次のページを参考にしました。
http://se-blog.mydns.jp/contents/aws/cli-sg/cli-sg.html
https://qiita.com/S-T/items/3d4197bbed1022ccac43
次のバージョンで確認しました。
$ aws --version
aws-cli/2.7.27 Python/3.9.11 Linux/5.19.8-arch1-1 exe/x86_64.arch prompt/off
Security Group の一覧取得
go_list.sh
aws ec2 describe-security-groups --output=table --query 'sort_by(SecurityGroups[].{A_GroupName: GroupName, B_Name: Tags[?Key==`Name`].Value|[0], C_GroupID: GroupId}, &A_GroupName)'
実行結果
$ ./go_list.sh
-------------------------------------------------------
| DescribeSecurityGroups |
+------------------+---------+------------------------+
| A_GroupName | B_Name | C_GroupID |
+------------------+---------+------------------------+
| default | None | sg-0f2d7454484abcd12 |
| launch-wizard-1 | None | sg-0c8b45bf132abcd12 |
+------------------+---------+------------------------+
インバウンドルールの取得
go_inbound.sh
GROUP_ID="sg-0c8b45bf132abcd12"
#
aws ec2 describe-security-groups --group-ids $GROUP_ID --output=table \
--query 'sort_by(SecurityGroups[].IpPermissions[].{A_Protocol: IpProtocol, B_SourcePort: FromPort, C_SourceIP: join(`, `, IpRanges[].CidrIp), D_SourceId: join(`, `, UserIdGroupPairs[].GroupId), E_SourcePrefix: join(`, `, PrefixListIds[].PrefixListId)}, &A_Protocol)'
実行結果
$ ./go_inbound.sh
--------------------------------------------------------------------------------------
| DescribeSecurityGroups |
+------------+---------------+----------------------+-------------+------------------+
| A_Protocol | B_SourcePort | C_SourceIP | D_SourceId | E_SourcePrefix |
+------------+---------------+----------------------+-------------+------------------+
| tcp | 80 | 0.0.0.0/0 | | |
| tcp | 22 | 219.116.120.21/32 | | |
| tcp | 3389 | 219.116.120.21/32 | | |
| tcp | 443 | 0.0.0.0/0 | | |
+------------+---------------+----------------------+-------------+------------------+
MyIP の取得
http https://checkip.amazonaws.com/
ルールの削除
go_del.sh
GROUP_ID="sg-0c8b45bf132abcd12"
PORT=5000
IP_SOURCE="219.116.120.21/32"
#
aws ec2 revoke-security-group-ingress --group-id ${GROUP_ID} \
--ip-permissions '[{"IpProtocol": "tcp", "FromPort": '${PORT}', "ToPort": '${PORT}', "IpRanges": [{"CidrIp": "'${IP_SOURCE}'"}]}]'
#
複数のポートを処理
go_del_multi.sh
GROUP_ID="sg-0c8b45bf132abcd12"
IP_SOURCE="219.116.120.21/32"
#
for PORT in 22 80 443
do
aws ec2 revoke-security-group-ingress --group-id ${GROUP_ID} \
--ip-permissions '[{"IpProtocol": "tcp", "FromPort": '${PORT}', "ToPort": '${PORT}', "IpRanges": [{"CidrIp": "'${IP_SOURCE}'"}]}]'
done
#
ルールの追加
go_append.sh
GROUP_ID="sg-0c8b45bf132abcd12"
PORT=5000
IP_SOURCE="219.116.120.21/32"
#
aws ec2 authorize-security-group-ingress --group-id ${GROUP_ID} \
--protocol tcp --port ${PORT} --cidr ${IP_SOURCE}
#
複数のポートを処理
go_append_multi.sh
GROUP_ID="sg-0c8b45bf132abcd12"
IP_SOURCE="219.116.120.21/32"
#
for PORT in 22 80 443
do
aws ec2 authorize-security-group-ingress --group-id ${GROUP_ID} \
--protocol tcp --port ${PORT} --cidr ${IP_SOURCE}
done
#