How can I easily manage constantly changing public IP addresses in my many security groups

amazon-web-services security-groups

Solution 1:

It's a bit difficult to say what's best because you've not said what people are doing in the environment. Are they running an IDE on a Windows EC2 instance? Accessing logs on a Linux box? If you edit the question to give more background you might get better answers.

A few thoughts though:

  • Use a different approach: instead of whitelisting home IPs let people into a bastion instance / AWS Workspace ideally using MFA. The bastion / Workspaces security group is whitelisted in the rest of your environment. Best practice would be to have private resources in a private subnet with a bastion anyway.

  • Give everyone a script / batch file that uses the AWS CLI (or CLI calls lambda) to remove any existing security group rules with their name / unique ID in it and replace it with their current IP

  • Consider the general idea of identity based authentication instead of IP based restrictions, similar to zero trust networking.

If you expand on your scenario in your question then reply to let me know I can refine my answer.

Related

What kind of slide rails do I need?
Trusted Platform Module (TPM) versions 1.2 vs 2.0 and header number of pins
Configure DNS routing in wireguard
Why is my upstream localhost? Getting 500 but no app error in Nginx. " no live upstreams while connecting to upstream"
Memory consumed quickly on my server [duplicate]
http 500 error on first visit only
GCP doesn't allow me to create a new project even if no other project is active
How to run a script only during first install of a package and not during upgrades?
Valgrind does debug error
How to install 64-bit .deb file on a 32-bit machine?
Tool for viewing LibreOffice Writer files in terminal window
Error getting authority: Error initializing authority: Could not connect: No such file or directory (g-io-error-quark, 1)