Skip to content

aws-manage-sg is a utility to manage multi security group rules for a remote worker. It revokes old rules, and grants new rules with the user's current ip address.

Notifications You must be signed in to change notification settings

niallmccullagh/aws-manage-sg-cli

 
 

Repository files navigation

AWS Security Group Manager

NPM version Build Status semantic-release Greenkeeper badge FOSSA Status

aws-manage-sg is a utility to manage multi security group rules for a remote worker. It revokes old rules, and grants new rules with the user's current ip address.

Running

  • Create a config file to contain
{
   "username": "johndoe",
   "rules": [
     {
       "name": "basiton",
       "securityGroupId": "sg-396jk989f",
       "ports": [22]
     },
     {
       "name": "kibana",
       "securityGroupId": "sg-3960686b",
       "ports": [443]
     }
   ],
   "region": "us-east-1"
 }
  • username is optional.
  • Install aws-manage-sg npm install -g aws-manage-sg
  • Run to remove old rules and whitelist new ip. aws-manage-sg -f config.json

Notes

  • It is recommended to use the AWS username to ensure that users don't override each others settings. Username resolution happens in this order: command line argument, config file, AWS user, USER env property
  • By default the cli will try to authenticate using details from environment variables, to use a specific profile set the profile explicitly.
  • The AWS user must have the following permissions: ec2:AuthorizeSecurityGroupIngress and ec2:DescribeSecurityGroups
  • If checking in a shared config file, ensure that you have not set the username.

Command Line

Find out the full range of options by running aws-manage-sg -h

$ aws-manage-sg -h
Usage: aws-manage-sg [options]

Options:
  --version       Show version number                                  [boolean]
  -f, --file      Path to config file                                 [required]
  -g, --grant     Run only the grant                                   [boolean]
  -r, --revoke    Run only the revoke                                  [boolean]
  -p, --profile   AWS profile to use
  -u, --username  Username to tag rules with
  --ip            Use specified IP address. If not supplied the detected IP will
                  be used
  -h              Show help                                            [boolean]

Using in another application/library

The library exports a number of functions:

  1. revokePermissions, revokes any permissions for the user in the supplied user groups
  2. grantPermissions, grants permissions for the user in the supplied ip and user groups
  3. useAWSProfile, configures the AWS authentication to use the supplied profile.

See bin/aws-manage-sg.js for an example.

License

FOSSA Status

About

aws-manage-sg is a utility to manage multi security group rules for a remote worker. It revokes old rules, and grants new rules with the user's current ip address.

Resources

Stars

Watchers

Forks

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •