aws-cidr-finder 
Overview
aws-cidr-finder is a Python CLI tool which finds unused CIDR blocks (IPv4 only currently) in your AWS VPCs and outputs them to STDOUT. It is very simple, but can be quite useful for users who manage many subnets across one or more VPCs.
Use aws-cidr-finder -h to see command options.
An Example
It is easiest to see the value of this tool through an example. Pretend that we have the following VPC setup in AWS:
- A VPC whose CIDR is
172.31.0.0/16, with aNametag ofHello World - Six subnets in that VPC whose CIDRs are:
172.31.0.0/20172.31.16.0/20172.31.32.0/20172.31.48.0/20172.31.64.0/20172.31.80.0/20
aws-cidr-finder allows you to quickly compute the CIDRs that you still have available in the VPC without having to do a lot of annoying/tedious octet math. If we issue this command:
aws-cidr-finder --profile myprofile
We should see this output:
Here are the available CIDR blocks in the 'Hello World' VPC:
CIDR IP Count
--------------- ----------
172.31.96.0/19 8192
172.31.128.0/17 32768
Total 40960
You should notice that by default, aws-cidr-finder will automatically "simplify" the CIDRs by merging adjacent free CIDR blocks so that the resulting table shows the maximum contiguous space per CIDR (in other words, the resulting table has the fewest number of rows possible). This is why the result of the command displayed only two CIDRs: a /19 and a /17.
Note that the first CIDR is
/19instead of, for example,/18, because the/18CIDR would mathematically have to begin at IP address172.31.64.0, and that IP address is already taken by a subnet!
However, we can change this "simplification" behavior by specifying the --mask CLI flag:
aws-cidr-finder --profile myprofile --mask 20
Now, the expected output should look something like this:
Here are the available CIDR blocks in the 'Hello World' VPC:
CIDR IP Count
--------------- ----------
172.31.96.0/20 4096
172.31.112.0/20 4096
172.31.128.0/20 4096
172.31.144.0/20 4096
172.31.160.0/20 4096
172.31.176.0/20 4096
172.31.192.0/20 4096
172.31.208.0/20 4096
172.31.224.0/20 4096
172.31.240.0/20 4096
Total 40960
With the --mask argument, we can now query our available network space to our desired level of detail, as long as we do not specify a smaller mask than the largest mask in the original list. For example:
$ aws-cidr-finder --profile myprofile --mask 18
Desired mask (18) is incompatible with the available CIDR blocks!
Encountered a CIDR whose mask is 19, which is higher than 18. Offending CIDR: 172.31.96.0/19
Run the command again without the --masks argument to see the full list.
Installation
If you have Python >=3.10 and <4.0 installed, aws-cidr-finder can be installed from PyPI using something like
pip install aws-cidr-finder
Configuration
All that needs to be configured in order to use this CLI is an AWS profile or keypair. The former may be specified using the --profile argument on the CLI, while the keypair must be specified in environment variables. If both are available simultaneously, aws-cidr-finder will prefer the profile.
The environment variables for the keypair approach are AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY respectively.
You should also ensure that the profile/keypair you are using has the AWS IAM access needed to make the underlying API calls via Boto. Here is a minimal IAM policy document that fills this requirement:
{
"Effect": "Allow",
"Action": [
"ec2:DescribeVpcs",
"ec2:DescribeSubnets"
],
"Resource": "*"
}
Read more about the actions shown above here.
Contributing
See CONTRIBUTING.md for developer-oriented information.
2 Apr 7, 2022
1 Dec 7, 2021
5 Oct 7, 2022
4 Mar 18, 2022
8 Sep 9, 2022
189 Dec 8, 2022
30 Nov 8, 2022
123 Dec 26, 2022
1.9k Jan 7, 2023
4 May 27, 2022
129 Jan 06, 2023
21 Dec 25, 2022
55 Oct 17, 2022
3.4k Jan 08, 2023
1 Nov 03, 2021
18 Sep 06, 2022
4 Jul 26, 2022
4 Oct 12, 2022
28 Oct 10, 2022
2 Feb 16, 2022
60 Dec 27, 2022
2 Jan 18, 2022
1 Feb 15, 2022
7 Dec 19, 2022
3 Jun 06, 2022
197 Dec 23, 2022
477 Dec 31, 2022
23 Dec 07, 2022
7 Jan 06, 2022