Amazon EC2 Security Group inbound rule with a dynamic IP

amazon ec2amazon-web-servicesssh

I'm just getting started with Amazon AWS and EC2 in particular and I was wondering if someone could clarify what I see as a potential problem with EC2 Security Groups. Right now, I'm in the process of setting up a Security Group for connecting to linux instances and I'm creating my inbound rules for the group. I've created "anywhere" rules for HTTP and HTTPS access; however, for my SSH rule, the amazon tutorial says I should limit inbound access to my public IP address. What I don't get is how that's secure or workable if your public IP address is dynamic? I know I don't have a static IP address, so what happens when my ISP changes my public IP and I can no longer ssh into my instance? Am I missing something here that's right in front of me?

Link to the setup guide I'm using: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/get-set-up-for-amazon-ec2.html (Step 7 of 'Create a Security Group' is what seems problematic to me)

Best Answer

The idea is that your IP doesn't change. If it does change, you can update it in the Security Group either via the AWS console or via an API call.

The guide doesn't assume you have an IP that changes often. If it does, either ignore its advice and open SSH to the world (or perhaps the IP range your ISP uses for customers) or write a script that updates the security group whenever your computers IP changes. (the details of this depend on your operating system).