Last active
September 23, 2022 07:42
-
-
Save ddebin/94e2baa5826f63b844247c5b27bcffb4 to your computer and use it in GitHub Desktop.
Update AWS Security Group sg-xxxxxxxx with rules to let inbound TCP traffic on ports 80|443 coming from Cloudflare netblocks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # update_sg_with_cf_netblocks.sh sg-xxxxxxxx 80 | |
| if [ "$#" -ne 2 ] || ! [[ "$2" =~ ^[0-9]+$ ]]; then | |
| echo "Update AWS Security Group sg-xxxxxxxx with rules to let inbound TCP traffic on ports 80|443 coming from Cloudflare IPv4/IPv6 netblocks." | |
| echo "Usage: $0 sg-xxxxxxxx port_number" >&2 | |
| exit 1 | |
| fi | |
| DONE=false | |
| CIDRIPV4="" | |
| until $DONE ;do | |
| read -r || DONE=true | |
| [[ ! $REPLY ]] && continue | |
| CIDRIPV4+="{\"CidrIp\": \"$REPLY\"}," | |
| done < <(wget -q -O - https://www.cloudflare.com/ips-v4) | |
| DONE=false | |
| CIDRIPV6="" | |
| until $DONE ;do | |
| read -r || DONE=true | |
| [[ ! $REPLY ]] && continue | |
| CIDRIPV6+="{\"CidrIpv6\": \"$REPLY\"}," | |
| done < <(wget -q -O - https://www.cloudflare.com/ips-v6) | |
| aws ec2 authorize-security-group-ingress --group-id "$1" --ip-permissions "[{\"IpProtocol\": \"tcp\", \"FromPort\": $2, \"ToPort\": $2, \"IpRanges\": [${CIDRIPV4::-1}], \"Ipv6Ranges\": [${CIDRIPV6::-1}]}]" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment