Did you know that one Security Group can reference another group? This applies to same-vpc references or peered VPC references.
Start your free 30-day trial of Version 1.16 in the AWS Marketplace for about $22/mo
This is a useful feature when two logical units, such as a VPC or a peered VPC in another account, need the same set of Security Group rules.
PiaSoft Flow Logs Viewer improves your EC2 security by analyzing the Security Groups in your AWS account.
The analysis will tell you which Security Groups are attached or not, helping you delete unused groups. It matches your VPC Flow Logs with EC2 metadata, and will show you which groups are detached.
Fig 1:The tool shows you all of your security groups, whether they're attached to an ENI or not, and whether they're referenced by another Security Group.
Click into the details and it will show you how many Flow Logs matched each Security Group. This allows you to delete unused rules and groups, and makes unused rules and unwanted traffic visible for you to clean up. Big security vulnerabilities exist in unmaintained security groups.
Figure 2: Referencing group. Group *a5 references the second group (*f4). That link is derived from 'Attached to ENIs' (eni-***4a).
Figure 3: Referenced group. Group *f4 shows that it is referenced by group *a5.
PiaSoft's Flow Log Viewer can detect Security Group references and retrieve SG rules and Flow logs for these referenced groups and log streams*.
Start your free 30-day trial of Version 1.16 in the AWS Marketplace
This gives you more depth to your Flow Logs analysis. It leaves no rule unchecked.
* IAM permissions may be needed for cross-account peered VPCs.