Created
June 30, 2020 17:56
-
-
Save RichardBronosky/97407f3bce807047b39760cb8f197dd0 to your computer and use it in GitHub Desktop.
Add IP to AWS WAF IP set via CLI
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash -eux | |
function usage(){ | |
cat<<USAGE | |
NAME | |
add_ip_to_ipset - Add a single IP to a WAF IP Set | |
SYNOPSIS | |
add_ip_to_ipset IP IP_SET_NAME | |
DESCRIPTION | |
Arguments: | |
IP The IP to add | |
IP_SET_NAME The name of the WAF IP Set to update | |
EXAMPLES | |
Add IP to IP Set: | |
add_ip_to_ipset 10.10.0.101 AllowedIPs | |
List IP Sets: | |
aws waf list-ip-sets | |
List IPs in an IP Set: | |
ipset=IP_SET_NAME | |
aws waf get-ip-set --ip-set-id $(aws waf list-ip-sets | jq -r --arg ipset $ipset '.IPSets[]|select(.Name==$ipset).IPSetId') | |
USAGE | |
} | |
function add_ip_to_ipset(){ | |
ip=$1 | |
ipset=$2 | |
cidr=$ip/32 # should not need to change if matching a single IP | |
updates="Action=INSERT,IPSetDescriptor={Type=IPV4,Value=$cidr}" # should not need to change if making a single insert | |
changetoken=$(aws waf get-change-token | jq -r .ChangeToken) # do not need to change | |
ipsetid=$(aws waf list-ip-sets | jq -r --arg ipset $ipset '.IPSets[]|select(.Name==$ipset).IPSetId') # do not need to change | |
aws waf update-ip-set --ip-set-id $ipsetid --updates "$updates" --change-token $changetoken | |
} | |
[[ "$0" == "$BASH_SOURCE" ]] && add_ip_to_ipset $1 $2 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment