Skip to content

geoffreywiseman/awswl

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

AWS Allowlist

ci Downloads Documentation

A small tool to make it pretty simple to add and remove ip addresses (or CIDR blocks) from an AWS security group. This acts like a sort of oversimplified VPN, where you can quickly give yourself SSH access to a project as you move about from network to network.

This README should have enough information to get started, but you can get more information on:

Installing 🛠️

This is a python tool, packaged as a python module, so you should be able to just run

pip install awswl

Of course, if you don't know what a python module is, or you don't have python and pip installed, you may have additional work ahead of you.

Now that Python2 is largely a relic of the past, I'm focused on supporting Python 3 only. The current CI build is for Python 3.9+.

Usage

If you want usage help at the command line, try:

awswl --help

You can list the IP address blocks that are authorized, including which ip address is current:

awswl --list

Authorize your current IP Address:

awswl --add-current

Remove authorization for your current IP:

awswl --remove-current

Authorize a manually-specified CIDR block:

awswl --add 192.168.0.0/24

Remove authorization for a manually-specified CIDR block:

awswl --remove 192.168.0.0/24

For each of these commands, you need to tell awswl which security group to use, which you can do with the --sgid command-line option or using an environment variable.

Integration

In order to get your current ip address, --list, --add-current and --remove-current will make a request to checkip.amazonaws.org. Because it's another AWS service, seems less likely to be a privacy concern for anyone.

I may add a switch to disable that for the anyone who isn't fond of awswl making an additional network request, so if that's a concern for you, feel free to vote for it.

Environment

All of these require you to have AWS credentials set up in advance, stored in ~/.aws/credentials, and if you need to use a profile, you can configure it with AWS_PROFILE. If you want to identify the security group using a command-line variable so that you don't have to put it into each command invocation, you can put it in AWSWL_SGID.

About

A tool to make whitelisting IP addresses for SSH simpler to maintain.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published