Get a Demo
integrate with SGs; compare flow logs with SG rules and identify UNUSED rules
Very good. This is the second time I've heard this request. We'll get started on this asap. I can think of a quick way to find detached security groups, which may be a useful tool as well. Then the final product should find unused rules by matching them against REJECT flow logs as Tom mentioned.
We'll ship this out soon!
We completed the feature, and submitted it to AWS Marketplace for approval on 12/17/17. We hope to get their approval soon!
Adding new IAM permissions (describeSecurityGroups, describeVPCs) seems to have thrown a wrench into our approval process. Thanks for your patience, we hope to have it delivered any day now.
TOM, It took longer than expected, but we launched that exact feature this week. We'll try to track you down to let you know!
thanks. sounds very interesting. i'd like to get more info for multi account support. For example, we keep all tools in a central account and they manage our other 300+ accounts
Regarding multi-account support, we will put up a blog post about it sometime this week. The long and the short of it:
* You can log into the FLV with any pair of access/secret keys that you own. The app keeps all the user data separated in the database. No special configuration is needed.
* You control the security group of who can access your FLV instance. It appears in EC2's usual list of security groups.
* To create the users and access keys in the accounts that aren't hosting the FLV, you can grab the suggested IAM policy from the main CloudFormation template. We'll separate this out later this week into a separate CloudFormation template to make this simpler.
thanks - sounds great. looking forward to it
Tom, as promised: https://www.piasoftware.net/single-post/2018/04/02/How-to-Use-the-Flow-Log-Viewer-from-another-account
There's a "Quick Create" option as an experimental thing, as well as step-by-step directions. It ought to take 2-3 minutes to set up. Cheers.