tkuchiki/add_cf_ips.sh

## add_cf_ips.sh
#!/bin/bash

set -ue

SG_ID=${1}

old_ips=$(aws ec2 describe-security-groups --group-ids ${SG_ID} | jq '.SecurityGroups[].IpPermissions[].IpRanges[]' | jq -sSc .)
ips=$(curl -s http://d7uri8nf7uskq.cloudfront.net/tools/list-cloudfront-ips)
new_ips=$((echo $ips | jq '.CLOUDFRONT_GLOBAL_IP_LIST[] | { CidrIp: . }'; echo $ips | jq '.CLOUDFRONT_REGIONAL_EDGE_IP_LIST[] | { CidrIp: . }' ) | jq -Ssc .)
json=$(cat <<EOC
[
  {
    "IpProtocol": "tcp", "FromPort": 80, "ToPort": 80,
    "IpRanges": ${new_ips}
  }
]
EOC
)

aws ec2 authorize-security-group-ingress --group-id ${SG_ID} --ip-permissions "$(echo $json | jq . -c)"
	#!/bin/bash

	set -ue

	SG_ID=${1}

	old_ips=$(aws ec2 describe-security-groups --group-ids ${SG_ID} \| jq '.SecurityGroups[].IpPermissions[].IpRanges[]' \| jq -sSc .)
	ips=$(curl -s http://d7uri8nf7uskq.cloudfront.net/tools/list-cloudfront-ips)
	new_ips=$((echo $ips \| jq '.CLOUDFRONT_GLOBAL_IP_LIST[] \| { CidrIp: . }'; echo $ips \| jq '.CLOUDFRONT_REGIONAL_EDGE_IP_LIST[] \| { CidrIp: . }' ) \| jq -Ssc .)
	json=$(cat <<EOC
	[
	{
	"IpProtocol": "tcp", "FromPort": 80, "ToPort": 80,
	"IpRanges": ${new_ips}
	}
	]
	EOC
	)

	aws ec2 authorize-security-group-ingress --group-id ${SG_ID} --ip-permissions "$(echo $json \| jq . -c)"