Punch holes in your AWS account security.
holepunch is meant for times when you need to temporarily open ingress to an
AWS security group, perhaps for development or testing remotely without a VPN
set up.
This is really bad practice, but holepunch will make sure that security group
rules will be reverted when you are done.
After running holepunch, just hit ^D to clear out the modified rules.
You can also run holepunch only for the duration of a shell command with
--command.
By default, holepunch will refuse to remove rules that existed before it
was run. This can be toggled with the --remove-existing flag. Holepunch
will only remove rules that match the provided arguments. Eg source, port,
protocol and description must all match or the rule will not be removed.
pip install holepunch
AWS credentials can be set up in any of the places that Boto3 knows to look.
To modify security group foo_bar to permit inbound traffic from this
machine to TCP port 22 (ssh):
holepunch foo_bar 22 --tcp
Modifying a security group using its id also works:
holepunch sg-62153838 443 --tcp
Apply security group rules and then ssh into a host. Rules will be
reverted when SSH connection ends.
holepunch foo_bar 22 --command "ssh bastion"
Adding multiple TCP port ranges:
holepunch foo_bar 22 80 8080-8081 --tcp
Explicitly setting the IP range the rules apply to:
holepunch foo_bar --cidr=192.168.0.0/16 22 80
# Also works with IPv6 ranges
holepunch foo_bar --cidr=2001:882f::1/128 443