Skip to content

danbrakeley/upmyip

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
.github/workflows
.github/workflows
 
 
.vscode
.vscode
 
 
aws
aws
 
 
cmd
cmd
 
 
extras
extras
 
 
internal/buildvar
internal/buildvar
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
.markdownlint.json
.markdownlint.json
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
magefile.go
magefile.go
 
 

Repository files navigation

upmyip

Overview

This is a solution to maintaining an IP allow list on a service using Security Groups in AWS. It gives a cli to end users that they can run to first look up their public-facing IP address, and to then send it along to a lambda that will revoke any old IP address for that user, and authorize the new one.

The lambda and CLI are both written in Go, and deployment and adding users happens via the included CloudFormation scripts (see aws/README.md). The CLI reads its credentials from its own config file (and not from ~/.aws, this was done to keep it simple to roll out to users).

WARNING

If you want to keep something secure, then put it behind a VPN. This solution is just meant to reduce the attack surface, but doesn't offer any real protection.

I TAKE NO RESPONSIBILITY FOR THIS WORKING OR NOT WORKING. ASSUME IT DOESN'T WORK, AND THEN PROVE TO YOURSELF THAT IT DOES BEFORE USING.

If you find something wrong/broken, please let me know and/or open a PR to help fix it!

Dev Setup

  • Install a recent version of Go
  • Install Mage
    • There's a helper bash script for installing and upgrading Mage here: ./scripts/reinstall-mage.sh.
  • run mage to see the build targets, e.g. 
    $ mage
Targets:
  all            tests, builds, and packages all targets
  ci             runs all CI tasks
  lambda         tests, builds, and packages the lambda
  lambdaBuild    builds the lamda (output goes to "local" folder)
  lambdaZip      zips the lambda
  test           tests all packages
  upMyIP         tests and builds the upmyip cli app
  upMyIPBuild    builds the upmyip cli app
  upMyIPRun      runs the upmyip cli app in the "local" folder

Building and packaging happen in the local folder, which is ignored by git.

Building the Lambda

  • run mage lambda
    • output is local/lambda.zip

Note that deploying code changes to all running lambdas can be automated via some bash script in aws/README.md.

Building the CLI

  • run mage upmyip
    • output is local/upmyip[.exe]
  • it will require a upmyip.toml config file in the current folder, in the form: 
    lambda = "LAMBDA_FUNCTION_NAME"
access_key = "ACCESS_KEY"
secret_key = "SECRET"
  • mage upmyiprun will run the most recently built upmyip inside the local folder (meaning your upmyip.toml file needs to be in the local folder as well)

AWS Setup

See aws/README.md.

Adding users

  • For each new user, deploy the per-user.yaml CF template in the aws folder (see the README in that folder for more specifics).
  • Create a upmyip.toml for this user by hand (see Building the CLI above for an example).
  • Securely send the user the config file.
  • Send the user the latest cli executable.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 4

v0.2.1 - Better spinner Latest
Jun 22, 2024
+ 3 releases

Packages

 
 
 

Languages