So, on the projects I’m currently working on, if you want to wfh and you need access to something which is not publicy accessible the instructions are basically to log into the AWS console and add your IP to the firewall (a.k.a. security group in AWS parlance).
This ends up causing several issues:
- People’s ISP changes their IP, meaning they usually will be adding their IP more than once
- Due to #1 above, we end up regularly exceeding the maximum number of rules per security group (50)
- “Cleaning up” the list involves someone taking a look at the “allowed” rules and figuring out “which are likely to be home IP addresses”
Previously we’ve made use of the fact you can attach multiple security groups in AWS to things and had a dedicated “home IPs” security group. However, we’ve ended up just reverting to the same old.
I’d love to have a script/program that would look up all the “allowed” IP’s for any particular security group, grab their WHOIS information and work out how likely they are to be “home IPs” vs “service IPs”.
Ofcourse, the real answer is that we should probably just setup VPN. I mean, it’s never been easier to do, right?