Login/Register
See all resources in a subnet / See if subnet is in use
Asked Answered
amazon-web-servicessubnet
E

6

29

I am trying to clean up my AWS configuration and I want to know if particular subnets are actually used/have any resources in them.

I'm aware you can filter a list of a particular resource type (e.g. EC2 instances) by subnet id, through the AWS web interface, but I am not yet aware of all of the different resource types that may be used - so I am concerned I may miss something.

I have tried inspecting the subnet via the AWS CLI, but I can't see anything that clearly differentiates subnets that are in use and those that are not:

aws ec2 describe-subnets

This question deals with enumerating all IP addresses within a particular subnet's CIDR block, but it doesn't reveal how to show only active IP addresses (which I could presumably use to find the attached AWS resources and confirm a subnet is indeed in use).

This seems like it would be a common task, but I can find no AWS documentation or SO posts on how to do this. Perhaps there is something flawed in my approach.

Ebert answered 26/1, 2019 at 13:35 Comment(2)
If I remember correctly, when you try to delete a subnet, on console, it'll not allow you to delete if something is attached to it. And it lists what's attached to it. Does that work for you? Otherwise I'm sure you can do a reverse lookup by aws ec2 describe-instances. It supports --filter for subnet-id. docs.aws.amazon.com/cli/latest/reference/ec2/…Suter
Just confirming what @Suter said: There is an interstitial dialog after you hit Delete. It'll tell you which subnets are in use, with links to the associated resource types.Descender
U
33

aws ec2 describe-network-interfaces --filters Name=subnet-id,Values=subnet-id-here | grep Description (replace subnet-id-here with the subnet id in mind)

The above command will give you the names of resources in that subnet.

Undergird answered 14/6, 2019 at 7:8 Comment(0)
L
11

Take a look at aws ec2 describe-network-interfaces.

This returns a list of Elastic Network Interfaces (ENIs) and supports a subnet-id filter. EC2 instances aren't the only thing that can be on a subnet -- RDS instances, Elastic Load Balancers, Lambda functions, Elastic File System mount targets, NAT Gateways, and other resources consume IP addresses on a subnet, but in each case I can think of, they do this by allocating ENIs. In some cases, like load balancers (ALB and Classic), the number of addresses grows and shrinks as the balancer scales up and down in capacity. In the case of Lambda, a lack of allocated ENIs may only mean that no Lambda container hosts are currently using the subnet, due to a lack of traffic... so if you have VPC Lambda functions, bear that in mind.

You can also see ENIs in the EC2 console, under "Network Interfaces" in the left hand navigation pane.

Leatherjacket answered 26/1, 2019 at 23:25 Comment(0)
E
4

Thank you for the responses - they were both helpful and indeed did help me identify whether particular subnets were in use or not.

The thing I found most useful to understanding what was in each subnet, however, was the open source Python visualisation tool, CloudMapper (I'm in no way affiliated - I discovered it after asking my question and scrolling through commercial visualisers).

Ebert answered 30/1, 2019 at 7:5 Comment(1)
the field you should be looking at is 'Description'Undergird
O
3

The AWS CLI is a great tool but, if you're just trying to see what's in each subnet, AWS added a Network Interfaces section to the EC2 console. From there, you can filter by subnetID

enter image description here

Orthostichy answered 18/2, 2021 at 0:38 Comment(1)
this is the easiest way in my opinionDonative
C
3

AWS CLI filter and query switches

In the --filters switch Values argument, replace <<Subnet ID>> with your Subnet ID.

aws ec2 describe-network-interfaces \
    --filters Name=subnet-id,Values=<<Subnet ID>> \
    --query 'NetworkInterfaces[*].Description'
Catlee answered 21/4, 2021 at 17:25 Comment(0)
B
0

Here's a one-liner that will print all your subnet IDs, with each network ID and Description.

for subnet in $(aws ec2 describe-subnets --query 'Subnets[].SubnetId' --output text); do
echo $subnet; aws ec2 describe-network-interfaces --filters Name=subnet-id,Values=$subnet --query 'NetworkInterfaces[].[NetworkInterfaceId,Description]' --output text; 
done
Butterwort answered 2/4 at 4:58 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.