Updating a AWS Security Group whenever your IP address changes

This is a simple script that updates a AWS Security Group that you can use whenever your IP changes and access security group restricted stuff with no hassle.

#!/bin/bash
# By Ed Wiget;
# Modified by Rafael Cintra (artnic)
# This run via cron whenever my ip address changes in order to update aws security group
# Or you can put it before accessing anything restricted
# 20131120 – original script
# 20150325 – artnic custom; pointing to bitsforest 😉
##### VARIABLES TO SET ##########################
# set our home directory which holds our ip file
HOMEDIR=~
# set the name of the security group as show in aws console
SEC_GROUP=webservers-default
##### END VARIABLES TO SET ######################
# here we check for the aws binary and if it dont exist we bail cause sysadmin silly to try to run this script
which aws
if [ $? = 0 ]; then
echo ""
else
echo "Silly rabbit, sysadmin ain't for kids. Just a tip: awscli"
exit 1
fi
# first we check for existing file
if [ -f ${HOMEDIR}/.amazonip ]; then
# if it exists, we create a backup for comparison
cp ${HOMEDIR}/.amazonip ${HOMEDIR}/.amazonip.old
# then grab the current ip
WAN=`curl -s http://bitsforest.com/ip.php`
# and populate the new file
echo ${WAN} > ${HOMEDIR}/.amazonip
# here we need to check if the files differ
diff ${HOMEDIR}/.amazonip ${HOMEDIR}/.amazonip.old
if [ $? = 0 ]; then
echo "No IP update required"
exit 1
else
echo "IP update required…. stand by"
# here we get the value to revoke
REVOKE=`cat ${HOMEDIR}/.amazonip.old`
echo "Revoking access to your old IP ${REVOKE}"
# then revoke the old ip
aws ec2 revoke-security-group-ingress –group-name ${SEC_GROUP} –protocol tcp –port 22 –cidr ${REVOKE}/32
# next we set the new ip to allow ssh access
NEWIP=`cat ${HOMEDIR}/.amazonip`
# and set the new ip address for ssh access
echo "Granting access to ${NEWIP}"
aws ec2 authorize-security-group-ingress –group-name ${SEC_GROUP} –protocol tcp –port 22 –cidr ${NEWIP}/32
echo "All done!"
fi
else
# our file didnt exist, so it must be a new system, so lets set it up
# get the ip
WAN=`curl -s http://bitsforest.com/ip.php`
# create the file
echo ${WAN} > ${HOMEDIR}/.amazonip
# set the variable so we can add the ip to the systems security group
NEWIP=`cat ${HOMEDIR}/.amazonip`
echo "Granting access to ${NEWIP}"
# and set the new ip address for ssh access
aws ec2 authorize-security-group-ingress –group-name ${SEC_GROUP} –protocol tcp –port 22 –cidr ${NEWIP}/32
echo "All done!"
fi

view raw
aws-grant-access.sh
hosted with ❤ by GitHub

Deixe uma resposta

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *