清除特定端口的AWS安全組規則

Question

如何使用「aws ec2」刪除給定端口的所有規則？

aws ec2 revoke-security-group-ingress --group-name MySecurityGroup --protocol tcp --port 22 **--ALL-IP** 

Answer 1

作爲每documentation，該命令在任--cidr或--source-group作品。所以如果你有多個IP地址，那麼我會說唯一的選擇是多次爲單個IP地址運行相同的命令（這將採取1.1.1.1/32的形式）。

或者，

你可以列出CIDR格式（1.1.1.1/32）所有ipadress在一個文件中（在新行每個IP地址），然後運行for循環在它上面運行的命令每次迭代。例如

for i in `cat ip_address_cidr.txt`; do aws ec2 revoke-security-group-ingress --group-name MySecurityGroup --protocol tcp --port 22 $i; done 

我沒有上述命令的語法測試，但應該這樣做，這樣你可以在一個單一的一行命令撤銷的規則。

Answer 2

我認爲這是你在找什麼：How to Close All Open SSH Ports in AWS Security Groups

這裏針對特定安全組ID解決方案：

#!/bin/bash 

sg = {security group} 

# get the cidrs for the ingress rule 
rules=$(aws ec2 describe-security-groups --group-ids $sg --output text --query 'SecurityGroups[*].IpPermissions') 
# rules will contain something like: 
# 22 tcp 22 
# IPRANGES 108.42.177.53/32 
# IPRANGES 10.0.0.0/16 
# 80 tcp 80 
# IPRANGES 0.0.0.0/0 
# luckily, aws returns all ipranges per port grouped together 

# flag for if we are reading ipranges 
reading=0 
# loop returned lines 
while read -r line; do 
    # split the line up 
    rulebits=($line) 
    # check if if we are reading ssh port ipranges 
    if [ $reading -eq 0 ] ; then 
     # we are not reading ipranges 
     # check if '22 tcp 22' 
     if [ ${rulebits[0]} == "22" ] && [ ${rulebits[1]} == "tcp" ] && [ ${rulebits[2]} == "22" ] ; then 
      # found it 
      reading=1   
     fi 
    else 
     # we are reading ipranges 
     # check if first word is 'IPRANGES' 
     if [ ${rulebits[0]} == "IPRANGES" ] ; then 
      # found a cidr for open ssh port 
      cidr=${rulebits[1]} 
      echo -n found port 22 open cidr $cidr closing... 
      # close it 
      result=$(aws ec2 revoke-security-group-ingress --group-id $sg --protocol tcp --port 22 --cidr $cidr --output text) 
      if [ "$result" == "true" ] ; then 
       echo " OK" 
      else 
       echo " ERROR" 
      fi 
     else 
      # new port 
      reading=0  
     fi 
    fi 
done