Security Groups

Describes Security Groups from your Instances in AWS.

Sync Type: Cron

Requirements

IAM Role Assumption / Static Credentials
Example permission to attach to the role/user:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeSecurityGroups",
        "ec2:DescribeInstances"
      ],
      "Resource": "*"
    }
  ]
}

Details

When the input is run, it will retrieve all security groups and their associated instances from the specified AWS region. The sync runs on a scheduled basis according to your cron configuration. Monad will use the AWS APIs to fetch current security group configurations, including rules, associated instances, and metadata. The data is then processed and made available for security analysis and compliance monitoring.

Configuration

The following configuration defines the input parameters. Each field's specifications, such as type, requirements, and descriptions, are detailed below.

Settings

Setting	Type	Required	Description
Region	string	Yes	The AWS region where the security groups that are being fetched are located.
RoleARN	string	Yes	Role ARN to assume when reading your Security Groups.
Cron	string	Yes	Cron string for scheduling the ingest of your input.
Filters	Array	No	Array of filters for the security groups. Multiple filters are combined with AND logic, multiple values within a filter use OR logic. Below is an example of a filter

{
  "Filters": [
    {
      "Name": "group-id",
      "Values": ["sg-abcd1234"]
    }
  ]
}

Secrets (Static Credentials Only)

Setting	Type	Required	Description
Access Key	string	Conditional	AWS Access Key ID
Secret Key	string	Conditional	AWS Secret Access Key

⚠️ Authentication: Choose either Role ARN (recommended) or static credentials. See AWS Authentication Guide for setup instructions.

Custom Schema Handling

If the source data doesn't align with any of the OpenSecurityControlFramework (OSCF) schemas, you can create a custom transformation using our JQ transform pipeline. For example:

{
  metadata: {
    schema_version: "1.0.0",
    custom_framework: "my_framework"
  },
  controls: .[]
}

For more information on JQ and how to write your own JQ transformations see the JQ docs here..

If you believe this data source should be included in the standard OSCF schema set, please reach out to our team at support@monad.com. We're always looking to expand our coverage of security control frameworks based on community needs.

Sample Record

{
  "Description": "load balancer security group",
  "GroupId": "vpc-be948f0938d4a038a",
  "GroupName": "default",
  "IpPermissions": [],
  "IpPermissionsEgress": [
    {
      "FromPort": null,
      "IpProtocol": "-1",
      "IpRanges": [
        {
          "CidrIp": "0.0.0.0/0",
          "Description": null
        }
      ],
      "Ipv6Ranges": [],
      "PrefixListIds": [],
      "ToPort": null,
      "UserIdGroupPairs": []
    }
  ],
  "OwnerId": "510578624478",
  "SecurityGroupArn": "arn:aws:ec2:us-east-1:345056260303:security-group/sg-be948f0938d4a038a",
  "Tags": [
    {
      "Key": "Environment",
      "Value": "staging"
    }
  ],
  "VpcId": "vpc-be948f0938d4a038a"
}

Requirements​

Details​

Configuration​

Settings​

Secrets (Static Credentials Only)​

Custom Schema Handling​

Sample Record​