Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Updates AWS Security Group adding or updating your current IP address therefore allowing you to access sg restricted stuff
#!/bin/bash
# By Ed Wiget;
# Modified by Rafael Cintra (artnic)
# This run via cron whenever my ip address changes in order to update aws security group
# Or you can put it before accessing anything restricted
# 20131120 - original script
# 20150325 - artnic custom; pointing to bitsforest ;)
##### VARIABLES TO SET ##########################
# set our home directory which holds our ip file
HOMEDIR=~
# set the name of the security group as show in aws console
SEC_GROUP=webservers-default
##### END VARIABLES TO SET ######################
# here we check for the aws binary and if it dont exist we bail cause sysadmin silly to try to run this script
which aws
if [ $? = 0 ]; then
echo ""
else
echo "Silly rabbit, sysadmin ain't for kids. Just a tip: awscli"
exit 1
fi
# first we check for existing file
if [ -f ${HOMEDIR}/.amazonip ]; then
# if it exists, we create a backup for comparison
cp ${HOMEDIR}/.amazonip ${HOMEDIR}/.amazonip.old
# then grab the current ip
WAN=`curl -s http://bitsforest.com/ip.php`
# and populate the new file
echo ${WAN} > ${HOMEDIR}/.amazonip
# here we need to check if the files differ
diff ${HOMEDIR}/.amazonip ${HOMEDIR}/.amazonip.old
if [ $? = 0 ]; then
echo "No IP update required"
exit 1
else
echo "IP update required.... stand by"
# here we get the value to revoke
REVOKE=`cat ${HOMEDIR}/.amazonip.old`
echo "Revoking access to your old IP ${REVOKE}"
# then revoke the old ip
aws ec2 revoke-security-group-ingress --group-name ${SEC_GROUP} --protocol tcp --port 22 --cidr ${REVOKE}/32
# next we set the new ip to allow ssh access
NEWIP=`cat ${HOMEDIR}/.amazonip`
# and set the new ip address for ssh access
echo "Granting access to ${NEWIP}"
aws ec2 authorize-security-group-ingress --group-name ${SEC_GROUP} --protocol tcp --port 22 --cidr ${NEWIP}/32
echo "All done!"
fi
else
# our file didnt exist, so it must be a new system, so lets set it up
# get the ip
WAN=`curl -s http://bitsforest.com/ip.php`
# create the file
echo ${WAN} > ${HOMEDIR}/.amazonip
# set the variable so we can add the ip to the systems security group
NEWIP=`cat ${HOMEDIR}/.amazonip`
echo "Granting access to ${NEWIP}"
# and set the new ip address for ssh access
aws ec2 authorize-security-group-ingress --group-name ${SEC_GROUP} --protocol tcp --port 22 --cidr ${NEWIP}/32
echo "All done!"
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment