I have used this little bash script to poke a hole in the firewall from my current address:
#!/bin/sh
AWS_IP=$(curl http://checkip.amazonaws.com)
aws ec2 authorize-security-group-ingress --group-name my-security-group \
--protocol tcp --port 22 \
--cidr $AWS_IP/32
However, this results in a security group full of swiss-cheese holes from random IP addresses, so you'll want to subsequently ask the question about how to not have a security group with temporary addresses that are no longer yours. One way to answer that problem is to set up a VPN which has a (relatively) stable IP address endpoint, and then allow that single address only through the security group.
