Python 使用Boto3通过虚拟专用网关查找子网路由_Python_Aws Lambda_Boto3

Python 使用Boto3通过虚拟专用网关查找子网路由

python aws-lambda

Python 使用Boto3通过虚拟专用网关查找子网路由,python,aws-lambda,boto3,Python,Aws Lambda,Boto3,需要找到一种方法来识别AWS VPC子网，该子网使用Python Boto3通过虚拟专用网关进行路由。换句话说，如何使用python boto3识别专有网络内的私有子网目标是创建一个Lambda函数，用于识别给定VPC内的私有子网，然后在这些私有子网内启动另一个Lambda函数下面是我到目前为止得到的代码。它列出了连接了虚拟专用网关的专有网络内的所有子网 import boto3 def get_vpn_gateways(): ec2_client = boto3.client('

需要找到一种方法来识别AWS VPC子网，该子网使用Python Boto3通过虚拟专用网关进行路由。换句话说，如何使用python boto3识别专有网络内的私有子网

目标是创建一个Lambda函数，用于识别给定VPC内的私有子网，然后在这些私有子网内启动另一个Lambda函数

下面是我到目前为止得到的代码。它列出了连接了虚拟专用网关的专有网络内的所有子网

import boto3

def get_vpn_gateways():
    ec2_client = boto3.client('ec2')
    response = ec2_client.describe_vpn_gateways()
    return response

def get_vpc_subnets(VpcId):
    ec2 = boto3.resource('ec2')
    vpc = ec2.Vpc(VpcId)
    subnets = vpc.subnets.all()
    return subnets

# Get VPC Ids associated with the virtual private gateway
vpc_list = []
virtual_gateways = get_vpn_gateways() 
for virtual_gateway in virtual_gateways["VpnGateways"]:
    vgwId = virtual_gateway["VpnGatewayId"]
    vpcAttach = virtual_gateway["VpcAttachments"]
    vpc_list.append(vpcAttach[0]["VpcId"])
for vpc in vpc_list:
    print(vpc)
    subnets = get_vpc_subnets(vpc)
    for subnet in subnets:
        print(subnet)

到目前为止，代码列出了专有网络内的所有子网。我正在考虑使用routetable作为私有子网的密钥标识符。如果有路由通过VGW，那么我将认为子网是私有的。这有意义吗？

我认为0.0.0.0/0的路由不是internet网关，那就是专用子网。专用子网可以路由到NAT网关或虚拟网关，但不能直接路由到internet网关。因此，我编写了如下代码

import boto3

ec2 = boto3.resource('ec2')
route_tables = ec2.route_tables.all()

for route_table in route_tables:
    for ra in route_table.routes_attribute:
        if ra.get('DestinationCidrBlock') == '0.0.0.0/0' and ra.get('GatewayId') is None:
            for rs in route_table.associations_attribute:
                if rs.get('SubnetId') is not None:
                    print(rs.get('SubnetId'))

下面是查找每个连接了虚拟专用网关的VPC内的专用子网的最终工作代码。它检查专用子网是否在VPC的子网列表中，然后继续保存该子网，以便稍后使用另一个Lambda函数。这可能不是实现我目标的最有效的方法。渴望看到其他更好的解决方案

import boto3

def get_vpn_gateways():
    ec2_client = boto3.client('ec2')
    response = ec2_client.describe_vpn_gateways()
    return response

def get_vpc_subnets(VpcId):
    ec2 = boto3.resource('ec2')
    vpc = ec2.Vpc(VpcId)
    subnets = vpc.subnets.all()
    return subnets

def get_private_subnets():
    priv_subnet_list = []
    ec2 = boto3.resource('ec2')
    route_tables = ec2.route_tables.all()
    for route_table in route_tables:
        for ra in route_table.routes_attribute:
            if ra.get('DestinationCidrBlock') == '0.0.0.0/0' and ra.get('GatewayId') is None:
                for rs in route_table.associations_attribute:
                    if rs.get('SubnetId') is not None:
                        priv_subnet_list.append(rs.get('SubnetId'))
    return priv_subnet_list
def lambda_handler(event, context):
    vpc_list = []
    vpc_subnet_list = []
    virtual_gateways = get_vpn_gateways()
    lambda_subnets = []
    # Get VPC Ids associated with the virtual private gateway
    for virtual_gateway in virtual_gateways["VpnGateways"]:
        vgwId = virtual_gateway["VpnGatewayId"]
        vpcAttach = virtual_gateway["VpcAttachments"]
        vpc_list.append(vpcAttach[0]["VpcId"])
    # Get subnets within the VPC
    for vpc in vpc_list:
        subnets = get_vpc_subnets(vpc)
        for subnet in subnets:
            vpc_subnet_list.append(subnet.id)
        # Get Private subnets from the subnet list
        for privsubnet in get_private_subnets():
            if privsubnet in vpc_subnet_list:
                lambda_subnets.append(privsubnet)