denov/update-ssh-sg.py

## update-ssh-sg.py
import boto3
from urllib2 import urlopen


sg_id = "sg-xxxxxxxx"
sg_desc = "user-name"

old_ip = "127.0.0.1"
current_ip = urlopen("http://ip.42.pl/raw").read()

ec2 = boto3.resource("ec2")
security_group = ec2.SecurityGroup(sg_id)

for p in security_group.ip_permissions:
  for r in p['IpRanges']:
    if 'Description' in r and r['Description'] == sg_desc:
	    old_ip = r['CidrIp']
  	    print "found old IP : "+ old_ip
      else:
	      print "can't find old IP"


if old_ip != "127.0.0.1":
  security_group.revoke_ingress(IpProtocol="tcp", CidrIp=old_ip, FromPort=22, ToPort=22)
  print "remove of old IP "+old_ip

perms = {
  'IpProtocol': "tcp",
  'FromPort': 22,
  'ToPort': 22,
  'IpRanges': [{'CidrIp': current_ip+"/32", 'Description': sg_desc}]
}
security_group.authorize_ingress(IpPermissions=[perms])
print "updated with "+ current_ip +"/32"
	import boto3
	from urllib2 import urlopen


	sg_id = "sg-xxxxxxxx"
	sg_desc = "user-name"

	old_ip = "127.0.0.1"
	current_ip = urlopen("http://ip.42.pl/raw").read()

	ec2 = boto3.resource("ec2")
	security_group = ec2.SecurityGroup(sg_id)

	for p in security_group.ip_permissions:
	for r in p['IpRanges']:
	if 'Description' in r and r['Description'] == sg_desc:
	old_ip = r['CidrIp']
	print "found old IP : "+ old_ip
	else:
	print "can't find old IP"


	if old_ip != "127.0.0.1":
	security_group.revoke_ingress(IpProtocol="tcp", CidrIp=old_ip, FromPort=22, ToPort=22)
	print "remove of old IP "+old_ip

	perms = {
	'IpProtocol': "tcp",
	'FromPort': 22,
	'ToPort': 22,
	'IpRanges': [{'CidrIp': current_ip+"/32", 'Description': sg_desc}]
	}
	security_group.authorize_ingress(IpPermissions=[perms])
	print "updated with "+ current_ip +"/32"