How to temporary open AWS Security Groups rules for dynamic IP

Elastic Cloud Gate provides the option to open certain ports in your security group for connections made from dynamic IP, based on the scheduler.

The flow of opening security group is:

User who is behind dynamic IP logs-in to ECG portal

If the current time is in the range specified in configuration and access to security group was configured without admin confirmation, the new rule is created for the IP, from user who made the connection

If the current time is in the range specified in configuration and access to security group was configured with admin confirmation, email is sent to admin; admin must login to portal and approve the user; when user is approved, the new rule is created for IP from user who made the connection

Before you make security group configuration, you have to create a new login for the user.

To create a new login for the user from the Settings menu, select Manage Users.

Enter user email and password.

To force user to change password with next login, check User must change password with next login.

From the Access Type drop down list, select AWS Security Group.

To send notification email to the new user, check Send notification email to user.

If for security reasons you don’t want to include the password in the email, check Don’t include password in email.

Click Add New User.

Note: any user created though the Users Management section must use a different URL to login to ECG portal. The URL is: https://portal.ecloudgate.com/console/login.aspx

In addition to email and password, the user is asked for the access code on the login page.

You can see your access code on the Users Management page. This number is statically assigned to your account and will not change.

When the new user is created, you can configure security group: from the Main Menu select Security Management.

On the security group list, find the one to which the new rule applies and from the context menu select Access Rules.

In the configuration window from the drop down list, select User.

Access to the security group can be granted manually, with the administrator required to approve each user before access is granted, or automatically (without approval by administrator): this option is set by checking Grant access without admin confirmation box.

As an option, you can request a notification email whenever user requests access by checking Send email notification when user request access box.

Protocol and port define the rule applied to the security group, along with user IP.

Additionally, you can limit duration the rule stays in effect: do this from the Grant Access for list, select either Hours or Days and enter the value.

Under the Schedule section, you can specify what days and time the rule applies. For access 24/7, leave blank.

When you finish configuration, click Save.

At any time, edit or delete access by selecting Edit or Delete from the access list.

Additionally, you can create multiple accesses, e.g. different time access to different days, or for different ports.

When you choose to grant access for the user after manual approval, you will receive a notification email after user’s login. After that, you can grant or deny access.

To manually confirm access login to ECG Portal, go to the Security Management section.

At the top of the page is a list of users waiting for approval; to approve or deny access, select the appropriate option from the context menu.