I've just published v1.2.0 of AWS AllowList to pypi, an open-source python CLI tool for small AWS accounts to allow users to maintain a security group for SSH access into a VPC.
Before I get into the changes, let me remind you that while this can be a helpful tool, there are many alternatives that may be better suited for most accounts.
Alternatives
For an AWS environment of any significant size, there are alternatives that you ought to consider first. This is a simple solution for simple environments, but it's definitely not what I'd recommend as the best solution.
What's New
Update Commands
In v1.1.0, I added support to describe and automatically describe additions, but I found that as I went from place to place, it was easy to add new rules with awswl
as I needed them, but that cleaning up past entries was a chore that wasn't directly needed to get work done, so easy to defer -- but also that each old entry was a potential security hole.
So I decided I ought to have another model in v1.2.0 -- a way to update existing rules (by description) so that the new entry would replace the old one, thus handling the cleanup as part of the process of adding a new entry.
To this end, I've added two update
commands:
-
update
- Replaces an existing security group rule as identified by description with a new rule (same description, newly specified CIDR)
-
update-current
- Same as
update
, but instead of specifying the CIDR block, the CIDR block is automatically generated from your current external IP address.
- Same as
Subcommands
In v1.1.0, I used CLI options to allow multiple commands to be run on one single invocation of the CLI. That was starting to get increasingly complex to understand and reason about, and I was finding it difficult to add new features without tripping over weird combinations of options.
So I've replaced the options with subcommands (e.g. git style). So what would have been awswl --add
is now awswl add
.
Dependencies / Security
There were some security vulnerabilities present on some of the dependencies, so all dependencies have been reviewed and/or updated where possible to ensure that awswl
is modernized to cover any issues that have come up since the last release.