GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → PicnicSupermarket → pingdom-probes-aws-whitelist

PicnicSupermarket / pingdom-probes-aws-whitelist

Licence: MIT License
A script for syncing Pingdom probe IPv4 addresses to AWS security groups.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

awswhitelistec2pingdomipv4probessecurity-groups

Projects that are alternatives of or similar to pingdom-probes-aws-whitelist

accomplist
ACCOMPLIST - List Compiler
Stars: ✭ 51 (+88.89%)
Mutual labels:  whitelist, ipv4
aws-map
Make a network graph of an AWS region
Stars: ✭ 79 (+192.59%)
Mutual labels:  ec2, security-groups
uC-TCP-IP
A compact, reliable, high-performance TCP/IP protocol stack. Features dual IPv4 and IPv6 support, an SSL/TLS socket option, and support for Ethernet, Wi-Fi, and PHY controllers.
Stars: ✭ 66 (+144.44%)
Mutual labels:  ipv4
OpenBSDFirewall
Simple OpenBSD Home Firewall Config for ALIX Board
Stars: ✭ 41 (+51.85%)
Mutual labels:  ipv4
unbound-dns-firewall
DNS-Firewall Python script for UNBOUND
Stars: ✭ 23 (-14.81%)
Mutual labels:  whitelist
AdGuard-Home-Whitelist
A strict curated whitelist for AdGuard Home.
Stars: ✭ 50 (+85.19%)
Mutual labels:  whitelist
Aws-Manger-Bot
一个可以管理aws资源的telegram bot
Stars: ✭ 45 (+66.67%)
Mutual labels:  ec2
whereabouts
An HTTP service for mapping IPv4 and IPv6 addresses to cities, countries & continents
Stars: ✭ 16 (-40.74%)
Mutual labels:  ipv4
black-mirror
Automatically maintained malicious host blacklists and false-positive whitelists.
Stars: ✭ 41 (+51.85%)
Mutual labels:  whitelist
enableallExtensions
Automatically add all existing Chrome extensions to ExtensionInstallWhitelist, including non-webstore ones
Stars: ✭ 23 (-14.81%)
Mutual labels:  whitelist
md server
Standalone EC2 metadata server to simplify the user of vendor cloud images with standalone kvm/libvirt
Stars: ✭ 36 (+33.33%)
Mutual labels:  ec2
aws-solutions-architect-associate-certificate
Note to pass the AWS Solutions Architect Associate Exam
Stars: ✭ 58 (+114.81%)
Mutual labels:  ec2
AutoSpotting
Saves up to 90% of AWS EC2 costs by automating the use of spot instances on existing AutoScaling groups. Installs in minutes using CloudFormation or Terraform. Convenient to deploy at scale using StackSets. Uses tagging to avoid launch configuration changes. Automated spot termination handling. Reliable fallback to on-demand instances.
Stars: ✭ 2,058 (+7522.22%)
Mutual labels:  ec2
retrie
Efficient Trie-based regex unions for blacklist/whitelist filtering and one-pass mapping-based string replacing
Stars: ✭ 35 (+29.63%)
Mutual labels:  whitelist
go-net-radix
Go bindings for radix tree library for fast subnet (IPv4 and IPv6) lookups
Stars: ✭ 37 (+37.04%)
Mutual labels:  ipv4
swift-ipify
Swift library for checking your IP address from ipify.org
Stars: ✭ 37 (+37.04%)
Mutual labels:  ipv4
freebind
IPv4 and IPv6 address rate limiting evasion tool
Stars: ✭ 88 (+225.93%)
Mutual labels:  ipv4
cloud-init-example
Example of setting user-data for AWS EC2 with multipart data, tests the order in which various user data formats are run
Stars: ✭ 39 (+44.44%)
Mutual labels:  ec2
go-inet
A Go library for reading, formatting, sorting, lookup and converting IP-addresses and IP-blocks
Stars: ✭ 14 (-48.15%)
Mutual labels:  ipv4
sensu-plugins-aws
This plugin provides native AWS instrumentation for monitoring and metrics collection, including: health and metrics for various AWS services, such as EC2, RDS, ELB, and more, as well as handlers for EC2, SES, and SNS.
Stars: ✭ 79 (+192.59%)
Mutual labels:  ec2
View All Similar Projects ➔

Sync Pingdom probe IPs to AWS security groups

A script for synchronizing AWS security group ingress rules with the published list of Pingdom probe IPv4 addresses. This script is inspired by and an alternative to the following projects:

Advantages of this script over either or both of the scripts listed above:

  • It is not affected by the AWS limit of 50 ingress rules per SG, as multiple security groups may (and should!) be provided.
  • It does not unnecessarily modify the security groups upon repeated invocations.
  • It drops obsolete ingress rules.

Usage

By default the script adds a TCP port 80 ingress rule for each Pingdom probe IP. It modifies only listed security groups. For all supported options, run the script with --help:

$ ./sync-pingdom-ec2-security-groups.py --help
usage: sync-pingdom-ec2-security-groups.py [-h] [--profile PROFILE]
                                           [--region REGION]
                                           [--whitelist WHITELIST]
                                           [--protocol {icmp,tcp,udp}]
                                           [--from-port FROM_PORT]
                                           [--to-port TO_PORT]
                                           [--rules-per-security-group RULES_PER_SECURITY_GROUP]
                                           security-group [security-group ...]

positional arguments:
  security-group        One of the security groups to be updated

optional arguments:
  -h, --help            show this help message and exit
  --profile PROFILE     The AWS config profile to use; defaults to the default
                        profile
  --region REGION       The AWS region where the security groups are located;
                        defaults to the environment's default region
  --whitelist WHITELIST
                        The URL at which the IP whitelist is located; must
                        contain one one IP per line
  --protocol {icmp,tcp,udp}
                        The protocol used by the Pingdom probe
  --from-port FROM_PORT
                        The lowest port on which Pingdom probes
  --to-port TO_PORT     The highest port on which Pingdom probes
  --rules-per-security-group RULES_PER_SECURITY_GROUP
                        The maximum number of rules per security group

Note that your environment must be configured to provide valid AWS credentials. See the Boto documentation or the AWS CLI documentation for instructions on how to set this up.

Example invocation

The following run shows the effect of synchronizing a set of three security groups (with anonymized IDs) after Pingdom abandoned four IPs since the script was last run:

$ ./sync-pingdom-ec2-security-groups.py sg-12345678 sg-23456789 sg-34567890
Dropping from SG sg-12345678: Permission tcp:78.31.69.179/32:80-80
Dropping from SG sg-12345678: Permission tcp:76.72.171.180/32:80-80
Dropping from SG sg-12345678: Permission tcp:158.58.173.160/32:80-80
Dropping from SG sg-12345678: Permission tcp:72.46.140.186/32:80-80
Adding to SG sg-12345678: Permission tcp:54.70.202.58/32:80-80
Adding to SG sg-12345678: Permission tcp:52.197.224.235/32:80-80
Adding to SG sg-12345678: Permission tcp:52.63.164.147/32:80-80
Adding to SG sg-12345678: Permission tcp:23.111.152.74/32:80-80
Dropping from SG sg-23456789: Permission tcp:54.70.202.58/32:80-80
Dropping from SG sg-23456789: Permission tcp:52.197.224.235/32:80-80
Dropping from SG sg-23456789: Permission tcp:52.63.164.147/32:80-80
Dropping from SG sg-23456789: Permission tcp:23.111.152.74/32:80-80
Adding to SG sg-23456789: Permission tcp:52.63.142.2/32:80-80
Adding to SG sg-23456789: Permission tcp:52.209.34.226/32:80-80
Adding to SG sg-23456789: Permission tcp:178.255.154.2/32:80-80
Adding to SG sg-23456789: Permission tcp:54.68.48.199/32:80-80
Dropping from SG sg-34567890: Permission tcp:52.63.142.2/32:80-80
Dropping from SG sg-34567890: Permission tcp:52.209.34.226/32:80-80
Dropping from SG sg-34567890: Permission tcp:178.255.154.2/32:80-80
Dropping from SG sg-34567890: Permission tcp:54.68.48.199/32:80-80
SUCCESS

Running the script once more does not further modify the security groups:

$ ./sync-pingdom-ec2-security-groups.py sg-12345678 sg-23456789 sg-34567890
SUCCESS

Contributing

Contributions are welcome! Feel free to file an issue or open a pull request.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].