DEV Community

AWS Community Builders profile image Geoffrey Wiseman
Geoffrey Wiseman for AWS Community Builders

Posted on

AWS AllowList "Update"

#aws #cli #opensource #security

I've just published v1.2.0 of AWS AllowList to pypi, an open-source python CLI tool for small AWS accounts to allow users to maintain a security group for SSH access into a VPC.

Before I get into the changes, let me remind you that while this can be a helpful tool, there are many alternatives that may be better suited for most accounts.

Alternatives

For an AWS environment of any significant size, there are alternatives that you ought to consider first. This is a simple solution for simple environments, but it's definitely not what I'd recommend as the best solution.

What's New

Update Commands

In v1.1.0, I added support to describe and automatically describe additions, but I found that as I went from place to place, it was easy to add new rules with awswl as I needed them, but that cleaning up past entries was a chore that wasn't directly needed to get work done, so easy to defer -- but also that each old entry was a potential security hole.

So I decided I ought to have another model in v1.2.0 -- a way to update existing rules (by description) so that the new entry would replace the old one, thus handling the cleanup as part of the process of adding a new entry.

To this end, I've added two update commands:

  • update
    • Replaces an existing security group rule as identified by description with a new rule (same description, newly specified CIDR)
  • update-current
    • Same as update, but instead of specifying the CIDR block, the CIDR block is automatically generated from your current external IP address.

Subcommands

In v1.1.0, I used CLI options to allow multiple commands to be run on one single invocation of the CLI. That was starting to get increasingly complex to understand and reason about, and I was finding it difficult to add new features without tripping over weird combinations of options.

So I've replaced the options with subcommands (e.g. git style). So what would have been awswl --add is now awswl add.

Dependencies / Security

There were some security vulnerabilities present on some of the dependencies, so all dependencies have been reviewed and/or updated where possible to ensure that awswl is modernized to cover any issues that have come up since the last release.

Top comments (0)

Read next

jt_ziolo profile image

Creating a Global .gitignore File as an Extra Line of Defense Against Bad Commits

JT Ziolo -

094459 profile image

Back to the future: Writing 6502 assembler with Amazon Q Developer

Ricardo Sueiras -

diek profile image

When Your AWS Bill Goes Viral and Your Finance Department Becomes a Memelord 🚀💸

diek -

binaries001 profile image

BUILDING A CYBERSECURITY DETECTION AND MONITORING LAB BY LEVERAGING LOCAL VIRTUAL MACHINES (VMs) AND MICROSOFT AZURE

Adeniran Abdullahi -