Pieces in place to automate investigation. Need to improve output format.

GetTrailBySecurityGroup.py

@@ -0,0 +1,3 @@
+#! /usr/bin/python
+#
+# Returns cloudtrail entries by Security Group.

SecurityGroupCloudTrail.sh

@@ -0,0 +1,20 @@
+#! /bin/bash
+#
+# Prints security group details given a profile and an ID
+
+# You can decide for yourself what is easiest to read.
+# Options are 'text', 'json', or 'table'.
+OUTPUT=table
+
+if [ $# -ne 3 ]; then
+	echo Usage: $0 "<profile> <region> <groupid>"
+	exit 1
+fi
+
+PROFILE=$1
+REGION=$2
+SG=$3
+
+aws cloudtrail lookup-events --profile $PROFILE --region $REGION --output $OUTPUT \
+	--lookup-attributes "AttributeKey=ResourceName,AttributeValue=$SG"
+

SecurityGroupDetails.sh

@@ -0,0 +1,18 @@
+#! /bin/bash
+#
+# Prints security group details given a profile and an ID
+
+# You can decide for yourself which is easiest to read. Options are
+# 'json', 'text', or 'table'
+OUTPUT=json
+
+if [ $# -ne 3 ]; then
+	echo Usage: $0 "<profile> <region> <groupid>"
+	exit 1
+fi
+
+PROFILE=$1
+REGION=$2
+SG=$3
+
+aws ec2 describe-security-groups --profile $PROFILE --region $REGION --output $OUTPUT --group-ids $SG