Created
March 3, 2017 04:00
-
-
Save tkuchiki/3e0dfd3b3425a5f0b05fc4fd3e381a85 to your computer and use it in GitHub Desktop.
CloudFront の IP を許可する Security Group を aws cli で更新する
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -ue | |
| SG_ID=${1} | |
| old_ips=$(aws ec2 describe-security-groups --group-ids ${SG_ID} | jq '.SecurityGroups[].IpPermissions[].IpRanges[]' | jq -sSc .) | |
| ips=$(curl -s http://d7uri8nf7uskq.cloudfront.net/tools/list-cloudfront-ips) | |
| new_ips=$((echo $ips | jq '.CLOUDFRONT_GLOBAL_IP_LIST[] | { CidrIp: . }'; echo $ips | jq '.CLOUDFRONT_REGIONAL_EDGE_IP_LIST[] | { CidrIp: . }' ) | jq -Ssc .) | |
| json=$(cat <<EOC | |
| [ | |
| { | |
| "IpProtocol": "tcp", "FromPort": 80, "ToPort": 80, | |
| "IpRanges": ${new_ips} | |
| } | |
| ] | |
| EOC | |
| ) | |
| aws ec2 authorize-security-group-ingress --group-id ${SG_ID} --ip-permissions "$(echo $json | jq . -c)" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment