Powershell Script to Update AWS Security Groups Based Upon Dynamic IP Error

Question

I created a Powershell script that would run in Task Scheduler to update my AWS security groups based upon my public ip address. When I run this script I get an error message which is posted below.

I would also like your help in modifying the script below to delete the old IP address when updating to the new IP address.

The script

# to get current ip address in cidr format 

$ipinfo = Invoke-RestMethod http://ipinfo.io/json

$ipinfo.ip | out-file -filepath currentip -NoNewline

$ipCidr = Add-Content -Path "currentip" -Value "/32"     

# take current ip address and update the security group 
# the second part I am getting an error message pasted below 

$ipchange =  @{ IpProtocol="tcp"; FromPort="1433"; ToPort="1433"; IpRanges=$ipCidr}

Grant-EC2SecurityGroupIngress -GroupId sg-0d28d1cbc04d5df91 -Region us-east-2 -IpPermission @($ipchange)

Error

<# Grant-EC2SecurityGroupIngress : Cannot bind parameter 'IpPermission'. Cannot create object of type "Amazon.EC2.Model.IpPermission". Object of type 'System.Management.Automation.PSObject' cannot be converted to type 'System.Collections.Generic.List`1[System.String]'. At C:\users\inayet\desktop\aws-amazon\scripts\runCurrentIP.ps1:15 char:93 + ... pId sg-0d28d1cbc04d5df91 -Region us-east-2 -IpPermission @($ipchange) + ~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (:) [Grant-EC2SecurityGroupIngress], ParameterBindingException + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Amazon.PowerShell.Cmdlets.EC2.GrantEC2SecurityGroupIngressCmdlet #>

Answer 1

To address the type cast error message add this code just below the add-content line.

$ipCidr = $ipCidr -as [int]

What you are saying is that you want the string value stored in $ipCidr to be converted into integer value.

Now Another problem arises is that the variable $ipCidr = Add-Content -Path "currentip" -Value "/32" -NoNewline does not output a value.

when I cat currentip I get the correct ip cidr address but when I output the value of $ipCidr the file is empty and I get the following error message "You cannot call a method on a null-valued expression."

how do I store the integer value stored in currentip file to the variable $ipCidr ?

Answer 2

That error message seems to say that the cmdlet Grant-EC2SecurityGroupIngress was expecting an object of type Amazon.EC2.Model.IpPermission and it could not construct one from the arguments you passed.

One line is suspect in your code that might explain the error:

$ipCidr = Add-Content -Path "currentip" -Value "/32"

Nothing is returned by Add-Content, which only adds lines to files, so $ipCidr contains nothing at this point.

You may want to try

$ipCidr = Get-Content -path "currentip"

before you continue to populate the hashtable:

$ipchange =  @{ IpProtocol="tcp"; FromPort="1433"; ToPort="1433"; IpRanges=$ipCidr}

The array syntax @() you placed around $IpRanges is not necessary, either, and is probably also a major contributor to the error message you're receiving.

Grant-EC2SecurityGroupIngress -GroupId sg-0d28d1cbc04d5df91 -Region us-east-2 -IpPermission $ipchange

Now that the IpRanges member is no longer empty, powershell may be able to make the conversion to Amazon.EC2.Model.IpPermission.

Answer 3

Thanks everybody for contributing!!!

Here is a solution to the problem I was encountering.

# to get current ip address in cidr format

$ipinfo = Invoke-RestMethod http://ipinfo.io/json

$ipinfo.ip +"/32" | out-file -filepath currentip -NoNewline

$ipCidr = Get-Content -Path currentip

$ipchange = @{ IpProtocol="tcp"; FromPort="1433"; ToPort="1433"; IpRanges=$ipCidr} $ipchange

Grant-EC2SecurityGroupIngress -GroupId sg-123456789 -Region us-east-2 -IpPermission $ipchange