| 123456789101112131415161718192021222324252627282930313233343536373839404142 |
- #
- # remote-access - Setup remote access to the name ${1} security group for the ${2} port
- #
- # usage:
- # grantAccess name port
- # revokeAccess name port
- #
- grantAccess() {
- local data ip prior sgroup
- local GROUP_NAME="$1"
- local PORT="$2"
-
- ip=$(curl -s ipecho.net/plain)
- data=$(aws ec2 describe-security-groups --filter "Name=group-name,Values=${GROUP_NAME}")
- [ $? != 0 ] && exit 1
- sgroup=$(echo $data | jq -r ".SecurityGroups[].GroupId")
- existing=$(echo $data | jq -r ".SecurityGroups[].IpPermissions[] | select( (.FromPort == ${PORT})).IpRanges[].CidrIp")
- if [[ "${existing}" != *"${ip}"* ]] ; then
- aws ec2 revoke-security-group-ingress --group-id ${sgroup} --protocol tcp --port ${PORT} --cidr ${ip}/32 >/dev/null 2>&1
- aws ec2 authorize-security-group-ingress --group-id ${sgroup} --protocol tcp --port ${PORT} --cidr ${ip}/32
- [ $? != 0 ] && exit 1
- fi
- }
- revokeAccess() {
- local data ip prior sgroup
- local GROUP_NAME="$1"
- local PORT="$2"
- ip=$(curl -s ipecho.net/plain)
- data=$(aws ec2 describe-security-groups --filter "Name=group-name,Values=${GROUP_NAME}")
- [ $? != 0 ] && exit 1
- sgroup=$(echo $data | jq -r ".SecurityGroups[].GroupId")
- existing=$(echo $data | jq -r ".SecurityGroups[].IpPermissions[] | select( (.FromPort == ${PORT})).IpRanges[].CidrIp")
- if [[ "${existing}" != *"${ip}"* ]] ; then
- aws ec2 revoke-security-group-ingress --group-id ${sgroup} --protocol tcp --port 22 --cidr ${ip}/32
- [ $? != 0 ] && exit 1
- fi
- }
|
