Continuous Security Group Rule Change Detection & Response at scale
Introduction
Get notified of Security Group Changes across all AWS Accounts & Regions in an AWS Organization, with the ability to respond/revert those changes with a single button click from a Slack Channel.
This is made easy and possible with the recent announcement of CloudTrail Lake, which helps aggregate CloudTrail logs from all accounts/regions in a queryable(if that’s a word :P) format.
The infrastructure needed for this project is deployed as a CDK Application, which deploys a CodeCommit repository and a CodeBuild stage which synthesizes the cdk app to cloudformation template and deploys in the target environment.
NOTE Security Group Rule Changes are allowed by default. Meaning changes are reverted only when explicitly denied by user interaction through slack channel interactive Deny button.
