-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathaws-ipupdate.py
104 lines (81 loc) · 2.67 KB
/
aws-ipupdate.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
"""
Adds current IP address to security group and will update and remove
old rules from previous IP addresses
"""
import pickle
import urllib2
from boto.ec2.connection import EC2Connection
import json
# import local defaults
from defaults import *
def load_old_ip():
"""
Get the old IP from a file and return it.
"""
try:
dat_file = open('prev_ips.dat')
old_ip = pickle.load(dat_file)
dat_file.close()
except:
old_ip = None
return old_ip
def save_old_ip(ip):
try:
dat_file = open('prev_ips.dat', 'w')
pickle.dump(ip, dat_file)
dat_file.close()
except Exception, e:
print "Failed to save old IP"
# default credentials - we get these from a file called credentials.py
AWS_ACCESS_KEY_ID = ''
AWS_SECRET_ACCESS_KEY = ''
# import local credentials
from credentials import *
conn = EC2Connection(AWS_ACCESS_KEY_ID,
AWS_SECRET_ACCESS_KEY)
sgs = conn.get_all_security_groups()
parent_sg = None
for sg in sgs:
if sg.name == PARENT_NAME:
parent_sg = sg
sg = None
if parent_sg is None:
print "The parent security group %s was not found." % PARENT_NAME
exit()
old_ip = load_old_ip()
if old_ip is not None:
old_grant = old_ip + '/32'
else:
old_grant = None
req = urllib2.Request('http://jsonip.com',
headers={'Content-Type': 'application/json'})
ext_ip = json.loads(urllib2.urlopen(req).read())['ip']
new_grant = ext_ip + '/32'
if ext_ip in DONT_TOUCH:
print "You shouldn't be using this script from this location. You're current external IP is in the list of IPs that shouldn't be changing."
exit()
if old_grant == new_grant:
prompt = "Your IP hasn't changed. Do you want to update anyway? (y/n)?"
response = raw_input(prompt)
if str(response) != "y":
exit()
# Save the new external IP
save_old_ip(ext_ip)
# Clear out all the old rules in this group.
if not old_ip is None:
print "Clearing old grants..."
sgrules = parent_sg.rules
for sgrule in sgrules:
for grant in sgrule.grants:
if grant.cidr_ip == old_grant:
print "Revoking %s for %s" % (sgrule, grant)
parent_sg.revoke(ip_protocol=sgrule.ip_protocol,
from_port=sgrule.from_port,
to_port=sgrule.to_port,
cidr_ip=grant)
# Authorize new ports at current IP
print "Adding new grants..."
for prot, fp, tp in OPEN_PORTS:
print "Authorizing %s on ports %s-%s for %s" % (prot, fp, tp, new_grant)
parent_sg.authorize(
ip_protocol=prot, from_port=fp, to_port=tp, cidr_ip=new_grant)