SG Provisioner - Automated AWS Security Group Infrastructure

Automate your AWS Security Group infrastructure with ease. SG Provisioner by Axon Tech Labs simplifies complex security group provisioning by transforming human-readable YAML into fully validated CloudFormation templates. It eliminates manual rule configuration errors, ensures architectural consistency across tiers, and handles the heavy lifting of IAM policy generation.

Designed for platform teams, DevOps engineers, network engineers, and cloud architects who need consistent, repeatable Security Group deployments across AWS accounts and regions. Select a pre-built scenario for your architecture (3-tier web, 2-tier web, database-specific variants), apply overrides for your specific requirements, and the tool generates CloudFormation templates with correct cross-tier references and automatic circular dependency resolution.

Key Capabilities:

• Scenario-Based Provisioning: Choose from 9 pre-built scenarios covering common 2-tier and 3-tier architectures. Each scenario defines tiers, ingress/egress rules, and cross-tier references - no manual rule writing required.
• Override System: Customize base scenarios without creating new YAML files. Override ports, add ingress/egress rules per tier, and the tool merges your changes cleanly.
• Security Validation: Built-in validator blocks dangerous patterns before deployment - database ports open to the internet, missing rule descriptions, and references to non-existent tiers.
• Safe Deployments: Validates YAML schemas and CloudFormation templates before execution, with support for isolated test deployments and change previews.
• Infrastructure Integrity: Detects environment drift via on-demand checks to ensure your live AWS Security Groups stay aligned with your configuration.
• Audit-Ready Documentation: Produces pre-deployment review reports (with override highlighting) and post-deployment HTML reports for compliance and internal reviews.
• SSM Integration: Stores Security Group IDs in AWS Systems Manager Parameter Store for downstream consumers (EC2, RDS, ECS, Lambda, SageMaker).

12 Actions:

• validate-config - Check YAML configuration for schema compliance and syntax errors
• list-scenarios - List all available scenario templates
• show-scenario - Display the details of the selected scenario
• create-policy - Generate and export the least-privilege IAM policy tailored to your resources
• create-prov-template - Generate a CloudFormation template based on your configuration and scenario
• validate-prov-template - Verify provisioning template syntax and resource references before deployment
• create-review-report - Generate a pre-deployment HTML review report with override highlighting
• show-changes - Preview projected infrastructure changes before deploying
• test-deploy - Run a test deployment with an isolated suffix to verify permissions and resource limits
• create-security-groups - Provision all Security Groups via CloudFormation
• check-drift - Detect differences between your live environment and defined configuration
• delete-security-groups - Remove the CloudFormation stack and all associated Security Groups permanently

How It Works:

• Configure: Select a scenario and define your overrides in a simple YAML file
• Execute: Run the Docker container with your config mounted
• Review: Generate your CloudFormation template and review report, then validate before deploying
• Deploy: Deploy to AWS via CloudFormation for immediate, reliable Security Group creation

Technical Requirements:

• Docker 20.10 or later
• AWS account with EC2, CloudFormation, and SSM permissions
• AWS credentials (access key or IAM role)
• VPC deployed and VPC ID available
• 512 MB RAM minimum