johnrey1/gist:8344393

## gistfile1.ps1
#begin work C:\users\[YOURNAME]\desktop\awssecgroup.ps1 -rdp -mssql -setAws -accessKey "" -secretKey "" -region "us-west-1"
#end work C:\users\[YOURNAME]\desktop\awssecgroup.ps1 -revoke -rdp -mssql -setAws -accessKey "" -secretKey "" -region "us-west-1"

param(
    [switch]$rdp,
    [switch]$mssql,
    [switch]$mysql,
    [switch]$ssh,
    [switch]$all,
    [switch]$revoke,
    [switch]$setAws,
    [string]$accessKey,
    [string]$secretKey,
    [string]$region)

# Script to add / remove yourself from your AWS security groups on the go
Import-module "C:\Program Files (x86)\AWS Tools\PowerShell\AWSPowerShell\AWSPowerShell.psd1"

if($setAws){
    Set-AWSCredentials -AccessKey $accessKey -SecretKey $secretKey
    Set-DefaultAWSRegion -Region $region
}

# first get your external ip address
$myipRequest = Invoke-WebRequest "http://www.whatismyip.com"
$myip = $myipRequest.AllElements | WHERE Class -ieq "the-ip" | SELECT -First 1 -ExpandProperty innerText
$myipCidr = "$myip/32"


#TODO output a cleanup script with the IP as a parameter

#allow RDP and SSH
$rdpPermission = New-Object Amazon.EC2.Model.IpPermission -Property @{IpProtocol="tcp";FromPort=3389;ToPort=3389;IpRanges=$myipCidr}
$mssqlPermission = New-Object Amazon.EC2.Model.IpPermission -Property @{IpProtocol="tcp";FromPort=1433;ToPort=1433;IpRanges=$myipCidr}
$mysqlPermission = New-Object Amazon.EC2.Model.IpPermission -Property @{IpProtocol="tcp";FromPort=3306;ToPort=3306;IpRanges=$myipCidr}
$sshPermission = New-Object Amazon.EC2.Model.IpPermission -Property @{IpProtocol="tcp";FromPort=22;ToPort=22;IpRanges=$myipCidr}

$permissionSet = New-Object System.Collections.ArrayList

if($all){
    $rdp = $mssql = $mysql = $ssh = $true
}

if($rdp){ [void]$permissionSet.Add($rdpPermission) }
if($mssql){ [void]$permissionSet.Add($mssqlPermission) }
if($mysql){ [void]$permissionSet.Add($mysqlPermission) }
if($ssh){ [void]$permissionSet.Add($sshPermission) }


# give me all the access!
if($permissionSet.Count -gt 0){
    $secGroupList = Get-EC2SecurityGroup | SELECT GroupId, GroupName

    foreach($secGroup in $secGroupList){
        try{
            # update all the security groups with the permissions for your ip
            if(!$revoke){
                "Granting to $($secGroup.GroupName)"
                Grant-EC2SecurityGroupIngress -GroupId $secGroup.GroupId -IpPermissions $permissionSet
            }else{
                "Revoking to $($secGroup.GroupName)"
                Revoke-EC2SecurityGroupIngress -GroupId $secGroup.GroupId -IpPermissions $permissionSet
            }
        }catch{
            if($revoke){
                Write-Warning "Could not revoke permission to $($secGroup.GroupName)"
             }else{
                Write-Warning "Could not grant permission to $($secGroup.GroupName)"
             }
        }
    }
}
	#begin work C:\users\[YOURNAME]\desktop\awssecgroup.ps1 -rdp -mssql -setAws -accessKey "" -secretKey "" -region "us-west-1"
	#end work C:\users\[YOURNAME]\desktop\awssecgroup.ps1 -revoke -rdp -mssql -setAws -accessKey "" -secretKey "" -region "us-west-1"

	param(
	[switch]$rdp,
	[switch]$mssql,
	[switch]$mysql,
	[switch]$ssh,
	[switch]$all,
	[switch]$revoke,
	[switch]$setAws,
	[string]$accessKey,
	[string]$secretKey,
	[string]$region)

	# Script to add / remove yourself from your AWS security groups on the go
	Import-module "C:\Program Files (x86)\AWS Tools\PowerShell\AWSPowerShell\AWSPowerShell.psd1"

	if($setAws){
	Set-AWSCredentials -AccessKey $accessKey -SecretKey $secretKey
	Set-DefaultAWSRegion -Region $region
	}

	# first get your external ip address
	$myipRequest = Invoke-WebRequest "http://www.whatismyip.com"
	$myip = $myipRequest.AllElements \| WHERE Class -ieq "the-ip" \| SELECT -First 1 -ExpandProperty innerText
	$myipCidr = "$myip/32"


	#TODO output a cleanup script with the IP as a parameter

	#allow RDP and SSH
	$rdpPermission = New-Object Amazon.EC2.Model.IpPermission -Property @{IpProtocol="tcp";FromPort=3389;ToPort=3389;IpRanges=$myipCidr}
	$mssqlPermission = New-Object Amazon.EC2.Model.IpPermission -Property @{IpProtocol="tcp";FromPort=1433;ToPort=1433;IpRanges=$myipCidr}
	$mysqlPermission = New-Object Amazon.EC2.Model.IpPermission -Property @{IpProtocol="tcp";FromPort=3306;ToPort=3306;IpRanges=$myipCidr}
	$sshPermission = New-Object Amazon.EC2.Model.IpPermission -Property @{IpProtocol="tcp";FromPort=22;ToPort=22;IpRanges=$myipCidr}

	$permissionSet = New-Object System.Collections.ArrayList

	if($all){
	$rdp = $mssql = $mysql = $ssh = $true
	}

	if($rdp){ [void]$permissionSet.Add($rdpPermission) }
	if($mssql){ [void]$permissionSet.Add($mssqlPermission) }
	if($mysql){ [void]$permissionSet.Add($mysqlPermission) }
	if($ssh){ [void]$permissionSet.Add($sshPermission) }


	# give me all the access!
	if($permissionSet.Count -gt 0){
	$secGroupList = Get-EC2SecurityGroup \| SELECT GroupId, GroupName

	foreach($secGroup in $secGroupList){
	try{
	# update all the security groups with the permissions for your ip
	if(!$revoke){
	"Granting to $($secGroup.GroupName)"
	Grant-EC2SecurityGroupIngress -GroupId $secGroup.GroupId -IpPermissions $permissionSet
	}else{
	"Revoking to $($secGroup.GroupName)"
	Revoke-EC2SecurityGroupIngress -GroupId $secGroup.GroupId -IpPermissions $permissionSet
	}
	}catch{
	if($revoke){
	Write-Warning "Could not revoke permission to $($secGroup.GroupName)"
	}else{
	Write-Warning "Could not grant permission to $($secGroup.GroupName)"
	}
	}
	}
	}