Script to remove IP’s from firewall based on whois

So, on the projects I’m currently working on, if you want to wfh and you need access to something which is not publicy accessible the instructions are basically to log into the AWS console and add your IP to the firewall (a.k.a. security group in AWS parlance).

This ends up causing several issues:

  1. People’s ISP changes their IP, meaning they usually will be adding their IP more than once
  2. Due to #1 above, we end up regularly exceeding the maximum number of rules per security group (50)
  3. “Cleaning up” the list involves someone taking a look at the “allowed” rules and figuring out “which are likely to be home IP addresses”

Previously we’ve made use of the fact you can attach multiple security groups in AWS to things and had a dedicated “home IPs” security group. However, we’ve ended up just reverting to the same old.

I’d love to have a script/program that would look up all the “allowed” IP’s for any particular security group, grab their WHOIS information and work out how likely they are to be “home IPs” vs “service IPs”.

Ofcourse, the real answer is that we should probably just setup VPN. I mean, it’s never been easier to do, right?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.