- Newest
- Most votes
- Most comments
You need to check in the EC2 console sub menu Elastic Interfaces and search for the public IP. You also have to check every region too.
The CloudWatch logs will not help you here. You could write a script to do this. It would be much more easier if you could do this from the management account and assume the org role.
I could write you a script to check this if you have this access?
Apoligies Ali other stuff came up.. Heres a crude but effective script.. Please run in BASH from the management account . it works if you have the AWS CLi configured. Update the first 2 variables for your own environment. You will need JQ installing as part of this also. Any questions let me know
#!/bin/bash
#User configurable variables
roletoassume="OrganizationAccountAccessRole"
regions='["eu-west-2","eu-west-1"]'
accounts=$(aws organizations list-accounts --query "Accounts[*].Id")
masteraccount=$(aws organizations describe-organization |jq .Organization.MasterAccountId | tr -d '"')
echo $masteraccount
echo $regions | jq .[] | tr -d '"'| while read region;
do
echo $region
aws ec2 describe-addresses --region $region --query "Addresses[*].[{NetworkInterfaceOwnerId:NetworkInterfaceOwnerId, PublicIP: PublicIp, PrivateIp: PrivateIpAddress,NetworkInterfaceId: NetworkInterfaceId}]"
done
echo $accounts | jq -c .[]| while read i;
do
account=$(echo $i | tr -d '"')
if [[ "$account" != "$masteraccount" ]]
then
echo $account
sts=$(aws sts assume-role --role-arn arn:aws:iam::${account}:role/${roletoassume} --role-session-name mysession)
var=( $(echo $sts | jq '.[] | .AccessKeyId, .SecretAccessKey, .SessionToken') )
export AWS_ACCESS_KEY_ID=$(echo ${var[0]} | tr -d '"')
export AWS_SECRET_ACCESS_KEY=$(echo ${var[1]} | tr -d '"')
export AWS_SESSION_TOKEN=$(echo ${var[2]} | tr -d '"')
echo $regions | jq .[] | tr -d '"'| while read region;
do
echo $region
aws ec2 describe-addresses --region $region --query "Addresses[*].[{NetworkInterfaceOwnerId:NetworkInterfaceOwnerId, PublicIP: PublicIp, PrivateIp: PrivateIpAddress,NetworkInterfaceId: NetworkInterfaceId}]"
done
unset AWS_ACCESS_KEY_ID
unset AWS_SECRET_ACCESS_KEY
unset AWS_SESSION_TOKEN
fi
done
Thanks again Gary. Much appreciated.
AWS makes its public IP address ranges freely available, which should help limit your search to a particular region https://aws.amazon.com/blogs/aws/aws-ip-ranges-json/
Relevant content
- asked 5 months ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
Thank you for your prompt response. If you could kindly provide me with the script, it would be immensely helpful. I truly appreciate your assistance on this Gary!
Working on it now.. Will have it later today for you
Thanks Gary!
Supplied script in another answer. Sorry for the delay. Had a lot on.