Firewall Rules and Security Group Report


Hi all, I will like to know if there is a way to export all the security group configurations and firewall rules set in an account as a report? For example, a csv file of all the rules that are configured for the account.

2 Answers

The big question here is: Why do you want to do this? Because exporting information implies that you can import it again. CloudFormation (or other Infrastructure-as-Code tools) would be the best thing here - providing a way to build the environment that doesn't require an export, as the details are already held externally.

I would also argue that CSV might not be the best format for this type of thing.

In any case, you might try something like aws ec2 describe-security-groups --output text | sed 's/\t/,/g' but you may want to keep the output in JSON format.

Adding: You're going to need to experiment here but you should try aws network-firewall describe-firewall-policy and aws network-firewall describe-rule-group for Network Firewall and for WAF there are many list commands so I'd encourage you to read the documentation to see what is the best fit.

profile pictureAWS
answered 2 years ago
  • Hi, thank you for the response! The reason for exporting is simply for reporting, hence, we do not need to import any information again. Thank you for the response on Security Group, but are there ways to download the consolidated report on firewall rules?

  • When you say "firewall" rules which service are you referring to?

  • I am also looking at the rules that are being implemented on AWS Network firewall and WAF.


You can get all the security group rules via the AWS CLI:

aws ec2 describe-security-group-rules

As usual you can choose various output formats (JSON, text, table) and what fields to include.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions