aws-portknock

Port knocking for AWS security groups


Keywords
aws, portknock
License
MPL-2.0
Install
pip install aws-portknock==0.1.2

Documentation

aws-portknock

Port knocking for AWS security groups

"Port knocking"

Unlike the traditional port knocking utilities, this tool relies on the caller having the rights, through Amazon Web Services' Identity and Access Management roles, to modify a security group.

Usage

$ aws-portknock --help
Usage: aws-portknock [OPTIONS]

Options:
  --port INTEGER  Port to open
  --profile TEXT  Configuration profile to use
  --sgid TEXT     Security group ID
  --help          Show this message and exit.

aws-portknock will determine the caller's public IP and add a rule to the security group allowing access to the requested port from that IP. It then sleeps until the user quits by using CTRL-C.

If a matching rule already exists, nothing happens on exit; otherwise, that added rule is deleted when aws-portknock exits.

For repeated use, create $HOME/.aws/portknock.ini containing, for example:

[default]
sgid = sg-12abcdef
port = 22

[webprofile]
sgid = sg-12abcdef
port = 443