Hi,
AWS Security Group will not be able to resolve the DNS hostnames.
You can create a script using AWS CLI commands to update the monitoring server IP addresses. The script should query the current IP address via the nslookup command.
When the current IP address is known, the script should issue the ec2-authorize command. If possible, it should also issue the ec2-revoke command to delete the old IP from the security group.
Please check the link below for more details.
http://docs.aws.amazon.com/cli/latest/userguide/cli-ec2-sg.html
Regards,
Rafee
My approach was to implement a Lambda that updates security groups and WAF whitelists periodically. However, list of 470 IPv4 addresses that `dig +short site24x7.enduserexp.com` returns is problematic considering AWS quotas (there can be only 60 inbound addresses in a security group). Is there really no aggregated blocks or anything available to limit the number of CIDRs we need to allow?
As a reply to myself, location profiles are a partial solution to this. I'm not entirely sure how using location profiles relates to this "For an uninterrupted monitoring experience, it is mandatory to whitelist all our monitoring location IP addresses listed here in your firewall policy. Site24x7 may poll from an alternate location, while a location server is down for maintenance." mention on this page: www.site24x7.com/multi-location-web-site-monitoring.html.
At least for the time being we're limiting IP queries to `city-country.enduserexp.com` ie. `helsinki-fi.enduserexp.com`.