Score:0

AWS - Adding multiple IPs to Security Group Inbound Rules

cz flag

I need to open 20 ports for 12 IP blocks.

Do I have to manually add 240 rules in this case? I feel like there must be a way to just copy&paste the IP list to somewhere.

I googled and found it's not possible, but it's hard to believe. https://forums.aws.amazon.com/thread.jspa?threadID=191133

vn flag
You'd probably want to script against the AWS CLI: https://aws.amazon.com/cli/
Score:0
do flag

A bit late here, but a way to do it faster is to create multiple rules, one for each IP block, and create the other rules using the Copy to a new security group option, this way you don't need to write the rules each time, just copy and paste the IP addresses.

enter image description here

I know that using CLI is much faster and repeatable but this can be a quick fix since it is much easier and not everyone knows how to do it with the CLI :)

Score:0
cz flag

Based on what I've searched, the best way to manage this problem is to use prefix list. https://docs.aws.amazon.com/vpc/latest/userguide/managed-prefix-lists.html

Score:0
af flag

IP Lists are supported in WAF, but using that would probably add a bunch of complexity that you don't want/need right now. They can't be used directly in front of an instance and need something like a load balancer or CloudFront distribution.

If you can't use IP ranges (subnets) to reduce the number of rules my recommendation would be to use the CLI to create/manage the rules you need. You can manually run the commands OR write a script to read the info from somewhere (like a text file).

The AWS CLI is available for most environments. PowerShell Tools for AWS is also decent if you prefer PowerShell though I have found a few limitations that the CLI does not have.

One thing to verify is if a security group can contain 240 rules (check the limits). You might need to spread this across a few security groups.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.