open-sesame

Open Sesame

Open Sesame is a CLI tool for adding your public IP address to AWS security group's inbound rules.

This is handy when you're sitting behind a dynamic IP (e.g. you're using a Wi-Fi dongle) and would like to allow access from that IP to some AWS resources through a security group.

Installation

npm install -g open-sesame

Usage

Add inbound rule to specified security group, rule will be named 'open-sesame':

open-sesame aws --region ap-southeast-2 --secgroup-id sg-12345678

Add inbound rule with specified port and name:

open-sesame aws --region ap-southeast-2 --secgroup-id sg-12345678 --port 22 --rule-name some-wi-fi

Note: open-sesame 1.x.x uses --name arg instead of --rule-name .

Add inbound rules to multiple security groups:

open-sesame aws --region ap-southeast-2 --secgroup-id sg-12345678,sg-87654321

Permission

You can use the example below to provision an IAM policy for Open Sesame to use:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "OpenSesame0",
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeSecurityGroups"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "OpenSesame1",
            "Effect": "Allow",
            "Action": [
                "ec2:RevokeSecurityGroupIngress",
                "ec2:AuthorizeSecurityGroupIngress"
            ],
            "Resource": [
                "arn:aws:ec2:<region>:<account_id>:security-group/sg-12345678",
                "arn:aws:ec2:<region>:<account_id>:security-group/sg-87654321"
            ]
        }
    ]
}

Colophon

Developer's Guide

Build reports:

• Code complexity report
• Unit tests report
• Test coverage report
• Integration tests report
• API Documentation

Changelog

3.0.0 - 2024-06-23

Changed

• Upgrade openapi_ipify to 5.3.0
• Set min node engine to >= 18.0.0