Monday, May 8, 2023

EC2 automated port open/close for ACME

I wrote this script to enable port 80 during my ACME renewal of my TLS certificates. This obviously only works on EC2 hosts, but it is still useful.
# Get current instance ID
INSTANCE_ID=$(curl -s
# Get current Security Group ID
SECURITY_GROUP_ID=$(aws ec2 describe-instances --instance-ids $INSTANCE_ID --query 'Reservations[].Instances[].SecurityGroups[].GroupId' --output text)
# Allow incoming traffic on port 80
aws ec2 authorize-security-group-ingress --group-id $SECURITY_GROUP_ID --protocol tcp --port 80 --cidr
# Sleep for 30 minutes
sleep 1800
# Remove incoming traffic on port 80
aws ec2 revoke-security-group-ingress --group-id $SECURITY_GROUP_ID --protocol tcp --port 80 --cidr

No comments:

Post a Comment