HuggyBear

SecGroupUpdates

Nov 23rd, 2020 (edited)
962
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2.  
  3. ENVI="$HOME/.config/environment/externalIP"
  4.  
  5. CURRENTIP=$(<"$ENVI")
  6. NEWIP=$(curl --silent -4 ifconfig.me)
  7.  
  8. ## STATIC FOR SCAWS ONLY ##
  9. GROUPID="sg-e90aa08d"
  10.  
  11. printf "Current IP: %s\n" "$NEWIP"
  12. printf "Last logged IP: %s\n" "$CURRENTIP"
  13. printf "Security Group: %s\n" "$GROUPID"
  14.  
  15. if [[ "$CURRENTIP" != "$NEWIP" ]]; then
  16.     # UPDATE LOCAL FILE
  17.     echo "$NEWIP" > ~/.config/externalIP
  18.    
  19.     ## FORMAT IPs ##
  20.     CURRENTIP+="/32"
  21.     NEWIP+="/32"
  22.  
  23.     # REVOKE EXISTING RULES TCP Ports 22, 1125, 5201 & UDP port 5201
  24.     printf " aws ec2 revoke-security-group-ingress --group-id "$GROUPID" --protocol tcp --port 1125 --cidr "$CURRENTIP" "
  25.     exit
  26.     aws ec2 revoke-security-group-ingress --group-id "$GROUPID" --protocol tcp --port 5201 --cidr "$CURRENTIP"
  27.     aws ec2 revoke-security-group-ingress --group-id "$GROUPID" --protocol tcp --port 22 --cidr "$CURRENTIP"
  28.     aws ec2 revoke-security-group-ingress --group-id "$GROUPID" --protocol UDP --port 5201 --cidr "$CURRENTIP"
  29.    
  30.     # ADD NEW RULES WITH NEW IP
  31.     aws ec2 authorize-security-group-ingress --group-id "$GROUPID" --protocol tcp --port 22 --cidr "$NEWIP"
  32.     aws ec2 authorize-security-group-ingress --group-id "$GROUPID" --protocol tcp --port 1125 --cidr "$NEWIP"
  33.     aws ec2 authorize-security-group-ingress --group-id "$GROUPID" --protocol tcp --port 5201 --cidr "$NEWIP"
  34.     aws ec2 authorize-security-group-ingress --group-id "$GROUPID" --protocol udp --port 5201 --cidr "$NEWIP"
  35.    
  36.     # ADD DESCRIPTION TO NEW RULE
  37.     aws ec2 update-security-group-rule-descriptions-ingress --group-id "$GROUPID" --ip-permissions "'[{\"IpProtocol\":\"tcp\",\"FromPort\":22,\"ToPort\":22,\"IpRanges\":[{\"CidrIp\":\"$NEWIP\",\"Description\":\"Scott Home\"}]]'"
  38.     aws ec2 update-security-group-rule-descriptions-ingress --group-id "$GROUPID" --ip-permissions "'[{\"IpProtocol\":\"tcp\",\"FromPort\":1125,\"ToPort\":1125,\"IpRanges\":[{\"CidrIp\":\"$NEWIP\",\"Description\":\"Scott Home\"}]]'"
  39.     aws ec2 update-security-group-rule-descriptions-ingress --group-id "$GROUPID" --ip-permissions "'[{\"IpProtocol\":\"tcp\",\"FromPort\":5201,\"ToPort\":5201,\"IpRanges\":[{\"CidrIp\":\"$NEWIP\",\"Description\":\"Scott Home\"}]]'"
  40.     aws ec2 update-security-group-rule-descriptions-ingress --group-id "$GROUPID" --ip-permissions "'[{\"IpProtocol\":\"udp\",\"FromPort\":5201,\"ToPort\":5201,\"IpRanges\":[{\"CidrIp\":\"$NEWIP\",\"Description\":\"Scott Home\"}]]'"
  41. elif [[ "$CURRENTIP" == "$NEWIP" ]]; then
  42.     date
  43.     printf "Public IP, %s$CURRENTIP, is unchagned.\n"
  44. fi
  45.  
  46.  
RAW Paste Data