Quickly Restrict Amazon service to Single Country
Sometimes you need to restrict a service to only your country. Quickest approach is via Amazon security groups. Note that Amazon security groups accepts a maximum of 100 rules.
- Download a csv file with country IP block ranges from http://www.nirsoft.net e.g. http://www.nirsoft.net/countryip/ug.html
- With help of IPy and Summarize, you could use the python script below to summarize the IP blocks and generate Amazon CLI commands to add the security groups. Redirect output to script file you can run at ounce.
from summarize import summarize import csv if __name__ == "__main__": ifile = open('ug.csv', "rb") reader = csv.reader(ifile) for row in reader: if len(row) > 1: blockSummary = summarize(row,row) print 'aws ec2 authorize-security-group-ingress --group-id your_security_group_id --protocol tcp --port %s --cidr %s' % (80, blockSummary) ifile.close()