List all open RDS to public

[marcinguy]

Trying to list all open RDS to the public

is this approach good?

I see not entries, since the items have no values.

$ cat  Scout2/AWSScout2/rules/data/findings/rds-security-group-allows-all.json
{
    "description": "Security group allows all IP addresses",
    "path": "rds.regions.id.vpcs.id.security_groups.id.ip_ranges",
    "dashboard_name": "Security Groups",
    "display_path": "rds.regions.id.vpcs.id.security_groups.id",
    "conditions": [ "and",
        [ "rds.regions.id.vpcs.id.security_groups.id.ip_ranges", "containAtLeastOneOf", ["0.0.0.0/0", "::/0"] ]
    ],
    "keys": [
        "ec2.regions.id.vpcs.id.security_groups.id"
    ]

}

$ cat  Scout2/AWSScout2/rules/data/findings/rds-security-group-allows-all.md
_ITEM_(| _KEY_(ec2.regions.id.vpcs.id.security_groups.id.name) | _KEY_(ec2.regions.id.vpcs.id.security_groups.id)|)_METI_

$ Scout2/Scout2Listall.py --config rds-security-group-allows-all.json --format-file /home/user/Scout2/AWSScout2/rules/data/findings/rds-security-group-allows-all.md

Thanks,

[x4v13r64]

Scout2Listall.py reads the scout2-report/inc-awsconfig/aws_config-<profile_name>.js file. You must therefore run Scout2 before running Scout2Listall.

Does this answer your question?