Misadventures in Cyberland

AWS SCE Example Experiment: Security Group Rule Deletion

Here is an example security chaos experiment in Python for Amazon Web Services (AWS). This experiment simulates a scenario where a security group rule is accidentally deleted, causing traffic to be blocked to an Amazon Elastic Compute Cloud (EC2) instance.

To run this experiment, you will need to have an AWS account and the AWS SDK for Python (Boto3) installed. You will also need to have a security group and an EC2 instance set up in your account.

import boto3

# Set up the AWS client for EC2
ec2_client = boto3.client("ec2")

# Get the ID of the security group and the EC2 instance
security_group_id = "sg-12345678"
instance_id = "i-12345678"

# Delete the security group rule that allows traffic to the EC2 instance
ec2_client.revoke_security_group_ingress(
    GroupId=security_group_id,
    IpPermissions=[
        {
            "IpProtocol": "tcp",
            "FromPort": 22,
            "ToPort": 22,
            "IpRanges": [{"CidrIp": "0.0.0.0/0"}],
        }
    ],
)

# Verify that traffic to the EC2 instance is blocked
try:
    # Try to connect to the EC2 instance using SSH
    ssh_client = paramiko.SSHClient()
    ssh_client.connect(
        hostname=instance_public_ip,
        port=22,
        username="ec2-user",
        key_filename="path/to/private/key.pem",
    )
except Exception as e:
    print(f"Failed to connect to the EC2 instance: {e}")

This experiment can be modified to test other types of security incidents, such as deleting a security group rule that allows traffic from a specific IP range or deleting a network ACL rule that allows traffic from a specific subnet.

aaron@sce.dev

Leave a Reply

Your email address will not be published. Required fields are marked *