security-group-ingress

module

v0.0.0-...-dd131cb Latest Latest Go to latest Published: Aug 7, 2023 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jmoney/security-group-ingress

Links

Open Source Insights

README ¶

Security Group Ingress

Overview

There are three components to the ingress manager.

Cloudwatch Event Trigger
Lambda
Security Group

security-group-ingress

The cloudwatch event trigger is exactly what one would think, it fires an event every 1 day that triggering a lambda.

The lambda is a basic extract, transform, and load(ETL) process. The extract phase extracts IPs from two sources. Source #1 is the public IP source. This is the source of truth list. Source #2 is the security group ingress rules. The ingress rules is what is actually being allowed. The Lambda then transforms these two lists into two other lists. List #1 is a left outer join to determine which IPs need to be added. List #2 is a right outer join to determine which IPs need to be removed. Finally, the last phase is the load phase. The lambda takes the IPs to be added and authorizes them on the security group and takes the iPs to be removed and revokes them on the security group.

The lambda currently only manages ipv4 ingress and not the ipv6 ingress.

Testing

go test -v ./...

Directories ¶

Path	Synopsis
cmd
fastly
internal

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL