Created
October 9, 2011 05:14
-
-
Save torazuka/1273335 to your computer and use it in GitHub Desktop.
AWS security groupで、自IPアドレスからの22番、80番ポート接続のみ許可する。要ec2-tools
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# Before running this script, | |
# you must install the Java and the ec2-tools, | |
# and set env of JAVA_HOME, EC2_HOME and PATH. | |
Usage(){ | |
cat <<- EOF 1>&2 | |
----------------------------------------------- | |
setting Grobal IP address on AWS Security Group | |
----------------------------------------------- | |
EOF | |
} | |
Usage | |
if test $EC2_PRIVATE_KEY | |
then | |
PRIVATE_KEY=$EC2_PRIVATE_KEY | |
else | |
read -p "enter file path for AWS private key: " PRIVATE_KEY | |
if test $PRIVATE_KEY | |
then | |
echo "error. please set AWS private key file." | |
exit | |
fi | |
fi | |
if test $EC2_CERT | |
then | |
CERT=$EC2_CERT | |
else | |
read -p "enter file path for AWS cert: " CERT | |
if test $CERT | |
then | |
echo "error. please set AWS cert file." | |
exit | |
fi | |
fi | |
# This block will be rewritten if the regions increase. | |
if test $EC2_URL | |
then | |
URL=$EC2_URL | |
else | |
echo "please set seccurity group's region..." | |
read -p "(1:eu-west-1,[2]:us-west-1,3:ap-northeast-1,4:us-west-1,5:ap-southeast-1) : " REGION | |
if test -z $REGION # default region is us-east-1 | |
then | |
URL="https://ec2.us-east-1.amazonaws.com" | |
elif test $REGION = "1" | |
then | |
URL="https://ec2.eu-west-1.amazonaws.com" | |
elif test $REGION = "2" | |
then | |
URL="https://ec2.us-east-1.amazonaws.com" | |
elif test $REGION = "3" | |
then | |
URL="https://ec2.ap-northeast-1.amazonaws.com" | |
elif test $REGION = "4" | |
then | |
URL="https://ec2.us-west-1.amazonaws.com" | |
elif test $REGION = "5" | |
then | |
URL="https://ec2.ap-southeast-1.amazonaws.com" | |
else | |
echo "error." | |
exit | |
fi | |
fi | |
echo "get current IP address..." | |
IP_ADDRESS=`curl ifconfig.me/ip` | |
echo "[$IP_ADDRESS]" | |
read -p "Please enter Security Group name.: " GROUP_NAME | |
if test -z $GROUP_NAME | |
then | |
echo "group name error." | |
exit | |
fi | |
# get GROUP_NAME's current settings | |
SG_response=`ec2-describe-group -K $PRIVATE_KEY -C $CERT -U $URL $GROUP_NAME` | |
DEFAULT_PROTOCOL="*" | |
DEFAULT_MIN_PORT="0" | |
DEFAULT_MAX_PORT="0" | |
DEFAULT_IP="0.0.0.0" | |
protocol=$DEFAULT_PROTOCOL | |
min_port=$DEFAULT_MIN_PORT | |
max_port=$DEFAULT_MAX_PORT | |
ip=$DEFAULT_IP | |
element_flag=0 # next is 1=protocol, 2=minport, 3=maxport | |
ip_flag=0 # next is ip address | |
for VAR_ELM in $SG_response | |
do | |
# flag set | |
if test "$VAR_ELM" = "ALLOWS" | |
then | |
element_flag=1 | |
continue | |
elif test "$VAR_ELM" = "CIDR" | |
then | |
ip_flag=1 | |
continue | |
fi | |
# flag use | |
if [ $element_flag -eq 1 ] | |
then | |
protocol=$VAR_ELM | |
#echo "protocol: $VAR_ELM" | |
element_flag=2 | |
elif [ $element_flag -eq 2 ] | |
then | |
min_port=$VAR_ELM | |
#echo "min-port: $VAR_ELM" | |
element_flag=3 | |
elif [ $element_flag -eq 3 ] | |
then | |
max_port=$VAR_ELM | |
#echo "max-port: $VAR_ELM" | |
element_flag=0 | |
elif [ $ip_flag -eq 1 ] | |
then | |
ip=$VAR_ELM | |
#echo "ip: $VAR_ELM" | |
ip_flag=0 | |
# execute revoke | |
revoke_result=`ec2-revoke -K $PRIVATE_KEY -C $CERT -U $URL $GROUP_NAME -P $protocol -p $min_port-$max_port -s $ip` | |
echo "[revoke] $revoke_result" | |
# initialize | |
protocol=$DEFAULT_PROTOCOL | |
min_port=$DEFAULT_MIN_PORT | |
max_port=$DEFAULT_MAX_PORT | |
ip=$DEFAULT_IP | |
revoke_result="" | |
fi | |
done | |
# execute authorize | |
ssh_auth_result=`ec2-authorize -K $PRIVATE_KEY -C $CERT -U $URL $GROUP_NAME -P tcp -p 22 -s $IP_ADDRESS/24` | |
echo "[auth] $ssh_auth_result" | |
http_auth_result=`ec2-authorize -K $PRIVATE_KEY -C $CERT -U $URL $GROUP_NAME -P tcp -p 80 -s $IP_ADDRESS/24` | |
echo "[auth] $http_auth_result" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment