TimoDJatomika · December 4, 2017 15:44
diff --git a/manage-vpn-security-group.sh b/manage-vpn-security-group.sh
 #!/bin/bash
 # author: Timo Stankowitz <[email protected]>
 # create date: 2017-12-04
 # last modify: 2017-12-04
 # version: 1

 # You can use this script to modify port 22 of your aws security-group. 

 # usage: 
 # first check if port 22 is open for everyone: ./manage-vpn-security-group.sh check-port 
 # open port 22 for 0.0.0.0/0: ./manage-vpn-security-group.sh on
 # close port 22 for 0.0.0.0/0 ./manage-vpn-security-group.sh off

 # Make sure you set the variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in your .sbashrc

 securityGroupID="sg-f76c059d" # replace with your security group


 # check if AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY is set.
 if [ -z "$AWS_ACCESS_KEY_ID" ]; then
    echo "The variable AWS_ACCESS_KEY_ID is not set. Please set the variable AWS_ACCESS_KEY_ID."
    exit 1
 fi

 if [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
    echo "The variable AWS_SECRET_ACCESS_KEY is not set. Please set the variable AWS_SECRET_ACCESS_KEY."
    exit 1
 fi

 # check if aws cli is installed
 which aws > /dev/null 2>&1
 if [ "$?" != 0 ]; then
    echo "Please install the aws cli first befor you can use this script."
    exit 1
 fi



 case "$1" in
        on)
            aws ec2 authorize-security-group-ingress --group-id $securityGroupID --protocol tcp --port 22 --cidr 0.0.0.0/0
            echo "Port 22 is now open for everyone. Please close the port if you don't need it any more."
            ;;
         
        off)
            aws ec2 revoke-security-group-ingress --group-id $securityGroupID --protocol tcp --port 22 --cidr 0.0.0.0/0
            echo "Port 22 is now closed for everyone."
            ;;

        describe)
            aws ec2 describe-security-groups --group-id $securityGroupID
            ;;

        check-port|port-check)
            aws ec2 describe-security-groups --group-id $securityGroupID | grep -C 6 '"FromPort": 22,' | grep '"CidrIp": "0.0.0.0/0"' > /dev/null
    
            if [ $? == 0 ]; then
                echo "Port 22 is open everyone. Please run $0 off to close the port for everyone."
            else
                echo "Port 22 is NOT open for everyone. You can open is by running $0 on"
            fi
            ;;
                 
        help)
            echo $"Usage: $0 {on|off|describe|check-port|help}"
            ;;

        *)
            echo $"Usage: $0 {on|off|describe|check-port|help}"
            exit 1
 
 esac
	#!/bin/bash
	# author: Timo Stankowitz <[email protected]>
	# create date: 2017-12-04
	# last modify: 2017-12-04
	# version: 1

	# You can use this script to modify port 22 of your aws security-group.

	# usage:
	# first check if port 22 is open for everyone: ./manage-vpn-security-group.sh check-port
	# open port 22 for 0.0.0.0/0: ./manage-vpn-security-group.sh on
	# close port 22 for 0.0.0.0/0 ./manage-vpn-security-group.sh off

	# Make sure you set the variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in your .sbashrc

	securityGroupID="sg-f76c059d" # replace with your security group


	# check if AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY is set.
	if [ -z "$AWS_ACCESS_KEY_ID" ]; then
	echo "The variable AWS_ACCESS_KEY_ID is not set. Please set the variable AWS_ACCESS_KEY_ID."
	exit 1
	fi

	if [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
	echo "The variable AWS_SECRET_ACCESS_KEY is not set. Please set the variable AWS_SECRET_ACCESS_KEY."
	exit 1
	fi

	# check if aws cli is installed
	which aws > /dev/null 2>&1
	if [ "$?" != 0 ]; then
	echo "Please install the aws cli first befor you can use this script."
	exit 1
	fi



	case "$1" in
	on)
	aws ec2 authorize-security-group-ingress --group-id $securityGroupID --protocol tcp --port 22 --cidr 0.0.0.0/0
	echo "Port 22 is now open for everyone. Please close the port if you don't need it any more."
	;;

	off)
	aws ec2 revoke-security-group-ingress --group-id $securityGroupID --protocol tcp --port 22 --cidr 0.0.0.0/0
	echo "Port 22 is now closed for everyone."
	;;

	describe)
	aws ec2 describe-security-groups --group-id $securityGroupID
	;;

	check-port\|port-check)
	aws ec2 describe-security-groups --group-id $securityGroupID \| grep -C 6 '"FromPort": 22,' \| grep '"CidrIp": "0.0.0.0/0"' > /dev/null

	if [ $? == 0 ]; then
	echo "Port 22 is open everyone. Please run $0 off to close the port for everyone."
	else
	echo "Port 22 is NOT open for everyone. You can open is by running $0 on"
	fi
	;;

	help)
	echo $"Usage: $0 {on\|off\|describe\|check-port\|help}"
	;;

	*)
	echo $"Usage: $0 {on\|off\|describe\|check-port\|help}"
	exit 1

	esac