Automatic AWS Security Group ingress through DDNS

Auto DDNS Security Lambda

Update AWS Security Group rules to an IP resolved from a DNS hostname. Useful to dynamically allow ingress from a DDNS hostname.

How it Works

Every time the Lambda is invoked it will resolve the configured hostname to a single IPv4 address.

It will inspect each of the configured security group IDs.

It updates any of the ingress or egress rules that contain @DDNS in the description, is a IPv4 rule and does not match the resolved IPv4 address with the new target IPv4 address.

Setup

Prerequisites

  • Configure a DDNS hostname on your router
  • Create one or more security groups containing ingress or egress rules which you would like to allow access from your IP
    • Somewhere in the rule description enter @DDNS

Lambda Setup

  • Compile and package the Lambda function using 
    bash package.sh
  • Create a new IAM role
  • Create a new function in the Lambda console
    • Use the go1.x runtime
    • Use the IAM role created in the previous step as the execution role
  • Once created upload the dist/functions.zip archive
  • Change the handler to main
  • Edit the general configuration and set the memory to 128MB (the minimum allowed)
  • Edit the environment variables to include
    • SECURITY_GROUP_IDS A comma delimited list of target security group rules
    • TARGET_HOSTNAME Your DDNS hostname

CloudWatch Schedule

Now the Lambda is configured, you can create a new CloudWatch schedule to check and update the rules at any given interval.

  • Go to the CloudWatch console
  • Go to Rules and click Create rule
  • Select Schedule and enter your desired schedule
  • Add a Target
    • Select Lambda function
    • Select your Lambda function
    • Select Constant (JSON Text) as input and enter {}

Limitations

  • Only IPv4 addresses are supported

Command Line Utility

A command line variant is also provided which does the same thing as the Lambda

go run github.com/relvacode/lambda-ddns/cmd/ddns -region AWS_REGION -hostname TARGET_HOSTNAME SECURITY_GROUP_ID [SECURITY_GROUP_ID...]
Owner
Jason Kingsbury
Small solutions for big systems
Jason Kingsbury
https://github.com/relvacode/lambda-ddns
Similar Resources

Zero Trust Network Communication Sentinel provides peer-to-peer, multi-protocol, automatic networking, cross-CDN and other features for network communication.

Zero Trust Network Communication Sentinel provides peer-to-peer, multi-protocol, automatic networking, cross-CDN and other features for network communication.

Thank you for your interest in ZASentinel ZASentinel helps organizations improve information security by providing a better and simpler way to protect

Nov 1, 2022

This tool will listen on a given port, strip SSL encryption, forward traffic through a plain TCP proxy, then encrypt the returning traffic again and send it to the target of your choice. Unlike most SSL stripping solutions this tool will negotiate ALPN and preserve the negotiated protocol all the way to the target.

ALPN Pass This tool will listen on a given port, strip SSL encryption, forward traffic through a plain TCP proxy, then encrypt the returning traffic a

Dec 31, 2022

get WHOIS with library, command or through HTTP server

Go Whois Provide WHOIS library, command line tool and server with restful APIs to query whois information for domains and IPs. It's also available to

Oct 24, 2022

The Durudex gateway combines all durudex services so that it can be used through a single gateway.

The Durudex gateway combines all durudex services so that it can be used through a single gateway.

Dec 13, 2022

Access ftp through caddy

Access ftp through caddy

Dec 14, 2022

A simple go program to proxy http request through a server with caching

go-http-proxy A simple go program to proxy http requests through a server with caching Usage All cli options are optional, and have the default values

Nov 21, 2021

Aidos Kuneen (v2 network) daemon program that is controlled through the command line and remotely via RPC calls

adk-daemon: aidosd.v2 aidosd (v2) is a deamon which acts as bitcoind for adk. This version has been built specifically for network mesh version 2+ For

Dec 1, 2021

A HTTP proxy server tunnelling through wireguard

wg-http-proxy This project hacks together the excellent https://github.com/elazarl/goproxy and https://git.zx2c4.com/wireguard-go into an HTTP proxy s

Dec 30, 2022

Starting my way through learning Golang by setting up an HTTP server.

Lets-Go Setting up an HTTP server with Golang. Building a simple server with "net/http" library in Golang. This is a simpe server with two routes, the

Aug 22, 2022
Related tags
Network dns aws security lambda aws-lambda ddns security-group security-tools security-group-rules
A client software for acme-dns with emphasis on usability and guidance through setup and additional security safeguard mechanisms

acme-dns-client A client software for acme-dns with emphasis on usability and guidance through setup and additional security safeguard mechanisms. It

Dec 2, 2022
apache dubbo gateway,L7 proxy,virtual host,k8s ingress controller.
 apache dubbo gateway,L7 proxy,virtual host,k8s ingress controller.

apache dubbo gateway,L7 proxy,virtual host,k8s ingress controller.

Jul 22, 2022
Group peer to peer video calls for everyone written in Go and TypeScript

Peer Calls v4 WebRTC peer to peer calls for everyone. See it live in action at peercalls.com. The server has been completely rewriten in Go and all th

Dec 30, 2022
Interface PancingIN v1.0 (group project DBMS)

PancingIN Prasyarat Telah memasang Go (direkomendasikan versi terbaru) Mengetahui cara menggunakan terminal / command line Telah melakukan clone/downl

Oct 30, 2021
Chat app that allows you to group multiple channels into one view.

hashchat Backend service Getting Started Essential steps to get your backend service deployed A helloworld example has been shipped with the template

Dec 13, 2021
A simple robot to ban users who send as channel in group chats.

GoLang Telegram Bot GoLang Telegram Bot, written in GoLang via gotgbot library. You can even use this repository as a template to make your own GoLang

Dec 14, 2021
Fastest python library for making asynchronous group requests.

FGrequests: Fastest Asynchronous Group Requests Installation Install using pip: pip install fgrequests Documentation Pretty easy to use. import fgrequ

Nov 22, 2022
Creates a linux group of users synced to your Google Workspace users and automatically imports their public SSH keys.
 Creates a linux group of users synced to your Google Workspace users and automatically imports their public SSH keys.

Creates a linux group of users synced to your Google Workspace users and automatically imports their public SSH keys.

Jan 27, 2022
Pspy-modify - Automatic privilege escalation by pspy
 Pspy-modify - Automatic privilege escalation by pspy

=========== UPDATE CONTENT ============== 更新内容 在Linux提权过程中,我们可以尝试高权限运行的文件我们当前用户是

Nov 18, 2022
ATM-Box - This program is an automatic cashier

ATM BOX This program is an automatic cashier. Within the basic operations, it ha

Jan 29, 2022