Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 

AWS Access

aws-access is a command line utility to update an AWS security group with your current IP across one or more regions.

This is a relatively cheap way to lock down access to AWS resources to whitelisted ips. Defaults to whitelisting port 22. Configure ports using the --ports|-P argument.

To use:

  • Step 1: Create security group for whitelisted ips e.g. 'remote-working'
  • Step 2: Assign security group to appropriate resources
  • Step 3: Install aws-access npm install -g aws-access
  • Step 4: Set up aws credentials
  • Step 5: Run aws-access to whitelist your current ip e.g. aws-access -g remote-working

Example

# enable access to SSH and Postgres from the current IP
aws-access -p myprofile -g mysecuritygroup -r us-east-1 eu-west-1 -P 22 5432

Installing

npm install -g aws-access

Prerequisites

  • nodejs 7.6+

Command Line

aws-access

Options:
  -h             Show help                                             [boolean]
  -p, --profile                                                       [optional]
  -g, --group                                                         [required]
  -r, --region                                            [default: "us-east-1"]
  -P, --ports                                          [array] [default: ["22"]]

Security Considerations

  • It's likely that a users IP will be stale over time, potentially allowing access to the AWS resources from unexpected IPs. This is still better than allowing access from the whole internet (i.e. 0.0.0.0/0) but this should be part of a defense in depth i.e. resources that are made accessible via aws-access should also be properly secured.
  • Removing old users from the security group managed by aws-access should be part of any offboarding process
  • If a user is renamed, their old username should be cleaned from the security group managed by aws-access
  • If this is used for multiple users, any of the users have the ability to modify rules set up by other users

About

Update an AWS security group with your current IP

Resources

License

Releases

No releases published

Packages

No packages published