denov · November 27, 2017 00:56
diff --git a/update-ssh-sg.py b/update-ssh-sg.py
 import boto3
 from urllib2 import urlopen


 sg_id = "sg-xxxxxxxx"
 sg_desc = "user-name"

 old_ip = "127.0.0.1"
 current_ip = urlopen("http://ip.42.pl/raw").read()

 ec2 = boto3.resource("ec2")
 security_group = ec2.SecurityGroup(sg_id)

 for p in security_group.ip_permissions:
  for r in p['IpRanges']:
    if 'Description' in r and r['Description'] == sg_desc:
 	    old_ip = r['CidrIp']
  	    print "found old IP : "+ old_ip
      else:
 	      print "can't find old IP"
  

 if old_ip != "127.0.0.1":
  security_group.revoke_ingress(IpProtocol="tcp", CidrIp=old_ip, FromPort=22, ToPort=22)
  print "remove of old IP "+old_ip

 perms = {
  'IpProtocol': "tcp",
  'FromPort': 22,
  'ToPort': 22,
  'IpRanges': [{'CidrIp': current_ip+"/32", 'Description': sg_desc}]
 }  
 security_group.authorize_ingress(IpPermissions=[perms])
 print "updated with "+ current_ip +"/32"
	import boto3
	from urllib2 import urlopen


	sg_id = "sg-xxxxxxxx"
	sg_desc = "user-name"

	old_ip = "127.0.0.1"
	current_ip = urlopen("http://ip.42.pl/raw").read()

	ec2 = boto3.resource("ec2")
	security_group = ec2.SecurityGroup(sg_id)

	for p in security_group.ip_permissions:
	for r in p['IpRanges']:
	if 'Description' in r and r['Description'] == sg_desc:
	old_ip = r['CidrIp']
	print "found old IP : "+ old_ip
	else:
	print "can't find old IP"


	if old_ip != "127.0.0.1":
	security_group.revoke_ingress(IpProtocol="tcp", CidrIp=old_ip, FromPort=22, ToPort=22)
	print "remove of old IP "+old_ip

	perms = {
	'IpProtocol': "tcp",
	'FromPort': 22,
	'ToPort': 22,
	'IpRanges': [{'CidrIp': current_ip+"/32", 'Description': sg_desc}]
	}
	security_group.authorize_ingress(IpPermissions=[perms])
	print "updated with "+ current_ip +"/32"