Securing Your Network Using Auto-Updating Security Groups

Posted on Thu 17 December 2015 in aws • Tagged with aws, security, security-groupsLeave a comment

We all know that no ports should be open to the internet for development purposes, but for convenience it's common to find a security group with port 22 (SSH) open to . Even narrower ingress rules can create backdoors.

Here we'll show you how to create an auto-updating security group that adds your active WAN IP address when you connect. This way, only your active IP is authorized.

Create the "development" security group with no ingress

aws ec2 create-security-group --group-name=development --group-description="ssh access for my dev machine"

Create a limited role that can only update …

Continue reading