amazon web services - AWS CLI script to change security group of EC2 to match currently assigned IP address when using VPN to obfuscate network traffic?

Question

If I'm using a VPN service that dynamically changes my IP address, is there a way to write a script that I can run with the AWS CLI to update the IP address (the one provided by the VPN at that particular moment in time) on my AWS VPC Security Group that allows SSH access to the EC2 instance via TCP/Port 22?

Also, how would I disable it automatically when the VPN provider changes my IP address?

Answer 1

Here is a shell script I use to add my current IP address to a security group:

IP=`curl -s http://whatismyip.akamai.com/`
aws ec2 authorize-security-group-ingress --group-name "VPN-SSH-SG" --protocol tcp --port 22   --cidr $IP/32 --output text

You'll need to update it for the name of your Security Group.

Here's a Python script to automatically delete all rules from a Security Group:

#!/usr/bin/env python

import boto3

GROUP_NAME = "VPN-SSH-SG"

# Connect to the Amazon EC2 service
ec2 = boto3.resource('ec2')

# Retrieve the security group
security_groups = ec2.security_groups.filter(Filters=[{'Name':'group-name', 'Values':[GROUP_NAME]}])

# Delete all rules in the group
for group in security_groups:
    group.revoke_ingress(IpPermissions = group.ip_permissions)

You could combine them together to clear existing entries and then add your current IP address.