Audit AWS security groups for overly permissive rules and security vulnerabilities. Use when reviewing AWS security, auditing security groups, or improving network security posture.
View on GitHubarmanzeroeight/fastagent-plugins
aws-toolkit
January 21, 2026
Select agents to install to:
npx add-skill https://github.com/armanzeroeight/fastagent-plugins/blob/main/plugins/aws-toolkit/skills/security-group-analyzer/SKILL.md -a claude-code --skill security-group-analyzerInstallation paths:
.claude/skills/security-group-analyzer/# Security Group Analyzer Audit AWS security groups and identify security vulnerabilities. ## Quick Start List security groups, check for 0.0.0.0/0 access, restrict to minimum needed ports and IPs. ## Instructions ### Security Group Audit Process 1. **List all security groups** 2. **Identify overly permissive rules** 3. **Check for unused security groups** 4. **Recommend restrictions** 5. **Implement changes** ### List Security Groups ```bash # List all security groups aws ec2 describe-security-groups \ --query 'SecurityGroups[].[GroupId,GroupName,Description]' \ --output table # Get specific security group aws ec2 describe-security-groups \ --group-ids sg-1234567890abcdef0 ``` ### Common Security Issues **1. Open to the world (0.0.0.0/0)** Find security groups with unrestricted access: ```bash aws ec2 describe-security-groups \ --filters "Name=ip-permission.cidr,Values=0.0.0.0/0" \ --query 'SecurityGroups[].[GroupId,GroupName,IpPermissions[?IpRanges[?CidrIp==`0.0.0.0/0`]]]' ``` **High-risk ports open to 0.0.0.0/0:** - 22 (SSH) - 3389 (RDP) - 3306 (MySQL) - 5432 (PostgreSQL) - 27017 (MongoDB) - 6379 (Redis) **2. Unrestricted outbound rules** Default security groups allow all outbound traffic. Restrict if possible: ```bash # Check outbound rules aws ec2 describe-security-groups \ --group-ids sg-1234567890abcdef0 \ --query 'SecurityGroups[].IpPermissionsEgress' ``` **3. Unused security groups** Find security groups not attached to any resources: ```bash # List all security groups aws ec2 describe-security-groups --query 'SecurityGroups[].GroupId' > all-sgs.txt # List security groups in use aws ec2 describe-instances --query 'Reservations[].Instances[].SecurityGroups[].GroupId' > used-sgs.txt aws rds describe-db-instances --query 'DBInstances[].VpcSecurityGroups[].VpcSecurityGroupId' >> used-sgs.txt # Compare to find unused ``` ### Security Best Practices **Principle of least privilege:** - Only allow necessary ports - Restrict source