Add a custom script that gets the public ip address of the current box and calls the AWS CLI to add an inbound security rule on the fly. Then remove that rule at the end of the script.