No description
a6b2cea31f
Container: - Dockerfile → Containerfile; drop gosu, entrypoint, PUID/PGID user-switching - HOME=/config so Path.home()/.aws resolves to runtime-mounted credentials - docker-compose.yml → compose.yml with userns_mode: keep-id for Podman rootless - .dockerignore → .containerignore - boto3 unpinned from 1.34.0 to >=1.34.0 CI: - Remove Woodpecker (.woodpecker.yml, .woodpecker/) - Add Forgejo Actions (.forgejo/workflows/ci.yml, publish.yml) - CI: syntax check, security scan, container lint (hadolint), build test - Publish: build and push to Quay.io on main push and version tags Cleanup: - Remove entrypoint.sh (no longer needed) - Remove scripts/build-and-push.sh and PUBLISHING.md (superseded by CI) - All docker → podman command references updated Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .forgejo/workflows | ||
| .github/ISSUE_TEMPLATE | ||
| static | ||
| templates | ||
| wiki | ||
| .containerignore | ||
| .env.example | ||
| .gitignore | ||
| app.py | ||
| compose.local.yml | ||
| compose.yml | ||
| Containerfile | ||
| CONTRIBUTING.md | ||
| import_from_aws.py | ||
| LICENSE | ||
| README.md | ||
| requirements.txt | ||
SGO: Security Groups Observatory
A web-based tool for exploring AWS EC2 instances and Security Groups with direct AWS import, MFA support, and CSV export capabilities.
Quick Start
1. Setup container files
wget https://codeberg.org/edfig/SGO/src/branch/main/docker-compose.yml
cp .env.example .env
# edit the .env as needed
# 2. Start the container
docker-compose up
# or with Podman:
podman-compose up
# 3. Open browser to http://localhost:5000
⚠️ Security Warning
This application is designed for LOCAL USE ONLY. Do NOT expose it to the internet.
- SGO has no authentication or authorization mechanisms
- It provides direct access to your AWS infrastructure data
- It reads AWS credentials from your local system
- Exposing it publicly would allow unauthorized access to sensitive AWS information
Always run on localhost (127.0.0.1) only. Never expose port 5000 to external networks.
Environment Variables
Available Options:
| Variable | Description | Required | Default |
|---|---|---|---|
AWS_CONFIG_PATH |
Absolute path to AWS credentials directory | Yes | None |
PUID |
User ID for file permissions | No | 1000 |
PGID |
Group ID for file permissions | No | 1000 |
DATA_PATH |
Path for database storage (local mode) | No | ./data |
SGO_PORT |
Port to expose on host | No | 5000 |
DEBUG |
Enable Flask debug logging | No | false |
FLASK_ENV |
Flask environment | No | production |
File Structure
sgo/
├── app.py # Flask web application
├── import_from_aws.py # AWS direct import functions
├── requirements.txt # Python dependencies
├── Dockerfile # Container image definition
├── docker-compose.yml # Container orchestration (Docker volume)
├── docker-compose.local.yml # Alternative with local directory storage
├── entrypoint.sh # Container entrypoint with PUID/PGID support
├── .dockerignore # Files to exclude from container
├── .env.example # Example environment configuration
├── .gitignore # Git ignore patterns
├── README.md # This file
├── data/ # Local data directory (if using local mode)
│ └── aws_export.db # SQLite database
├── static/ # CSS and images
└── templates/ # HTML
License
This project is dual-licensed:
- FREE for individual, personal, educational, and non-commercial use
- PAID LICENSE REQUIRED for commercial use by businesses and organizations
You may NOT modify this software for the purpose of selling or commercially distributing it.
See the LICENSE file for full details.
For commercial licensing inquiries, please open an issue in this repository.