Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

AWS Allowlist

ci Downloads Documentation

A small tool to make it pretty simple to add and remove ip addresses (or CIDR blocks) from an AWS security group. This acts like a sort of oversimplified VPN, where you can quickly give yourself SSH access to a project as you move about from network to network.

This README should have enough information to get started, but you can get more information on:

Installing 🛠️

This is a python tool, packaged as a python module, so you should be able to just run

pip install awswl

Of course, if you don't know what a python module is, or you don't have python and pip installed, you may have additional work ahead of you.

Now that Python2 is largely a relic of the past, I'm focused on supporting Python 3 only. The current CI build is for Python 3.9+.


If you want usage help at the command line, try:

awswl --help

You can list the IP address blocks that are authorized, including which ip address is current:

awswl --list

Authorize your current IP Address:

awswl --add-current

Remove authorization for your current IP:

awswl --remove-current

Authorize a manually-specified CIDR block:

awswl --add

Remove authorization for a manually-specified CIDR block:

awswl --remove

For each of these commands, you need to tell awswl which security group to use, which you can do with the --sgid command-line option or using an environment variable.


In order to get your current ip address, --list, --add-current and --remove-current will make a request to Because it's another AWS service, seems less likely to be a privacy concern for anyone.

I may add a switch to disable that for the anyone who isn't fond of awswl making an additional network request, so if that's a concern for you, feel free to vote for it.


All of these require you to have AWS credentials set up in advance, stored in ~/.aws/credentials, and if you need to use a profile, you can configure it with AWS_PROFILE. If you want to identify the security group using a command-line variable so that you don't have to put it into each command invocation, you can put it in AWSWL_SGID.


A tool to make whitelisting IP addresses for SSH simpler to maintain.








No packages published