Update SSH ingest rule
import boto3 | |
from urllib2 import urlopen | |
sg_id = "sg-xxxxxxxx" | |
sg_desc = "user-name" | |
old_ip = "127.0.0.1" | |
current_ip = urlopen("http://ip.42.pl/raw").read() | |
ec2 = boto3.resource("ec2") | |
security_group = ec2.SecurityGroup(sg_id) | |
for p in security_group.ip_permissions: | |
for r in p['IpRanges']: | |
if 'Description' in r and r['Description'] == sg_desc: | |
old_ip = r['CidrIp'] | |
print "found old IP : "+ old_ip | |
else: | |
print "can't find old IP" | |
if old_ip != "127.0.0.1": | |
security_group.revoke_ingress(IpProtocol="tcp", CidrIp=old_ip, FromPort=22, ToPort=22) | |
print "remove of old IP "+old_ip | |
perms = { | |
'IpProtocol': "tcp", | |
'FromPort': 22, | |
'ToPort': 22, | |
'IpRanges': [{'CidrIp': current_ip+"/32", 'Description': sg_desc}] | |
} | |
security_group.authorize_ingress(IpPermissions=[perms]) | |
print "updated with "+ current_ip +"/32" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment