Linux-Help
/
dynamic-ip
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
dynamic-ip/src/agents.d/aws-sg

69 lines
2.6 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Internal Initialization
source "${DIP_FUNCTIONS}"
[[ -r "${DIP_BASE_DIR}/conf.d/${DIP_AGENT_NAME}.conf" ]] && \
source "${DIP_BASE_DIR}/conf.d/${DIP_AGENT_NAME}.conf"
[[ -r "${DIP_BASE_DIR}/conf.d/${DIP_AGENT_EXEC}.conf" ]] && \
source "${DIP_BASE_DIR}/conf.d/${DIP_AGENT_EXEC}.conf"
if [[ -z "$agent_aws_sg_id" ]]; then
logerr "ERROR: Need 'agent_aws_sg_id' to be defined to your Security Group ID"
exit 99
fi
#if [[ -d "${DIP_BASE_DIR}/aws" ]]; then
# if [[ ! -r "${DIP_BASE_DIR}/aws/config" ]]; then
# logerr "ERROR: AWS config file not found: '${DIP_BASE_DIR}/aws/config'"
# exit 99
# elif [[ ! -r "${DIP_BASE_DIR}/aws/credentials" ]]; then
# logerr "ERROR: AWS credentials file not found: '${DIP_BASE_DIR}/aws/credentials'"
# exit 99
# else
# export AWS_CONFIG_FILE="${DIP_BASE_DIR}/aws/config"
# export AWS_SHARED_CREDENTIALS_FILE="${DIP_BASE_DIR}/aws/credentials"
# fi
#else
# logerr "ERROR: AWS config directory not found. '${DIP_BASE_DIR}/aws/' is expected to exist and contain 'config' and 'credentials' for AWS access."
# exit 99
#fi
if [[ -z "$AWS_ACCESS_KEY_ID" || -z "$AWS_SECRET_ACCESS_KEY" || -z "$AWS_DEFAULT_REGION" ]]; then
echo "ERROR: AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY need to be set"
exit 99
fi
if [[ -z "$DIP_CUR_IP" || -z "$DIP_OLD_IP" ]]; then
logerr "ERROR: Agent expects currentip, and existingip."
exit 98
fi
# Main
if valid_ipv4 "$DIP_CUR_IP"; then
if [[ "${DIP_CUR_IP}/32" = "${DIP_OLD_IP}/32" ]]; then
log "No changes required."
else
log "Updating Security Group IP"
aws ec2 revoke-security-group-ingress --group-id "${agent_aws_sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"IpRanges\": [{\"CidrIp\": \"${DIP_OLD_IP}/32\"}]}]"
aws ec2 authorize-security-group-ingress --group-id "${agent_aws_sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"IpRanges\": [{\"CidrIp\": \"${DIP_CUR_IP}/32\"}]}]"
fi
fi
if valid_ipv6 "$DIP_CUR_IP"; then
currentprefix=$(getIPv6Prefix "$DIP_CUR_IP")
existingprefix=$(getIPv6Prefix "$DIP_OLD_IP")
if [[ "$currentprefix" = "$existingprefix" ]]; then
log "No changes required."
else
log "Updating Security Group IPv6"
aws ec2 revoke-security-group-ingress --group-id "${agent_aws_sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"Ipv6Ranges\": [{\"CidrIpv6\": \"${existingprefix}\"}]}]"
aws ec2 authorize-security-group-ingress --group-id "${agent_aws_sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"Ipv6Ranges\": [{\"CidrIpv6\": \"${currentprefix}\"}]}]"
fi
fi
Reference in New Issue View Git Blame Copy Permalink