【AWS CLI】ネットワーク関連のリソース一覧取得

記事タイトルとURLをコピーする

こんにちは。AWS CLIが好きな福島です。
今回は、AWS CLIを使ってネットワーク関連のリソース一覧を取得するコマンドをご紹介いたします。

f:id:swx-fukushima:20201022005339p:plain

実行環境

今回、コマンドを実行した環境は、以下の通りとなります。
(本記事でご紹介しているコマンドの中には、Linuxのコマンドを利用している箇所があります。)

# uname -a
Linux LAPTOP-CNM26HN6 4.4.0-18362-Microsoft #1049-Microsoft Thu Aug 14 12:01:00 PST 2020 x86_64 x86_64 x86_64 GNU/Linux
#

VPC一覧取得

コマンド ヘッダー無し

aws ec2 describe-vpcs --output text --query "Vpcs[].[VpcId,CidrBlock,DhcpOptionsId,State,OwnerId,InstanceTenancy]" | sort
  • 実行結果
vpc-xxxxxxxxxxxxxxxxx 10.0.0.0/16     dopt-xxxxxxxxx   available       xxxxxxxxxxxx default
vpc-xxxxxxxxxxxxxxxxx 172.25.0.0/16   dopt-xxxxxxxxx   available       xxxxxxxxxxxx default
vpc-xxxxxxxxxxxxxxxxx 10.1.0.0/16     dopt-xxxxxxxxx   available       xxxxxxxxxxxx default
vpc-xxxxxxxxxxxxxxxxx 10.230.0.0/16   dopt-xxxxxxxxx   available       xxxxxxxxxxxx default
vpc-xxxxxxxxxxxxxxxxx 10.88.0.0/16    dopt-xxxxxxxxx   available       xxxxxxxxxxxx default

コマンド ヘッダー有り(Nameタグ付き)

echo "NameTag VPCID CIDR DHCP State OwnerId InstanceTenancy" > /tmp/awscli.tmp;\
aws ec2 describe-vpcs --output text --query "Vpcs[].[VpcId,CidrBlock,DhcpOptionsId,State,OwnerId,InstanceTenancy]" | sort > /tmp/awscli-tag-jonn1.tmp;\
aws ec2 describe-tags --filters "Name=key,Values=Name" "Name=resource-type,Values=vpc" --query "Tags[].[ResourceId,Value]" --output text | sort > /tmp/awscli-tag-jonn2.tmp;\
join /tmp/awscli-tag-jonn2.tmp /tmp/awscli-tag-jonn1.tmp | cut -f 2,1,3- | sort >> /tmp/awscli.tmp;\
join -v 1 /tmp/awscli-tag-jonn1.tmp /tmp/awscli-tag-jonn2.tmp | sed 's/vpc-/None vpc-/g' | sort >> /tmp/awscli.tmp ;\ 
column -t /tmp/awscli.tmp ;\
rm /tmp/awscli.tmp /tmp/awscli-tag-jonn1.tmp /tmp/awscli-tag-jonn2.tmp
  • 実行結果
NameTag            VPCID                  CIDR           DHCP                    State      OwnerId       InstanceTenancy
fk-test-vpc        vpc-xxxxxxxxxxxxxxxxx 10.88.0.0/16   dopt-xxxxxxxxx           available  xxxxxxxxxxxx default
None               vpc-xxxxxxxxxxxxxxxxx 10.1.0.0/16    dopt-xxxxxxxxx           available  xxxxxxxxxxxx default

VPCのCIDR情報取得

コマンド ヘッダー無し

aws ec2 describe-vpcs --query "Vpcs[].[VpcId,CidrBlockAssociationSet[].CidrBlock[]]" --output text | tr "\n" " " | sed 's/vpc-/\nvpc-/g' | sed '1d' | sort
  • 実行結果
vpc-xxxxxxxxxxxxxxxxx 10.0.0.0/16
vpc-xxxxxxxxxxxxxxxxx 172.25.0.0/16
vpc-xxxxxxxxxxxxxxxxx 10.1.0.0/16
vpc-xxxxxxxxxxxxxxxxx 10.230.0.0/16
vpc-xxxxxxxxxxxxxxxxx 10.88.0.0/16      10.0.0.0/16

コマンド ヘッダー有り(Nameタグ付き)

echo "VPCID NameTag CIDR" > /tmp/awscli.tmp;\
aws ec2 describe-vpcs --query "Vpcs[].[VpcId,CidrBlockAssociationSet[].CidrBlock[]]" --output text | tr "\n" " " | sed 's/vpc-/\nvpc-/g' | sed '1d' | sort > /tmp/awscli-tag-jonn1.tmp;\
aws ec2 describe-tags --filters "Name=key,Values=Name" "Name=resource-type,Values=vpc" --query "Tags[].[ResourceId,Value]" --output text | sort > /tmp/awscli-tag-jonn2.tmp;\
join /tmp/awscli-tag-jonn2.tmp /tmp/awscli-tag-jonn1.tmp | cut -f 2,1,3- | sort >> /tmp/awscli.tmp;\
join -v 1 /tmp/awscli-tag-jonn1.tmp /tmp/awscli-tag-jonn2.tmp | sed 's/vpc-/None vpc-/g' | sort >> /tmp/awscli.tmp ;\ 
column -t /tmp/awscli.tmp;\
rm /tmp/awscli.tmp /tmp/awscli-tag-jonn1.tmp /tmp/awscli-tag-jonn2.tmp
  • 実行結果
VPCID              NameTag                CIDR
fk-test-vpc        vpc-xxxxxxxxxxxxxxxxx 10.88.0.0/16   10.0.0.0/16
None               vpc-xxxxxxxxxxxxxxxxx 10.1.0.0/16

サブネット一覧

コマンド(CIDR順) ヘッダー無し

aws ec2 describe-subnets --query "Subnets[].[VpcId,CidrBlock,AvailableIpAddressCount,SubnetId,AvailabilityZone,MapPublicIpOnLaunch,State,OwnerId]" --output text | sort
  • 実行結果
vpc-xxxxxxxxxxxxxxxxx   10.0.10.0/24    249     subnet-xxxxxxxxxxxxxxxxx        ap-northeast-1a False   available       xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx   10.0.11.0/24    251     subnet-xxxxxxxxxxxxxxxxx        ap-northeast-1c False   available       xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx   10.0.12.0/24    251     subnet-xxxxxxxxxxxxxxxxx        ap-northeast-1d False   available       xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx   10.0.20.0/24    251     subnet-xxxxxxxxxxxxxxxxx        ap-northeast-1a False   available       xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx   10.0.21.0/24    251     subnet-xxxxxxxxxxxxxxxxx        ap-northeast-1c False   available       xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx   10.0.22.0/24    251     subnet-xxxxxxxxxxxxxxxxx        ap-northeast-1d False   available       xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx   172.25.42.0/24  251     subnet-xxxxxxxxxxxxxxxxx        ap-northeast-1a False   available       xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx   172.25.43.0/24  251     subnet-xxxxxxxxxxxxxxxxx        ap-northeast-1c False   available       xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx   172.25.44.0/24  251     subnet-xxxxxxxxxxxxxxxxx        ap-northeast-1a False   available       xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx   172.25.45.0/24  251     subnet-xxxxxxxxxxxxxxxxx        ap-northeast-1c False   available       xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx   10.1.0.0/24     250     subnet-xxxxxxxxxxxxxxxxx        ap-northeast-1a False   available       xxxxxxxxxxxx

ヘッダーが欲しいなーと思ったので、強引につけてみました。

コマンド(CIDR順) ヘッダー有り

echo "VpcId CidrBlock AvailableIpAddressCount SubnetId AvailabilityZone MapPublicIpOnLaunch State OwnerId" > /tmp/awscli.tmp; aws ec2 describe-subnets --query "Subnets[].[VpcId,CidrBlock,AvailableIpAddressCount,SubnetId,AvailabilityZone,MapPublicIpOnLaunch,State,OwnerId]" --output text | sort >> /tmp/awscli.tmp ; column -t /tmp/awscli.tmp;rm /tmp/awscli.tmp
  • 実行結果
VpcId                  CidrBlock       AvailableIpAddressCount  SubnetId                  AvailabilityZone  MapPublicIpOnLaunch  State      OwnerId
vpc-xxxxxxxxxxxxxxxxx  10.0.10.0/24    249                      subnet-xxxxxxxxxxxxxxxxx  ap-northeast-1a   False                available  xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx  10.0.11.0/24    251                      subnet-xxxxxxxxxxxxxxxxx  ap-northeast-1c   False                available  xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx  10.0.12.0/24    251                      subnet-xxxxxxxxxxxxxxxxx  ap-northeast-1d   False                available  xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx  10.0.20.0/24    251                      subnet-xxxxxxxxxxxxxxxxx  ap-northeast-1a   False                available  xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx  10.0.21.0/24    251                      subnet-xxxxxxxxxxxxxxxxx  ap-northeast-1c   False                available  xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx  10.0.22.0/24    251                      subnet-xxxxxxxxxxxxxxxxx  ap-northeast-1d   False                available  xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx  172.25.42.0/24  251                      subnet-xxxxxxxxxxxxxxxxx  ap-northeast-1a   False                available  xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx  172.25.43.0/24  251                      subnet-xxxxxxxxxxxxxxxxx  ap-northeast-1c   False                available  xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx  172.25.44.0/24  251                      subnet-xxxxxxxxxxxxxxxxx  ap-northeast-1a   False                available  xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx  172.25.45.0/24  251                      subnet-xxxxxxxxxxxxxxxxx  ap-northeast-1c   False                available  xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx  10.1.0.0/24     250                      subnet-xxxxxxxxxxxxxxxxx  ap-northeast-1a   False                available  xxxxxxxxxxxx

コマンド(AZ順) ヘッダー無し

aws ec2 describe-subnets --query "Subnets[].[VpcId,AvailabilityZone,CidrBlock,AvailableIpAddressCount,SubnetId,MapPublicIpOnLaunch,State,OwnerId]" --output text | sort
  • 実行結果
vpc-xxxxxxxxxxxxxxxxx   ap-northeast-1a 10.0.10.0/24    249     subnet-xxxxxxxxxxxxxxxxx        False   available       xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx   ap-northeast-1a 10.0.20.0/24    251     subnet-xxxxxxxxxxxxxxxxx        False   available       xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx   ap-northeast-1c 10.0.11.0/24    251     subnet-xxxxxxxxxxxxxxxxx        False   available       xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx   ap-northeast-1c 10.0.21.0/24    251     subnet-xxxxxxxxxxxxxxxxx        False   available       xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx   ap-northeast-1d 10.0.12.0/24    251     subnet-xxxxxxxxxxxxxxxxx        False   available       xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx   ap-northeast-1d 10.0.22.0/24    251     subnet-xxxxxxxxxxxxxxxxx        False   available       xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx   ap-northeast-1a 172.25.42.0/24  251     subnet-xxxxxxxxxxxxxxxxx        False   available       xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx   ap-northeast-1a 172.25.44.0/24  251     subnet-xxxxxxxxxxxxxxxxx        False   available       xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx   ap-northeast-1c 172.25.43.0/24  251     subnet-xxxxxxxxxxxxxxxxx        False   available       xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx   ap-northeast-1c 172.25.45.0/24  251     subnet-xxxxxxxxxxxxxxxxx        False   available       xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx   ap-northeast-1a 10.1.0.0/24     250     subnet-xxxxxxxxxxxxxxxxx        False   available       xxxxxxxxxxxx

コマンド(AZ順) ヘッダー有り

echo "VpcId AvailabilityZone CidrBlock AvailableIpAddressCount SubnetId MapPublicIpOnLaunch State OwnerId" > /tmp/awscli.tmp; aws ec2 describe-subnets --query "Subnets[].[VpcId,AvailabilityZone,CidrBlock,AvailableIpAddressCount,SubnetId,MapPublicIpOnLaunch,State,OwnerId]" --output text | sort >> /tmp/awscli.tmp ; column -t /tmp/awscli.tmp;rm /tmp/awscli.tmp
  • 実行結果
VpcId                  AvailabilityZone  CidrBlock       AvailableIpAddressCount  SubnetId                  MapPublicIpOnLaunch  State      OwnerId
vpc-xxxxxxxxxxxxxxxxx  ap-northeast-1a   10.0.10.0/24    249                      subnet-xxxxxxxxxxxxxxxxx  False                available  xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx  ap-northeast-1a   10.0.20.0/24    251                      subnet-xxxxxxxxxxxxxxxxx  False                available  xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx  ap-northeast-1c   10.0.11.0/24    251                      subnet-xxxxxxxxxxxxxxxxx  False                available  xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx  ap-northeast-1c   10.0.21.0/24    251                      subnet-xxxxxxxxxxxxxxxxx  False                available  xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx  ap-northeast-1d   10.0.12.0/24    251                      subnet-xxxxxxxxxxxxxxxxx  False                available  xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx  ap-northeast-1d   10.0.22.0/24    251                      subnet-xxxxxxxxxxxxxxxxx  False                available  xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx  ap-northeast-1a   172.25.42.0/24  251                      subnet-xxxxxxxxxxxxxxxxx  False                available  xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx  ap-northeast-1a   172.25.44.0/24  251                      subnet-xxxxxxxxxxxxxxxxx  False                available  xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx  ap-northeast-1c   172.25.43.0/24  251                      subnet-xxxxxxxxxxxxxxxxx  False                available  xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx  ap-northeast-1c   172.25.45.0/24  251                      subnet-xxxxxxxxxxxxxxxxx  False                available  xxxxxxxxxxxx
vpc-xxxxxxxxxxxxxxxxx  ap-northeast-1a   10.1.0.0/24     250                      subnet-xxxxxxxxxxxxxxxxx  False                available  xxxxxxxxxxxx

ルートテーブル一覧

コマンド(サブネット順) ヘッダー無し

aws ec2 describe-route-tables --query "RouteTables[].Associations[].[SubnetId,RouteTableId,Main]" --output text | sort | column -t
  • 実行結果
None                      rtb-xxxxxxxxxxxxxxxxx  True
None                      rtb-xxxxxxxxxxxxxxxxx  True
None                      rtb-xxxxxxxxxxxxxxxxx  True
None                      rtb-xxxxxxxxxxxxxxxxx  True
None                      rtb-xxxxxxxxxxxxxxxxx  True
subnet-xxxxxxxxxxxxxxxxx  rtb-xxxxxxxxxxxxxxxxx  False
subnet-xxxxxxxxxxxxxxxxx  rtb-xxxxxxxxxxxxxxxxx  False
subnet-xxxxxxxxxxxxxxxxx  rtb-xxxxxxxxxxxxxxxxx  False

コマンド(サブネット順) ヘッダー有り

echo "SubnetId RouteTableId Main" > /tmp/awscli.tmp;aws ec2 describe-route-tables --query "RouteTables[].Associations[].[SubnetId,RouteTableId,Main]" --output text | sort >> /tmp/awscli.tmp ;column -t /tmp/awscli.tmp;rm /tmp/awscli.tmp
  • 実行結果
SubnetId                  RouteTableId           Main
None                      rtb-xxxxxxxxxxxxxxxxx  True
None                      rtb-xxxxxxxxxxxxxxxxx  True
None                      rtb-xxxxxxxxxxxxxxxxx  True
None                      rtb-xxxxxxxxxxxxxxxxx  True
None                      rtb-xxxxxxxxxxxxxxxxx  True
subnet-xxxxxxxxxxxxxxxxx  rtb-xxxxxxxxxxxxxxxxx  False
subnet-xxxxxxxxxxxxxxxxx  rtb-xxxxxxxxxxxxxxxxx  False
subnet-xxxxxxxxxxxxxxxxx  rtb-xxxxxxxxxxxxxxxxx  False

コマンド(ルートテーブル順) ヘッダー無し

aws ec2 describe-route-tables --query "RouteTables[].Associations[].[RouteTableId,SubnetId,Main]" --output text | sort | column -t
  • 実行結果
rtb-xxxxxxxxxxxxxxxxx  None                      True
rtb-xxxxxxxxxxxxxxxxx  subnet-xxxxxxxxxxxxxxxxx  False
rtb-xxxxxxxxxxxxxxxxx  subnet-xxxxxxxxxxxxxxxxx  False
rtb-xxxxxxxxxxxxxxxxx  subnet-xxxxxxxxxxxxxxxxx  False
rtb-xxxxxxxxxxxxxxxxx  None                      True
rtb-xxxxxxxxxxxxxxxxx  None                      True
rtb-xxxxxxxxxxxxxxxxx  subnet-xxxxxxxxxxxxxxxxx  False

コマンド(ルートテーブル順) ヘッダー有り

echo "RouteTableId SubnetId Main" > /tmp/awscli.tmp;aws ec2 describe-route-tables --query "RouteTables[].Associations[].[RouteTableId,SubnetId,Main]" --output text | sort >> /tmp/awscli.tmp ;column -t /tmp/awscli.tmp;rm /tmp/awscli.tmp
  • 実行結果
RouteTableId           SubnetId                  Main
rtb-xxxxxxxxxxxxxxxxx  None                      True
rtb-xxxxxxxxxxxxxxxxx  subnet-xxxxxxxxxxxxxxxxx  False
rtb-xxxxxxxxxxxxxxxxx  subnet-xxxxxxxxxxxxxxxxx  False
rtb-xxxxxxxxxxxxxxxxx  subnet-xxxxxxxxxxxxxxxxx  False
rtb-xxxxxxxxxxxxxxxxx  None                      True
rtb-xxxxxxxxxxxxxxxxx  None                      True
rtb-xxxxxxxxxxxxxxxxx  subnet-xxxxxxxxxxxxxxxxx  False

インターネットゲートウェイ一覧

コマンド

aws ec2 describe-internet-gateways --query "InternetGateways[].{InternetGatewayId:InternetGatewayId,VpcId:Attachments[0].VpcId}" --output table
  • 実行結果
----------------------------------------------------
|             DescribeInternetGateways             |
+------------------------+-------------------------+
|    InternetGatewayId   |          VpcId          |
+------------------------+-------------------------+
|  igw-xxxxxxxxxxxxxxxxx |  vpc-xxxxxxxxxxxxxxxxx  |
|  igw-xxxxxxxxxxxxxxxxx |  vpc-xxxxxxxxxxxxxxxxx  |
|  igw-xxxxxxxxxxxxxxxxx |  vpc-xxxxxxxxxxxxxxxxx  |
|  igw-xxxxxxxxxxxxxxxxx |  vpc-xxxxxxxxxxxxxxxxx  |
+------------------------+-------------------------+

VGW一覧

コマンド

aws ec2 describe-vpn-gateways --query "VpnGateways[].{VpnGatewayId:VpnGatewayId,VpcId:VpcAttachments[0].VpcId}" --output table
  • 実行結果
----------------------------------------------------
|                DescribeVpnGateways               |
+------------------------+-------------------------+
|          VpcId         |      VpnGatewayId       |
+------------------------+-------------------------+
|  vpc-xxxxxxxxxxxxxxxxx |  vgw-xxxxxxxxxxxxxxxxx  |
+------------------------+-------------------------+

NATゲートウェイ一覧

コマンド

aws ec2 describe-nat-gateways  --query "NatGateways[].{NatGatewayId:NatGatewayId,VpcId:VpcId,SubnetId:SubnetId,NetworkInterfaceId:NatGatewayAddresses[0].NetworkInterfaceId}" --output table
  • 実行結果
---------------------------------------------------------------------------------------------------------
|                                          DescribeNatGateways                                          |
+-----------------------+------------------------+----------------------------+-------------------------+
|     NatGatewayId      |  NetworkInterfaceId    |         SubnetId           |          VpcId          |
+-----------------------+------------------------+----------------------------+-------------------------+
|  nat-xxxxxxxxxxxxxxxxx|  eni-xxxxxxxxxxxxxxxxx |  subnet-xxxxxxxxxxxxxxxxx  |  vpc-xxxxxxxxxxxxxxxxx  |
+-----------------------+------------------------+----------------------------+-------------------------+

TGW一覧

コマンド

aws ec2 describe-transit-gateways --query "TransitGateways[].[TransitGatewayId,Options]" --output yaml
  • 実行結果
- - tgw-xxxxxxxxxxxxxxxxx
  - AmazonSideAsn: 64512
    AssociationDefaultRouteTableId: tgw-rtb-xxxxxxxxxxxxxxxxx
    AutoAcceptSharedAttachments: disable
    DefaultRouteTableAssociation: enable
    DefaultRouteTablePropagation: enable
    DnsSupport: enable
    PropagationDefaultRouteTableId: tgw-rtb-xxxxxxxxxxxxxxxxx
    VpnEcmpSupport: enable

ENI一覧

コマンド

aws ec2 describe-network-interfaces --query "NetworkInterfaces[].[InterfaceType,NetworkInterfaceId,PrivateIpAddress,Description]" --output table | awk -F\| '{print $2,$3,$4,$5}' | grep eni- | sort
  • 実行結果
  interface      eni-xxxxxxxxxxxxxxxxx    10.88.0.198     Primary network interface
  interface      eni-xxxxxxxxxxxxxxxxx    10.88.1.249     Primary network interface
  interface      eni-xxxxxxxxxxxxxxxxx    10.88.0.148     Primary network interface
  interface      eni-xxxxxxxxxxxxxxxxx    10.88.11.5      EFS mount target for fs-xxxxxxxx (fsmt-xxxxxxxx)
  interface      eni-xxxxxxxxxxxxxxxxx    10.88.0.220     test
  interface      eni-xxxxxxxxxxxxxxxxx    10.0.10.60      Primary network interface
  interface      eni-xxxxxxxxxxxxxxxxx    10.88.10.160    EFS mount target for fs-xxxxxxxx (fsmt-xxxxxxxx)
  interface      eni-xxxxxxxxxxxxxxxxx    10.1.0.14       RedshiftNetworkInterface
  interface      eni-xxxxxxxxxxxxxxxxx    10.88.0.59      Primary network interface
  interface      eni-xxxxxxxxxxxxxxxxx    10.88.10.47     QuickSightfk-test
  nat_gateway    eni-xxxxxxxxxxxxxxxxx    10.88.0.13      Interface for NAT Gateway nat-xxxxxxxxxxxxxxxxx
  vpc_endpoint   eni-xxxxxxxxxxxxxxxxx    10.88.11.137    VPC Endpoint Interface vpce-xxxxxxxxxxxxxxxxx
  vpc_endpoint   eni-xxxxxxxxxxxxxxxxx    10.88.10.77     VPC Endpoint Interface vpce-xxxxxxxxxxxxxxxxx

ENIに紐づいているSG一覧

コマンド

aws ec2 describe-network-interfaces --query "NetworkInterfaces[].[NetworkInterfaceId,Groups[].GroupId]" --output  text | tr "\n" " " | sed 's/eni-/\neni-/g'
  • 実行結果
eni-xxxxxxxxxxxxxxxxx sg-xxxxxxxxxxxxxxxxx
eni-xxxxxxxxxxxxxxxxx sg-xxxxxxxxxxxxxxxxx
eni-xxxxxxxxxxxxxxxxx
eni-xxxxxxxxxxxxxxxxx sg-xxxxxxxxxxxxxxxxx
eni-xxxxxxxxxxxxxxxxx sg-xxxxxxxxxxxxxxxxx
eni-xxxxxxxxxxxxxxxxx sg-xxxxxxxxxxxxxxxxx      sg-xxxxxxxxxxxxxxxxx    sg-xxxxxxxxxxxxxxxxx
eni-xxxxxxxxxxxxxxxxx sg-xxxxxxxxxxxxxxxxx

NACLS一覧

コマンド

aws ec2 describe-network-acls --query "NetworkAcls[].Associations[].{NetworkAclId:NetworkAclId,SubnetId:SubnetId}" --output table
  • 実行結果
-------------------------------------------------------
|                 DescribeNetworkAcls                 |
+------------------------+----------------------------+
|      NetworkAclId      |         SubnetId           |
+------------------------+----------------------------+
|  acl-xxxxxxxxxxxxxxxxx |  subnet-xxxxxxxxxxxxxxxxx  |
|  acl-xxxxxxxxxxxxxxxxx |  subnet-xxxxxxxxxxxxxxxxx  |
|  acl-xxxxxxxxxxxxxxxxx |  subnet-xxxxxxxxxxxxxxxxx  |
+------------------------+----------------------------+

SG一覧

コマンド(SG名順) ヘッダー無し

aws ec2 describe-security-groups --query "SecurityGroups[].[GroupName,GroupId,VpcId,Description]" --output table | awk -F\| '{print $2,$3,$4,$5}' | grep sg- | sort
  • 実行結果
  default                                                  sg-xxxxxxxxxxxxxxxxx    vpc-xxxxxxxxxxxxxxxxx    default VPC security group
  default                                                  sg-xxxxxxxxxxxxxxxxx    vpc-xxxxxxxxxxxxxxxxx    default VPC security group
  default                                                  sg-xxxxxxxxxxxxxxxxx    vpc-xxxxxxxxxxxxxxxxx    default VPC security group
  default                                                  sg-xxxxxxxxxxxxxxxxx    vpc-xxxxxxxxxxxxxxxxx    default VPC security group
  fk-jira-private-sg                                       sg-xxxxxxxxxxxxxxxxx    vpc-xxxxxxxxxxxxxxxxx    2020-05-07T05:59:49.481Z
  fk-test-ad-sg                                            sg-xxxxxxxxxxxxxxxxx    vpc-xxxxxxxxxxxxxxxxx    fk-test-ad-sg
  fk-test-db-sg                                            sg-xxxxxxxxxxxxxxxxx    vpc-xxxxxxxxxxxxxxxxx    Created by RDS management console

コマンド(SG名順) ヘッダー有り

echo "| GroupName | GroupId | VpcId | Description" > /tmp/awscli.tmp; aws ec2 describe-security-groups --query "SecurityGroups[].[GroupName,GroupId,VpcId,Description]" --output table | grep sg-xxxxxxxxxxxxxxxxxwscli.tmp ; column -s \| -t /tmp/awscli.tmp;rm /tmp/awscli.tmp
  • 実行結果
 GroupName                                                 GroupId                  VpcId                     Description
  default                                                   sg-xxxxxxxxxxxxxxxxx     vpc-xxxxxxxxxxxxxxxxx     default VPC security group
  default                                                   sg-xxxxxxxxxxxxxxxxx     vpc-xxxxxxxxxxxxxxxxx     default VPC security group
  default                                                   sg-xxxxxxxxxxxxxxxxx     vpc-xxxxxxxxxxxxxxxxx     default VPC security group
  default                                                   sg-xxxxxxxxxxxxxxxxx     vpc-xxxxxxxxxxxxxxxxx     default VPC security group
  fk-jira-private-sg                                        sg-xxxxxxxxxxxxxxxxx     vpc-xxxxxxxxxxxxxxxxx     2020-05-07T05:59:49.481Z
  fk-test-ad-sg                                             sg-xxxxxxxxxxxxxxxxx     vpc-xxxxxxxxxxxxxxxxx     fk-test-ad-sg
  fk-test-db-sg                                             sg-xxxxxxxxxxxxxxxxx     vpc-xxxxxxxxxxxxxxxxx     Created by RDS management console

コマンド(VPC名順) ヘッダー無し

aws ec2 describe-security-groups --query "SecurityGroups[].[VpcId,GroupName,GroupId,Description]" --output table | awk -F\| '{print $2,$3,$4,$5}' | grep sg- | sort
  • 実行結果
  vpc-xxxxxxxxxxxxxxxxx   default                                                   sg-xxxxxxxxxxxxxxxxx    default VPC security group
  vpc-xxxxxxxxxxxxxxxxx   default                                                   sg-xxxxxxxxxxxxxxxxx    default VPC security group
  vpc-xxxxxxxxxxxxxxxxx   default                                                   sg-xxxxxxxxxxxxxxxxx    default VPC security group

コマンド(VPC名順) ヘッダー有り

echo "| VpcId | GroupName | GroupId | Description" > /tmp/awscli.tmp; aws ec2 describe-security-groups --query "SecurityGroups[].[VpcId,GroupName,GroupId,Description]" --output table | grep sg-xxxxxxxxxxxxxxxxxwscli.tmp ; column -s \| -t /tmp/awscli.tmp;rm /tmp/awscli.tmp
  • 実行結果
 VpcId                    GroupName                                                  GroupId                  Description
  vpc-xxxxxxxxxxxxxxxxx    default                                                    sg-xxxxxxxxxxxxxxxxx     default VPC security group
  vpc-xxxxxxxxxxxxxxxxx    default                                                    sg-xxxxxxxxxxxxxxxxx     default VPC security group
  vpc-xxxxxxxxxxxxxxxxx    default                                                    sg-xxxxxxxxxxxxxxxxx     default VPC security gro

VPCエンドポイント一覧

コマンド

aws ec2 describe-vpc-endpoints --query "VpcEndpoints[].{ServiceName:ServiceName,VpcEndpointId:VpcEndpointId,VpcId:VpcId,VpcEndpointType:VpcEndpointType,PrivateDnsEnabled:PrivateDnsEnabled}" --output table
  • 実行結果
---------------------------------------------------------------------------------------------------------------------------------
|                                                     DescribeVpcEndpoints                                                      |
+-------------------+------------------------------------+-------------------------+------------------+-------------------------+
| PrivateDnsEnabled |            ServiceName             |      VpcEndpointId      | VpcEndpointType  |          VpcId          |
+-------------------+------------------------------------+-------------------------+------------------+-------------------------+
|  True             |  com.amazonaws.ap-northeast-1.ec2  |  vpce-xxxxxxxxxxxxxxxxx |  Interface       |  vpc-xxxxxxxxxxxxxxxxx |
|  False            |  com.amazonaws.ap-northeast-1.s3   |  vpce-xxxxxxxxxxxxxxxxx |  Gateway         |  vpc-xxxxxxxxxxxxxxxxx |
+-------------------+------------------------------------+-------------------------+------------------+-------------------------+

Nameタグを知りたい場合

今回、ご紹介したコマンドは全て、リソースIDが出力されておりますが、 タグの情報が表示されていないため、どのリソースか識別しづらいかと思います。

その場合は、以下のコマンドを実行してください。

コマンド(リソースID⇒Nameタグ)

RESOURCE_ID="xxxx" ★Nameタグを取得したいリソースIDを入力。
aws ec2 describe-tags --filters "Name=tag-key,Values=Name" "Name=resource-id,Values=${RESOURCE_ID}"  --query "Tags[].Value" --output text

コマンド(Nameタグ⇒リソースID)

NAME_TAG="xxx" ★リソースIDを取得したいNameタグIDを入力。
aws ec2 describe-tags --filters "Name=tag-key,Values=Name" "Name=tag-value,Values=${NAME_TAG}" --query "Tags[].{ResourceId:ResourceId,ResourceType:ResourceType}" --output table

おわりに

今回は、ネットワーク関連のリソースを一覧取得するコマンドをご紹介いたしました。 次回は、EC2関連のリソースを一覧取得するコマンドをご紹介したいと思います。

福島 和弥 (記事一覧)

SRE2課

2019/10 入社

AWS CLIが好きです。