Score:0

Server

AWS - Adding multiple IPs to Security Group Inbound Rules

Lunartist

5/24/23, 1:26 AM

I need to open 20 ports for 12 IP blocks.

Do I have to manually add 240 rules in this case? I feel like there must be a way to just copy&paste the IP list to somewhere.

I googled and found it's not possible, but it's hard to believe. https://forums.aws.amazon.com/thread.jspa?threadID=191133

375

0 + 0

amazon-web-services

security-groups

ceejayoz

5/24/23, 1:36 AM

You'd probably want to script against the AWS CLI: https://aws.amazon.com/cli/

Score:0

Server

polmonroig

11/25/23, 10:39 AM

A bit late here, but a way to do it faster is to create multiple rules, one for each IP block, and create the other rules using the Copy to a new security group option, this way you don't need to write the rules each time, just copy and paste the IP addresses.

I know that using CLI is much faster and repeatable but this can be a quick fix since it is much easier and not everyone knows how to do it with the CLI :)

+ 0

Score:0

Server

Lunartist

5/24/23, 5:21 AM

Based on what I've searched, the best way to manage this problem is to use prefix list. https://docs.aws.amazon.com/vpc/latest/userguide/managed-prefix-lists.html

0 + 0

Score:0

Server

Tim P

5/24/23, 3:23 PM

IP Lists are supported in WAF, but using that would probably add a bunch of complexity that you don't want/need right now. They can't be used directly in front of an instance and need something like a load balancer or CloudFront distribution.

If you can't use IP ranges (subnets) to reduce the number of rules my recommendation would be to use the CLI to create/manage the rules you need. You can manually run the commands OR write a script to read the info from somewhere (like a text file).

The AWS CLI is available for most environments. PowerShell Tools for AWS is also decent if you prefer PowerShell though I have found a few limitations that the CLI does not have.

One thing to verify is if a security group can contain 240 rules (check the limits). You might need to spread this across a few security groups.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: AWS - Adding multiple IPs to Security Group Inbound Rules

TH: AWS - การเพิ่มหลาย IP ให้กับกฎขาเข้าของกลุ่มความปลอดภัย

RO: AWS - Adăugarea mai multor adrese IP la regulile de intrare ale grupului de securitate

RU: AWS — добавление нескольких IP-адресов в правила для входящих подключений группы безопасности

VI: AWS - Thêm nhiều IP vào Quy tắc gửi đến của nhóm bảo mật

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.