I need to get ec2 instances which has security groups attached and need to check whether those security groups has rules more than 50.
I tried with the below policy but i'm stuck in getting the sum of IpPermissions and IpPermisionsEgress.
policies:
- name: ec2-instances-with-large-number-of-rules
resource: ec2
filters:
-and:
- type: security-group
key: IpPermissions[]
value_type: size
- type: security-group
key: IpPermissionsEgress[]
value_type: size
You can use jmespath functions in all custodian policies. I'm not sure if this would work with the security group filter on an EC2 instance.
I'd try:
or attack it by identifying SGs with lots of rules using a similar pattern