Skip to content

Instantly share code, notes, and snippets.

@torazuka

torazuka/modsg.sh

Created October 9, 2011 05:14
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save torazuka/1273335 to your computer and use it in GitHub Desktop.
Save torazuka/1273335 to your computer and use it in GitHub Desktop.
Download ZIP
AWS security groupで、自IPアドレスからの22番、80番ポート接続のみ許可する。要ec2-tools
Raw
modsg.sh
#!/bin/sh
# Before running this script,
# you must install the Java and the ec2-tools,
# and set env of JAVA_HOME, EC2_HOME and PATH.
Usage(){
cat <<- EOF 1>&2
-----------------------------------------------
setting Grobal IP address on AWS Security Group
-----------------------------------------------
EOF
}
Usage
if test $EC2_PRIVATE_KEY
then
PRIVATE_KEY=$EC2_PRIVATE_KEY
else
read -p "enter file path for AWS private key: " PRIVATE_KEY
if test $PRIVATE_KEY
then
echo "error. please set AWS private key file."
exit
fi
fi
if test $EC2_CERT
then
CERT=$EC2_CERT
else
read -p "enter file path for AWS cert: " CERT
if test $CERT
then
echo "error. please set AWS cert file."
exit
fi
fi
# This block will be rewritten if the regions increase.
if test $EC2_URL
then
URL=$EC2_URL
else
echo "please set seccurity group's region..."
read -p "(1:eu-west-1,[2]:us-west-1,3:ap-northeast-1,4:us-west-1,5:ap-southeast-1) : " REGION
if test -z $REGION # default region is us-east-1
then
URL="https://ec2.us-east-1.amazonaws.com"
elif test $REGION = "1"
then
URL="https://ec2.eu-west-1.amazonaws.com"
elif test $REGION = "2"
then
URL="https://ec2.us-east-1.amazonaws.com"
elif test $REGION = "3"
then
URL="https://ec2.ap-northeast-1.amazonaws.com"
elif test $REGION = "4"
then
URL="https://ec2.us-west-1.amazonaws.com"
elif test $REGION = "5"
then
URL="https://ec2.ap-southeast-1.amazonaws.com"
else
echo "error."
exit
fi
fi
echo "get current IP address..."
IP_ADDRESS=`curl ifconfig.me/ip`
echo "[$IP_ADDRESS]"
read -p "Please enter Security Group name.: " GROUP_NAME
if test -z $GROUP_NAME
then
echo "group name error."
exit
fi
# get GROUP_NAME's current settings
SG_response=`ec2-describe-group -K $PRIVATE_KEY -C $CERT -U $URL $GROUP_NAME`
DEFAULT_PROTOCOL="*"
DEFAULT_MIN_PORT="0"
DEFAULT_MAX_PORT="0"
DEFAULT_IP="0.0.0.0"
protocol=$DEFAULT_PROTOCOL
min_port=$DEFAULT_MIN_PORT
max_port=$DEFAULT_MAX_PORT
ip=$DEFAULT_IP
element_flag=0 # next is 1=protocol, 2=minport, 3=maxport
ip_flag=0 # next is ip address
for VAR_ELM in $SG_response
do
# flag set
if test "$VAR_ELM" = "ALLOWS"
then
element_flag=1
continue
elif test "$VAR_ELM" = "CIDR"
then
ip_flag=1
continue
fi
# flag use
if [ $element_flag -eq 1 ]
then
protocol=$VAR_ELM
#echo "protocol: $VAR_ELM"
element_flag=2
elif [ $element_flag -eq 2 ]
then
min_port=$VAR_ELM
#echo "min-port: $VAR_ELM"
element_flag=3
elif [ $element_flag -eq 3 ]
then
max_port=$VAR_ELM
#echo "max-port: $VAR_ELM"
element_flag=0
elif [ $ip_flag -eq 1 ]
then
ip=$VAR_ELM
#echo "ip: $VAR_ELM"
ip_flag=0
# execute revoke
revoke_result=`ec2-revoke -K $PRIVATE_KEY -C $CERT -U $URL $GROUP_NAME -P $protocol -p $min_port-$max_port -s $ip`
echo "[revoke] $revoke_result"
# initialize
protocol=$DEFAULT_PROTOCOL
min_port=$DEFAULT_MIN_PORT
max_port=$DEFAULT_MAX_PORT
ip=$DEFAULT_IP
revoke_result=""
fi
done
# execute authorize
ssh_auth_result=`ec2-authorize -K $PRIVATE_KEY -C $CERT -U $URL $GROUP_NAME -P tcp -p 22 -s $IP_ADDRESS/24`
echo "[auth] $ssh_auth_result"
http_auth_result=`ec2-authorize -K $PRIVATE_KEY -C $CERT -U $URL $GROUP_NAME -P tcp -p 80 -s $IP_ADDRESS/24`
echo "[auth] $http_auth_result"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment