Accessing AWS Services When RemotingThu, May 24, 2018
Having recently moved out of my place, where I had comparitively great Internet access supplied with static IP addresses, I’m currently working mostly tethered to my phone. It turns out that good LTE service actually works pretty well for most things - even long distance SSH - but sitting on a cellular network with a dynamic IP address can get really annoying.
Yes, I should be establishing a VPN to reach internal services. Yes, opening holes for services on the wider Internet is totally a bad idea. But I have other security measures too, and a VPN would be just one extra. And surprise, tunnelling encrypted TCP over another encrypted TCP connection over a cellular network doesn’t provide a great experience.
So I’m dialling straight in over SSH, and here’s the little script I knocked together to make that just a little bit nicer than logging into the AWS console and manually creating security exceptions for myself (requires Python 3.6).
Run it like this.
# Create a new rule in the employees security group authorize-aws -g employees # Create a new rule as above, and delete any existing rule with your name on it authorize-aws -g employees -D # As above, but using a different AWS profile than the default one authorize-aws -p acme -g employees -D # For Windows instances authorize-aws -g employees -t 3389 # By default, the description contains your local user name, but can be overridden authorize-aws -g employees -d 'Carmen mobile'