{"id":345,"date":"2016-04-13T21:20:05","date_gmt":"2016-04-13T21:20:05","guid":{"rendered":"https:\/\/www.securekloud.com\/blog\/?p=345"},"modified":"2025-07-28T07:26:43","modified_gmt":"2025-07-28T07:26:43","slug":"powershell-automating-aws-security-groups","status":"publish","type":"post","link":"https:\/\/www.securekloud.com\/blog\/powershell-automating-aws-security-groups\/","title":{"rendered":"How to Automate Security Groups Using PowerShell"},"content":{"rendered":"

To provision and manage EC2-Instances in AWS cloud that comply with industry standards and regulations, Individuals administrating that should understand the security mechanisms within AWS framework\u2014both those that are automatic and those that require configuration.Let\u2019s take a look at Security Group which falls under the latter category.<\/p>\n

\"\"<\/a><\/p>\n

As there is no \u201cAbsolute Security Group\u201d <\/strong><\/em>which can be plugged in to satisfy the universal need, we should always be open for its modification.Automating so via Powershell will provide predictable\/consistent results.<\/p>\n

What Is Security Group?<\/strong><\/h2>\n

Every VM created through AWS Management Console (or via scripts) can have association with one or multiple Security Groups (in case of VPC it can be up to 5). By default all the inbound and out bound traffic flow at instance level is blocked from elsewhere. We should automate the infrastructure to open only the ports satisfying the customer need. This implies that we should add rules to each Security Group for ingress\/ egress as per customer requirement.For more details have a look at AWS Security Group<\/a><\/p>\n

It is duly important to allow traffic only from valid source IP addresses; this will substantially prune security attack surface, use of 0.0.0.0\/0 as IP range makes things vulnerable for sniffing or tampering of infrastructure. Traffic between VMs should always traverses through Security Groups, we can achieve this by allowing initiators Security Group- ID as source.
\n
\n<\/strong><\/p>\n

Automation Script<\/strong><\/h2>\n

I have kept this as a single block ,if one wishes they can create a function out of it. few things worth considering :<\/p>\n

 <\/p>\n

    \n
  • Execution of this script will only materialize given working pair of Secret Key & Access Key<\/li>\n
  • This script make use of filtering functionality, whereby it expect end user to provide some Name-Pattern ,selection of Security Group is driven by aforementioned pattern<\/li>\n
  • To facilitate the whole operation you have to provide certain parameters i.e.[IpProtocol , FromPort , ToPort , Source]<\/li>\n
  • Source parameter can be interpreted in two ways, you can either provide IpRanges in CIDR block format or choose another Security Group as source in the from of UserIdGroupPair<\/li>\n<\/ul>\n
    <#\n.SYNOPSIS\n\nSimple script to safely assign\/revoke Ingress Rules from VPC Security Group .\n\n \n\n.DESCRIPTION\n\nScript first checks to see what are the rules has beein specified for update,if already assigned will do no harm.\n\nIf assginement is successful, same can be verified at AWS console.\n\n \n\nNOTE:  Script must be updated to include proper pattern, security credentials.\n\n#>\n\n# Update the following lines, as needed:\n\nParam(\n\n[string]$AccessKeyID=\"**********\",\n\n[string]$SecretAccessKeyID=\"********\",\n\n[string]$Region=\"us-east-1\",\n\n[string]$GrpNamePattern=\"*vpc-sg-pup_winC*\",\n\n[string]$GroupId=\"sg-xxxxxxxx\",\n\n[string]$CidrIp=\"0.0.0.0\/0\",\n\n[switch]$SetAws=$true,\n\n[switch]$Revoke,\n\n[switch]$Rdp=$true,\n\n[switch]$MsSql=$true\n\n)\n\n$InfoObject = New-Object PSObject -Property @{\n\nAccessKey = $AccessKeyID\n\nSecretKey = $SecretAccessKeyID\n\nRegion=$Region\n\nGrpNamePattern = $GrpNamePattern\n\nGroupId=$GroupId\n\nCidrIp=$CidrIp\n\n}\n\nif($SetAws)\n\n{\n\nSet-AWSCredentials -AccessKey $InfoObject.AccessKey  -SecretKey $InfoObject.SecretKey\n\nSet-DefaultAWSRegion -Region $region\n\n}\n\n$PublicGroup = New-Object Amazon.EC2.Model.UserIdGroupPair\n\n$PublicGroup.GroupId= $InfoObject.GroupId\n\n$filter_platform = New-Object Amazon.EC2.Model.Filter -Property @{Name = \"group-name\"; Values = $InfoObject.GrpNamePattern}\n\n$SG_Details=Get-EC2SecurityGroup -Filter $filter_platform |SELECT GroupId, GroupName\n\n$rdpPermission = New-Object Amazon.EC2.Model.IpPermission -Property @{IpProtocol=\"tcp\";FromPort=3389;ToPort=3389;UserIdGroupPair=$PublicGroup}\n\n$mssqlPermission = New-Object Amazon.EC2.Model.IpPermission -Property @{IpProtocol=\"tcp\";FromPort=1433;ToPort=1433;IpRanges=$InfoObject.CidrIp}\n\n$permissionSet = New-Object System.Collections.ArrayList\n\nif($Rdp){ [void]$permissionSet.Add($rdpPermission) }\n\nif($MsSql){ [void]$permissionSet.Add($mssqlPermission) }\n\nif($permissionSet.Count -gt 0)\n\n{\n\ntry{\n\nif(!$Revoke){\n\n\"Granting to $($SG_Details.GroupName)\"\n\nGrant-EC2SecurityGroupIngress -GroupId $SG_Details.GroupId -IpPermissions $permissionSet\n\n}\n\nelse{\n\n\"Revoking to $($SG_Details.GroupName)\"\n\nRevoke-EC2SecurityGroupIngress -GroupId $SG_Details.GroupId -IpPermissions $permissionSet\n\n}\n\n}\n\ncatch{\n\nif($Revoke){\n\nWrite-Warning \"Could not revoke permission to $($SG_Details.GroupName)\"\n\n}\n\nelse{\n\nWrite-Warning \"Could not grant permission to $($SG_Details.GroupName)\"\n\n}\n\n}\n\n}\n<\/pre>\n
    what we are looking at being able to automate Creation\/updation of Security Group.Use this script in case you ran into frequent changing of Security Groups.<\/p>\n
    Credits -Uthkarsh Pandey<\/p>\n","protected":false},"excerpt":{"rendered":"
    To provision and manage EC2-Instances in AWS cloud that comply with industry standards and regulations, Individuals administrating that should understand the security mechanisms within AWS framework\u2014both those that are automatic and those that require configuration.Let\u2019s take a look at Security Group which falls under the latter category. As there is no \u201cAbsolute Security Group\u201d which can be […]<\/p>\n","protected":false},"author":9,"featured_media":346,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[320],"tags":[],"class_list":["post-345","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-compliance"],"yoast_head":"\nAutomate AWS Security Groups Easily with PowerShell Scripts<\/title>\n<meta name=\"description\" content=\"Learn how to automate AWS Security Group tasks using PowerShell to streamline firewall configuration, improve efficiency, and boost security.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.securekloud.com\/blog\/powershell-automating-aws-security-groups\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Automate AWS Security Groups Easily with PowerShell Scripts\" \/>\n<meta property=\"og:description\" content=\"Learn how to automate AWS Security Group tasks using PowerShell to streamline firewall configuration, improve efficiency, and boost security.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.securekloud.com\/blog\/powershell-automating-aws-security-groups\/\" \/>\n<meta property=\"og:site_name\" content=\"SecureKloud\" \/>\n<meta property=\"article:published_time\" content=\"2016-04-13T21:20:05+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-28T07:26:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.securekloud.com\/blog\/wp-content\/uploads\/2021\/04\/Powershell-Automating-AWS-security-groups_v1-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Uthkarsh Pandey\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Uthkarsh Pandey\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.securekloud.com\/blog\/powershell-automating-aws-security-groups\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.securekloud.com\/blog\/powershell-automating-aws-security-groups\/\"},\"author\":{\"name\":\"Uthkarsh Pandey\",\"@id\":\"https:\/\/www.securekloud.com\/blog\/#\/schema\/person\/adbd2e496b9f1f3b6f44a5c02d244e49\"},\"headline\":\"How to Automate Security Groups Using PowerShell\",\"datePublished\":\"2016-04-13T21:20:05+00:00\",\"dateModified\":\"2025-07-28T07:26:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.securekloud.com\/blog\/powershell-automating-aws-security-groups\/\"},\"wordCount\":399,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.securekloud.com\/blog\/#organization\"},\"articleSection\":[\"Security & Compliance\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.securekloud.com\/blog\/powershell-automating-aws-security-groups\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.securekloud.com\/blog\/powershell-automating-aws-security-groups\/\",\"url\":\"https:\/\/www.securekloud.com\/blog\/powershell-automating-aws-security-groups\/\",\"name\":\"Automate AWS Security Groups Easily with PowerShell Scripts\",\"isPartOf\":{\"@id\":\"https:\/\/www.securekloud.com\/blog\/#website\"},\"datePublished\":\"2016-04-13T21:20:05+00:00\",\"dateModified\":\"2025-07-28T07:26:43+00:00\",\"description\":\"Learn how to automate AWS Security Group tasks using PowerShell to streamline firewall configuration, improve efficiency, and boost security.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.securekloud.com\/blog\/powershell-automating-aws-security-groups\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.securekloud.com\/blog\/powershell-automating-aws-security-groups\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.securekloud.com\/blog\/powershell-automating-aws-security-groups\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.securekloud.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Automate Security Groups Using PowerShell\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.securekloud.com\/blog\/#website\",\"url\":\"https:\/\/www.securekloud.com\/blog\/\",\"name\":\"SecureKloud\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.securekloud.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.securekloud.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.securekloud.com\/blog\/#organization\",\"name\":\"SecureKloud\",\"url\":\"https:\/\/www.securekloud.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.securekloud.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.securekloud.com\/blog\/wp-content\/uploads\/2023\/03\/header-logo.png\",\"contentUrl\":\"https:\/\/www.securekloud.com\/blog\/wp-content\/uploads\/2023\/03\/header-logo.png\",\"width\":240,\"height\":48,\"caption\":\"SecureKloud\"},\"image\":{\"@id\":\"https:\/\/www.securekloud.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.securekloud.com\/blog\/#\/schema\/person\/adbd2e496b9f1f3b6f44a5c02d244e49\",\"name\":\"Uthkarsh Pandey\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.securekloud.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.securekloud.com\/blog\/wp-content\/uploads\/2023\/04\/utkarsh-pandey-150x150.jpg\",\"contentUrl\":\"https:\/\/www.securekloud.com\/blog\/wp-content\/uploads\/2023\/04\/utkarsh-pandey-150x150.jpg\",\"caption\":\"Uthkarsh Pandey\"},\"description\":\"A principal cloud consultant with over a decade of experience in the field. He has a deep understanding of cloud technologies and is passionate about helping businesses leverage the benefits of cloud computing.\",\"url\":\"https:\/\/www.securekloud.com\/blog\/author\/uthkarsh-pandey\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Automate AWS Security Groups Easily with PowerShell Scripts","description":"Learn how to automate AWS Security Group tasks using PowerShell to streamline firewall configuration, improve efficiency, and boost security.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.securekloud.com\/blog\/powershell-automating-aws-security-groups\/","og_locale":"en_US","og_type":"article","og_title":"Automate AWS Security Groups Easily with PowerShell Scripts","og_description":"Learn how to automate AWS Security Group tasks using PowerShell to streamline firewall configuration, improve efficiency, and boost security.","og_url":"https:\/\/www.securekloud.com\/blog\/powershell-automating-aws-security-groups\/","og_site_name":"SecureKloud","article_published_time":"2016-04-13T21:20:05+00:00","article_modified_time":"2025-07-28T07:26:43+00:00","og_image":[{"width":800,"height":400,"url":"https:\/\/www.securekloud.com\/blog\/wp-content\/uploads\/2021\/04\/Powershell-Automating-AWS-security-groups_v1-1.jpg","type":"image\/jpeg"}],"author":"Uthkarsh Pandey","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Uthkarsh Pandey","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.securekloud.com\/blog\/powershell-automating-aws-security-groups\/#article","isPartOf":{"@id":"https:\/\/www.securekloud.com\/blog\/powershell-automating-aws-security-groups\/"},"author":{"name":"Uthkarsh Pandey","@id":"https:\/\/www.securekloud.com\/blog\/#\/schema\/person\/adbd2e496b9f1f3b6f44a5c02d244e49"},"headline":"How to Automate Security Groups Using PowerShell","datePublished":"2016-04-13T21:20:05+00:00","dateModified":"2025-07-28T07:26:43+00:00","mainEntityOfPage":{"@id":"https:\/\/www.securekloud.com\/blog\/powershell-automating-aws-security-groups\/"},"wordCount":399,"commentCount":0,"publisher":{"@id":"https:\/\/www.securekloud.com\/blog\/#organization"},"articleSection":["Security & Compliance"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.securekloud.com\/blog\/powershell-automating-aws-security-groups\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.securekloud.com\/blog\/powershell-automating-aws-security-groups\/","url":"https:\/\/www.securekloud.com\/blog\/powershell-automating-aws-security-groups\/","name":"Automate AWS Security Groups Easily with PowerShell Scripts","isPartOf":{"@id":"https:\/\/www.securekloud.com\/blog\/#website"},"datePublished":"2016-04-13T21:20:05+00:00","dateModified":"2025-07-28T07:26:43+00:00","description":"Learn how to automate AWS Security Group tasks using PowerShell to streamline firewall configuration, improve efficiency, and boost security.","breadcrumb":{"@id":"https:\/\/www.securekloud.com\/blog\/powershell-automating-aws-security-groups\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.securekloud.com\/blog\/powershell-automating-aws-security-groups\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.securekloud.com\/blog\/powershell-automating-aws-security-groups\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.securekloud.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How to Automate Security Groups Using PowerShell"}]},{"@type":"WebSite","@id":"https:\/\/www.securekloud.com\/blog\/#website","url":"https:\/\/www.securekloud.com\/blog\/","name":"SecureKloud","description":"","publisher":{"@id":"https:\/\/www.securekloud.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.securekloud.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.securekloud.com\/blog\/#organization","name":"SecureKloud","url":"https:\/\/www.securekloud.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.securekloud.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.securekloud.com\/blog\/wp-content\/uploads\/2023\/03\/header-logo.png","contentUrl":"https:\/\/www.securekloud.com\/blog\/wp-content\/uploads\/2023\/03\/header-logo.png","width":240,"height":48,"caption":"SecureKloud"},"image":{"@id":"https:\/\/www.securekloud.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.securekloud.com\/blog\/#\/schema\/person\/adbd2e496b9f1f3b6f44a5c02d244e49","name":"Uthkarsh Pandey","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.securekloud.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/www.securekloud.com\/blog\/wp-content\/uploads\/2023\/04\/utkarsh-pandey-150x150.jpg","contentUrl":"https:\/\/www.securekloud.com\/blog\/wp-content\/uploads\/2023\/04\/utkarsh-pandey-150x150.jpg","caption":"Uthkarsh Pandey"},"description":"A principal cloud consultant with over a decade of experience in the field. He has a deep understanding of cloud technologies and is passionate about helping businesses leverage the benefits of cloud computing.","url":"https:\/\/www.securekloud.com\/blog\/author\/uthkarsh-pandey\/"}]}},"_links":{"self":[{"href":"https:\/\/www.securekloud.com\/blog\/wp-json\/wp\/v2\/posts\/345","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.securekloud.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.securekloud.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.securekloud.com\/blog\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.securekloud.com\/blog\/wp-json\/wp\/v2\/comments?post=345"}],"version-history":[{"count":3,"href":"https:\/\/www.securekloud.com\/blog\/wp-json\/wp\/v2\/posts\/345\/revisions"}],"predecessor-version":[{"id":1033,"href":"https:\/\/www.securekloud.com\/blog\/wp-json\/wp\/v2\/posts\/345\/revisions\/1033"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.securekloud.com\/blog\/wp-json\/wp\/v2\/media\/346"}],"wp:attachment":[{"href":"https:\/\/www.securekloud.com\/blog\/wp-json\/wp\/v2\/media?parent=345"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.securekloud.com\/blog\/wp-json\/wp\/v2\/categories?post=345"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.securekloud.com\/blog\/wp-json\/wp\/v2\/tags?post=345"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}