integrate with SGs; compare flow logs with SG rules and identify UNUSED rules
11 comments
Like
11 Comments
Ayesha Fatima
Nov 27, 2023
Like
oycog
Aug 14, 2023
"From tree branches to keyboard keys, these monkey type are rewriting the narrative of their abilities. Their journey is a story of perseverance and triumph!"
Like
wijil36445
Aug 13, 2023
"Through Unsentproject.net, silence becomes a canvas for emotions to express themselves in their purest form."
Like
wijil36445
Aug 05, 2023
"isaimini 2023, you've turned my movie nights into unforgettable experiences."
Like
pia
Apr 03, 2018
Tom, as promised: https://www.piasoftware.net/single-post/2018/04/02/How-to-Use-the-Flow-Log-Viewer-from-another-account
There's a "Quick Create" option as an experimental thing, as well as step-by-step directions. It ought to take 2-3 minutes to set up. Cheers.
Like
tom.koukourdelis
Apr 02, 2018
thanks - sounds great. looking forward to it
Like
pia
Apr 02, 2018
Great!
Regarding multi-account support, we will put up a blog post about it sometime this week. The long and the short of it:
* You can log into the FLV with any pair of access/secret keys that you own. The app keeps all the user data separated in the database. No special configuration is needed.
* You control the security group of who can access your FLV instance. It appears in EC2's usual list of security groups.
* To create the users and access keys in the accounts that aren't hosting the FLV, you can grab the suggested IAM policy from the main CloudFormation template. We'll separate this out later this week into a separate CloudFormation template to make this simpler.
thanks. sounds very interesting. i'd like to get more info for multi account support. For example, we keep all tools in a central account and they manage our other 300+ accounts
Like
pia
Apr 01, 2018
TOM, It took longer than expected, but we launched that exact feature this week. We'll try to track you down to let you know!
We completed the feature, and submitted it to AWS Marketplace for approval on 12/17/17. We hope to get their approval soon!
Adding new IAM permissions (describeSecurityGroups, describeVPCs) seems to have thrown a wrench into our approval process. Thanks for your patience, we hope to have it delivered any day now.
Like
pia
Sep 28, 2017
Very good. This is the second time I've heard this request. We'll get started on this asap. I can think of a quick way to find detached security groups, which may be a useful tool as well. Then the final product should find unused rules by matching them against REJECT flow logs as Tom mentioned.
"From tree branches to keyboard keys, these monkey type are rewriting the narrative of their abilities. Their journey is a story of perseverance and triumph!"
"Through Unsentproject.net, silence becomes a canvas for emotions to express themselves in their purest form."
"isaimini 2023, you've turned my movie nights into unforgettable experiences."
Tom, as promised: https://www.piasoftware.net/single-post/2018/04/02/How-to-Use-the-Flow-Log-Viewer-from-another-account
There's a "Quick Create" option as an experimental thing, as well as step-by-step directions. It ought to take 2-3 minutes to set up. Cheers.
thanks - sounds great. looking forward to it
Great!
Regarding multi-account support, we will put up a blog post about it sometime this week. The long and the short of it:
* You can log into the FLV with any pair of access/secret keys that you own. The app keeps all the user data separated in the database. No special configuration is needed.
* You control the security group of who can access your FLV instance. It appears in EC2's usual list of security groups.
* To create the users and access keys in the accounts that aren't hosting the FLV, you can grab the suggested IAM policy from the main CloudFormation template. We'll separate this out later this week into a separate CloudFormation template to make this simpler.
https://github.com/pia-software/cloudformation/blob/master/CloudFormationTemplate-PiaSoftware.json#L54-L83
thanks. sounds very interesting. i'd like to get more info for multi account support. For example, we keep all tools in a central account and they manage our other 300+ accounts
TOM, It took longer than expected, but we launched that exact feature this week. We'll try to track you down to let you know!
https://www.piasoftware.net/single-post/2018/03/31/Clean-up-your-Security-Groups-with-VPC-Flow-Logs-data
We completed the feature, and submitted it to AWS Marketplace for approval on 12/17/17. We hope to get their approval soon!
Adding new IAM permissions (describeSecurityGroups, describeVPCs) seems to have thrown a wrench into our approval process. Thanks for your patience, we hope to have it delivered any day now.
Very good. This is the second time I've heard this request. We'll get started on this asap. I can think of a quick way to find detached security groups, which may be a useful tool as well. Then the final product should find unused rules by matching them against REJECT flow logs as Tom mentioned.
We'll ship this out soon!