Reputation: 1708
See all resources in a subnet / See if subnet is in use
I am trying to clean up my AWS configuration and I want to know if particular subnets are actually used/have any resources in them.
I'm aware you can filter a list of a particular resource type (e.g. EC2 instances) by subnet id, through the AWS web interface, but I am not yet aware of all of the different resource types that may be used - so I am concerned I may miss something.
I have tried inspecting the subnet via the AWS CLI, but I can't see anything that clearly differentiates subnets that are in use and those that are not:
aws ec2 describe-subnets
This question deals with enumerating all IP addresses within a particular subnet's CIDR block, but it doesn't reveal how to show only active IP addresses (which I could presumably use to find the attached AWS resources and confirm a subnet is indeed in use).
This seems like it would be a common task, but I can find no AWS documentation or SO posts on how to do this. Perhaps there is something flawed in my approach.
Upvotes: 30
Views: 25780
Answers (6)
Reputation: 2688
Here's a one-liner that will print all your subnet IDs, with each network ID and Description.
for subnet in $(aws ec2 describe-subnets --query 'Subnets[].SubnetId' --output text); do
echo $subnet; aws ec2 describe-network-interfaces --filters Name=subnet-id,Values=$subnet --query 'NetworkInterfaces[].[NetworkInterfaceId,Description]' --output text;
done
Upvotes: 0
Reputation: 2646
AWS CLI filter and query switches
In the --filters switch Values argument, replace <<Subnet ID>> with your Subnet ID.
aws ec2 describe-network-interfaces \
--filters Name=subnet-id,Values=<<Subnet ID>> \
--query 'NetworkInterfaces[*].Description'
Upvotes: 3
Reputation: 3780
The AWS CLI is a great tool but, if you're just trying to see what's in each subnet, AWS added a Network Interfaces section to the EC2 console. From there, you can filter by subnetID
Upvotes: 3
Reputation: 2078
aws ec2 describe-network-interfaces --filters Name=subnet-id,Values=subnet-id-here | grep Description (replace subnet-id-here with the subnet id in mind)
The above command will give you the names of resources in that subnet.
Upvotes: 34
Reputation: 1708
Thank you for the responses - they were both helpful and indeed did help me identify whether particular subnets were in use or not.
The thing I found most useful to understanding what was in each subnet, however, was the open source Python visualisation tool, CloudMapper (I'm in no way affiliated - I discovered it after asking my question and scrolling through commercial visualisers).
Upvotes: 4
Reputation: 179194
Take a look at aws ec2 describe-network-interfaces.
This returns a list of Elastic Network Interfaces (ENIs) and supports a subnet-id filter. EC2 instances aren't the only thing that can be on a subnet -- RDS instances, Elastic Load Balancers, Lambda functions, Elastic File System mount targets, NAT Gateways, and other resources consume IP addresses on a subnet, but in each case I can think of, they do this by allocating ENIs. In some cases, like load balancers (ALB and Classic), the number of addresses grows and shrinks as the balancer scales up and down in capacity. In the case of Lambda, a lack of allocated ENIs may only mean that no Lambda container hosts are currently using the subnet, due to a lack of traffic... so if you have VPC Lambda functions, bear that in mind.
You can also see ENIs in the EC2 console, under "Network Interfaces" in the left hand navigation pane.
Upvotes: 12
Related Questions
- Is there a way to list all resources in AWS
- How to monitor IP allocation within an AWS subnet?
- Show VPC and subnets associated with an AWS ECS cluster
- AWS: List of assigned IPs in subnet
- AWS CLI: try to write query for subnets
- How to determine which subnet I am in on AWS?
- How to get AWS subnet name from AWS CLI or EC2 metadata
- Discover members of an aws subnet from an instance of this subnet
- How to find all ELB that are using specific subnet in AWS vis CLI?
- How to find out if an AWS VPC Subnet is a "public subnet"?