Script Update Dynamic Ips into AWS EC2 Security Groups. To run need to install aws cli, JQ and dnsutils.

aws-update-my-dynamic-ip.sh

#!/bin/bash

if [ $# -eq 0 ] 
  then
    echo -e 'Please provide the name of a security group\n\te.g.  . aws-update-my-dynamic-ip.sh SECURITYGROUPNAME'
    exit 1
fi

GROUP_NAME=$1

echo ""
echo "###########################################################################################################################"
echo "################################################## [BEGIN ${GROUP_NAME}] ##################################################"
echo "Updating AWS EC2 Security Group - GROUP_NAME=${GROUP_NAME}"

VIRTUA_IP=$(host x1.myhost.no-ip.org | awk '/has address/ { print $4 }')
VIVO_IP=$(host x2.myhost.no-ip.org | awk '/has address/ { print $4 }')

echo ""
echo "VIRTUA_IP=${VIRTUA_IP}"
echo "VIVO_IP=${VIVO_IP}"

if [ ! -n "${VIRTUA_IP}" ] || [ "${VIRTUA_IP}" == " " ]; then
    echo "ERROR: VIRTUA_IP is empty!"
    exit 1
fi

if [ ! -n "${VIVO_IP}" ] || [ "${VIVO_IP}" == " " ]; then
    echo "ERROR: VIVO_IP is empty!"
    exit 1
fi


echo ""
echo 'Current entries for group: '${GROUP_NAME}
aws ec2 describe-security-groups --region sa-east-1 \
        --filters Name=group-name,Values=${GROUP_NAME} \
        --query 'SecurityGroups[0].IpPermissions[*].{ip:IpRanges[*].CidrIp,protocol:IpProtocol,from:FromPort,to:ToPort}' \
        --output table


echo ""
echo "Running aws ec2 describe-security-groups to describe-security-groups-${GROUP_NAME}.json file"
aws ec2 describe-security-groups --region sa-east-1 \
        --filters Name=group-name,Values=${GROUP_NAME} \
        --query 'SecurityGroups[0].IpPermissions[*]' \
        --output json > describe-security-groups-${GROUP_NAME}.json
cat describe-security-groups-${GROUP_NAME}.json
describeSecGroups=$(cat describe-security-groups-${GROUP_NAME}.json)
if [ ! -n "${describeSecGroups}" ] || [ "${describeSecGroups}" == " " ] || [ "${describeSecGroups}" == "null" ] || [ "${describeSecGroups}" == "NULL" ]; then
    echo "ERROR: describe-security-groups-${GROUP_NAME}.json Group Name Invalid!"
    exit 1
fi


LIST_DIFFERENT_IP=$(cat describe-security-groups-${GROUP_NAME}.json | jq -r ".[].IpRanges[].CidrIp | select(. != \"${VIRTUA_IP}/32\" and . != \"${VIVO_IP}/32\")")
echo ""
echo "LIST_DIFFERENT_IP=${LIST_DIFFERENT_IP}"


if [ "${LIST_DIFFERENT_IP}" ]; then
   echo "IP is different!"
   echo ""
   echo "Starting change to new IP!"
   touch ip-different


   echo ""
   echo "Creating current-sec-group-${GROUP_NAME}-0.out"
   aws ec2 describe-security-groups --region sa-east-1 \
           --filters Name=group-name,Values=${GROUP_NAME} \
           --query 'SecurityGroups[0].IpPermissions[*].[IpRanges[0].CidrIp,IpProtocol,FromPort,ToPort]' \
           --output text > current-sec-group-${GROUP_NAME}-0.out
   cat current-sec-group-${GROUP_NAME}-0.out


   echo ""
   echo "Creating current-sec-group-${GROUP_NAME}-1.out"
   aws ec2 describe-security-groups --region sa-east-1 \
           --filters Name=group-name,Values=${GROUP_NAME} \
           --query 'SecurityGroups[0].IpPermissions[*].[IpRanges[1].CidrIp,IpProtocol,FromPort,ToPort]' \
           --output text > current-sec-group-${GROUP_NAME}-1.out
   cat current-sec-group-${GROUP_NAME}-1.out


   echo ""
   echo "Merge two files current-sec-group-*.out into all-current-sec-group-${GROUP_NAME}.out"
   cat current-sec-group-${GROUP_NAME}-0.out | awk '/\/32/' > all-current-sec-group-${GROUP_NAME}.out
   cat current-sec-group-${GROUP_NAME}-1.out | awk '/\/32/' >> all-current-sec-group-${GROUP_NAME}.out
   cat all-current-sec-group-${GROUP_NAME}.out

   allCurrentSecGroup=$(cat all-current-sec-group-${GROUP_NAME}.out)
   if [ ! -n "${allCurrentSecGroup}" ] || [ "${allCurrentSecGroup}" == " " ]; then
       echo "ERROR: all-current-sec-group-${GROUP_NAME}.out is empty!"
       exit 1
   fi


   echo ""
   echo "Revoke all existing inbound access"
   cat all-current-sec-group-${GROUP_NAME}.out | awk -v groupName=${GROUP_NAME} \
      '{
         print "aws ec2 --region sa-east-1 revoke-security-group-ingress --group-name "groupName" --cidr "$1" --protocol "$2" --port "$3;
         system ("aws ec2 --region sa-east-1 revoke-security-group-ingress --group-name "groupName" --cidr "$1" --protocol "$2" --port "$3);
       }'


   echo ""
   echo ""
   echo "Authorize new VIRTUA_IP=${VIRTUA_IP} and VIVO_IP=${VIVO_IP}"
   cat current-sec-group-${GROUP_NAME}-0.out | awk -v groupName=${GROUP_NAME} -v newVirtuaIP=${VIRTUA_IP} -v newVivoIP=${VIVO_IP} \
       '{
         print "aws ec2 --region sa-east-1 authorize-security-group-ingress --group-name "groupName" --cidr "newVirtuaIP"/32 --protocol "$2" --port "$3;
         system ("aws ec2 --region sa-east-1 authorize-security-group-ingress --group-name "groupName" --cidr "newVirtuaIP"/32 --protocol "$2" --port "$3);
         print "aws ec2 --region sa-east-1 authorize-security-group-ingress --group-name "groupName" --cidr "newVivoIP"/32 --protocol "$2" --port "$3;
         system ("aws ec2 --region sa-east-1 authorize-security-group-ingress --group-name "groupName" --cidr "newVivoIP"/32 --protocol "$2" --port "$3);
       }'


   echo ""
   echo 'NEW entries for group: '${GROUP_NAME}
   sleep 3;
   aws ec2 describe-security-groups --region sa-east-1 \
           --filters Name=group-name,Values=${GROUP_NAME} \
           --query 'SecurityGroups[0].IpPermissions[*].{ip:IpRanges[*].CidrIp,protocol:IpProtocol,from:FromPort,to:ToPort}' \
           --output table
   echo ""
   
   echo "GROUP-NAME: ${GROUP_NAME} IS CHANGED!"

else
   echo "IP is equals, nothing to do!"
   touch ip-equals
fi

echo "################################################### [END ${GROUP_NAME}] ###################################################"
echo "###########################################################################################################################"
echo ""
echo ""
echo ""

Relation with https://gist.github.com/frekele/d1bc5ca04b1b1f2f78a60bbc2e7f6cf1