- Newest
- Most votes
- Most comments
You could create a Lambda function to update the security group(s) for you - but how will you know when the IP address changes?
Putting my "how would I hack this together" hat on:
If there is a DNS record which you could look up and it provides the IP address: Trigger the Lambda function every 'x' minutes using an EventBridge rule; if the IP address is different to the one in the security group then update it. Not the most efficient way but it would work.
If you have some compute device on premises I would have it check to see that the external/public IP address is - it is has changed then that device could (with the right permissions) update the security group directly; or it could trigger the Lambda function via API Gateway or a Lambda function URL.
So it comes down to: How do you know when the IP address changes?
Hello.
How about using AWS ClientVPN and NAT Gateway to set a fixed IP as introduced in the AWS blog below?
Although costs such as NAT Gateway will be incurred, there is no need to introduce a mechanism to update security group inbound rules to dynamic IP addresses.
https://aws.amazon.com/jp/blogs/networking-and-content-delivery/using-aws-client-vpn-to-scale-your-work-from-home-capacity/
Relevant content
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 11 days ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 4 days ago
ClientVPN and NAT are both expensive. Will adopt the solution proposed by Brettski above. Thanks.