Port knocking for AWS security groups
Unlike the traditional port knocking utilities, this tool relies on the caller having the rights, through Amazon Web Services' Identity and Access Management roles, to modify a security group.
$ aws-portknock --help
Usage: aws-portknock [OPTIONS]
Options:
--port INTEGER Port to open
--profile TEXT Configuration profile to use
--sgid TEXT Security group ID
--help Show this message and exit.
aws-portknock will determine the caller's public IP and add a rule
to the security group allowing access to the requested port from that
IP. It then sleeps until the user quits by using CTRL-C.
If a matching rule already exists, nothing happens on exit; otherwise,
that added rule is deleted when aws-portknock exits.
For repeated use, create $HOME/.aws/portknock.ini containing, for example:
[default]
sgid = sg-12abcdef
port = 22
[webprofile]
sgid = sg-12abcdef
port = 443