Reputation: 35
Create Travis NAT IPs as AWS VPC Security Group IP List
I'd like to create a Security Group rule in AWS to allow incoming SSH connections from Travis (https://docs.travis-ci.com/user/ip-addresses/) to be able to control deployment. AWS has a limit on the individual rules in the Security Group, adding IPs one by one is not an option due to that.
#!/bin/bash
# Fetch and parse https://dnsjson.com/nat.travisci.net/A.json
# for all the IP addresses that Travis CI uses for NAT.
TRAVIS_NAT_IPS=$(wget -qO- https://dnsjson.com/nat.travisci.net/A.json | jq -r '.results.records[]')
readarray -t IP_ADDRESSES <<< "$TRAVIS_NAT_IPS"
ENTRIES=""
for IP in "${IP_ADDRESSES[@]}"
do
ENTRIES="$ENTRIES""Cidr=$IP/32,Description=Travis "
done
aws ec2 create-managed-prefix-list \
--address-family IPv4 \
--max-entries 100 \
--entries="${ENTRIES##*( )}" \
--prefix-list-name travis-nat-ips
The error it throws:
Error parsing parameter '--entries': Second instance of key "Description" encountered for input:
This is often because there is a preceding "," instead of a space.
But I could not locate the issue, as the syntax matches the example in AWS doc: https://docs.aws.amazon.com/cli/latest/reference/ec2/create-managed-prefix-list.html#examples
Any pointers how should we correct the above shell script or how should we do it in a different way? Opening port 22 to the public (0.0.0.0) permanently is not an option for security reasons.
Upvotes: 0
Views: 53
Answers (1)
Reputation: 35
This is the working version of the shell script:
#!/bin/bash
# Fetch and parse https://dnsjson.com/nat.travisci.net/A.json
# for all the IP addresses that Travis CI uses for NAT.
TRAVIS_NAT_IPS=$(wget -qO- https://dnsjson.com/nat.travisci.net/A.json | jq -r '.results.records[]')
readarray -t IP_ADDRESSES <<< "$TRAVIS_NAT_IPS"
ENTRIES=""
for IP in "${IP_ADDRESSES[@]}"
do
ENTRIES="$ENTRIES""Cidr=$IP/32,Description=Travis "
done
aws ec2 create-managed-prefix-list \
--address-family IPv4 \
--max-entries 100 \
--entries ${ENTRIES##*( )} \
--prefix-list-name travis-nat-ips
Upvotes: 0
Related Questions
- AWS CLI - Create script to add my IP to security group
- Add a list of IP as Source IP in Security Group
- How to add security group to VPC Endpoint in CDK (AWS)
- Dynamically add private IP's to Security Group
- List of public IPs of NAT Gateways in VPC
- associate custom Elastic IP to NAT Gateway with AWS CDK
- How to assign an existing ElasticIP to a NAT in a VPC with Terraform
- How to use AWS VPC endpoints in NAT enabled subnets?
- AWS Lambda: How to set up a NAT gateway for a lambda function with VPC access
- AWS VPC and IP address of docker container