Assistance Needed in Locating EC2 Instance Public IP Across Multiple Accounts

0

Hello,

I am currently in the process of locating the Public IP of an EC2 instance within my 30 accounts, and I'm facing difficulties in identifying which account it is associated with. Despite thorough searches in the CloudWatch logs across multiple accounts, I have been unsuccessful in finding the EC2 instance's Public IP.

Interestingly, the EC2 instance is not responsive to pings and when I try to curl it's being timed out.

Any guidance or assistance in resolving this matter would be greatly appreciated.

3 Answers
1

You need to check in the EC2 console sub menu Elastic Interfaces and search for the public IP. You also have to check every region too.

The CloudWatch logs will not help you here. You could write a script to do this. It would be much more easier if you could do this from the management account and assume the org role.

I could write you a script to check this if you have this access?

profile picture
EXPERT
answered 10 months ago
profile pictureAWS
EXPERT
reviewed 10 months ago
  • Thank you for your prompt response. If you could kindly provide me with the script, it would be immensely helpful. I truly appreciate your assistance on this Gary!

  • Working on it now.. Will have it later today for you

  • Thanks Gary!

  • Supplied script in another answer. Sorry for the delay. Had a lot on.

0
Accepted Answer

Apoligies Ali other stuff came up.. Heres a crude but effective script.. Please run in BASH from the management account . it works if you have the AWS CLi configured. Update the first 2 variables for your own environment. You will need JQ installing as part of this also. Any questions let me know

#!/bin/bash
#User configurable variables
roletoassume="OrganizationAccountAccessRole"
regions='["eu-west-2","eu-west-1"]'

accounts=$(aws organizations list-accounts --query "Accounts[*].Id")
masteraccount=$(aws organizations describe-organization |jq .Organization.MasterAccountId | tr -d '"')

echo $masteraccount
echo $regions | jq .[] | tr -d '"'| while read region;
                do
                        echo $region
                        aws ec2 describe-addresses --region $region --query "Addresses[*].[{NetworkInterfaceOwnerId:NetworkInterfaceOwnerId, PublicIP: PublicIp, PrivateIp: PrivateIpAddress,NetworkInterfaceId: NetworkInterfaceId}]"
                done

echo $accounts | jq -c .[]| while read i;
do
        account=$(echo $i | tr -d '"')
        if [[ "$account" != "$masteraccount" ]]
        then
                echo $account
                sts=$(aws sts assume-role --role-arn arn:aws:iam::${account}:role/${roletoassume} --role-session-name mysession)
                var=( $(echo $sts | jq '.[] | .AccessKeyId, .SecretAccessKey, .SessionToken') )

                export AWS_ACCESS_KEY_ID=$(echo ${var[0]} | tr -d '"')
                export AWS_SECRET_ACCESS_KEY=$(echo ${var[1]} | tr -d '"')
                export AWS_SESSION_TOKEN=$(echo ${var[2]} | tr -d '"')

                echo $regions | jq .[] | tr -d '"'| while read region;
                do
                        echo $region
                        aws ec2 describe-addresses --region $region --query "Addresses[*].[{NetworkInterfaceOwnerId:NetworkInterfaceOwnerId, PublicIP: PublicIp, PrivateIp: PrivateIpAddress,NetworkInterfaceId: NetworkInterfaceId}]"
                done

                unset AWS_ACCESS_KEY_ID
                unset AWS_SECRET_ACCESS_KEY
                unset AWS_SESSION_TOKEN

        fi
done
profile picture
EXPERT
answered 10 months ago
  • Thanks again Gary. Much appreciated.

0

AWS makes its public IP address ranges freely available, which should help limit your search to a particular region https://aws.amazon.com/blogs/aws/aws-ip-ranges-json/

profile picture
EXPERT
Steve_M
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions