TimoDJatomika/manage-vpn-security-group.sh

## manage-vpn-security-group.sh
#!/bin/bash
# author: Timo Stankowitz <timo@dwins.de>
# create date: 2017-12-04
# last modify: 2017-12-04
# version: 1

# You can use this script to modify port 22 of your aws security-group.

# usage:
# first check if port 22 is open for everyone: ./manage-vpn-security-group.sh check-port
# open port 22 for 0.0.0.0/0: ./manage-vpn-security-group.sh on
# close port 22 for 0.0.0.0/0 ./manage-vpn-security-group.sh off

# Make sure you set the variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in your .sbashrc

securityGroupID="sg-f76c059d" # replace with your security group


# check if AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY is set.
if [ -z "$AWS_ACCESS_KEY_ID" ]; then
    echo "The variable AWS_ACCESS_KEY_ID is not set. Please set the variable AWS_ACCESS_KEY_ID."
    exit 1
fi

if [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
    echo "The variable AWS_SECRET_ACCESS_KEY is not set. Please set the variable AWS_SECRET_ACCESS_KEY."
    exit 1
fi

# check if aws cli is installed
which aws > /dev/null 2>&1
if [ "$?" != 0 ]; then
    echo "Please install the aws cli first befor you can use this script."
    exit 1
fi


case "$1" in
        on)
            aws ec2 authorize-security-group-ingress --group-id $securityGroupID --protocol tcp --port 22 --cidr 0.0.0.0/0
            echo "Port 22 is now open for everyone. Please close the port if you don't need it any more."
            ;;

        off)
            aws ec2 revoke-security-group-ingress --group-id $securityGroupID --protocol tcp --port 22 --cidr 0.0.0.0/0
            echo "Port 22 is now closed for everyone."
            ;;

        describe)
            aws ec2 describe-security-groups --group-id $securityGroupID
            ;;

        check-port|port-check)
            aws ec2 describe-security-groups --group-id $securityGroupID | grep -C 6 '"FromPort": 22,' | grep '"CidrIp": "0.0.0.0/0"' > /dev/null

            if [ $? == 0 ]; then
                echo "Port 22 is open everyone. Please run $0 off to close the port for everyone."
            else
                echo "Port 22 is NOT open for everyone. You can open is by running $0 on"
            fi
            ;;

        help)
            echo $"Usage: $0 {on|off|describe|check-port|help}"
            ;;

        *)
            echo $"Usage: $0 {on|off|describe|check-port|help}"
            exit 1

esac
	#!/bin/bash
	# author: Timo Stankowitz <timo@dwins.de>
	# create date: 2017-12-04
	# last modify: 2017-12-04
	# version: 1

	# You can use this script to modify port 22 of your aws security-group.

	# usage:
	# first check if port 22 is open for everyone: ./manage-vpn-security-group.sh check-port
	# open port 22 for 0.0.0.0/0: ./manage-vpn-security-group.sh on
	# close port 22 for 0.0.0.0/0 ./manage-vpn-security-group.sh off

	# Make sure you set the variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in your .sbashrc

	securityGroupID="sg-f76c059d" # replace with your security group


	# check if AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY is set.
	if [ -z "$AWS_ACCESS_KEY_ID" ]; then
	echo "The variable AWS_ACCESS_KEY_ID is not set. Please set the variable AWS_ACCESS_KEY_ID."
	exit 1
	fi

	if [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
	echo "The variable AWS_SECRET_ACCESS_KEY is not set. Please set the variable AWS_SECRET_ACCESS_KEY."
	exit 1
	fi

	# check if aws cli is installed
	which aws > /dev/null 2>&1
	if [ "$?" != 0 ]; then
	echo "Please install the aws cli first befor you can use this script."
	exit 1
	fi



	case "$1" in
	on)
	aws ec2 authorize-security-group-ingress --group-id $securityGroupID --protocol tcp --port 22 --cidr 0.0.0.0/0
	echo "Port 22 is now open for everyone. Please close the port if you don't need it any more."
	;;

	off)
	aws ec2 revoke-security-group-ingress --group-id $securityGroupID --protocol tcp --port 22 --cidr 0.0.0.0/0
	echo "Port 22 is now closed for everyone."
	;;

	describe)
	aws ec2 describe-security-groups --group-id $securityGroupID
	;;

	check-port\|port-check)
	aws ec2 describe-security-groups --group-id $securityGroupID \| grep -C 6 '"FromPort": 22,' \| grep '"CidrIp": "0.0.0.0/0"' > /dev/null

	if [ $? == 0 ]; then
	echo "Port 22 is open everyone. Please run $0 off to close the port for everyone."
	else
	echo "Port 22 is NOT open for everyone. You can open is by running $0 on"
	fi
	;;

	help)
	echo $"Usage: $0 {on\|off\|describe\|check-port\|help}"
	;;

	*)
	echo $"Usage: $0 {on\|off\|describe\|check-port\|help}"
	exit 1

	esac