Add Rule to Security Group From File In S3 Bucket

1. Create a bucket with a unique name here we assume ‘s3nvbucket’ is name of bucket
2. Create lambda function as follows
   1. Go to lambda from services menu of AWS console
   2. Click on create function button from lambda dashboard
   3. Choose Author from scratch option while creating function
   4. Give function name & select Runtime language as python 3.7
   5. Assign S3 permission to read file from s3 as soon as uploaded
      1. 1. 1. 1. Select Create a role with AWS policy template
               2. Define Role name
               3. Choose Policy Template
   6. Assign EC2 Write permission (AmazonEc2FullAccess) to add inbound rule in Security Group
   7. Now click on button Create function

3. Next you will have to configure the lambda function
   1. Click on button Add trigger
   2. Select a trigger (resource type) from list as s3
   3. Select Bucket. (‘s3nvbucket’)
   4. Select Event Type as PUT
   5. Type ‘IP’ in prefix
   6. Type ‘.TXT’ in suffix
   7. Click on ADD button

4. Copy the function Code from here

import boto3
def sg_assign(ip):
ipt=ip
ec2 = boto3.resource(‘ec2′,’us-east-1’)
security_group = ec2.SecurityGroup(‘sg-019aecbdc639e126e’)
response = security_group.authorize_ingress(GroupId=’sg-019aecbdc639e126e’,IpPermissions=[{‘IpProtocol’: ‘tcp’,’FromPort’: 22,’ToPort’: 22,’IpRanges’:[{‘CidrIp’:ipt,’Description’: ‘added SSH inbound role from lambda’}]}])
print(response)
return

def lambda_handler(event, context):
# TODO implement
s3 = boto3.client(‘s3′)
obj = s3.get_object(Bucket=’s3nvbucket’,Key=’ip.txt’)
body = obj[‘Body’].read()
temp1=body.decode(‘utf-8’)
temp=temp1+”/32″
sg_assign(temp)
return

1. 1. 1. Do some changes in code as required
         1. Type Proper region as per your resources location (at line 4)
         2. Type proper security group id : (at line 5 and 6)
         3. Type proper bucket name to read ip address (at line 13)
         4. Give proper indent as below

5. Now click on SAVE to save the function code and changes done in configuration

6. Create a file with name ip.txt which contains IP address. (see following image)
7. Upload ip.txt to created bucket (ie. s3nvbucket)
8. Now your lambda function is executed and inbound rule is added under defined security group see out put as follows

10. Thank you…