This is a simple script that updates a AWS Security Group that you can use whenever your IP changes and access security group restricted stuff with no hassle.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# By Ed Wiget; | |
# Modified by Rafael Cintra (artnic) | |
# This run via cron whenever my ip address changes in order to update aws security group | |
# Or you can put it before accessing anything restricted | |
# 20131120 – original script | |
# 20150325 – artnic custom; pointing to bitsforest 😉 | |
##### VARIABLES TO SET ########################## | |
# set our home directory which holds our ip file | |
HOMEDIR=~ | |
# set the name of the security group as show in aws console | |
SEC_GROUP=webservers-default | |
##### END VARIABLES TO SET ###################### | |
# here we check for the aws binary and if it dont exist we bail cause sysadmin silly to try to run this script | |
which aws | |
if [ $? = 0 ]; then | |
echo "" | |
else | |
echo "Silly rabbit, sysadmin ain't for kids. Just a tip: awscli" | |
exit 1 | |
fi | |
# first we check for existing file | |
if [ -f ${HOMEDIR}/.amazonip ]; then | |
# if it exists, we create a backup for comparison | |
cp ${HOMEDIR}/.amazonip ${HOMEDIR}/.amazonip.old | |
# then grab the current ip | |
WAN=`curl -s http://bitsforest.com/ip.php` | |
# and populate the new file | |
echo ${WAN} > ${HOMEDIR}/.amazonip | |
# here we need to check if the files differ | |
diff ${HOMEDIR}/.amazonip ${HOMEDIR}/.amazonip.old | |
if [ $? = 0 ]; then | |
echo "No IP update required" | |
exit 1 | |
else | |
echo "IP update required…. stand by" | |
# here we get the value to revoke | |
REVOKE=`cat ${HOMEDIR}/.amazonip.old` | |
echo "Revoking access to your old IP ${REVOKE}" | |
# then revoke the old ip | |
aws ec2 revoke-security-group-ingress –group-name ${SEC_GROUP} –protocol tcp –port 22 –cidr ${REVOKE}/32 | |
# next we set the new ip to allow ssh access | |
NEWIP=`cat ${HOMEDIR}/.amazonip` | |
# and set the new ip address for ssh access | |
echo "Granting access to ${NEWIP}" | |
aws ec2 authorize-security-group-ingress –group-name ${SEC_GROUP} –protocol tcp –port 22 –cidr ${NEWIP}/32 | |
echo "All done!" | |
fi | |
else | |
# our file didnt exist, so it must be a new system, so lets set it up | |
# get the ip | |
WAN=`curl -s http://bitsforest.com/ip.php` | |
# create the file | |
echo ${WAN} > ${HOMEDIR}/.amazonip | |
# set the variable so we can add the ip to the systems security group | |
NEWIP=`cat ${HOMEDIR}/.amazonip` | |
echo "Granting access to ${NEWIP}" | |
# and set the new ip address for ssh access | |
aws ec2 authorize-security-group-ingress –group-name ${SEC_GROUP} –protocol tcp –port 22 –cidr ${NEWIP}/32 | |
echo "All done!" | |
fi |
Deixe um comentário