`AWS-DisableIncomingSSHOnPort22`

Description

The AWS-DisableIncomingSSHOnPort22 runbook removes rules that allow unrestricted incoming SSH traffic on TCP port 22 for security groups.

Document type

Automation

Owner

Amazon

Platforms

Linux, macOS, Windows

Parameters

AutomationAssumeRole

Type: String

Description: (Optional) The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf. If no role is specified, Systems Manager Automation uses the permissions of the user that starts this runbook.
SecurityGroupIds

Type: String

Description: (Required) A comma separated list of the IDs of the security groups you want to restrict SSH traffic for.

Required IAM permissions

The AutomationAssumeRole parameter requires the following actions to use the runbook successfully.

Document Steps

aws:executeAwsApi - Removes all rules allowing incoming SSH traffic on TCP port 22 from the security groups you specify in the SecurityGroupIds parameter.

Outputs

DisableIncomingSSHTemplate.RestrictedSecurityGroupIds - A list of the IDs of the security groups that had inbound SSH rules removed.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

AWSConfigRemediation-DetachAndDeleteVirtualPrivateGateway

AWS-DisablePublicAccessForSecurityGroup