Created
October 27, 2015 13:39
-
-
Save artnic/b056bfd740ff82a06f49 to your computer and use it in GitHub Desktop.
Updates AWS Security Group adding or updating your current IP address therefore allowing you to access sg restricted stuff
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# By Ed Wiget; | |
# Modified by Rafael Cintra (artnic) | |
# This run via cron whenever my ip address changes in order to update aws security group | |
# Or you can put it before accessing anything restricted | |
# 20131120 - original script | |
# 20150325 - artnic custom; pointing to bitsforest ;) | |
##### VARIABLES TO SET ########################## | |
# set our home directory which holds our ip file | |
HOMEDIR=~ | |
# set the name of the security group as show in aws console | |
SEC_GROUP=webservers-default | |
##### END VARIABLES TO SET ###################### | |
# here we check for the aws binary and if it dont exist we bail cause sysadmin silly to try to run this script | |
which aws | |
if [ $? = 0 ]; then | |
echo "" | |
else | |
echo "Silly rabbit, sysadmin ain't for kids. Just a tip: awscli" | |
exit 1 | |
fi | |
# first we check for existing file | |
if [ -f ${HOMEDIR}/.amazonip ]; then | |
# if it exists, we create a backup for comparison | |
cp ${HOMEDIR}/.amazonip ${HOMEDIR}/.amazonip.old | |
# then grab the current ip | |
WAN=`curl -s http://bitsforest.com/ip.php` | |
# and populate the new file | |
echo ${WAN} > ${HOMEDIR}/.amazonip | |
# here we need to check if the files differ | |
diff ${HOMEDIR}/.amazonip ${HOMEDIR}/.amazonip.old | |
if [ $? = 0 ]; then | |
echo "No IP update required" | |
exit 1 | |
else | |
echo "IP update required.... stand by" | |
# here we get the value to revoke | |
REVOKE=`cat ${HOMEDIR}/.amazonip.old` | |
echo "Revoking access to your old IP ${REVOKE}" | |
# then revoke the old ip | |
aws ec2 revoke-security-group-ingress --group-name ${SEC_GROUP} --protocol tcp --port 22 --cidr ${REVOKE}/32 | |
# next we set the new ip to allow ssh access | |
NEWIP=`cat ${HOMEDIR}/.amazonip` | |
# and set the new ip address for ssh access | |
echo "Granting access to ${NEWIP}" | |
aws ec2 authorize-security-group-ingress --group-name ${SEC_GROUP} --protocol tcp --port 22 --cidr ${NEWIP}/32 | |
echo "All done!" | |
fi | |
else | |
# our file didnt exist, so it must be a new system, so lets set it up | |
# get the ip | |
WAN=`curl -s http://bitsforest.com/ip.php` | |
# create the file | |
echo ${WAN} > ${HOMEDIR}/.amazonip | |
# set the variable so we can add the ip to the systems security group | |
NEWIP=`cat ${HOMEDIR}/.amazonip` | |
echo "Granting access to ${NEWIP}" | |
# and set the new ip address for ssh access | |
aws ec2 authorize-security-group-ingress --group-name ${SEC_GROUP} --protocol tcp --port 22 --cidr ${NEWIP}/32 | |
echo "All done!" | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment