Skip to content

IronCloud/aws-security-group-add-ip-action

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
.github/workflows
.github/workflows
 
 
dist
dist
 
 
src
src
 
 
test
test
 
 
.gitignore
.gitignore
 
 
.nvmrc
.nvmrc
 
 
README.md
README.md
 
 
action.yml
action.yml
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

AWS Security Group Add IP Action

This action adds the runner's public IPv4 address to one or more AWS security groups and removes it in the post step. If an existing rule matches port/to-port/protocol and has the same description, the action revokes that old CIDR first, then adds the current one.

Inputs

aws-region

Required AWS Region.

aws-security-group-id

Required AWS Security Group ID (comma separated if multiple).

aws-access-key-id

Optional legacy fallback. Prefer OIDC with aws-actions/configure-aws-credentials.

aws-secret-access-key

Optional legacy fallback. Prefer OIDC with aws-actions/configure-aws-credentials.

protocol

Protocol to allow. Default: "tcp".

port

From port to allow. Default: "22".

to-port

Optional to-port. Default: "". Leave empty to allow a single port (ToPort = FromPort).

description

Description for the IP permission. Default: "GitHub Action".

Recommended usage (OIDC)

name: Example

on: [workflow_dispatch]

permissions:
  id-token: write
  contents: read

jobs:
  run:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v6
        with:
          role-to-assume: arn:aws:iam::123456789012:role/github-actions-role
          aws-region: us-east-1

      - name: Add public IP to AWS security group
        uses: IronCloud/aws-security-group-add-ip-action@v1
        with:
          aws-region: us-east-1
          aws-security-group-id: ${{ secrets.AWS_SECURITY_GROUP_ID }}
          port: '22'
          protocol: 'tcp'
          description: 'GitHub Action'

Legacy static-key usage (fallback)

- name: Add public IP to AWS security group
  uses: IronCloud/aws-security-group-add-ip-action@v1
  with:
    aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
    aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
    aws-region: us-east-1
    aws-security-group-id: ${{ secrets.AWS_SECURITY_GROUP_ID }}
    port: '22'
    to-port: '22'
    protocol: tcp
    description: GitHub Action

Required IAM permissions

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "UpdateIngress",
      "Effect": "Allow",
      "Action": [
        "ec2:RevokeSecurityGroupIngress",
        "ec2:AuthorizeSecurityGroupIngress"
      ],
      "Resource": "arn:aws:ec2:your-region:your-account-id:security-group/your-security-group-id"
    },
    {
      "Sid": "DescribeGroups",
      "Effect": "Allow",
      "Action": "ec2:DescribeSecurityGroups",
      "Resource": "*"
    }
  ]
}

Replace your-region, your-account-id, and your-security-group-id with your values.

About

GitHub Action for AWS Security Group Add IP

Topics

aws github-actions

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • JavaScript 100.0%