aa

aws-access

Update an AWS security group with your current IP

Showing:

Popularity

Downloads/wk

0

GitHub Stars

36

Maintenance

Last Commit

2yrs ago

Contributors

1

Package

Dependencies

3

License

Apache-2.0

Type Definitions

Tree-Shakeable

No?

Categories

Readme

AWS Access

aws-access is a command line utility to update an AWS security group with your current IP across one or more regions.

This is a relatively cheap way to lock down access to AWS resources to whitelisted ips. Defaults to whitelisting port 22. Configure ports using the --ports|-P argument.

To use:

  • Step 1: Create security group for whitelisted ips e.g. 'remote-working'
  • Step 2: Assign security group to appropriate resources
  • Step 3: Install aws-access npm install -g aws-access
  • Step 4: Set up aws credentials
  • Step 5: Run aws-access to whitelist your current ip e.g. aws-access -g remote-working

Example

# enable access to SSH and Postgres from the current IP
aws-access -p myprofile -g mysecuritygroup -r us-east-1 eu-west-1 -P 22 5432

Installing

npm install -g aws-access

Prerequisites

  • nodejs 7.6+

Command Line

aws-access

Options:
  -h             Show help                                             [boolean]
  -p, --profile                                                       [optional]
  -g, --group                                                         [required]
  -r, --region                                            [default: "us-east-1"]
  -P, --ports                                          [array] [default: ["22"]]

Security Considerations

  • It's likely that a users IP will be stale over time, potentially allowing access to the AWS resources from unexpected IPs. This is still better than allowing access from the whole internet (i.e. 0.0.0.0/0) but this should be part of a defense in depth i.e. resources that are made accessible via aws-access should also be properly secured.
  • Removing old users from the security group managed by aws-access should be part of any offboarding process
  • If a user is renamed, their old username should be cleaned from the security group managed by aws-access
  • If this is used for multiple users, any of the users have the ability to modify rules set up by other users

Rate & Review

Great Documentation0
Easy to Use0
Performant0
Highly Customizable0
Bleeding Edge0
Responsive Maintainers0
Poor Documentation0
Hard to Use0
Slow0
Buggy0
Abandoned0
Unwelcoming Community0
100
No reviews found
Be the first to rate

Alternatives

No alternatives found

Tutorials

No tutorials found
Add a tutorial