How to whitelist a large number of IPs for an EC2

·

1 min read

How to whitelist a large number of IPs for an EC2

Introduction

You may occasionally come across services that needs access to your AWS infrastructure, or an EC2 machine.

One example of this is allowing Bitbucket build machines to SSH into EC2 within AWS.

A quick guide

  1. create a file called bitbucket_whitelist.txt

    For convenience, here's the full list:
    https://support.atlassian.com/bitbucket-cloud/docs/what-are-the-bitbucket-cloud-ip-addresses-i-should-use-to-configure-my-corporate-firewall/

This will give you one IP address / line.

  1. create an .sh file with the following:
#!/bin/bash

SECURITY_GROUP_ID=sg-123456789 # This is your existing security group ID

while read -r CIDR
do
    aws ec2 authorize-security-group-ingress --group-id $SECURITY_GROUP_ID --protocol tcp --port 22 --cidr $CIDR
done < bitbucket_whitelist.txt

Make sure you save this with linux line endings. In visual studio you can find this option on the bottom right corner:

3. Add yourself permission in IAM:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "ec2:AuthorizeSecurityGroupIngress",
            "Resource": "arn:aws:ec2:region:accountnumber:security-group/sg-123456789"
        }
    ]
}

Done.

Once you run this, it should one-by-one add the CIDR ranges to the inbound allow list of your given security group.