Created
June 20, 2019 14:45
-
-
Save socratesx/93f50c4244796bef3d292e56223adc2d to your computer and use it in GitHub Desktop.
Revoke Access from a specific temporary rule of a security group.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #The script requires the following permissions: | |
| # ec2:RevokeSecurityGroupIngress | |
| # ec2:DescribeSecurityGroups | |
| # Of coure the user must have access to the security group that wants to add/remove rules | |
| group_id="The Group you need to edit (sg-xxxx)" | |
| # The following description will be searched and return the ip rule that is associated with it. | |
| # You may change it to the value that corresponds in your case. | |
| # If you previously used the add_pub_ip_to_sg.sh as it is and want just to remove the ip that you had added, | |
| # you don't need to change the description | |
| description=$(whoami) | |
| # Get the CIDR of the rule to be removed and store it in old_pub_ip | |
| old_pub_ip=$(aws ec2 describe-security-groups \ | |
| --filters "Name=group-id,Values=$group_id" \ | |
| --query "SecurityGroups[*].IpPermissions[*].IpRanges[?Description==\`$description\`].CidrIp" --output text) | |
| if [ -z "$old_pub_ip" ] | |
| then | |
| echo "No public IP with your description were found. exiting..." | |
| exit 0 | |
| else | |
| echo "Old Public IP: $old_pub_ip" | |
| # Remove the rule | |
| aws ec2 revoke-security-group-ingress \ | |
| --group-id $group_id \ | |
| --ip-permissions IpProtocol=tcp,FromPort=443,ToPort=443,IpRanges="[{CidrIp=$old_pub_ip,Description=$description}]" | |
| echo "$old_pub_ip has been removed from the SG" | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment