Created
October 29, 2013 19:21
-
-
Save eikenb/7220916 to your computer and use it in GitHub Desktop.
Simple script to give yourself temporary access to aws security groups.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
""" | |
This script will add your current IP to the security group for all ports. It | |
then waits for a key-press and proceeds to delete the IP from the security | |
group. This lets you grant yourself access temporarily from home without | |
leaving your (possibly changing) IP everywhere. | |
It requires AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables | |
to be set. | |
""" | |
from __future__ import print_function | |
import os, os.path, time, subprocess | |
from boto.ec2 import connect_to_region | |
from argparse import ArgumentParser | |
import boto | |
parser = ArgumentParser(description=__doc__) | |
parser.add_argument("region", type=str, nargs='?', | |
default='us', choices=['eu','au','us']) | |
regions = {'eu':'eu-west-1', 'au':'ap-east-2', 'us':'us-east-1'} | |
parser.add_argument("security_groups", type=str, nargs='+') | |
args = parser.parse_args() | |
#print(args) | |
myip = subprocess.check_output(['curl', '-s' ,'ifconfig.me']).strip()+"/32" | |
try: | |
ec2 = connect_to_region(regions[args.region]) | |
except boto.exception.NoAuthHandlerFound: | |
parser.error("AWS credential environment variables not set.") | |
try: | |
security_groups = ec2.get_all_security_groups(args.security_groups) | |
except boto.exception.EC2ResponseError: | |
parser.error("One of your security groups doesn't exist.") | |
groups = (', ').join(args.security_groups) | |
print("Adding %s too %s in %s..." % (myip, groups, args.region)) | |
for sg in security_groups: | |
sg.authorize('tcp', 0, 65535, myip) | |
raw_input("Press any key to continue and remove %s from %s..." % | |
(myip, groups)) | |
print("Removing %s from security groups..." % myip) | |
for sg in security_groups: | |
sg.revoke('tcp', 0, 65535, myip) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment