Revoke a Rule From an EC2 Security Group

Updated 3 months ago by Totalcloud

Customizing rules for a security group ensures the infrastructure is safe.

There's a template already available in the web app for this use case. This workflow template helps you revoke a rule from a specific EC2 security group.

Please find below the information on how this template works and how you can customize it according to your needs.

How Does This Template Work?

  1. Trigger node initiates the workflow from Monday to Friday at 9am.
  2. Resource node fetches all EC2 Security Groups belonging to an AWS account and AWS region.
  3. Filter node filters out specific security groups belonging to a particular group.
  4. User Approval node sends an email to the recipient requesting to Approve or Reject the action that follows.
  5. Action node, upon detecting Approve command, revokes the filtered out Security Group's ingress rule.
  6. Notification node sends an email to the concerned team(s) or stakeholder(s) about the action.

Steps to Customize this Template

  1. Open the template and check for all the nodes' connectivity.
  2. Double click on Trigger node. Add or modify the following details as per your requirement:
    1. Select the day of the week you want to start the workflow from the drop down menu. Example: Monday. If you want the workflow to start every morning, select all the days of the week.
    2. Select the time of the day, of your choice, from the drop down menu. Example: 6:00 for 6am and 21:00 for 9pm.
    3. Click on Save Node.
  3. Double click on Resource node. Add or modify the following details as per your requirement:
    1. Select your AWS account from the drop down menu.
    2. Select the AWS region you want to pick the resources from.
    3. Retain the AWS Service name 'EC2' entry.
    4. Retain the AWS Resource name 'Security Groups' entry.
    5. Pass only specific Group IDs and Group Names in the Advanced Filters script in place of values as shown below.
    {

    /*---------- optional params ----------*/

    /*
    * (Use keyword MAP in place of value if want to autofill any value from previous data)
    */


    "GroupIds": [
    "VALUE",
    "VALUE"
    ],
    "GroupNames": [
    "VALUE",
    "VALUE"
    ]
    }
    If you wish to pick only specific attributes of instances, use Add-ons available.
    1. Click on Save Node.
  4. Double click on Filter node. Add or modify the following details as per your requirement:
    1. Retain the Param selection
    2. Modify the Key and Value if you wish to change. To fine tune the filtering further, add more conditions.
    3. Click on Save Node.
  5. Double click on User Approval node. Add or modify the following details as per your requirement:
    1. Enter the receiver's email or Slack account
    2. Type in the customized message you would like to be sent to the recipient.
    If you do not type in a customized message, TotalCloud will send a default email with Approve or Reject commands.
    1. Click on Save Node.
  6. Double click on Action node. Add or modify the following details as per your requirement:
    1. Select your AWS account from the drop down menu.
    2. Select the AWS region you want to pick the resources from.
    3. Retain the AWS Service name 'EC2' entry.
    4. Retain the Action entry ' Revoke Security Group Ingress '
    If you wish to pass additional parameters to the node, use Additional Parameters feature.
    1. Click on Save Node.
  7. Double click on Notification node. Add or modify the following details as per your requirement:
    1. Enter the receiver's email or slack account.
    2. Type in the customized message you would like to be sent to the recipient.
    If you do not type in a customized message, TotalCloud will send a default email about the successful execution.
  8. Click on Save the Workflow.
  9. Click on Validate the Workflow with the policy.
  10. Click on Run Now.


How did we do?