A key challenge for cloud customers is ensuring a strong security posture and properly secured environments. Although AWS offers a range of security features, one shortfall is the availability of full visibility into aspects of network traffic and security group usage.
As a result, several issues can arise, including difficulty confirming whether security rules are working as intended, the risk of unused or misconfigured rules going unnoticed, and a lack of a streamlined method for enterprise customers to audit and optimise their configurations.
BBD’s purpose-built tool for AWS security group analytics
“When deploying EC2 instances, applications require specific ports to be opened in their Security Groups” explains Warren Gurney, Cloud Solution Architect, “However, once deployed, there is no means by which clients can confirm that the Security Groups are working correctly since there are no packet counters which shows if each rule matches”.
Recognising this gap, BBD has invested significant effort into modernising an existing AWS solution. This modernised solution uses updated node.js with Lambda and OpenSearch to visualise VPC traffic, Security Groups, ports, and protocols, all with packet counters. This allows us to revisit and optimise Security Group rules, ensuring better governance and compliance. Working off an existing AWS solution, BBD has rewritten its functionality into next-generation IAC using Terraform where the entire end-to-end solution can now be deployed using a single Terraform module.
Figure 1: View of the SGDashboard for a specific security group
Key updates include:
- Refactored Codebase: Migrating the solution to align with AWS’ latest services and best practices
- Enhanced visualisations: A user-friendly dashboard provides real-time insights into security group activity
- Actionable analytics: Detecting unused security groups and flagging misconfigured rules
- Improved Network Traffic Analysis: Gaining deeper insights into inbound and outbound traffic behaviour
Impact and value for clients
“This solution is particularly valuable for enterprise clients, where visibility into Security Groups is critical” adds Gurney. By using this tool, organisations can:
- Validate that security groups are actively filtering traffic as intended
- Identify and remove outdated or unnecessary security rules
- Improve overall security posture and compliance
“While AWS does not natively provide this level of visibility, our tool fills the gap. Higher traffic environments require larger infrastructure to process and visualise the data efficiently. Additionally, modular, reusable Terraform components streamline deployments across multiple clients” he explains.
For organisations conducting security audits, this tool is invaluable. It helps teams:
- Ensure security groups are correctly configured
- Identify and eliminate unnecessary access points
- Strengthen compliance with internal security policies
Next steps
“We plan to continue refining and deploying this tool across enterprise clients, iterating based on real-world usage and feedback” says Gurney. “Ultimately, if AWS addresses this gap natively, we would welcome the shift—but until then, our solution fills a critical need.”
Interested in finding out more about BBD’s set of cloud solutions? Find out more here.
