All geek questions in one place

Can I add a DNS name to aws security group

I need to connect a dynamic IP (which changes each time) to an AWS EC2 machine.
To do this, I mapped my public IP to a domain name (xyz.com), now I'm trying to add it to a security group.
But the AWS security group does not allow you to add DNS names. Is it right to do this, if not, please offer me.

+5
source share
4 answers

Security groups and access control lists cannot resolve DNS host names.

You can use the AWS CLI for the dynamic IP address update script:

aws ec2 authorize-security-group-ingress - group-id --protocol tcp --port 22 --cidr / 24

http://docs.aws.amazon.com/cli/latest/userguide/cli-ec2-sg.html

+5
source

I used this little bash script to pop a hole in the firewall from my current address:

#!/bin/sh AWS_IP=$(curl http://checkip.amazonaws.com) aws ec2 authorize-security-group-ingress --group-name my-security-group \ --protocol tcp --port 22 \ --cidr $AWS_IP/32

However, this leads to the fact that the security group is filled with holes from Swiss cheese from random IP addresses, so you will want to ask a question later on how to not have a security group with temporary addresses that are no longer yours. One way to answer this problem is to set up a VPN that has a (relatively) stable endpoint for the IP address, and then only allow this single address through the security group.

+1
source

You cannot connect dynamic ip the way you want; every time your ip changes, if you want to allow it through your security groups, you will need to change the settings to a new IP address.

You can write a small script that you create as a desktop icon, but which uses the AWS API to reuse your current ip to make it easier to change.

0
source

I create a security group for dynamic ips and every time I run my script, delete the ip stored in the file.

This is my solution for windows.

 SETLOCAL @echo off SET mypath=%~dp0 set PATH=%PATH%;"C:\Program Files\Amazon\AWSCLI\";"C:\Program Files (x86)\PuTTY\";"C:\MyApps\gnuwin32\bin" set GROUPID= PUT YOUR DYNAMIC SECURITY GROUP ID HERE rem aws ec2 create-security-group --group-name dynamic_ips --vpc-id vpc-81a519e5 --description "Dynamic Ip Address" set /p MYIP=<%mypath%\MYIP_NODELETE.txt aws ec2 revoke-security-group-ingress --group-id %GROUPID% --protocol tcp --port 0-65535 --cidr %MYIP%/24 wget -qO %mypath%\MYIP_NODELETE.txt http://ipinfo.io/ip set /p MYIP=<%mypath%\MYIP_NODELETE.txt aws ec2 authorize-security-group-ingress --group-id %GROUPID% --protocol tcp --port 0-65535 --cidr %MYIP%/24 rem cat %mypath%\MYIP_NODELETE.txt pause
0
source

Source: https://habr.com/ru/post/1234504/

More articles:


All Articles