Monday, May 8, 2023

EC2 automated port open/close for ACME

I wrote this script to enable port 80 during my ACME renewal of my TLS certificates. This obviously only works on EC2 hosts, but it is still useful.
#!/bin/bash
# Get current instance ID
INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
# Get current Security Group ID
SECURITY_GROUP_ID=$(aws ec2 describe-instances --instance-ids $INSTANCE_ID --query 'Reservations[].Instances[].SecurityGroups[].GroupId' --output text)
# Allow incoming traffic on port 80
aws ec2 authorize-security-group-ingress --group-id $SECURITY_GROUP_ID --protocol tcp --port 80 --cidr 0.0.0.0/0
# Sleep for 30 minutes
sleep 1800
# Remove incoming traffic on port 80
aws ec2 revoke-security-group-ingress --group-id $SECURITY_GROUP_ID --protocol tcp --port 80 --cidr 0.0.0.0/0

No comments:

Post a Comment