Skip to content

Instantly share code, notes, and snippets.

@withakay
Created July 5, 2023 08:54
Show Gist options
  • Save withakay/d0f1a4f33bdfffdea81c2d1a58f227f7 to your computer and use it in GitHub Desktop.
Save withakay/d0f1a4f33bdfffdea81c2d1a58f227f7 to your computer and use it in GitHub Desktop.
AWS CLI: Get security groups that allow 0.0.0.0/0 on non standard ports (22, 80, 443 etc)
aws ec2 describe-security-groups --region "eu-west-1" \
--query 'SecurityGroups[?((IpPermissions.IpRanges.CidrIp == "0.0.0.0/0") || (IpPermissions.Ipv6Ranges.CidrIpv6 == "::/0"))]' \
--output json\
| jq '.[] | select(.IpPermissions[].FromPort | IN(3, 22, 80, 443) | not)'
@withakay
Copy link
Author

withakay commented Jul 5, 2023

There is almost certainly a cleaner way to do this that fetches less data using just aws cli and filtering, but it was easier to figure out with jq

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment