Python 使用Boto3通过虚拟专用网关查找子网路由
需要找到一种方法来识别AWS VPC子网,该子网使用Python Boto3通过虚拟专用网关进行路由。换句话说,如何使用python boto3识别专有网络内的私有子网 目标是创建一个Lambda函数,用于识别给定VPC内的私有子网,然后在这些私有子网内启动另一个Lambda函数 下面是我到目前为止得到的代码。它列出了连接了虚拟专用网关的专有网络内的所有子网Python 使用Boto3通过虚拟专用网关查找子网路由,python,aws-lambda,boto3,Python,Aws Lambda,Boto3,需要找到一种方法来识别AWS VPC子网,该子网使用Python Boto3通过虚拟专用网关进行路由。换句话说,如何使用python boto3识别专有网络内的私有子网 目标是创建一个Lambda函数,用于识别给定VPC内的私有子网,然后在这些私有子网内启动另一个Lambda函数 下面是我到目前为止得到的代码。它列出了连接了虚拟专用网关的专有网络内的所有子网 import boto3 def get_vpn_gateways(): ec2_client = boto3.client('
import boto3
def get_vpn_gateways():
ec2_client = boto3.client('ec2')
response = ec2_client.describe_vpn_gateways()
return response
def get_vpc_subnets(VpcId):
ec2 = boto3.resource('ec2')
vpc = ec2.Vpc(VpcId)
subnets = vpc.subnets.all()
return subnets
# Get VPC Ids associated with the virtual private gateway
vpc_list = []
virtual_gateways = get_vpn_gateways()
for virtual_gateway in virtual_gateways["VpnGateways"]:
vgwId = virtual_gateway["VpnGatewayId"]
vpcAttach = virtual_gateway["VpcAttachments"]
vpc_list.append(vpcAttach[0]["VpcId"])
for vpc in vpc_list:
print(vpc)
subnets = get_vpc_subnets(vpc)
for subnet in subnets:
print(subnet)
到目前为止,代码列出了专有网络内的所有子网。我正在考虑使用routetable作为私有子网的密钥标识符。如果有路由通过VGW,那么我将认为子网是私有的。这有意义吗?我认为0.0.0.0/0的路由不是internet网关,那就是专用子网。专用子网可以路由到NAT网关或虚拟网关,但不能直接路由到internet网关。因此,我编写了如下代码
import boto3
ec2 = boto3.resource('ec2')
route_tables = ec2.route_tables.all()
for route_table in route_tables:
for ra in route_table.routes_attribute:
if ra.get('DestinationCidrBlock') == '0.0.0.0/0' and ra.get('GatewayId') is None:
for rs in route_table.associations_attribute:
if rs.get('SubnetId') is not None:
print(rs.get('SubnetId'))
下面是查找每个连接了虚拟专用网关的VPC内的专用子网的最终工作代码。它检查专用子网是否在VPC的子网列表中,然后继续保存该子网,以便稍后使用另一个Lambda函数。这可能不是实现我目标的最有效的方法。渴望看到其他更好的解决方案
import boto3
def get_vpn_gateways():
ec2_client = boto3.client('ec2')
response = ec2_client.describe_vpn_gateways()
return response
def get_vpc_subnets(VpcId):
ec2 = boto3.resource('ec2')
vpc = ec2.Vpc(VpcId)
subnets = vpc.subnets.all()
return subnets
def get_private_subnets():
priv_subnet_list = []
ec2 = boto3.resource('ec2')
route_tables = ec2.route_tables.all()
for route_table in route_tables:
for ra in route_table.routes_attribute:
if ra.get('DestinationCidrBlock') == '0.0.0.0/0' and ra.get('GatewayId') is None:
for rs in route_table.associations_attribute:
if rs.get('SubnetId') is not None:
priv_subnet_list.append(rs.get('SubnetId'))
return priv_subnet_list
def lambda_handler(event, context):
vpc_list = []
vpc_subnet_list = []
virtual_gateways = get_vpn_gateways()
lambda_subnets = []
# Get VPC Ids associated with the virtual private gateway
for virtual_gateway in virtual_gateways["VpnGateways"]:
vgwId = virtual_gateway["VpnGatewayId"]
vpcAttach = virtual_gateway["VpcAttachments"]
vpc_list.append(vpcAttach[0]["VpcId"])
# Get subnets within the VPC
for vpc in vpc_list:
subnets = get_vpc_subnets(vpc)
for subnet in subnets:
vpc_subnet_list.append(subnet.id)
# Get Private subnets from the subnet list
for privsubnet in get_private_subnets():
if privsubnet in vpc_subnet_list:
lambda_subnets.append(privsubnet)