AWS EC2 Security Group SSH Access From USA Only

Struggling with Security Groups in AWS. Would like to setup a single SG, which I'd use in all my EC2 instances, to allow SSH traffic (I'd have other SGs for other roles, deployed as appropriate). However, I see no reason to open this SSH group up to the whole world. What I'd like to do is to restrict access to USA only for now. Is this doable?


It is doable with pam_geoip

In /etc/security/geoip.conf:

*           sshd          allow     US
*           sshd          ignore    UNKNOWN
*           sshd          deny      *

Possible, in theory, but probably not what you want to do.

I could, for example, use a free VPN service to give me an IP address in the USA, even though I'm in London.

What would be a better solution would be a SSH key, disable password-based logins, and consider 2-factor authentication.

I'm confused by why you'd want to allow access to the netblocks for a country as a whole, when it only offers you the thinnest veil of security (through obscurity)