Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Update SSH ingest rule
import boto3
from urllib2 import urlopen
sg_id = "sg-xxxxxxxx"
sg_desc = "user-name"
old_ip = "127.0.0.1"
current_ip = urlopen("http://ip.42.pl/raw").read()
ec2 = boto3.resource("ec2")
security_group = ec2.SecurityGroup(sg_id)
for p in security_group.ip_permissions:
for r in p['IpRanges']:
if 'Description' in r and r['Description'] == sg_desc:
old_ip = r['CidrIp']
print "found old IP : "+ old_ip
else:
print "can't find old IP"
if old_ip != "127.0.0.1":
security_group.revoke_ingress(IpProtocol="tcp", CidrIp=old_ip, FromPort=22, ToPort=22)
print "remove of old IP "+old_ip
perms = {
'IpProtocol': "tcp",
'FromPort': 22,
'ToPort': 22,
'IpRanges': [{'CidrIp': current_ip+"/32", 'Description': sg_desc}]
}
security_group.authorize_ingress(IpPermissions=[perms])
print "updated with "+ current_ip +"/32"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.