AWS EC2 SSH from my IP address which has changed
I often discover that my IP address (Google what is my IP) has changed thus SSH into my EC2 fails since it accepts SSH from my IP address.
What are my options?
1) Ask my ISP for a static IP address?
2) Open EC2 to accept SSH from 0.0.0.0/0 - relay on the private key.pem file only?
3) Keep changing my IP address in the AWS security group as well the other hosting company for my MongoDB.
Any other suggestions?
Solution 1:
Go with #3. It's trivial to write a small script you can run that will:
- Fetch your current public IP
- Use that IP and awscli to update your security group
Stick this script on your desktop and you're two clicks away from updating your SG. Or even better, run it via cron on the hour.
Solution 2:
While the other 2 answers are providing a more secure solution, I would recommend option 2, provided you do not allow to use passwords in SSH, only public key. You also need to make sure that all users with public key loaded know how to secure them and detect if they have inadvertently disclosed their private key.
The reason for option 2 is:
If this server does anything half productive, then the reduced response time from accessing it from anywhere with your laptop or even your phone to diagnose or fix is worth the slight reduction in security layers. Having to drive or even fly home in an emergency can be a deal breaker. Of course mileage will vary with team size, but your question sounds like you are the only one accessing it.
Solution 3:
I have a better solution for you, let call it number 4:
- Run OpenVPN server on your
EC2
- Configure your security group to allow OpenVPN connection from whole internet
- Access your ssh only via OpenVPN.
You can use your ssh from anywhere and it will be hidden for all bad bots. Of course you have to auth yourself to VPN with certificates you will generate for yourself and you have to keep your private keys really private.