Skip to content

Add and manage your public and custom IP address range in the AWS security group

License

Notifications You must be signed in to change notification settings

piyushsonigra/aws_ipadd

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

38 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

aws_ipadd (IP add for AWS Security group)

Build and Release aws_ipadd

Effortlessly manage AWS security group rules with a single command

πŸ“– About

aws_ipadd is a CLI tool that simplifies whitelisting and managing IP addresses in AWS security groups. It's designed specifically for scenarios where:

  • You don't have a static IP address and your public IP changes frequently
  • You need to maintain access to IP-restricted AWS resources
  • You want to grant temporary access to specific users by whitelisting their IPs
  • You need to maintain tight security by allowing only specific IPs to access particular ports

The tool automatically detects your current public IP and updates AWS security group rules accordingly. Alternatively, you can explicitly specify IPs to whitelist without fetching your current public IPβ€”ideal for adding team members' addresses or other trusted sources.

aws_ipadd handles all the AWS security group rule management in the background, making IP whitelisting painless even with constantly changing IPs.

✨ Key Features

  • Automatic IP Detection - Detects and adds your current public IP to security groups
  • Dynamic IP Management - Updates rules when your public IP changes
  • Multi-Profile Support - Manage rules across different AWS accounts and regions
  • Port Range Flexibility - Configure single ports or port ranges
  • CLI Flexibility - Override configuration with command-line arguments
  • Custom IP Support - Specify any IP address for whitelisting instead of your current IP
  • Rule Management - Automatically handles rule creation, updates, and identification

πŸ–₯️ Supported Operating Systems

  • macOS (Intel x86_64 and Apple Silicon ARM64)
  • Linux (x86_64 and ARM64)

πŸš€ Installation

Linux (x86_64/AMD64)

curl -s -L https://github.com/piyushsonigra/aws_ipadd/releases/latest/download/aws_ipadd_darwin_amd64.tar.gz | tar -xz -C /usr/local/bin

Linux (ARM64)

curl -s -L https://github.com/piyushsonigra/aws_ipadd/releases/latest/download/aws_ipadd_linux_arm64.tar.gz | tar -xz -C /usr/local/bin/

macOS (Intel x86_64)

curl -s -L https://github.com/piyushsonigra/aws_ipadd/releases/latest/download/aws_ipadd_darwin_amd64.tar.gz | tar -xz -C /usr/local/bin/

macOS (Apple Silicon ARM64)

curl -s -L https://github.com/piyushsonigra/aws_ipadd/releases/latest/download/aws_ipadd_darwin_arm64.tar.gz | tar -xz -C /usr/local/bin/

Note: If you encounter permission errors, run the command with sudo for tar operation as shown example below.

curl -s -L https://github.com/piyushsonigra/aws_ipadd/releases/latest/download/aws_ipadd_darwin_arm64.tar.gz | sudo tar -xz -C /usr/local/bin/

βš™οΈ Configuration

  1. Create configuration directory

    mkdir ~/.aws_ipadd
  2. Create configuration file

    touch ~/.aws_ipadd/aws_ipadd
  3. Edit the configuration file with your security group details

Configuration Parameters

Parameter Description
aws_profile AWS CLI profile name
region_name AWS region for the security group
security_group_id Target security group ID
rule_name Descriptive name for the security rule
protocol Network protocol (TCP, UDP, or 'all')
port Single port to whitelist (ignored if using port range)
from_port Start of port range (used with to_port)
to_port End of port range (used with from_port)

Sample Configuration

# Whitelist SSH port
[project-ssh]
aws_profile = aws_project_profile
security_group_id = sg-d26fdre9d
protocol = TCP
port = 22
rule_name = user_name_ssh
region_name = us-east-1

# Whitelist port range
[port-range]
aws_profile = my_project
security_group_id = sg-d26fdre9d
protocol = TCP
from_port = 3000
to_port = 3005
rule_name = office_ind
region_name = us-east-1

# Whitelist all traffic
[project-all-traffic]
aws_profile = project
security_group_id = sg-dfg9dwe
protocol = all
rule_name = all_traffic_from_home
region_name = us-west-2

πŸ”§ Usage

Basic Usage

aws_ipadd --profile project-ssh

Update When IP Changes

$ aws_ipadd --profile project-ssh
---------------
project-ssh
---------------
Modifying existing rule...
Removing old whitelisted IP '12.10.1.14/32'.
Whitelisting new IP '131.4.10.16/32'.
Rule successfully updated!

Command-Line Options

Usage:
  aws_ipadd --profile <profile-name>
  aws_ipadd --profile <profile-name> --port <port> --current_ip <current_ip> [options]

Options:
  --profile <string>     aws_ipadd profile name (required)
  --port <int>           Port number (ignored if using port range)
  --from_port <int>      Start of port range (use with to_port)
  --to_port <int>        End of port range (use with from_port)
  --protocol <string>    Protocol e.g tcp, udp, all
  --ip <string>          Custom IP address e.g '10.10.19.1/32'
  --rule_name <string>   Security group rule name

Specify Custom IP

aws_ipadd --profile project-ssh --ip=10.10.10.10/32

Automated Updates with Cron

# Check and update IP every 3 hours
* */3 * * * /usr/local/bin/aws_ipadd --profile project-ssh

πŸš€ Upcoming Features

The following features are planned for future releases:

  • Security Group Rule Removal - Remove specific rules with a simple command
  • Rule Listing - View all security group rules across profiles in a clean, organized format
  • IPv6 Support - Full support for IPv6 addresses and dual-stack environments

πŸ“‹ Use Cases

  • Remote Development - Securely access AWS resources while working from different locations
  • Infrastructure Management - Simplify access control for DevOps teams with changing IPs
  • Cloud Security - Maintain tight access controls to sensitive AWS resources
  • Home Office Setup - Keep consistent access to cloud resources with dynamically assigned ISP IPs
  • Team Access Management - Easily whitelist team members' IPs for specific resources

πŸ“œ License

πŸ™ Acknowledgements