AWS: List of assigned IPs in subnet

About

Asked 26/4, 2018 at 16:32 Answered 13/6, 2023 at 14:17

Solved amazon-web-services amazon-ec2 aws-cli amazon-vpc subnet

Is there a way to get a list of all assigned IPs in an AWS subnet? Furthermore, if there is a way to see the associated (AW)Services? That would be incredibly helpful as well. Thanks!

EDIT:

All assigned private IPs in a private AWS Subnet (which are retained regardless of instance state). Any means of obtaining this information will do. I am most familiar with AWS CLI, boto/boto3 and the console.

The list would include all avail per CIDR block definition except for 5 addresses:

1 for subnet address
1 for broadcast
AWS reserves the first 3 available IP addresses for each subnet

Julianajuliane answered 26/4, 2018 at 16:32 Comment(2)

Define assigned IPs. Even stopped instances have an IP in a VPC. You want CLI solution or SDK solution? Be as descriptive as possible and avoid one liner questions. – Indenture 26/4, 2018 at 18:12

Absolutely! I've posted some edits above. Thanks! – Julianajuliane 26/4, 2018 at 18:33

aws ec2 describe-instances --filters "Name=subnet-id,Values=subnet-12345678" --query 'Reservations[*].Instances[*].PrivateIpAddress' --output text

Use describe-instances
Query by subnet-id
Filter the results by PrivateIpAddress

Using @Michael - sqlbot's suggestion:

aws ec2 describe-network-interfaces --filters "Name=subnet-id,Values=subnet-12345678" --query 'NetworkInterfaces[*].PrivateIpAddress'

Indenture answered 26/4, 2018 at 18:46 Comment(12)

Thanks! I'm noticing that this does not account for all of my unavailable subnet addresses from the AWS VPC subnet console. I understand the two reserved for subnet address and broadcast. Are they associated with RDS instances? Is it possible to get the same thing for RDS instance? I imagine that the addresses are behind an endpoint address to abstract MultiAZ, so I wasn't sure how much of this information is visible. Thanks again! – Julianajuliane 26/4, 2018 at 19:10

I think aws ec2 describe-network-interfaces would be the preferred approach, since that should pick up addresses used by RDS, ELB-C/ALB/NLB, EFS, PrivateLink, etc... not to mention the dynamic activity of Lambda. – Autotomize 26/4, 2018 at 22:14

@Michael-sqlbot I agree, but in my case both return same set of IPs. Thanks for mentioning Lambda. Are you saying Lambda uses up an IP in VPC IP address space? – Indenture 26/4, 2018 at 22:29

@Julianajuliane what IPs are not accounted for? I mean the type of instances, instance state etc., – Indenture 26/4, 2018 at 22:31

@Indenture Lambda allocates multiple elastic network interfaces -- apparently one for each container it spawns -- when functions are running inside your VPC. "AWS Lambda uses the VPC information you provide to set up ENIs that allow your Lambda function to access VPC resources." After a traffic spike, any excess ENIs are typically destroyed within a few hours of their last use. The other services I mentioned all allocate ENIs and they're assigned addresses from your CIDR block for the subnets they are on. Also NAT Gateways get 1 each. – Autotomize 26/4, 2018 at 23:4

Thanks @Michael-sqlbot – Indenture 27/4, 2018 at 0:1

@Julianajuliane try the second solution using describe-network-interfaces – Indenture 27/4, 2018 at 0:2

@helloV, taking one of my subnets as an example: 4096 addresses are the total according to the subnet definition. Taking away 2 for broadcast and subnet, this leaves 4094. The VPC subnet console lists 4079 as available, so I have to account for 15. When I run the command with describe-instances I see 10 IPs. When I run with describe-network-instances I get an additional 2 (for an EFS mount and an RDS instance). 15 available minus the 12 that I see with describe-network-interfaces leaves 3 that I would still like to account for. I'm not sure where else they could be. Thanks! – Julianajuliane 27/4, 2018 at 13:40

3 minutes into a AWS Network Cert video by Cloud Guru, I'm told "AWS reserves the first 3 available IP addresses for each subnet". I'll update the question with this detail, as I think it may be helpful for anyone with the same question. @Michael-sqlbot & helloV, thank you so much for your help!!! Much appreciated. – Julianajuliane 2/5, 2018 at 15:32

@Julianajuliane that's true. "The first four IP addresses and the last IP address in each subnet CIDR block are not available for you to use, and cannot be assigned to an instance." Slightly different wording, but "first four" and "first 3 available" are the same, of course. – Autotomize 2/5, 2018 at 15:43

@Indenture Can you replace the single quote with double quotes in the filter? I found that copying your example into windows AWS cli didn't work until I replaced the quotes with double quotes – Frontispiece 8/1, 2021 at 13:50

More than one IP can be attached to each Network Interface, so this query is more effective: 'NetworkInterfaces[*].PrivateIpAddresses[*].PrivateIpAddress'. The output isn't so pretty. Also, prefixes can also be allocated, so a query like 'NetworkInterfaces[*].Ipv4Prefixes[*].Ipv4Prefix' is useful. – Chayachayote 15/11, 2021 at 19:20

You can also check the count of available IPs through this command:

aws ec2 describe-subnets --subnet-ids subnet-0621441200b4b3970 --query "Subnets[*].AvailableIpAddressCount"

Petaloid answered 13/6, 2023 at 14:17 Comment(1)

It's a much more correct answer in my opinion. – Swanky 13/8 at 12:27

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags