Security-Groups // Tony Metzidis

Securing Your Network Using Auto-Updating Security Groups

We all know that no ports should be open to the internet for development purposes, but for convenience it’s common to find a security group with port 22 (SSH) open to 0.0.0.0/0 . Even narrower ingress rules can create backdoors.

Here we’ll show you how to create an auto-updating security group that adds your active WAN IP address when you connect. This way, only your active IP is authorized.

Create the “development” security group with no ingress
```
aws ec2 create-security-group --group-name=development --group-description="ssh access for my dev machine"
```
Create a limited role that can only update this security group

Since you may want to embed this script on your router or elsewhere, it’s important to generate a restricted access key that can only do one thing Create a user and add this policy

Continue Reading ...

Dec 17, 2015

2 min read

Aws Security Security-Groups