|
1 | | -# Trigger External Workflow Action |
| 1 | +# Add an IP ingress rule to a AWS Security Group |
| 2 | + |
| 3 | +GitHub Action Adds a new ingress rule on a given AWS security group. After the workflow is finished, the action revokes the new rule. The main |
| 4 | +use case for this action is when you need ephemeral access to private resources on AWS (through a private VPC/Subnet) on a GitHub Actions Workflow. |
| 5 | + |
| 6 | + |
| 7 | +## Usage: |
| 8 | +The easiest way to use this action is the following: |
| 9 | +```yaml |
| 10 | +on: [push] |
| 11 | +jobs: |
| 12 | + job: |
| 13 | + runs-on: ubuntu-latest |
| 14 | + steps: |
| 15 | + - uses: actions/checkout@v2 |
| 16 | + - uses: aws-actions/configure-aws-credentials@v1 |
| 17 | + with: |
| 18 | + aws-access-key-id: ${{ secrets.AWS_ACCESS_ID }} |
| 19 | + aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} |
| 20 | + aws-region: ${{ secrets.AWS_DEFAULT_REGION }} |
| 21 | + - uses: passeidireto/aws-add-ip-to-security-group-action@v1 # could be @main |
| 22 | + with: |
| 23 | + aws_security_group_ids: ${{ secrets.AWS_DEV_TOOLS_SECURITY_GROUP_ID }} |
| 24 | + port_range: '80-83' |
2 | 25 |
|
3 | | -GitHub Action that triggers a Workflow from another repository using `[repository_dispatch](https://docs.github.com/pt/free-pro-team@latest/actions/reference/events-that-trigger-workflows#repository_dispatch)` event. |
| 26 | +``` |
| 27 | + |
| 28 | +The dash `-` notation is used to mean a range of IP addresses. The [aws-configure-credentials](https://github.com/aws-actions/configure-aws-credentials) action is the preferred way to |
| 29 | +setup this action, since you can use several features like self-hosted roles, AssumeRole, and much more. You can also configure it |
| 30 | +using env variables such as: |
| 31 | + |
| 32 | +```yaml |
| 33 | +job: |
| 34 | + - uses: passeidireto/aws-add-ip-to-security-group-action@v1 # could be @main |
| 35 | + with: |
| 36 | + aws_security_group_ids: ${{ secrets.AWS_DEV_TOOLS_SECURITY_GROUP_ID }} |
| 37 | + port_range: '443' |
| 38 | + env: |
| 39 | + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_ID }} |
| 40 | + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_KEY }} |
| 41 | + AWS_DEFAULT_REGION: ${{secrets.AWS_DEFAULT_REGION}} |
| 42 | +``` |
| 43 | +
|
| 44 | +## Roadmap |
| 45 | +Some neat features are already mapped and waiting for PRs or further use cases we reach: |
4 | 46 |
|
| 47 | +- Multiple security groups |
| 48 | +- Multiple port ranges |
| 49 | +- UDP rules |
| 50 | +- Option to not remove the ingress rule once the workflow is finished |
5 | 51 | ## Contributing |
6 | 52 |
|
7 | 53 | PRs welcome! This action is a Docker container, so it is very easy run it locally. Be sure you have all the required inputs represented as envrionment variables. For instance you will need a `INPUT_GITHUB_PAT` to represent the input `github_pat` the action will actually pass. Note the `INPUT_` preffix and the camel case representation. |
|
0 commit comments