update-aws-security-groups
is a script, meant to be run as a cron, that will update Amazon EC2 security rules to accept certain incoming connections based on a DDNS hostname. The script checks the hostname, compares it to a stored IP address, then updates the security rules if necessary.
There's a lot of setup for this project, most of it manual. Sorry about that.
It is assumed you've set up the credentials and permissions on the AWS side, and you have a ~/.aws/credentials
file.
- Clone the repo
git clone https://www.github.com/mpstewart/update-aws-security-group
cd update-aws-security-groups
- Build the binary and install the script
go install
sudo cp $GOPATH/bin/update-aws-security-groups /usr/local/bin/update-aws-security-groups
- Create a file to hold the config
sudo mkdir /etc/update-aws-security-groups
sudo vim /etc/update-aws-security-groups/config
with something like the following contents:
{
"awsProfile": "default",
"hostname": "myhostname.ddns.net",
"homeIP": "192.168.1.1/32",
"groupID": "sg-123456",
"region": "us-west-1",
"ports": [
{
"port": 22,
"protocol": "tcp",
"description": "SSH"
}
]
}
- That's about it. Simply save the config file, then update your crontab to run at the preferred frequency, setting the
PATH
variable to include/usr/local/bin/
and you're all set.
This is used as AWS_PROFILE
The DDNS hostname used to check the IP Address.
Used to persist the IP. You can populate this once if you want, but it will be tracked automatically afterwards.
Name of the Group ID you wish to adjust the rules for.
Your EC2 region.
The main point of extension of the script. For each port you wish to open, you will need to indicate the port number, via port
, the protocol
, and the description
that will appear in the EC2 management console.
Wanted to make something with Go. This got made.