Hello,
I really interested to check your tool on my AWS infrastructure, but have following issue in runtime:

[ERROR] undefined method `new' for nil:NilClass
/Library/Ruby/Gems/2.3.0/gems/aws_security_viz-0.2.0/lib/renderer/all.rb:7:in `pick': undefined method `new' for nil:NilClass (NoMethodError)
	from /Library/Ruby/Gems/2.3.0/gems/aws_security_viz-0.2.0/lib/aws_security_viz.rb:23:in `unleash'
	from /Library/Ruby/Gems/2.3.0/gems/aws_security_viz-0.2.0/exe/aws_security_viz:30:in `<top (required)>'
	from /usr/local/bin/aws_security_viz:22:in `load'
	from /usr/local/bin/aws_security_viz:22:in `<main>'

I've tried several accounts and options and see same error. Did you see something like this before?

I've installed your tool via gem on MacOS 10.14.6. Also I've tried to build Docker container locally and also getting following error:

docker build -t sec-viz .                                                   
Sending build context to Docker daemon  459.3kB
Step 1/5 : FROM ruby:2.6-alpine
 ---> 3304101ccbe9
Step 2/5 : RUN apk add --update graphviz ttf-ubuntu-font-family
 ---> Using cache
 ---> fb048111a474
Step 3/5 : RUN gem install aws_security_viz --pre
 ---> Running in e84926e61dc4
Building native extensions. This could take a while...
ERROR:  Error installing aws_security_viz:
        ERROR: Failed to build gem native extension.

    current directory: /usr/local/bundle/gems/ffi-1.11.3/ext/ffi_c
/usr/local/bin/ruby -I /usr/local/lib/ruby/2.6.0 -r ./siteconf20191218-1-1lwmj9u.rb extconf.rb
*** extconf.rb failed ***
Could not create Makefile due to some reason, probably lack of necessary
libraries and/or headers.  Check the mkmf.log file for more details.  You may
need configuration options.

Provided configuration options:
        --with-opt-dir
        --without-opt-dir
        --with-opt-include
        --without-opt-include=${opt-dir}/include
        --with-opt-lib
        --without-opt-lib=${opt-dir}/lib
        --with-make-prog
        --without-make-prog
        --srcdir=.
        --curdir
        --ruby=/usr/local/bin/$(RUBY_BASE_NAME)
        --with-ffi_c-dir
        --without-ffi_c-dir
        --with-ffi_c-include
        --without-ffi_c-include=${ffi_c-dir}/include
        --with-ffi_c-lib
        --without-ffi_c-lib=${ffi_c-dir}/lib
        --enable-system-libffi
        --disable-system-libffi
        --with-libffi-config
        --without-libffi-config
        --with-pkg-config
        --without-pkg-config
/usr/local/lib/ruby/2.6.0/mkmf.rb:467:in `try_do': The compiler failed to generate an executable file. (RuntimeError)
You have to install development tools first.
        from /usr/local/lib/ruby/2.6.0/mkmf.rb:552:in `try_link0'
        from /usr/local/lib/ruby/2.6.0/mkmf.rb:570:in `try_link'
        from /usr/local/lib/ruby/2.6.0/mkmf.rb:672:in `try_ldflags'
        from /usr/local/lib/ruby/2.6.0/mkmf.rb:1832:in `pkg_config'
        from extconf.rb:9:in `system_libffi_usable?'
        from extconf.rb:34:in `<main>'

To see why this extension failed to compile, please check the mkmf.log which can be found here:

  /usr/local/bundle/extensions/x86_64-linux/2.6.0/ffi-1.11.3/mkmf.log

extconf failed, exit code 1

Gem files will remain installed in /usr/local/bundle/gems/ffi-1.11.3 for inspection.
Results logged to /usr/local/bundle/extensions/x86_64-linux/2.6.0/ffi-1.11.3/gem_make.out

Sorry, but I don't observe any mkmf.log on my system as mentioned in log above.

Could you please take a look on both issues above? Thanks in advance!

Hi,

the web browser is not rendering the JSON file, both in view.html#nonprod.json and navigator.html#nonprod.json

The JSON file has the data in it, and the SVG works fine.

Thanks.

This is great.

I would love the ability to generate a graph that is able to exclude CIDRs in general, and 0.0.0.0/0 in specific.

Hi, Can anyone assist me with the below issue?

[root@ip-172-31-83-4 ec2-user]# gem install aws_security_viz
Successfully installed aws_security_viz-0.2.1
1 gem installed
Installing ri documentation for aws_security_viz-0.2.1...
ERROR: While executing gem ... (NoMethodError)
undefined method `map' for Gem::Specification:Class
Did you mean? tap

Hey,

when executing aws-security-viz I get the following Error:

aws_security_viz -a XXXXXXXXXXXXXXXXXXXx -s YYYYYYYYYYYYYYYYYYY -f viz.svg --color=true
[ERROR] uninitialized constant ColorPicker::NodeColors::GraphViz
Did you mean?  Graphviz

I tried the following ways to install graphviz which all resulted in the same error:

• 1. install via sudo apt-get install graphviz
• 2. install via sudo gem install graphviz
• 3. install via bundler install --path vendor/bundle and exec with bundler exec

I am happy to try out a fix if you point me to the file where the constant should be initialized.

Best regards
Lars

Debug info:

$ uname -a
Linux lars-Inspiron-7559 4.15.0-43-generic #46-Ubuntu SMP Thu Dec 6 14:45:28 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

$ bundler
Using rake 12.3.2
Using aws-eventstream 1.0.1
Using aws-partitions 1.129.0
Using aws-sigv4 1.0.3
Using jmespath 1.4.0
Using aws-sdk-core 3.44.2
Using aws-sdk-ec2 1.65.0
Using process-group 1.1.0
Using process-pipeline 1.0.1
Using graphviz 1.1.0
Using optimist 3.0.0
Using organic_hash 1.0.2
Using lazy_priority_queue 0.1.1
Using stream 0.5
Using rgl 0.5.3
Using aws_security_viz 0.1.5 from source at `.`
Using bundler 2.0.1
Using diff-lcs 1.3
Using rspec-support 3.8.0
Using rspec-core 3.8.0
Using rspec-expectations 3.8.2
Using rspec-mocks 3.8.0
Using rspec 3.8.0

Hello,

I'm trying to use the container option to run aws-security-viz.

I'm running a centos 7.7 with docker 19.03.8, have followed the documentation, everything was working as expected, but when it came to launch the command:
docker run -i --rm -t -p 3000:3000 -v $(pwd)/aws-viz:/aws-security-viz --name sec-viz sec-viz

get the following error, and I'm unable to launch the container:

[ERROR] unable to sign request without credentials set

Do you know if I miss something?
I'm new to Docker, so maybe I have to set some creds within docker ...?

I was not able to use rake; and the instructions given didn't work for me.

Need an option to start the http server with the generated file. If we are able provide an option like --serve 3000. It should serve the visualization in simple http server

Unable to generate Graphviz export.

It says,

[ERROR] undefined method `<<' for {:overlap=>false, :splines=>true, :sep=>1, :concentrate=>true, :rankdir=>"LR"}:Hash
Did you mean?  <
/usr/local/rvm/gems/ruby-3.0.0/gems/graphviz-1.2.1/lib/graphviz/node.rb:36:in `initialize': undefined method `<<' for {:overlap=>false, :splines=>true, :sep=>1, :concentrate=>true, :rankdir=>"LR"}:Hash (NoMethodError)
Did you mean?  <

here's my environment

(venv) -bash-4.2# DEBUG=true OBFUSCATE=true aws_security_viz -f SG.svg node: 2d220a7477906cb08e73481b2713c747857880accf9db1056b574036b5708def, opts: {:vpc_id=>"vpc-0d335e14eb5b7bc1f", :group_id=>"sg-05c6c211733fbfbab"} edge: 2d220a7477906cb08e73481b2713c747857880accf9db1056b574036b5708def -> 2d220a7477906cb08e73481b2713c747857880accf9db1056b574036b5708def edge: 50e27ae9faaa0bd32f78d353e263b2afc8456a854aa251c32506eea69d80a551 -> 2d220a7477906cb08e73481b2713c747857880accf9db1056b574036b5708def edge: 37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f -> 2d220a7477906cb08e73481b2713c747857880accf9db1056b574036b5708def edge: 2d220a7477906cb08e73481b2713c747857880accf9db1056b574036b5708def -> b42e18366abaf7d25debe1765391f2a4b1f3a16708045d2e6642a14fc4c93144 node: 009bdfaa34f3d43c2a83a32c18de70d1793a5ae587601fb5537ebd6b4b611f5b, opts: {:vpc_id=>"vpc-0d335e14eb5b7bc1f", :group_id=>"sg-067705ee76f229cf4"} edge: b42e18366abaf7d25debe1765391f2a4b1f3a16708045d2e6642a14fc4c93144 -> 009bdfaa34f3d43c2a83a32c18de70d1793a5ae587601fb5537ebd6b4b611f5b edge: 009bdfaa34f3d43c2a83a32c18de70d1793a5ae587601fb5537ebd6b4b611f5b -> b42e18366abaf7d25debe1765391f2a4b1f3a16708045d2e6642a14fc4c93144 node: 50e27ae9faaa0bd32f78d353e263b2afc8456a854aa251c32506eea69d80a551, opts: {:vpc_id=>"vpc-0d335e14eb5b7bc1f", :group_id=>"sg-06a6e6f025a977622"} edge: 2d220a7477906cb08e73481b2713c747857880accf9db1056b574036b5708def -> 50e27ae9faaa0bd32f78d353e263b2afc8456a854aa251c32506eea69d80a551 edge: 50e27ae9faaa0bd32f78d353e263b2afc8456a854aa251c32506eea69d80a551 -> 50e27ae9faaa0bd32f78d353e263b2afc8456a854aa251c32506eea69d80a551 edge: 37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f -> 50e27ae9faaa0bd32f78d353e263b2afc8456a854aa251c32506eea69d80a551 edge: 50e27ae9faaa0bd32f78d353e263b2afc8456a854aa251c32506eea69d80a551 -> b42e18366abaf7d25debe1765391f2a4b1f3a16708045d2e6642a14fc4c93144 node: b2bdb4abc23383fe83dde4b5423623d2280eb1bef59c5ec0152da66228344432, opts: {:vpc_id=>"vpc-0d335e14eb5b7bc1f", :group_id=>"sg-088f818d22bd9a482"} edge: e35f66cb3a3ad0ef6beb3aa96554d35fda8d006f38633acb9c735baae4855a05 -> b2bdb4abc23383fe83dde4b5423623d2280eb1bef59c5ec0152da66228344432 edge: 37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f -> b2bdb4abc23383fe83dde4b5423623d2280eb1bef59c5ec0152da66228344432 edge: b42e18366abaf7d25debe1765391f2a4b1f3a16708045d2e6642a14fc4c93144 -> b2bdb4abc23383fe83dde4b5423623d2280eb1bef59c5ec0152da66228344432 edge: b2bdb4abc23383fe83dde4b5423623d2280eb1bef59c5ec0152da66228344432 -> b42e18366abaf7d25debe1765391f2a4b1f3a16708045d2e6642a14fc4c93144 node: 48aae2845a947e1956545a5863aac9378e2a083455bc64b4518ef76e39557a2e, opts: {:vpc_id=>"vpc-0d335e14eb5b7bc1f", :group_id=>"sg-09497210db363e84c"} edge: b42e18366abaf7d25debe1765391f2a4b1f3a16708045d2e6642a14fc4c93144 -> 48aae2845a947e1956545a5863aac9378e2a083455bc64b4518ef76e39557a2e edge: 48aae2845a947e1956545a5863aac9378e2a083455bc64b4518ef76e39557a2e -> b42e18366abaf7d25debe1765391f2a4b1f3a16708045d2e6642a14fc4c93144 node: 37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f, opts: {:vpc_id=>"vpc-0d335e14eb5b7bc1f", :group_id=>"sg-09976588585749d6e"} edge: 2d220a7477906cb08e73481b2713c747857880accf9db1056b574036b5708def -> 37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f edge: 50e27ae9faaa0bd32f78d353e263b2afc8456a854aa251c32506eea69d80a551 -> 37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f edge: 37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f -> 37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f edge: 37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f -> b42e18366abaf7d25debe1765391f2a4b1f3a16708045d2e6642a14fc4c93144 node: 37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f, opts: {:vpc_id=>"vpc-612a9b1b", :group_id=>"sg-7e11733c"} edge: 37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f -> 37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f edge: 37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f -> b42e18366abaf7d25debe1765391f2a4b1f3a16708045d2e6642a14fc4c93144 [ERROR] undefined method <<' for {:overlap=>false, :splines=>true, :sep=>1, :concentrate=>true, :rankdir=>"LR"}:Hash
Did you mean? <
/usr/local/rvm/gems/ruby-3.0.0/gems/graphviz-1.2.1/lib/graphviz/node.rb:36:in initialize': undefined method <<' for {:overlap=>false, :splines=>true, :sep=>1, :concentrate=>true, :rankdir=>"LR"}:Hash (NoMethodError)
Did you mean? <
from /usr/local/rvm/gems/ruby-3.0.0/gems/graphviz-1.2.1/lib/graphviz/graph.rb:30:in initialize' from /usr/local/rvm/gems/ruby-3.0.0/gems/aws_security_viz-0.2.2/lib/renderer/graphviz.rb:6:in new'
from /usr/local/rvm/gems/ruby-3.0.0/gems/aws_security_viz-0.2.2/lib/renderer/graphviz.rb:6:in initialize' from /usr/local/rvm/gems/ruby-3.0.0/gems/aws_security_viz-0.2.2/lib/renderer/all.rb:7:in new'
from /usr/local/rvm/gems/ruby-3.0.0/gems/aws_security_viz-0.2.2/lib/renderer/all.rb:7:in pick' from /usr/local/rvm/gems/ruby-3.0.0/gems/aws_security_viz-0.2.2/lib/aws_security_viz.rb:23:in unleash'
from /usr/local/rvm/gems/ruby-3.0.0/gems/aws_security_viz-0.2.2/exe/aws_security_viz:34:in <top (required)>' from /usr/local/rvm/gems/ruby-3.0.0/bin/aws_security_viz:23:in load'
from /usr/local/rvm/gems/ruby-3.0.0/bin/aws_security_viz:23:in <main>' from /usr/local/rvm/gems/ruby-3.0.0/bin/ruby_executable_hooks:22:in eval'
from /usr/local/rvm/gems/ruby-3.0.0/bin/ruby_executable_hooks:22:in `

aws_security_viz v0.2.2
ruby 3.0.0p0 (2020-12-25 revision 95aff21468) [x86_64-linux]

NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo)

(venv) -bash-4.2# yum list | grep graphviz
graphviz.x86_64 2.30.1-21.amzn2.0.1 @amzn2-core
graphviz.i686 2.30.1-21.amzn2.0.1 amzn2-core
graphviz-devel.x86_64 2.30.1-21.amzn2.0.1 amzn2-core
graphviz-doc.x86_64 2.30.1-21.amzn2.0.1 amzn2-core
graphviz-gd.x86_64 2.30.1-21.amzn2.0.1 amzn2-core
graphviz-graphs.x86_64 2.30.1-21.amzn2.0.1 amzn2-core
graphviz-guile.x86_64 2.30.1-21.amzn2.0.1 amzn2-core
graphviz-java.x86_64 2.30.1-21.amzn2.0.1 amzn2-core
graphviz-lua.x86_64 2.30.1-21.amzn2.0.1 amzn2-core
graphviz-ocaml.x86_64 2.30.1-21.amzn2.0.1 amzn2-core
graphviz-perl.x86_64 2.30.1-21.amzn2.0.1 amzn2-core
graphviz-php.x86_64 2.30.1-21.amzn2.0.1 amzn2-core
graphviz-python.x86_64 2.30.1-21.amzn2.0.1 amzn2-core
graphviz-ruby.x86_64 2.30.1-21.amzn2.0.1 amzn2-core
graphviz-tcl.x86_64 2.30.1-21.amzn2.0.1 amzn2-core
(venv) -bash-4.2#
`

Hello !

First of all, I want to say great job for this great tool, very useful and easy to set up, nice work!
I have a suggestion to make (maybe you've already thought about it) : possibility to select and view only the ingress or egress for each instance.

Thank you in advance for your answer

I should be able to generate CSS properties and either link an overriding CSS spreadsheet or override the generated style blocks to increase readability in most situations. How can I do this? The mouse-over/hover magnification doesn't seem to work reliably, and the initial text size makes it a mystery of what object I'll be looking at anyway. All the items in a clicked node/path should be grown to be readable at the same time.

I did the installation via brew but I'm unable to execute the command:

aws_security_viz --help

and then I did an install via ruby by: gem install aws_security_viz

This works but gives a ton of errors. I'm running the local ruby interpreter on a brand new mac with an apple processor.

This is my ruby version:

ruby 2.6.8p205 (2021-07-07 revision 67951) [universal.arm64e-darwin21]

Follow up from #14 , aws-security-viz should provide the capability to export to an interactive html file.

When specifying a destination directory for the JSON file, the HTML file is written to the current working directory while the JSON file is written to the specified directory.

Shouldn't these files land in the same specified directory?

How to reproduce:

mkdir -p /tmp/output/test/path

cd /tmp/output/

aws_security_viz -o /tmp/aws_security_groups.json -f /tmp/output/test/path/aws.json

ls -la /tmp/output/test/path

total 92
drwxr-xr-x. 2 root root 4096 Mar 17 23:24 .
drwxr-xr-x. 3 root root 4096 Mar 17 23:24 ..
-rw-r--r--. 1 root root 83944 Mar 17 23:24 aws.json

ls -la .

total 20
drwxr-xr-x. 3 root root 4096 Mar 17 23:24 .
drwxrwxrwt. 8 root root 4096 Mar 17 23:24 ..
drwxr-xr-x. 3 root root 4096 Mar 17 23:24 test
-rw-r--r--. 1 root root 5539 Mar 17 23:24 view.html

Hi there,

am getting following error:

Value for attribute label can't be null
/Users/user/.rvm/gems/ruby-2.1.2/gems/ruby-graphviz-1.0.9/lib/graphviz.rb:950:in escape': undefined methodmatch' for nil:NilClass (NoMethodError)
from /Users/user/.rvm/gems/ruby-2.1.2/gems/ruby-graphviz-1.0.9/lib/graphviz/node.rb:139:in output' from /Users/user/.rvm/gems/ruby-2.1.2/gems/ruby-graphviz-1.0.9/lib/graphviz.rb:629:inblock in append_attributes_and_types'
from /Users/user/.rvm/gems/ruby-2.1.2/gems/ruby-graphviz-1.0.9/lib/graphviz/elements.rb:19:in block in each' from /Users/user/.rvm/gems/ruby-2.1.2/gems/ruby-graphviz-1.0.9/lib/graphviz/elements.rb:18:ineach'
from /Users/user/.rvm/gems/ruby-2.1.2/gems/ruby-graphviz-1.0.9/lib/graphviz/elements.rb:18:in each' from /Users/user/.rvm/gems/ruby-2.1.2/gems/ruby-graphviz-1.0.9/lib/graphviz.rb:613:inappend_attributes_and_types'
from /Users/user/.rvm/gems/ruby-2.1.2/gems/ruby-graphviz-1.0.9/lib/graphviz.rb:432:in output' from lib/visualize_aws.rb:35:inrender'
from lib/visualize_aws.rb:15:in unleash' from lib/visualize_aws.rb:51:in

❯ ruby --version
ruby 2.1.2p95 (2014-05-08 revision 45877) [x86_64-darwin13.0]

Tried with 56bf817 version.

aws security viz requires Ruby 2.0, but during the gem install process one sees this message early on:

Last (important) changes :
Ruby-Graphviz no longer supports Ruby < 1.9.3

before gem fails requiring Ruby 2.0 on 1.9.3.xxxx :)

Ubuntu 14.04.4. Native main/universe package, no PPA source.

I was trying to run the "Via navigator renderer" option but I keep getting the below errors. Am I missing something elementary?

OS : MAC OS - 10.13.6

$ aws_security_viz -a xxxxxxxxxxxxxxxxxx -s xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -f aws.json --renderer navigator Error: unknown argument '--renderer'. Try --help for help. $ aws_security_viz -a xxxxxxxxxxxxxxxxxx -s xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -f aws.json --renderer json Error: unknown argument '--renderer'. Try --help for help.

When trying to run the docker build process step 2/5 fails

 => [internal] load build definition from Dockerfile                                                               0.0s
 => => transferring dockerfile: 273B                                                                               0.0s
 => [internal] load .dockerignore                                                                                  0.0s
 => => transferring context: 96B                                                                                   0.0s
 => [internal] load metadata for docker.io/library/ruby:2.6-alpine                                                 3.5s
 => [auth] library/ruby:pull token for registry-1.docker.io                                                        0.0s
 => CACHED [1/5] FROM docker.io/library/ruby:2.6-alpine@sha256:4a228108c0cbe7ed984b26d558cbcabd75b0f9b7c9e8271827  0.0s
 => ERROR [2/5] RUN apk add --update         build-base         graphviz         ttf-ubuntu-font-family            1.5s
------
 > [2/5] RUN apk add --update         build-base         graphviz         ttf-ubuntu-font-family:
#6 0.367 fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/main/x86_64/APKINDEX.tar.gz
#6 0.952 fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/community/x86_64/APKINDEX.tar.gz
#6 1.429 ERROR: unable to select packages:
#6 1.451   ttf-ubuntu-font-family (no such package):
#6 1.451     required by: world[ttf-ubuntu-font-family]
------
executor failed running [/bin/sh -c apk add --update         build-base         graphviz         ttf-ubuntu-font-family]: exit code: 1

From this issue it seems that that package was removed, alpinelinux/docker-alpine#181

Is there an alternative package that can be used?

this.allNeighborsCount doesn't exist. This causes the following error in the console:

view.html:41 Uncaught TypeError: Cannot read property 'default' of undefined

Line 41:
return this.allNeighborsCount[nodeId];

Changing to this.neighborCount works

when I click on n element, like a security group, a small box shows on the left hand side. The box is empty, except for a "close" X. Should there be information in that box?

Thanks,

César

Hi Anay,

I try to run the command ruby visualize_aws.rb my_aws_key my_aws_secret_key to generate the png file which it did but it's blank.

So I added -d -v and it throw out the following error:
ruby 2.0.0p353 (2013-11-22 revision 43784) [x86_64-linux]
Exception LoadError' at /usr/share/rubygems/rubygems.rb:1182 - cannot load such file -- rubygems/defaults/ruby ExceptionLoadError' at /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:55 - cannot load such file -- abrt
Exception LoadError' at /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:141 - cannot load such file -- abrt ExceptionLoadError' at /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:55 - cannot load such file -- right_aws
/usr/local/share/gems/gems/right_http_connection-1.3.0/lib/right_http_connection.rb:267: warning: assigned but unused variable - e
/usr/local/share/gems/gems/right_http_connection-1.3.0/lib/net_fix.rb:50: warning: method redefined; discarding old rbuf_fill
/usr/share/ruby/net/protocol.rb:151: warning: previous definition of rbuf_fill was here
/usr/local/share/gems/gems/right_http_connection-1.3.0/lib/net_fix.rb:81: warning: method redefined; discarding old exec
/usr/share/ruby/net/http/generic_request.rb:119: warning: previous definition of exec was here
/usr/local/share/gems/gems/right_http_connection-1.3.0/lib/net_fix.rb:93: warning: method redefined; discarding old send_request_with_body
/usr/share/ruby/net/http/generic_request.rb:178: warning: previous definition of send_request_with_body was here
/usr/local/share/gems/gems/right_http_connection-1.3.0/lib/net_fix.rb:101: warning: method redefined; discarding old send_request_with_body_stream
/usr/share/ruby/net/http/generic_request.rb:187: warning: previous definition of send_request_with_body_stream was here
/usr/local/share/gems/gems/right_http_connection-1.3.0/lib/net_fix.rb:127: warning: method redefined; discarding old request
/usr/share/ruby/net/http.rb:1365: warning: previous definition of request was here
/usr/local/share/gems/gems/right_aws-3.0.0/lib/awsbase/benchmark_fix.rb:29: warning: method redefined; discarding old add!
/usr/share/ruby/benchmark.rb:431: warning: previous definition of add! was here
/usr/local/share/gems/gems/right_aws-3.0.0/lib/awsbase/right_awsbase.rb:492: warning: shadowing outer local variable - response
/usr/local/share/gems/gems/right_aws-3.0.0/lib/awsbase/right_awsbase.rb:576: warning: method redefined; discarding old last_request_id
/usr/local/share/gems/gems/right_aws-3.0.0/lib/ec2/right_ec2_instances.rb:266: warning: mismatched indentations at 'end' with 'def' at 262
/usr/local/share/gems/gems/right_aws-3.0.0/lib/ec2/right_ec2_security_groups.rb:103: warning: assigned but unused variable - list
/usr/local/share/gems/gems/right_aws-3.0.0/lib/ec2/right_ec2_reserved_instances.rb:151: warning: mismatched indentations at 'end' with 'def' at 149
/usr/local/share/gems/gems/right_aws-3.0.0/lib/ec2/right_ec2_reserved_instances.rb:165: warning: mismatched indentations at 'end' with 'def' at 152
/usr/local/share/gems/gems/right_aws-3.0.0/lib/ec2/right_ec2_vpc2.rb:379: warning: mismatched indentations at 'end' with 'class' at 26
/usr/local/share/gems/gems/right_aws-3.0.0/lib/s3/right_s3_interface.rb:197: warning: mismatched indentations at 'end' with 'def' at 173
/usr/local/share/gems/gems/right_aws-3.0.0/lib/s3/right_s3.rb:478: warning: shadowing outer local variable - key
/usr/local/share/gems/gems/right_aws-3.0.0/lib/sqs/right_sqs_interface.rb:409: warning: assigned but unused variable - m
/usr/share/rubygems/rubygems/core_ext/kernel_require.rb:55: warning: loading in progress, circular require considered harmful - /usr/local/share/gems/gems/right_aws-3.0.0/lib/right_aws.rb
from visualize_aws.rb:1:in <main>' from /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:144:inrequire'
from /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:135:in rescue in require' from /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:135:inrequire'
from /usr/local/share/gems/gems/right_aws-3.0.0/lib/right_aws.rb:65:in <top (required)>' from /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:55:inrequire'
from /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:55:in require' from /usr/local/share/gems/gems/right_aws-3.0.0/lib/sdb/right_sdb_interface.rb:24:in<top (required)>'
from /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:55:in require' from /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:55:inrequire'
/usr/local/share/gems/gems/right_aws-3.0.0/lib/acf/right_acf_interface.rb:145: warning: mismatched indentations at 'end' with 'def' at 122
/usr/local/share/gems/gems/right_aws-3.0.0/lib/rds/right_rds_interface.rb:1383: warning: mismatched indentations at 'end' with 'class' at 26
/usr/local/share/gems/gems/right_aws-3.0.0/lib/route_53/right_route_53_interface.rb:225: warning: mismatched indentations at 'end' with 'def' at 202
Exception LoadError' at /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:55 - cannot load such file -- graphviz /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz.rb:46: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz.rb:48: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz.rb:50: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz.rb:53: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz.rb:56: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz.rb:59: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz.rb:62: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz.rb:65: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz.rb:68: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz.rb:69: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz.rb:70: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz.rb:84: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz.rb:742: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz.rb:743: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz.rb:744: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz.rb:747: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz.rb:750: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz/node.rb:46: warning: mismatched indentations at 'end' with 'def' at 44 /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz/node.rb:53: warning: mismatched indentations at 'end' with 'def' at 51 /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz/node.rb:23: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz/node.rb:24: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz/node.rb:25: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz/attrs.rb:19: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz/attrs.rb:20: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz/attrs.rb:21: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz/attrs.rb:22: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz/edge.rb:83: warning: mismatched indentations at 'end' with 'def' at 81 /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz/edge.rb:94: warning: mismatched indentations at 'end' with 'def' at 91 /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz/edge.rb:191: warning: possibly useless use of + in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz/edge.rb:23: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz/edge.rb:24: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz/edge.rb:25: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz/edge.rb:26: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz/edge.rb:27: warning: possibly useless use of a variable in void context /usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz/edge.rb:28: warning: possibly useless use of a variable in void context I, [2014-01-20T15:43:30.409979 #27796] INFO -- : New RightAws::Ec2 using shared connections mode ExceptionNoMethodError' at /usr/local/share/gems/gems/right_http_connection-1.3.0/lib/right_http_connection.rb:266 - undefined method pos' for nil:NilClass I, [2014-01-20T15:43:30.411067 #27796] INFO -- : Opening new HTTPS connection to ec2.ap-southeast-2.amazonaws.com:443 I, [2014-01-20T15:43:30.411334 #27796] INFO -- : Connecting to proxy internal-Squid-DEV-SquidLoa-1Y2M3Q25L2N5J-1014830244.ap-southeast-2.elb.amazonaws.com:3128 with username /usr/share/ruby/openssl/buffering.rb:318: warning: SSL session is not started yet. /usr/local/share/gems/gems/right_http_connection-1.3.0/lib/net_fix.rb:52: warning: SSL session is not started yet. ExceptionEncoding::CompatibilityError' at /usr/share/ruby/rexml/source.rb:270 - incompatible character encodings: UTF-8 and ASCII-8BIT
Exception NoMethodError' at /usr/share/ruby/rexml/source.rb:265 - private methodreadline' called for nil:NilClass
/usr/local/share/gems/gems/ruby-graphviz-1.0.0/lib/graphviz.rb:592: warning: instance variable @ln not initialized
Exception LoadError' at /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:55 - cannot load such file -- win32/open3 ExceptionLoadError' at /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:141 - cannot load such file -- win32/open3
removing /tmp/graphviz.rb20140120-27796-195bos1...done

Is it because of version incompatible?

Thanks,
Yew Wei

System-Name$ aws_security_viz -a -s -f aws.json
/Library/Ruby/Gems/2.0.0/gems/ruby-graphviz-1.2.2/lib/graphviz.rb:508:in block in output': output format 'aws.json' invalid (ArgumentError) from /Library/Ruby/Gems/2.0.0/gems/ruby-graphviz-1.2.2/lib/graphviz.rb:454:ineach'
from /Library/Ruby/Gems/2.0.0/gems/ruby-graphviz-1.2.2/lib/graphviz.rb:454:in output' from /Library/Ruby/Gems/2.0.0/gems/aws_security_viz-0.1.1/lib/graph.rb:34:inoutput'
from /Library/Ruby/Gems/2.0.0/gems/aws_security_viz-0.1.1/lib/aws_security_viz.rb:41:in render' from /Library/Ruby/Gems/2.0.0/gems/aws_security_viz-0.1.1/lib/aws_security_viz.rb:20:inunleash'
from /Library/Ruby/Gems/2.0.0/gems/aws_security_viz-0.1.1/exe/aws_security_viz:28:in <top (required)>' from /usr/local/bin/aws_security_viz:23:inload'
from /usr/local/bin/aws_security_viz:23:in `

It would be awesome to have the -v option to print the version of the application.

Given that aws-security-viz is now a gem, usage of ENV needs to be removed and moved to API config opts. These could probably continue to exist in exe/aws_security_viz

Extending on #29

It's commonly to use MFA to authenticate with AWS in which case the personal IAM accounts will use a temporary session token rather than the static credentials.

https://github.com/lonelyplanet/aws-mfa

Which introduces two new env variables, which are automatically read by aws-cli and other tools interacting with AWS

AWS_SESSION_TOKEN
AWS_SECURITY_TOKEN

Great work, I think there is good potential here for scoped, automated threat modeling.

My use case is that given a particular asset (for instance the "App Server" from the README example) I would like to:

• Be able to plot all of the egress points just from that one asset:
  

• Be able to plot all of the ingress points to that particular asset:
  

• Test if the particular asset has access to another particular asset (or set of assets), such as a sensitive/restricted security group.

• Test if this particular asset is reachable by another particular asset (or set of assets), such as the public ELB security group

The commands would probably look like this:

1. aws_security_viz -o data/security_groups.json -source="app server" -target="*"
2. aws_security_viz -o data/security_groups.json -source="*" -target="app server"
3. aws_security_viz -o data/security_groups.json -source="app server" -target="restricted-sg"
4. aws_security_viz -o data/security_groups.json -source="amazon-elb-sg" -target="app server"

**It would also be useful to provide a "depth" property. You can scope the results down to 1 hop, 2 hops, or * hops

When I run the following command:
docker run -i --rm -t -p 3000:3000 -v <pwd>/aws-security-viz --name sec-viz sec-viz /usr/local/bundle/bin/aws_security_viz -o <pwd>/aws-describe-security-groups.json --renderer navigator --serve 3000

The output is that:
[ERROR] No such file or directory @ rb_sysopen - <pwd>/aws-describe-security-groups.json

Even I launch the container and use docker exec directly, it still get same error.

Any idea on this? Thank you.

Just some notes to get it installed on my laptop running Yosemite

brew install libxml2 graphviz
ARCHFLAGS=-Wno-error=unused-command-line-argument-hard-error-in-future bundler install

Currently the default format is selected as sfdp with no option to change without changing the code.
sfdp needs triangulation library changes which is not a default flag for graphviz.

Change default to dot format and allow sfdp as an override for advanced users.

Currently aws-security-viz only displays EC2-classic security groups. It should also support EC2-vpc security groups.

I followed these steps for the docker option:

1. Clone this repository, open it in a console.
2. Build the docker container: docker build -t sec-viz .
   3.Run the container: docker run -i --rm -t -p 3000:3000 -v $(pwd)/aws-viz:/aws-security-viz --name sec-viz sec-viz

I got the following error after step3, any idea what's wrong?
[ERROR] unable to sign request without credentials set

Thanks

Provide capability to compare current security groups against a previous snapshot so that differences can be highlighted easily in the generated visualization.

It is unclear to me under which license this code is being released. Could that please be included somewhere? I apologize if I missed this somehow.

Thanks,

Brandon

Just an enhancement suggestion to docs. It would be great if the required AWS IAM permissions are included in the README.

The current process to use aws-security-viz involves a few manual steps. The process to use it needs to be simpler

Activities involved:

• Push to rubygems
• Update README
• Externalize opts.yml (provide mechanism to build one)

The JSON that I have generated with aws-cli has 48419 lines in it, maybe there are too many complex connections?

I used the following:

aws ec2 describe-security-groups > security_groups.json
bundle exec ruby lib/visualize_aws.rb -o security_groups.json -f viz.svg --color

Then tried opening the file in Chrome and Gapplin (OSX SVG viewer) - both showed a blank page. I loaded a test .json from another issue topic and it was able to generate a viewable SVG so the install of aws-security-viz is working.

Need to maintain a changelog. Will help avoid issues such as #20

See http://keepachangelog.com/

Sounds that the new region eu-west-3 (Paris) is not working

A workaround ?

Currently, if there are too many nodes and edges, it is difficult to trace the outbound connections from a node. Coloring every node and its corresponding edges in a separate color would simplify this.

This might need to be a separate repository depending upon whats involved in creating a heroku button

This will further simplify the process to create a web view as provided in #15