Skip to content
This repository has been archived by the owner on Jul 1, 2021. It is now read-only.
/ aws-portknock Public archive
forked from michel-slm/aws-portknock

Port knocking for AWS security groups

License

Notifications You must be signed in to change notification settings

mercos/aws-portknock

 
 

Repository files navigation

aws-portknock

Port knocking for AWS security groups

"Port knocking"

Unlike the traditional port knocking utilities, this tool relies on the caller having the rights, through Amazon Web Services' Identity and Access Management roles, to modify a security group.

Usage

$ aws-portknock --help
Usage: aws-portknock [OPTIONS]

Options:
  --port INTEGER  Port to open
  --profile TEXT  Configuration profile to use
  --sgid TEXT     Security group ID
  --help          Show this message and exit.

aws-portknock will determine the caller's public IP and add a rule to the security group allowing access to the requested port from that IP. It then sleeps until the user quits by using CTRL-C.

If a matching rule already exists, nothing happens on exit; otherwise, that added rule is deleted when aws-portknock exits.

For repeated use, create $HOME/.aws/portknock.ini containing, for example:

[default]
sgid = sg-12abcdef
port = 22

[webprofile]
sgid = sg-12abcdef
port = 443

About

Port knocking for AWS security groups

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Python 100.0%