Skip to content

Instantly share code, notes, and snippets.

@chriselsen

chriselsen/AWS-BYOIP-BYOASN.md

Last active October 25, 2024 00:18
Show Gist options
  • Save chriselsen/df3a75bccfc305caeca01326df88db2f to your computer and use it in GitHub Desktop.
Save chriselsen/df3a75bccfc305caeca01326df88db2f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
AWS-BYOIP-BYOASN.md

ROA

Origin ASNs

  • Commercial: 14618 & 16509
  • GovCloud: 8987

Create private key and self signed cert

  1. Generate private key
    openssl genpkey -aes256 -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out private-key.pem

  2. Generate self-signe public cert
    openssl req -new -x509 -key private-key.pem -days 365 | tr -d "\n" > certificate.pem
    Note: Data entered does not matter, but is publicly discoverable via Whois/RDAP once uploaded

  3. Display and upload certificate.pem to RIR/LIR/NIR
    cat certificate.pem

Sign auth message

  1. Construct the message to be signed
    text_message="1|aws|<account id>|<resource id>|<message expiration date>|SHA256|RSAPSS“
    Print it again if necessary to make sure it looks right: echo $text_message

  2. Sign the message with your private key
    signed_message=$( echo -n $text_message | openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -sign private-key.pem -keyform PEM | openssl base64 | tr -- '+=/' '-_~' | tr -d "\n")

  3. Print the signed message
    echo $signed_message

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment