[英]AWS get security group ids from private IP
如何基于私有IP地址获取与ec2-instance相关的安全组ID,因此,希望自动化修改安全组入口的过程。
例如:从10.0.0.11打开10.0.0.10上的端口22
我想将sg-xxxxxx关联到10.0.0.10并添加入口FromPort:22 ToPort:22 Cidr:10.0.0.11/32
您可以从此命令获取安全组(用专用IP地址替换XXXX
):
aws ec2 describe-instances --filters "Name=private-ip-address,Values=X.X.X.X" \
--query "Reservations[*].Instances[*].SecurityGroups[*]" --output text
之后,应该简单地调用aws ec2 authorize-security-group-ingress
打开端口。
这可以很容易地包装在Bash脚本中,如果实例是多个实例的成员,则只需确定确定要修改哪个安全组的方法。
#!/usr/bin/python
import subprocess
from sys import argv
import sys, getopt
ipaddress=" "
protocol = " "
FromPort = " "
ToPort = " "
CidrIP = " "
opts, args = getopt.getopt(argv[1:],"hi:h:p:f:t:c:",["help","ip=","protocol=","FromPort=","ToPort=","CidrIp="])
for opt, arg in opts:
if opt in ("-h", "--help"):
print "Usage: -i x.x.x.x -p icmp -f 22 -t 22 -c x.x.x.x/x"
sys.exit()
elif opt in ("-i", "--ipaddress"):
ipaddress = arg
elif opt in ("-p", "--protocol"):
protocol = arg
elif opt in ("-f", "--fromport"):
FromPort = arg
elif opt in ("-t", "--toport"):
ToPort = arg
elif opt in ("-c", "--cidrip"):
CidrIP = arg
else:
print 'Invalid argument'
subprocess.call("aws ec2 describe-instances --filters \"Name=private-ip-address,Values="+ipaddress+"\" --query \"Reservations[*].Instances[*].SecurityGroups[*]\" --output text > /tmp/sg.txt", shell=True)
sg_id = []
with open('/tmp/sg.txt', 'r') as f:
for line in f:
sg_id.append(line.split(None, 1)[0])
subprocess.call("aws ec2 authorize-security-group-ingress --group-id"+ " "+sg_id[0] + " "+"--ip-permissions '[{\"IpProtocol\":"+ " "+"\""+protocol+"\""+"," " "+ "\"FromPort\":"+ " "+FromPort+"," " "+ "\"ToPort\":"+ " "+ToPort+"," " "+ "\"IpRanges\":"+ " "+"[{\"CidrIP\":"+ " "+"\""+CidrIP+"\""+"}]}]'", shell=True)
print("successful")
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.