frekele/aws-update-my-dynamic-ip.sh

## aws-update-my-dynamic-ip.sh
#!/bin/bash

if [ $# -eq 0 ]
  then
    echo -e 'Please provide the name of a security group\n\te.g.  . aws-update-my-dynamic-ip.sh SECURITYGROUPNAME'
    exit 1
fi

GROUP_NAME=$1

echo ""
echo "###########################################################################################################################"
echo "################################################## [BEGIN ${GROUP_NAME}] ##################################################"
echo "Updating AWS EC2 Security Group - GROUP_NAME=${GROUP_NAME}"

VIRTUA_IP=$(host x1.myhost.no-ip.org | awk '/has address/ { print $4 }')
VIVO_IP=$(host x2.myhost.no-ip.org | awk '/has address/ { print $4 }')

echo ""
echo "VIRTUA_IP=${VIRTUA_IP}"
echo "VIVO_IP=${VIVO_IP}"

if [ ! -n "${VIRTUA_IP}" ] || [ "${VIRTUA_IP}" == " " ]; then
    echo "ERROR: VIRTUA_IP is empty!"
    exit 1
fi

if [ ! -n "${VIVO_IP}" ] || [ "${VIVO_IP}" == " " ]; then
    echo "ERROR: VIVO_IP is empty!"
    exit 1
fi


echo ""
echo 'Current entries for group: '${GROUP_NAME}
aws ec2 describe-security-groups --region sa-east-1 \
        --filters Name=group-name,Values=${GROUP_NAME} \
        --query 'SecurityGroups[0].IpPermissions[*].{ip:IpRanges[*].CidrIp,protocol:IpProtocol,from:FromPort,to:ToPort}' \
        --output table


echo ""
echo "Running aws ec2 describe-security-groups to describe-security-groups-${GROUP_NAME}.json file"
aws ec2 describe-security-groups --region sa-east-1 \
        --filters Name=group-name,Values=${GROUP_NAME} \
        --query 'SecurityGroups[0].IpPermissions[*]' \
        --output json > describe-security-groups-${GROUP_NAME}.json
cat describe-security-groups-${GROUP_NAME}.json
describeSecGroups=$(cat describe-security-groups-${GROUP_NAME}.json)
if [ ! -n "${describeSecGroups}" ] || [ "${describeSecGroups}" == " " ] || [ "${describeSecGroups}" == "null" ] || [ "${describeSecGroups}" == "NULL" ]; then
    echo "ERROR: describe-security-groups-${GROUP_NAME}.json Group Name Invalid!"
    exit 1
fi


LIST_DIFFERENT_IP=$(cat describe-security-groups-${GROUP_NAME}.json | jq -r ".[].IpRanges[].CidrIp | select(. != \"${VIRTUA_IP}/32\" and . != \"${VIVO_IP}/32\")")
echo ""
echo "LIST_DIFFERENT_IP=${LIST_DIFFERENT_IP}"


if [ "${LIST_DIFFERENT_IP}" ]; then
   echo "IP is different!"
   echo ""
   echo "Starting change to new IP!"
   touch ip-different


   echo ""
   echo "Creating current-sec-group-${GROUP_NAME}-0.out"
   aws ec2 describe-security-groups --region sa-east-1 \
           --filters Name=group-name,Values=${GROUP_NAME} \
           --query 'SecurityGroups[0].IpPermissions[*].[IpRanges[0].CidrIp,IpProtocol,FromPort,ToPort]' \
           --output text > current-sec-group-${GROUP_NAME}-0.out
   cat current-sec-group-${GROUP_NAME}-0.out


   echo ""
   echo "Creating current-sec-group-${GROUP_NAME}-1.out"
   aws ec2 describe-security-groups --region sa-east-1 \
           --filters Name=group-name,Values=${GROUP_NAME} \
           --query 'SecurityGroups[0].IpPermissions[*].[IpRanges[1].CidrIp,IpProtocol,FromPort,ToPort]' \
           --output text > current-sec-group-${GROUP_NAME}-1.out
   cat current-sec-group-${GROUP_NAME}-1.out


   echo ""
   echo "Merge two files current-sec-group-*.out into all-current-sec-group-${GROUP_NAME}.out"
   cat current-sec-group-${GROUP_NAME}-0.out | awk '/\/32/' > all-current-sec-group-${GROUP_NAME}.out
   cat current-sec-group-${GROUP_NAME}-1.out | awk '/\/32/' >> all-current-sec-group-${GROUP_NAME}.out
   cat all-current-sec-group-${GROUP_NAME}.out

   allCurrentSecGroup=$(cat all-current-sec-group-${GROUP_NAME}.out)
   if [ ! -n "${allCurrentSecGroup}" ] || [ "${allCurrentSecGroup}" == " " ]; then
       echo "ERROR: all-current-sec-group-${GROUP_NAME}.out is empty!"
       exit 1
   fi


   echo ""
   echo "Revoke all existing inbound access"
   cat all-current-sec-group-${GROUP_NAME}.out | awk -v groupName=${GROUP_NAME} \
      '{
         print "aws ec2 --region sa-east-1 revoke-security-group-ingress --group-name "groupName" --cidr "$1" --protocol "$2" --port "$3;
         system ("aws ec2 --region sa-east-1 revoke-security-group-ingress --group-name "groupName" --cidr "$1" --protocol "$2" --port "$3);
       }'


   echo ""
   echo ""
   echo "Authorize new VIRTUA_IP=${VIRTUA_IP} and VIVO_IP=${VIVO_IP}"
   cat current-sec-group-${GROUP_NAME}-0.out | awk -v groupName=${GROUP_NAME} -v newVirtuaIP=${VIRTUA_IP} -v newVivoIP=${VIVO_IP} \
       '{
         print "aws ec2 --region sa-east-1 authorize-security-group-ingress --group-name "groupName" --cidr "newVirtuaIP"/32 --protocol "$2" --port "$3;
         system ("aws ec2 --region sa-east-1 authorize-security-group-ingress --group-name "groupName" --cidr "newVirtuaIP"/32 --protocol "$2" --port "$3);
         print "aws ec2 --region sa-east-1 authorize-security-group-ingress --group-name "groupName" --cidr "newVivoIP"/32 --protocol "$2" --port "$3;
         system ("aws ec2 --region sa-east-1 authorize-security-group-ingress --group-name "groupName" --cidr "newVivoIP"/32 --protocol "$2" --port "$3);
       }'


   echo ""
   echo 'NEW entries for group: '${GROUP_NAME}
   sleep 3;
   aws ec2 describe-security-groups --region sa-east-1 \
           --filters Name=group-name,Values=${GROUP_NAME} \
           --query 'SecurityGroups[0].IpPermissions[*].{ip:IpRanges[*].CidrIp,protocol:IpProtocol,from:FromPort,to:ToPort}' \
           --output table
   echo ""

   echo "GROUP-NAME: ${GROUP_NAME} IS CHANGED!"

else
   echo "IP is equals, nothing to do!"
   touch ip-equals
fi

echo "################################################### [END ${GROUP_NAME}] ###################################################"
echo "###########################################################################################################################"
echo ""
echo ""
echo ""
	#!/bin/bash

	if [ $# -eq 0 ]
	then
	echo -e 'Please provide the name of a security group\n\te.g. . aws-update-my-dynamic-ip.sh SECURITYGROUPNAME'
	exit 1
	fi

	GROUP_NAME=$1

	echo ""
	echo "###########################################################################################################################"
	echo "################################################## [BEGIN ${GROUP_NAME}] ##################################################"
	echo "Updating AWS EC2 Security Group - GROUP_NAME=${GROUP_NAME}"

	VIRTUA_IP=$(host x1.myhost.no-ip.org \| awk '/has address/ { print $4 }')
	VIVO_IP=$(host x2.myhost.no-ip.org \| awk '/has address/ { print $4 }')

	echo ""
	echo "VIRTUA_IP=${VIRTUA_IP}"
	echo "VIVO_IP=${VIVO_IP}"

	if [ ! -n "${VIRTUA_IP}" ] \|\| [ "${VIRTUA_IP}" == " " ]; then
	echo "ERROR: VIRTUA_IP is empty!"
	exit 1
	fi

	if [ ! -n "${VIVO_IP}" ] \|\| [ "${VIVO_IP}" == " " ]; then
	echo "ERROR: VIVO_IP is empty!"
	exit 1
	fi


	echo ""
	echo 'Current entries for group: '${GROUP_NAME}
	aws ec2 describe-security-groups --region sa-east-1 \
	--filters Name=group-name,Values=${GROUP_NAME} \
	--query 'SecurityGroups[0].IpPermissions[].{ip:IpRanges[].CidrIp,protocol:IpProtocol,from:FromPort,to:ToPort}' \
	--output table


	echo ""
	echo "Running aws ec2 describe-security-groups to describe-security-groups-${GROUP_NAME}.json file"
	aws ec2 describe-security-groups --region sa-east-1 \
	--filters Name=group-name,Values=${GROUP_NAME} \
	--query 'SecurityGroups[0].IpPermissions[*]' \
	--output json > describe-security-groups-${GROUP_NAME}.json
	cat describe-security-groups-${GROUP_NAME}.json
	describeSecGroups=$(cat describe-security-groups-${GROUP_NAME}.json)
	if [ ! -n "${describeSecGroups}" ] \|\| [ "${describeSecGroups}" == " " ] \|\| [ "${describeSecGroups}" == "null" ] \|\| [ "${describeSecGroups}" == "NULL" ]; then
	echo "ERROR: describe-security-groups-${GROUP_NAME}.json Group Name Invalid!"
	exit 1
	fi


	LIST_DIFFERENT_IP=$(cat describe-security-groups-${GROUP_NAME}.json \| jq -r ".[].IpRanges[].CidrIp \| select(. != \"${VIRTUA_IP}/32\" and . != \"${VIVO_IP}/32\")")
	echo ""
	echo "LIST_DIFFERENT_IP=${LIST_DIFFERENT_IP}"


	if [ "${LIST_DIFFERENT_IP}" ]; then
	echo "IP is different!"
	echo ""
	echo "Starting change to new IP!"
	touch ip-different


	echo ""
	echo "Creating current-sec-group-${GROUP_NAME}-0.out"
	aws ec2 describe-security-groups --region sa-east-1 \
	--filters Name=group-name,Values=${GROUP_NAME} \
	--query 'SecurityGroups[0].IpPermissions[*].[IpRanges[0].CidrIp,IpProtocol,FromPort,ToPort]' \
	--output text > current-sec-group-${GROUP_NAME}-0.out
	cat current-sec-group-${GROUP_NAME}-0.out


	echo ""
	echo "Creating current-sec-group-${GROUP_NAME}-1.out"
	aws ec2 describe-security-groups --region sa-east-1 \
	--filters Name=group-name,Values=${GROUP_NAME} \
	--query 'SecurityGroups[0].IpPermissions[*].[IpRanges[1].CidrIp,IpProtocol,FromPort,ToPort]' \
	--output text > current-sec-group-${GROUP_NAME}-1.out
	cat current-sec-group-${GROUP_NAME}-1.out


	echo ""
	echo "Merge two files current-sec-group-*.out into all-current-sec-group-${GROUP_NAME}.out"
	cat current-sec-group-${GROUP_NAME}-0.out \| awk '/\/32/' > all-current-sec-group-${GROUP_NAME}.out
	cat current-sec-group-${GROUP_NAME}-1.out \| awk '/\/32/' >> all-current-sec-group-${GROUP_NAME}.out
	cat all-current-sec-group-${GROUP_NAME}.out

	allCurrentSecGroup=$(cat all-current-sec-group-${GROUP_NAME}.out)
	if [ ! -n "${allCurrentSecGroup}" ] \|\| [ "${allCurrentSecGroup}" == " " ]; then
	echo "ERROR: all-current-sec-group-${GROUP_NAME}.out is empty!"
	exit 1
	fi


	echo ""
	echo "Revoke all existing inbound access"
	cat all-current-sec-group-${GROUP_NAME}.out \| awk -v groupName=${GROUP_NAME} \
	'{
	print "aws ec2 --region sa-east-1 revoke-security-group-ingress --group-name "groupName" --cidr "$1" --protocol "$2" --port "$3;
	system ("aws ec2 --region sa-east-1 revoke-security-group-ingress --group-name "groupName" --cidr "$1" --protocol "$2" --port "$3);
	}'


	echo ""
	echo ""
	echo "Authorize new VIRTUA_IP=${VIRTUA_IP} and VIVO_IP=${VIVO_IP}"
	cat current-sec-group-${GROUP_NAME}-0.out \| awk -v groupName=${GROUP_NAME} -v newVirtuaIP=${VIRTUA_IP} -v newVivoIP=${VIVO_IP} \
	'{
	print "aws ec2 --region sa-east-1 authorize-security-group-ingress --group-name "groupName" --cidr "newVirtuaIP"/32 --protocol "$2" --port "$3;
	system ("aws ec2 --region sa-east-1 authorize-security-group-ingress --group-name "groupName" --cidr "newVirtuaIP"/32 --protocol "$2" --port "$3);
	print "aws ec2 --region sa-east-1 authorize-security-group-ingress --group-name "groupName" --cidr "newVivoIP"/32 --protocol "$2" --port "$3;
	system ("aws ec2 --region sa-east-1 authorize-security-group-ingress --group-name "groupName" --cidr "newVivoIP"/32 --protocol "$2" --port "$3);
	}'


	echo ""
	echo 'NEW entries for group: '${GROUP_NAME}
	sleep 3;
	aws ec2 describe-security-groups --region sa-east-1 \
	--filters Name=group-name,Values=${GROUP_NAME} \
	--query 'SecurityGroups[0].IpPermissions[].{ip:IpRanges[].CidrIp,protocol:IpProtocol,from:FromPort,to:ToPort}' \
	--output table
	echo ""

	echo "GROUP-NAME: ${GROUP_NAME} IS CHANGED!"

	else
	echo "IP is equals, nothing to do!"
	touch ip-equals
	fi

	echo "################################################### [END ${GROUP_NAME}] ###################################################"
	echo "###########################################################################################################################"
	echo ""
	echo ""
	echo ""