• SSH-Auto-Restricted checks incoming SSH traffic configurations for security groups using AWS Config rule.
• The rule is COMPLIANT when IP addresses of the incoming SSH traffic in the security groups are restricted (CIDR other than 0.0.0.0/0)
• This rule applies only to IPv4.
• If a security group is changed with SSH traffic CIDR equal to 0.0.0.0/0, the AWS Config rule becomes NON_COMPLIANT
• The NON_COMPLIANT event triggers an Eventbridge rule which triggers an AWS Lambda function that removes the SSH incoming traffic

$ npm install -g aws-cdk

python -m venv .venv
source .venv/bin/activate

pip install -r requirements.txt

cdk synth

cdk deploy

• cdk ls list all stacks in the app
• cdk synth emits the synthesized CloudFormation template
• cdk deploy deploy this stack to your default AWS account/region
• cdk diff compare deployed stack with current state
• cdk docs open CDK documentation

Enjoy!