Accessing AWS Services When Remoting

Having recently moved out of my place, where I had comparitively great Internet access supplied with static IP addresses, I’m currently working mostly tethered to my phone. It turns out that good LTE service actually works pretty well for most things - even long distance SSH - but sitting on a cellular network with a dynamic IP address can get really annoying.

Yes, I should be establishing a VPN to reach internal services. Yes, opening holes for services on the wider Internet is totally a bad idea. But I have other security measures too, and a VPN would be just one extra. And surprise, tunnelling encrypted TCP over another encrypted TCP connection over a cellular network doesn’t provide a great experience.

So I’m dialling straight in over SSH, and here’s the little script I knocked together to make that just a little bit nicer than logging into the AWS console and manually creating security exceptions for myself (requires Python 3.6).

Run it like this.

# Create a new rule in the employees security group
authorize-aws -g employees

# Create a new rule as above, and delete any existing rule with your name on it
authorize-aws -g employees -D

# As above, but using a different AWS profile than the default one
authorize-aws -p acme -g employees -D

# For Windows instances
authorize-aws -g employees -t 3389

# By default, the description contains your local user name, but can be overridden
authorize-aws -g employees -d 'Carmen mobile'