https://github.com/fredlackey/update-aws-ingress-rules
Set of scripts to automatically update ingress rules on AWS
https://github.com/fredlackey/update-aws-ingress-rules
Last synced: 2 months ago
JSON representation
Set of scripts to automatically update ingress rules on AWS
- Host: GitHub
- URL: https://github.com/fredlackey/update-aws-ingress-rules
- Owner: FredLackey
- License: apache-2.0
- Created: 2024-02-26T13:41:47.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2024-03-01T07:09:20.000Z (about 1 year ago)
- Last Synced: 2025-01-24T10:30:29.694Z (4 months ago)
- Language: Shell
- Size: 21.5 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Update AWS Ingress Rules with Dynamic IP
Script to update AWS Security Group Ingress Rules with the current public IP address of the machine running the script.
## Background
There are many reasons why we may want to restrict access to AWS resources to a specific IP address or range of IP addresses. For example, we may want to restrict access to a database server to only the IP address of the application server. Or, we may want to restrict access to a web server to only the IP address of the load balancer. In these cases, we can use AWS Security Groups to restrict access to the resources. Additionally, as developers, we may want to restrict access to our development environment to only our public IP address. In this case, we can use the script in this repository to update the AWS Security Group Ingress Rules with the current public IP address of the machine running the script.
## Example Scenarios
### Hosted PBX
The phone system my family and home office use was created from an ISO and is hosted in AWS. By default the instance has outbound access. Inbound access should be restricted to my wife and my home office. Our phones need to connect tothe PBX and we need to be able to reach the web interface from our home office. However, we don't need this access from anywhere else. Also complicating the scenario is our use of Starlink, as an ISP, and the fact that our IP address is dynmaic and can change at any tmie. One way of tackling this is with a point-to-point VPN. However, this is overkill for our needs. Instead, we can use the script in this repository to update the AWS Security Group Ingress Rules with our current public IP address. Whenever it is run, the script will determine our current public IP address and then leverage the AWS CLI to replace the existing Ingress Rules with the new IP address.
## Version History
### v001 - First Draft
Think this was a bit too much for a simple process. It worked, granted, but kinda felt messy and quite a bit unneccesary.
### v002 - Simplify & Split
Split the steps into simple scripts which, first, removes all ingress rules and, second, adds our public IP to ingress rules for both TCP and UDP.
Usage:
```bash
./update-sh
```
Example:
```bash
./update-sh personal sg-01234567890123456789
```
## Contact Info
**Fred Lackey**
[[email protected]](mailto:[email protected])
[http://fredlackey.com](http://fredlackey.com)