This job blocks public access to port 5601 for both IPv4 and IPv6 for all security groups associated with an EC2 instance by removing all the ingress security group rules containing port 5601 in the port range and source as "0.0.0.0/0" or "::/0".
4823ede0-7bed-4af0-a182-81c2ada80203
EC2 instance should restrict public access to Kibana port (5601)
The provided AWS credential must have access to ec2:DescribeInstances, ec2:RevokeSecurityGroupIngress, ec2:DescribeSecurityGroupRules.
You may find the latest example policy file here
You may run this script using following commands:
pip install -r ../../requirements.txt
python3 ec2_close_port_5601.pyYou may run test using following command under vss-remediation-worker-job-code-python directory:
python3 -m pytestThe VMware Aria Automation for Secure Clouds team welcomes welcomes contributions from the community. If you wish to contribute code and you have not signed our contributor license agreement (CLA), our bot will update the issue when you open a Pull Request. For any questions about the CLA process, please refer to our FAQ. All contributions to this repository must be signed as described on that page. Your signature certifies that you wrote the patch or have the right to pass it on as an open-source patch.
For more detailed information, refer to CONTRIBUTING.md.
We use SemVer for versioning. For the versions available, see the tags on this repository.
- VMware VMware Aria Automation for Secure Clouds - Initial work
See also the list of contributors who participated in this project.
This project is licensed under the Apache License - see the LICENSE file for details