We should be able to add the IP address to inbound rules when an API gateway is triggered and the added IP address needs to be deleted after a particular defined time from the security group. Is there any way to automate this process using aws lambda
Is there anyway to automate assigning new IP address to security groups in inbound rules with lambda
Asked
Active
Viewed 283 times
0
-
But which IP address do you want to add? – rdas Apr 15 '19 at 09:58
-
the ip address is obtained from client when an API gateway is triggered..then ill have to use the trigger to inturn trigger a Lambda Python script which adds the IP address on Port 90 in inbound rules which needs to be deleted automatically within a given time frame – Bala Krishna Apr 15 '19 at 10:04
1 Answers
0
I think so.
- Trigger a lambda function when a API gateway is called. Pass the required arguments to lambda. https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-with-lambda-integration.html
- In the lambda, modify your security group. Keep security in mind here, since you're using user input to modify your infrastructure.
- Still in the lambda, schedule another lambda to be run after some time. You can do this with CloudWatch: https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/RunLambdaSchedule.html (this lambda should have enough info to identify which rule to remove from which SG)
- When the scheduled lambda runs, it should remove the rule from the Security Group.
rdas
- 20,604
- 6
- 33
- 46
-
`sg.authorize_ingress(CidrIp='183.82.107.236/32',FromPort(90),ToPort(90),IpProtocol = 'tcp') File "
", line 1 sg.authorize_ingress(CidrIp='183.82.107.236/32',FromPort(90),ToPort(90),IpProtocol = 'tcp') ^ SyntaxError: positional argument follows keyword argument` . Hey man i was wondering if you can also assist me with the code and tell me the cause of this error – Bala Krishna Apr 15 '19 at 11:03 -
`sg.authorize_ingress(CidrIp='183.82.107.236/32',FromPort(90),ToPort(90),IpProtocol = 'tcp')` You can't have positional arguments (`FormPort(90)`) after Keyword arguments (`CidrIp=...`) – rdas Apr 15 '19 at 11:29
-
Ohh yea i got it ....started working on the steps ..Thankyou for the suggestions . – Bala Krishna Apr 15 '19 at 11:38
-
How can my script locate the IP address of device from where the API or URL is triggered ? – Bala Krishna Apr 16 '19 at 10:11
-
https://stackoverflow.com/questions/33062097/how-can-i-retrieve-a-users-public-ip-address-via-amazon-api-gateway-lambda-n – rdas Apr 16 '19 at 10:21
-
`'use strict'; console.log('Loading function'); exports.handler = (event, context, callback) => { console.log('SourceIP =', event.sourceIP); callback(null, event.sourceIP); }; ` . Please tell if i understand this ..the ip address is now stored in the event,sourceIP and i can directly pass it to CidrIp like wise `CidrIp = event.sourceIP` ? – Bala Krishna Apr 16 '19 at 10:32