Last active
November 16, 2021 02:48
-
-
Save hibernado/50e7dd92616e18faa99c to your computer and use it in GitHub Desktop.
Repoint AWS EC2 Security Group inbound access to my current IP address
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Summary: | |
| # Bash script repoints all inbound access for a given AWS EC2 security group | |
| # to your current IP addr(v4) as provided by ifconfig.me/ip | |
| # To use this script: | |
| # Pass the name of a security group as a command line argument | |
| # e.g. $ aws_repoint_to_my_ip.sh SECURITYGROUPNAME | |
| # Notes: | |
| # You need to have AWS CLI installed and configured. See http://aws.amazon.com/cli/ | |
| # To setup, see this page http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-set-up.html | |
| if [ $# -eq 0 ] | |
| then | |
| echo -e 'Please provide the name of a security group\n\te.g. . aws_repoint_to_my_ip.sh SECURITYGROUPNAME' | |
| return 1 | |
| fi | |
| # Search for the group-id based on the Group Name provided | |
| MYGROUPNAME=$1 # $1 is SECURITYGROUPNAME argument passed to the script | |
| # Get my IP addr(v4) alternatives: curl icanhazip.com; curl ifconfig.me/ip | |
| MYIP=$(curl checkip.amazonaws.com) | |
| # Print all existing inbound access | |
| echo '' | |
| echo 'Current entries for group: '$MYGROUPNAME | |
| aws ec2 describe-security-groups \ | |
| --filters Name=group-name,Values=$MYGROUPNAME \ | |
| --query 'SecurityGroups[0].IpPermissions[*].{ip:IpRanges[0].CidrIp,protocol:IpProtocol,from:FromPort,to:ToPort}' \ | |
| --output table | |
| # Revoke all existing inbound access | |
| echo '' | |
| aws ec2 describe-security-groups \ | |
| --filters Name=group-name,Values=$MYGROUPNAME \ | |
| --query 'SecurityGroups[0].IpPermissions[*].[IpRanges[0].CidrIp,IpProtocol,FromPort,ToPort]' \ | |
| --output text \ | |
| | awk -v grpnm=${MYGROUPNAME} -v newip=${MYIP} '{ | |
| print "aws ec2 revoke-security-group-ingress --group-name "grpnm" --cidr "$1" --protocol "$2" --port "$3; | |
| system ("aws ec2 revoke-security-group-ingress --group-name "grpnm" --cidr "$1" --protocol "$2" --port "$3" > /dev/null 2>&1"); | |
| print "aws ec2 authorize-security-group-ingress --group-name "grpnm" --cidr "newip"/32 --protocol "$2" --port "$3; | |
| system ("aws ec2 authorize-security-group-ingress --group-name "grpnm" --cidr "newip"/32 --protocol "$2" --port "$3" > /dev/null 2>&1"); | |
| }' # " > /dev/null 2>&1" : This pipes stdin and stderr responses to dev/null. Remove if you would like to see the | |
| # response from the server printed on screen | |
| # Print all new inbound access | |
| echo '' | |
| echo '' | |
| echo 'New entries for group: '$MYGROUPNAME | |
| aws ec2 describe-security-groups \ | |
| --filters Name=group-name,Values=$MYGROUPNAME \ | |
| --query 'SecurityGroups[0].IpPermissions[*].{ip:IpRanges[0].CidrIp,protocol:IpProtocol,from:FromPort,to:ToPort}' \ | |
| --output table |
Yes you are right. Thank you very much for the feedback!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
very usefull :) tnx! I would change the service to get the IP from "ifconfig.me/ip" to "checkip.amazonaws.com" maybe is safer and is done exactly for that purpose...
but it's really not important