Add your IP address to an EC2 security group from command line

If you have an EC2 instance, for example a jump station, with restricted SSH access for only known IP addresses, then you most likely want a fast and smooth way of adding your new IP address to the security group when connected with a mobile device or when working from home.

First you need to find out your IP address. I do this with the following alias:

alias myip='export IP=`curl -s https://api.ipify.org`;echo $IP'  

The alias will set $IP to your IP address, and then print it.

Next you will need to find out the ID of the EC2 instance's security group. Use the AWS console or the AWS CLI command aws ec2 describe-instances to get it.

Now it is as easy as using the following command to add SSH access for your current IP address:

aws ec2 authorize-security-group-ingress --protocol tcp --port 22 --cidr `myip`/32 --group-id <group-id>  

When you are finished for the day it is a good practice to always revoke access for the IP address again, especially if you've been assigned a dynamic IP address. It is the same command again, except that you use revoke-security-group-ingress instead.

Even better is to create a wrapper script for the SSH session which will add your IP address just before connecting and then revoking it after you terminate the session. An example of this:

#!/bin/bash

ip=`curl -s https://api.ipify.org`

aws ec2 authorize-security-group-ingress --protocol tcp --port 22 --cidr $ip/32 --group-id <group-id>

ssh <ec2-instance-ip-address>

aws ec2 revoke-security-group-ingress --protocol tcp --port 22 --cidr $ip/32 --group-id <group-id>  

I hope you find this as helpful as I have.