Skip to content
Update an AWS security group with your current IP
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

AWS Access

aws-access is a command line utility to update an AWS security group with your current IP across one or more regions.

This is a relatively cheap way to lock down access to AWS resources to whitelisted ips. Defaults to whitelisting port 22. Configure ports using the --ports|-P argument.

To use:

  • Step 1: Create security group for whitelisted ips e.g. 'remote-working'
  • Step 2: Assign security group to appropriate resources
  • Step 3: Install aws-access npm install -g aws-access
  • Step 4: Set up aws credentials
  • Step 5: Run aws-access to whitelist your current ip e.g. aws-access -g remote-working


# enable access to SSH and Postgres from the current IP
aws-access -p myprofile -g mysecuritygroup -r us-east-1 eu-west-1 -P 22 5432


npm install -g aws-access


  • nodejs 7.6+

Command Line


  -h             Show help                                             [boolean]
  -p, --profile                                                       [optional]
  -g, --group                                                         [required]
  -r, --region                                            [default: "us-east-1"]
  -P, --ports                                          [array] [default: ["22"]]

Security Considerations

  • It's likely that a users IP will be stale over time, potentially allowing access to the AWS resources from unexpected IPs. This is still better than allowing access from the whole internet (i.e. but this should be part of a defense in depth i.e. resources that are made accessible via aws-access should also be properly secured.
  • Removing old users from the security group managed by aws-access should be part of any offboarding process
  • If a user is renamed, their old username should be cleaned from the security group managed by aws-access
  • If this is used for multiple users, any of the users have the ability to modify rules set up by other users
You can’t perform that action at this time.