Introduction
You may occasionally come across services that needs access to your AWS infrastructure, or an EC2 machine.
One example of this is allowing Bitbucket build machines to SSH into EC2 within AWS.
A quick guide
create a file called bitbucket_whitelist.txt
For convenience, here's the full list:
https://support.atlassian.com/bitbucket-cloud/docs/what-are-the-bitbucket-cloud-ip-addresses-i-should-use-to-configure-my-corporate-firewall/
This will give you one IP address / line.
- create an .sh file with the following:
#!/bin/bash
SECURITY_GROUP_ID=sg-123456789 # This is your existing security group ID
while read -r CIDR
do
aws ec2 authorize-security-group-ingress --group-id $SECURITY_GROUP_ID --protocol tcp --port 22 --cidr $CIDR
done < bitbucket_whitelist.txt
Make sure you save this with linux line endings. In visual studio you can find this option on the bottom right corner:
3. Add yourself permission in IAM:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:AuthorizeSecurityGroupIngress",
"Resource": "arn:aws:ec2:region:accountnumber:security-group/sg-123456789"
}
]
}
Done.
Once you run this, it should one-by-one add the CIDR ranges to the inbound allow list of your given security group.