# How to whitelist a large number of IPs for an EC2

## Introduction

You may occasionally come across services that needs access to your AWS infrastructure, or an EC2 machine.

One example of this is allowing Bitbucket build machines to SSH into EC2 within AWS.

## A quick guide

1. create a file called bitbucket\_whitelist.txt
    
    For convenience, here's the full list:  
    [https://support.atlassian.com/bitbucket-cloud/docs/what-are-the-bitbucket-cloud-ip-addresses-i-should-use-to-configure-my-corporate-firewall/](https://support.atlassian.com/bitbucket-cloud/docs/what-are-the-bitbucket-cloud-ip-addresses-i-should-use-to-configure-my-corporate-firewall/)
    

This will give you one IP address / line.

1. create an .sh file with the following:
    

```bash
#!/bin/bash

SECURITY_GROUP_ID=sg-123456789 # This is your existing security group ID

while read -r CIDR
do
    aws ec2 authorize-security-group-ingress --group-id $SECURITY_GROUP_ID --protocol tcp --port 22 --cidr $CIDR
done < bitbucket_whitelist.txt
```

Make sure you save this with linux line endings. In visual studio you can find this option on the bottom right corner:

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1690203970268/3d11b458-45fa-4f1e-9659-7530342185ed.png align="center")

3\. Add yourself permission in IAM:

```bash
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "ec2:AuthorizeSecurityGroupIngress",
            "Resource": "arn:aws:ec2:region:accountnumber:security-group/sg-123456789"
        }
    ]
}
```

Done.

Once you run this, it should one-by-one add the CIDR ranges to the inbound allow list of your given security group.
