AWS security groups are very essential to govern the access to the servers, sometimes we need to give Devs access to the Development environment. It's kind of day to day DevOps issue when we are asked to update IP in the portal, which is boring.
So have written the below script which allows you to automate this,
update-security-group-ip.ps1
And now an example policy which is restricted to only this SG.
Steps
- Create a new security group only for dev access and attach to the resources needs access -- eg: dev-security-group
- Update the script with new security group ID and AWS region.
- Add a IAM use and attach the supplied policy and update security group mention in policy.
- Ask the developer to configure AWS CLI with the new credentials.
- Please remember the search and update is done on the basis of description field so that field in security group should contain the developer name eg "Sunny Home RDP Access", "Sunny Office Mysql Access"
- Then the dev has to just run the script and choose the option and update is like match so Sunny Home RDP Access just needs Sunny and it will update all mention of that users IP with current user IP.
Files can be downloaded from
https://github.com/sunnyuff/AWSScripts/tree/master/Update%20AWS%20Security%20Group