Dec 01, 2022