- Newest
- Most votes
- Most comments
You can use Amazon VPC IP Address Manager (IPAM) to collect information about about IP addresses. I can be integrated with AWS Organizations for an Org wide view of addresses.
This is a good example of where a script can make a big job into an easy task.
In short: Iterate through a list of accounts (which can be static or can be part of an Organization); assume a role in each of those accounts (you have to set this up in advance); then call an API to get the information that you need.
Here's some example code in Python. It goes through all accounts in an Organization; if the account isn't in an Organization it only looks at the current account. It's pretty easy to modify to work with a static list of accounts. It also iterates through all regions - that could also be restricted if you're only operating in a single or a few regions.
import boto3
crossAccountRoleName = 'NetworkRole'
org = boto3.client('organizations')
sts = boto3.client('sts')
orgDetails = org.describe_organization()
accountPaginator = org.get_paginator('list_accounts')
accountIterator = accountPaginator.paginate()
for object in accountIterator:
for account in object['Accounts']:
if account['Id'] == orgDetails['Organization']['MasterAccountId']:
ec2 = boto3.client('ec2')
else:
targetRoleArn = f'arn:aws:iam::{account["Id"]}:role/{crossAccountRoleName}'
try:
credentials = sts.assume_role(RoleArn=targetRoleArn,
RoleSessionName='NetworkInfoGatherer')
except Exception as e:
print(f'STS assume_role failed: {e} for account {account["Id"]}')
continue
ec2 = boto3.client('ec2',
aws_access_key_id=credentials['Credentials']['AccessKeyId'],
aws_secret_access_key=credentials['Credentials']['SecretAccessKey'],
aws_session_token=credentials['Credentials']['SessionToken'])
regionList = ec2.describe_regions()['Regions']
for region in regionList:
if account['Id'] == orgDetails['Organization']['MasterAccountId']:
ec2Region = boto3.client('ec2')
else:
ec2Region = boto3.client('ec2',
aws_access_key_id=credentials['Credentials']['AccessKeyId'],
aws_secret_access_key=credentials['Credentials']['SecretAccessKey'],
aws_session_token=credentials['Credentials']['SessionToken'],
region_name=region['RegionName'])
addressList = ec2Region.describe_addresses().get('Addresses', [])
for address in addressList:
print(f'{account["Id"]},{region["RegionName"]},{address["PublicIp"]},{address["PrivateIpAddress"]},{address["NetworkInterfaceId"]}')
Relevant content
- asked 2 years ago
- asked 4 years ago
- asked 2 years ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 10 days ago