aws-manage-sg is a utility to manage multi security group rules for a remote worker.
It revokes old rules, and grants new rules with the user's current ip address.
- Create a config file to contain
{
"username": "johndoe",
"rules": [
{
"name": "basiton",
"securityGroupId": "sg-396jk989f",
"ports": [22]
},
{
"name": "kibana",
"securityGroupId": "sg-3960686b",
"ports": [443]
}
],
"region": "us-east-1"
}- username is optional.
- Install aws-manage-sg
npm install -g aws-manage-sg - Run to remove old rules and whitelist new ip.
aws-manage-sg -f config.json
- It is recommended to use the AWS username to ensure that users don't override each others settings. Username resolution happens in this order: command line argument, config file, AWS user, USER env property
- By default the cli will try to authenticate using details from environment variables, to use a specific profile set the profile explicitly.
- The AWS user must have the following permissions:
ec2:AuthorizeSecurityGroupIngressandec2:DescribeSecurityGroups - If checking in a shared config file, ensure that you have not set the username.
Find out the full range of options by running aws-manage-sg -h
$ aws-manage-sg -h
Usage: aws-manage-sg [options]
Options:
--version Show version number [boolean]
-f, --file Path to config file [required]
-g, --grant Run only the grant [boolean]
-r, --revoke Run only the revoke [boolean]
-p, --profile AWS profile to use
-u, --username Username to tag rules with
--ip Use specified IP address. If not supplied the detected IP will
be used
-h Show help [boolean]
The library exports a number of functions:
revokePermissions, revokes any permissions for the user in the supplied user groupsgrantPermissions, grants permissions for the user in the supplied ip and user groupsuseAWSProfile, configures the AWS authentication to use the supplied profile.
See bin/aws-manage-sg.js for an example.
