#!/bin/bash # author: Timo Stankowitz # create date: 2017-12-04 # last modify: 2017-12-04 # version: 1 # You can use this script to modify port 22 of your aws security-group. # usage: # first check if port 22 is open for everyone: ./manage-vpn-security-group.sh check-port # open port 22 for 0.0.0.0/0: ./manage-vpn-security-group.sh on # close port 22 for 0.0.0.0/0 ./manage-vpn-security-group.sh off # Make sure you set the variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in your .sbashrc securityGroupID="sg-f76c059d" # replace with your security group # check if AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY is set. if [ -z "$AWS_ACCESS_KEY_ID" ]; then echo "The variable AWS_ACCESS_KEY_ID is not set. Please set the variable AWS_ACCESS_KEY_ID." exit 1 fi if [ -z "$AWS_SECRET_ACCESS_KEY" ]; then echo "The variable AWS_SECRET_ACCESS_KEY is not set. Please set the variable AWS_SECRET_ACCESS_KEY." exit 1 fi # check if aws cli is installed which aws > /dev/null 2>&1 if [ "$?" != 0 ]; then echo "Please install the aws cli first befor you can use this script." exit 1 fi case "$1" in on) aws ec2 authorize-security-group-ingress --group-id $securityGroupID --protocol tcp --port 22 --cidr 0.0.0.0/0 echo "Port 22 is now open for everyone. Please close the port if you don't need it any more." ;; off) aws ec2 revoke-security-group-ingress --group-id $securityGroupID --protocol tcp --port 22 --cidr 0.0.0.0/0 echo "Port 22 is now closed for everyone." ;; describe) aws ec2 describe-security-groups --group-id $securityGroupID ;; check-port|port-check) aws ec2 describe-security-groups --group-id $securityGroupID | grep -C 6 '"FromPort": 22,' | grep '"CidrIp": "0.0.0.0/0"' > /dev/null if [ $? == 0 ]; then echo "Port 22 is open everyone. Please run $0 off to close the port for everyone." else echo "Port 22 is NOT open for everyone. You can open is by running $0 on" fi ;; help) echo $"Usage: $0 {on|off|describe|check-port|help}" ;; *) echo $"Usage: $0 {on|off|describe|check-port|help}" exit 1 esac