Created
July 5, 2023 08:54
-
-
Save withakay/d0f1a4f33bdfffdea81c2d1a58f227f7 to your computer and use it in GitHub Desktop.
AWS CLI: Get security groups that allow 0.0.0.0/0 on non standard ports (22, 80, 443 etc)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| aws ec2 describe-security-groups --region "eu-west-1" \ | |
| --query 'SecurityGroups[?((IpPermissions.IpRanges.CidrIp == "0.0.0.0/0") || (IpPermissions.Ipv6Ranges.CidrIpv6 == "::/0"))]' \ | |
| --output json\ | |
| | jq '.[] | select(.IpPermissions[].FromPort | IN(3, 22, 80, 443) | not)' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There is almost certainly a cleaner way to do this that fetches less data using just aws cli and filtering, but it was easier to figure out with jq