Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
367 views
in Technique[技术] by (71.8m points)

amazon web services - AWS CLI script to change security group of EC2 to match currently assigned IP address when using VPN to obfuscate network traffic?

If I'm using a VPN service that dynamically changes my IP address, is there a way to write a script that I can run with the AWS CLI to update the IP address (the one provided by the VPN at that particular moment in time) on my AWS VPC Security Group that allows SSH access to the EC2 instance via TCP/Port 22?

Also, how would I disable it automatically when the VPN provider changes my IP address?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Here is a shell script I use to add my current IP address to a security group:

IP=`curl -s http://whatismyip.akamai.com/`
aws ec2 authorize-security-group-ingress --group-name "VPN-SSH-SG" --protocol tcp --port 22   --cidr $IP/32 --output text

You'll need to update it for the name of your Security Group.

Here's a Python script to automatically delete all rules from a Security Group:

#!/usr/bin/env python

import boto3

GROUP_NAME = "VPN-SSH-SG"

# Connect to the Amazon EC2 service
ec2 = boto3.resource('ec2')

# Retrieve the security group
security_groups = ec2.security_groups.filter(Filters=[{'Name':'group-name', 'Values':[GROUP_NAME]}])

# Delete all rules in the group
for group in security_groups:
    group.revoke_ingress(IpPermissions = group.ip_permissions)

You could combine them together to clear existing entries and then add your current IP address.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

2.1m questions

2.1m answers

60 comments

57.0k users

...