My Manning book introducing users to serious work on AWS

Here’s a long-term irritant that deserves to die. I’m one of the numberless masses who live behind a dynamic IP address but also want to access resources protected by AWS security groups. Like all good boys, I restrict SSH access into my EC2 instance to clients coming from my public IP address — i.e., my house.

The problem is that whenever I unplug my router or suffer a blackout, my ISP issues me a new IP address. The next time I try to SSH in, the login will, of course, fail. Of course, I can always head to the browser, log into the AWS account I’m trying to reach, and reset the security group. But that’s a lot of clicking, especially during the summer thunderstorm season.

This was especially difficult while I was writing my “Learn Amazon Web Services in a Month of Lunches” book for Manning because, besides my two “business” accounts, I had a third AWS account for working up chapter demos. Wouldn’t it be nice if I could script the whole thing and run it from the comfort of my local Linux command line.

The manual way to update your local IP address via the browser

Well, assuming I’ve got the AWS CLI installed and authenticated, it turns out I can do just that. And here’s how the Bash script would look:

#!/bin/bash

# script to pull my current public IP address

# and add a rule to my EC2 security group allowing me SSH access

curl v4.ifconfig.co > ip.txt

awk '{ print $0 "/32" }' < ip.txt > ipnew.txt

export stuff=$(cat ipnew.txt)

aws ec2 authorize-security-group-ingress --group-name NewGroup \

--protocol tcp --port 22 --cidr $stuff

I’ll explain that one line at a time. First off, I use curl to return the contents of the v4.ifconfig.co page…which will contain nothing but the four octets of my current public IP address.

To the owners of v4.ifconfig.co: Thanks!

I’ll redirect the IP and use it to populate a file called ip.txt. Since I’m using only one “>” rather than two, this operation will either create the file or, if it already exists, overwrite any text that might currently live there.

Since a security group requires a full address in CIDR format, I’ll use awk to read ip.txt, append the characters “/32”, and output it into a new file called ipnew.txt. That file will now contain my full IP in CIDR format. Now I’ll export the contents of the ipnew.txt file to a shell variable I’ll affectionately name “stuff”.

Finally, we arrive at the money line. The ec2 subset of the general AWS CLI includes a command called authorize-security-group-ingress which can be used to add a new rule to the inbound policies of an existing security group. This example assumes the group I want to edit is named NewGroup. I specify the protocol (tcp) and port number (the SSH default, 22) and then pass the value of $stuff to the — cidr argument.

Assuming that you named the script update-ip.sh, you’ll need to make the file executable and then run it like this:

chmod +x update-ip.sh

./update-ip.sh

Done.

Was that helpful? Check out my Bootstrap IT website for loads of similar Docker, Linux, and AWS goodnesss.