loganmeetsworld/authorize_sg_rule.py

## authorize_sg_rule.py
# Find bastion address using cluster instances returned from the AWS API and given cluster
bastion_instance = aws.describe_ecs_cluster_bastion_instances(session, cluster)
bastion_address = getBastionInstanceIp(bastion_instance)

# Find the user’s IP address
user_ip = requests.get(‘https://checkip.amazonaws.com/', timeout=0.1).text.rstrip()

# Use a break glass conditional for skipping the authorization
# Otherwise authorize a new rule using the user’s IP
# The description of the rule will be made with the user’s IP and the timestamp
if not skip_auth and not rule_exists(client, sg_id, cluster, user_ip):
    authorize_security_ingress_rule(client, ssh_user, sg_id, user_ip)

# Function to get the instance the user wants to access
address = get_instance(session, cluster, host)

# Access the bastion through ssh using the two addresses
ssh_through_bastion(ssh_user, address, bastion_address, cluster)
	# Find bastion address using cluster instances returned from the AWS API and given cluster
	bastion_instance = aws.describe_ecs_cluster_bastion_instances(session, cluster)
	bastion_address = getBastionInstanceIp(bastion_instance)

	# Find the user’s IP address
	user_ip = requests.get(‘https://checkip.amazonaws.com/', timeout=0.1).text.rstrip()

	# Use a break glass conditional for skipping the authorization
	# Otherwise authorize a new rule using the user’s IP
	# The description of the rule will be made with the user’s IP and the timestamp
	if not skip_auth and not rule_exists(client, sg_id, cluster, user_ip):
	authorize_security_ingress_rule(client, ssh_user, sg_id, user_ip)

	# Function to get the instance the user wants to access
	address = get_instance(session, cluster, host)

	# Access the bastion through ssh using the two addresses
	ssh_through_bastion(ssh_user, address, bastion_address, cluster)