Configuring AWS using ISP assigned IP?

Question

I'm trying to host a website on AWS and I came across this:

If you are connecting through an ISP or from behind your firewall without a static IP address, you need to find out the range of IP addresses used by client computers. If you don't know this address range, you can use 0.0.0.0/0 for this tutorial. However, this is unsafe for production environments because it allows everyone to access your instance using RDP.

My intention was to host my personal website. I connect through an ISP and do not have a static IP address and I'm not sure about the range of IP addresses.

Is there another way to solve this or would I be best to use a different web host such as godaddy, name.com, etc..?

Answer 1

The recommendation is that you don't allow RDP (or ssh if you go with a linux-based server) from the internet in general (i.e. 0.0.0.0/0).

Instead, you should restrict access to your ip (1.2.3.4/32). The problem with this is that when your ISP-provided IP address changes, you will be locked out until you adjust your security rules.

Now, for a personal web site, if you're not accessing it a lot, that's probably not a big deal. Chances are that your ip address doesn't actually change that often, and when it does you can remember to update the security group.

If you want to automate it, you can do this from a script that would query one of the many services that provide this, and then update the security group via the aws cli.

Finally, another option is to set up a VPN between your AWS VPC and your local network. This is probably overkill for your problem, but is something to consider when you want to extend your local network into AWS.

Answer 2

Here is a script that can automate the additional of an IP address to Inbound Security Group rules:

IP=`curl -s icanhazip.com`
aws ec2 authorize-security-group-ingress --group-name "RDS-SG" --protocol tcp --port 22 --cidr $IP/32