https://github.com/erik/holepunch
Punch holes in your AWS security groups.
https://github.com/erik/holepunch
aws command-line-tool
Last synced: 5 months ago
JSON representation
Punch holes in your AWS security groups.
- Host: GitHub
- URL: https://github.com/erik/holepunch
- Owner: erik
- License: mit
- Created: 2017-03-17T16:24:48.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2022-11-03T11:59:19.000Z (over 3 years ago)
- Last Synced: 2025-09-25T05:20:46.815Z (9 months ago)
- Topics: aws, command-line-tool
- Language: Python
- Homepage:
- Size: 52.7 KB
- Stars: 70
- Watchers: 6
- Forks: 6
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# holepunch
Punch holes in your AWS account security.
`holepunch` is meant for times when you need to temporarily open ingress to an
AWS security group, perhaps for development or testing remotely without a VPN
set up.
This is really bad practice, but `holepunch` will make sure that security group
rules will be reverted when you are done.
After running `holepunch`, just hit `^D` to clear out the modified rules.
You can also run `holepunch` only for the duration of a shell command with
`--command`.
By default, `holepunch` will refuse to remove rules that existed before it
was run. This can be toggled with the `--remove-existing` flag. Holepunch
will only remove rules that match the provided arguments. Eg source, port,
protocol and description must all match or the rule will not be removed.
## Installation
```
pip install holepunch
```
AWS credentials can be set up in any of the places that [Boto3 knows
to
look.](http://boto3.readthedocs.io/en/latest/guide/configuration.html)
## Examples
To modify security group `foo_bar` to permit inbound traffic from this
machine to TCP port 22 (ssh):
```
holepunch foo_bar 22 --tcp
```
Modifying a security group using its id also works:
```
holepunch sg-62153838 443 --tcp
```
Apply security group rules and then `ssh` into a host. Rules will be
reverted when SSH connection ends.
```
holepunch foo_bar 22 --command "ssh bastion"
```
Adding multiple TCP port ranges:
```
holepunch foo_bar 22 80 8080-8081 --tcp
```
Explicitly setting the IP range the rules apply to:
```
holepunch foo_bar --cidr=192.168.0.0/16 22 80
# Also works with IPv6 ranges
holepunch foo_bar --cidr=2001:882f::1/128 443
```