Skip to content

Latest commit

 

History

History
43 lines (36 loc) · 1.83 KB

File metadata and controls

43 lines (36 loc) · 1.83 KB

aws-lambda-auto-update-security-group-ips

This repo contains a Golang Lambda function that automatically updates (adds/removes) Security Group's rules with the public IPs of the instances of an AWS Autoscaling Group.

Whenever a new EC2 instance, with a public IP, is created, a new security group rule will be added to the SG. Whenever an EC2 instance, with a public IP, is terminated, the security group rule for that IP will be removed from the SG.

It is listening for CloudWatch events (EventBridge) that trigger when an instance passes through either the launching or terminating states.

This function is particularly helpful when you have a cluster of EC2 instances and you want to automatically allow access to and from them by updating the Security Group's rules.

The blog https://aws.amazon.com/blogs/compute/automating-security-group-updates-with-aws-lambda/ was the inspiration for this Golang Lambda function.

Lambda Environmental Variables

  • securityGroupID: The ID of the Security Group

Example CloudWatch Event

    {
        "account": "12345678912",
        "region": "us-east-1",
        "version": "0",
        "id": "3122afb6-be7l-47e8-1cb8-a5c437bd109d",
        "detail-type": "EC2 Instance-launch Lifecycle Action",
        "source": "aws.autoscaling",
        "resources": [
            "arn:aws:autoscaling:us-east-1:12345678912:autoScalingGroup:d3fe9d10-34d0-4c62-b9bb-293b41ba3781:autoScalingGroupName/test-lambda-asg"
        ],
        "detail": {
            "LifecycleHookName": "lifecycle-hook-launch",
            "AutoScalingGroupName": "test-lambda-asg",
            "LifecycleActionToken": "33965228-086a-4aeb-8c26-f82ed3bef491",
            "LifecycleTransition": "autoscaling:EC2_INSTANCE_LAUNCHING",
            "EC2InstanceId": "i-00bd018f38bvcf1c5"
        },
        "time": "2020-10-20T05:47:36Z"
    }