Aws-cidr-finder - A Python CLI tool for finding unused CIDR blocks in AWS VPCs

Overview

aws-cidr-finder master PyPI codecov

  1. Overview
    1. An Example
  2. Installation
  3. Configuration
  4. Contributing

Overview

aws-cidr-finder is a Python CLI tool which finds unused CIDR blocks (IPv4 only currently) in your AWS VPCs and outputs them to STDOUT. It is very simple, but can be quite useful for users who manage many subnets across one or more VPCs.

Use aws-cidr-finder -h to see command options.

An Example

It is easiest to see the value of this tool through an example. Pretend that we have the following VPC setup in AWS:

  • A VPC whose CIDR is 172.31.0.0/16, with a Name tag of Hello World
  • Six subnets in that VPC whose CIDRs are:
    • 172.31.0.0/20
    • 172.31.16.0/20
    • 172.31.32.0/20
    • 172.31.48.0/20
    • 172.31.64.0/20
    • 172.31.80.0/20

aws-cidr-finder allows you to quickly compute the CIDRs that you still have available in the VPC without having to do a lot of annoying/tedious octet math. If we issue this command:

aws-cidr-finder --profile myprofile

We should see this output:

Here are the available CIDR blocks in the 'Hello World' VPC:
CIDR               IP Count
---------------  ----------
172.31.96.0/19         8192
172.31.128.0/17       32768
Total                 40960

You should notice that by default, aws-cidr-finder will automatically "simplify" the CIDRs by merging adjacent free CIDR blocks so that the resulting table shows the maximum contiguous space per CIDR (in other words, the resulting table has the fewest number of rows possible). This is why the result of the command displayed only two CIDRs: a /19 and a /17.

Note that the first CIDR is /19 instead of, for example, /18, because the /18 CIDR would mathematically have to begin at IP address 172.31.64.0, and that IP address is already taken by a subnet!

However, we can change this "simplification" behavior by specifying the --mask CLI flag:

aws-cidr-finder --profile myprofile --mask 20

Now, the expected output should look something like this:

Here are the available CIDR blocks in the 'Hello World' VPC:
CIDR               IP Count
---------------  ----------
172.31.96.0/20         4096
172.31.112.0/20        4096
172.31.128.0/20        4096
172.31.144.0/20        4096
172.31.160.0/20        4096
172.31.176.0/20        4096
172.31.192.0/20        4096
172.31.208.0/20        4096
172.31.224.0/20        4096
172.31.240.0/20        4096
Total                 40960

With the --mask argument, we can now query our available network space to our desired level of detail, as long as we do not specify a smaller mask than the largest mask in the original list. For example:

$ aws-cidr-finder --profile myprofile --mask 18
Desired mask (18) is incompatible with the available CIDR blocks!
Encountered a CIDR whose mask is 19, which is higher than 18. Offending CIDR: 172.31.96.0/19
Run the command again without the --masks argument to see the full list.

Installation

If you have Python >=3.10 and <4.0 installed, aws-cidr-finder can be installed from PyPI using something like

pip install aws-cidr-finder

Configuration

All that needs to be configured in order to use this CLI is an AWS profile or keypair. The former may be specified using the --profile argument on the CLI, while the keypair must be specified in environment variables. If both are available simultaneously, aws-cidr-finder will prefer the profile.

The environment variables for the keypair approach are AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY respectively.

You should also ensure that the profile/keypair you are using has the AWS IAM access needed to make the underlying API calls via Boto. Here is a minimal IAM policy document that fills this requirement:

{
  "Effect": "Allow",
  "Action": [
    "ec2:DescribeVpcs",
    "ec2:DescribeSubnets"
  ],
  "Resource": "*"
}

Read more about the actions shown above here.

Contributing

See CONTRIBUTING.md for developer-oriented information.

You might also like...
Discord Token Finder - Find half of your target's token with just their ID.
Discord Token Finder - Find half of your target's token with just their ID.

Discord Token Finder - Find half of your target's token with just their ID.

ServiceX DID Finder Girder

ServiceX_DID_Finder_Girder Access datasets for ServiceX from yt Hub Finding datasets This DID finder is designed to take a collection id (https://gird

A wrapper for slurm especially on Taiwania2 (HPC CLI)A wrapper for slurm especially on Taiwania2 (HPC CLI)

TWCC-slurm-wrapper A wrapper for slurm especially on Taiwania2 (HPC CLI). For Taiwania2 (HPC CLI) usage, please refer to here. (中文) How to Install? gi

a small cli to generate AWS Well Architected Reports on the road

well-architected-review This repo intends to publish some scripts related to Well Architected Reviews. war.py extracts in txt & xlsx files all the WAR

Python + AWS Lambda Hands OnPython + AWS Lambda Hands On
Python + AWS Lambda Hands OnPython + AWS Lambda Hands On

Python + AWS Lambda Hands On Python Criada em 1990, por Guido Van Rossum. "Bala de prata" (quase). Muito utilizado em: Automatizações - Selenium, Beau

Automatically compile an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance frameworks.
Automatically compile an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance frameworks.

aws-allowlister Automatically compile an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance fr

SSH-Restricted deploys an SSH compliance rule (AWS Config) with auto-remediation via AWS Lambda if SSH access is public.
SSH-Restricted deploys an SSH compliance rule (AWS Config) with auto-remediation via AWS Lambda if SSH access is public.

SSH-Restricted SSH-Restricted deploys an SSH compliance rule with auto-remediation via AWS Lambda if SSH access is public. SSH-Auto-Restricted checks

AWS Auto Inventory allows you to quickly and easily generate inventory reports of your AWS resources.
AWS Auto Inventory allows you to quickly and easily generate inventory reports of your AWS resources.

Photo by Denny Müller on Unsplash AWS Automated Inventory ( aws-auto-inventory ) Automates creation of detailed inventories from AWS resources. Table

A suite of utilities for AWS Lambda Functions that makes tracing with AWS X-Ray, structured logging and creating custom metrics asynchronously easier

A suite of utilities for AWS Lambda Functions that makes tracing with AWS X-Ray, structured logging and creating custom metrics asynchronously easier

Comments
  • Change

    Change "Prefix Too Large" Behavior?

    I will need to gather some input from others on this. The idea is that instead of erroring out when an "invalid" prefix is specified, e.g.:

    $ aws-cidr-finder --profile myprofile --prefix 18
    Desired prefix (18) is incompatible with the available CIDR blocks!
    Encountered a CIDR whose prefix is 19, which is higher than 18. Offending CIDR: 172.31.96.0/19
    Run the command again without the --prefix argument to see the full list.
    

    ...the results list could just be scrubbed of any CIDRs that do not satisfy the criteria. For example, if the aws-cidr-finder command would return 172.0.0.0/20, 172.0.16.0/18, 172.45.0.0/32 and we specify --prefix 18, the only result would be 172.0.16.0/18 because that is the only returned CIDR that is large enough to have the desired prefix.

    enhancement 
    opened by cooperwalbrun 4
  • Fix find_subnet_holes

    Fix find_subnet_holes

    Currently, find_subnet_holes runs for an incredibly long time for certain inputs. I will rewrite the algorithm in this function (and fix its bugs at the same time).

    bug 
    opened by cooperwalbrun 0
Releases(v0.3.2)
Owner
Cooper Walbrun
Software engineer, AWS architect, creative writer. Lover of expressive (Scala) and innovative (Rust) languages. Everything-as-code advocate.
Cooper Walbrun
A Telegram Bot to generate permanent Stream and Download links for any Telegram file

Telegram File To Stream Link This bot will give you permanent Stream and Download links for Telegram files Deploy the Bot Press the below button to de

Shadow 80 Dec 16, 2022
A project in order to analyze user's favorite musics, artists and genre

Spotify-Wrapped This is a project about Spotify Wrapped (which is an extra option for premium accounts, but you don't need to be premium here) This pr

Hossein Mohseni 19 Jan 04, 2023
Ross Virtual Assistant is a programme which can play Music, search Wikipedia, open Websites and much more.

Ross-Virtual-Assistant Ross Virtual Assistant is a programme which can play Music, search Wikipedia, open Websites and much more. Installation Downloa

Jehan Patel 4 Nov 08, 2021
We have made you a wrapper you can't refuse

We have made you a wrapper you can't refuse We have a vibrant community of developers helping each other in our Telegram group. Join us! Stay tuned fo

20.6k Jan 04, 2023
OpenSea Python Bot coded purely in Python3.

OpenSea Python Bot coded purely in Python3. It utilises everything from OpenSea API to continuously monitor NFT's. It can be used to snipe or monitor if something falls below floor value.

OpenSea Elite Sniper 20 Dec 29, 2021
Ap lokit lokit

🎵 FANDA PROJECT 🎵 HAI AKU FANDA! Requirements 📝 FFmpeg NodeJS nodesource.com Python 3.8 or higher PyTgCalls MongoDB Get STRING_SESSION from below:

Fatur 2 Nov 18, 2021
A simple terminal UI for viewing fund P/L analysis through TEFAS

Tefas UI A simple terminal UI for viewing fund P/L analysis through TEFAS. Features (that my own bank's UI lack): Daily and weekly P/L FX comparisons

Batuhan Taskaya 4 Mar 14, 2022
Asynchronous RDP/VNC client for Python (GUI)

🚩 This is the public repository of aardwolf, for latest version and updates please consider supporting us through https://porchetta.industries/ AARDW

29 Dec 15, 2022
Unofficial Python API client for Notion.so

notion-py Unofficial Python 3 client for Notion.so API v3. Object-oriented interface (mapping database tables to Python classes/attributes) Automatic

Jamie Alexandre 3.9k Jan 03, 2023
Discord py bot that plays magic the gathering.

Klunker Discord py bot that can play magic the gathering Bug Hunter Hello Bug Hunters. To help out with production of this bot, we need help catching

Aiden Castillo 0 Apr 25, 2022
A tool for creating credentials for accessing S3 buckets

s3-credentials A tool for creating credentials for accessing S3 buckets For project background, see s3-credentials: a tool for creating credentials fo

Simon Willison 138 Jan 06, 2023
Surfline Forecast Bot For Python

Surfline Forecast Bot A telegram bot created using Telethon that allows users to

1 May 08, 2022
Simple Telegram webscrap bot

webscrap-bot Simple Telegram webscrap bot Configs TOKEN - Get bot token from @BotFather API_ID - From my.telegram.org API_HASH - From my.telegram.org

lokaman chendekar 10 Oct 21, 2022
通过GitHub的actions 自动采集节点 生成订阅信息

VmessActions 通过GitHub的actions 自动采集节点 自动生成订阅信息 订阅内容自动更新再仓库的 clash.yml 和 v2ray.txt 中 然后PC端/手机端根据自己的软件支持的格式,订阅对应的链接即可

skywolf627 372 Jan 04, 2023
Send GitHub Issues, PRs or Discussions Updates to Wechat

Send GitHub Issues, PRs or Discussions Updates to Wechat

Hollow Man 2 Jul 12, 2022
Exports saved posts and comments on Reddit to a csv file.

reddit-saved-to-csv Exports saved posts and comments on Reddit to a csv file. Columns: ID, Name, Subreddit, Type, URL, NoSFW ID: Starts from 1 and inc

70 Jan 02, 2023
A Telegram Message Manager Bot by @AbirHasan2005

Messages-Manager-Bot A Telegram Message Manager Bot by @AbirHasan2005. This Bot can delete specific type of messages from Group. I specially use for @

Abir Hasan 32 Nov 12, 2022
The fastest nuker on discord, Proxy support and more

About okuru nuker is a nuker for discord written in python, It uses methods such as threading and requests to ban faster and perform at higher speeds.

63 Dec 31, 2022
Graviti TensorBay Python SDK

TensorBay Python SDK is a python library to access TensorBay and manage your datasets. It provides: A pythonic way to access your

Graviti 72 Aug 22, 2022
A collection of scripts to steal BTC from Lightning Network enabled custodial services. Only for educational purpose! Share your findings only when design flaws are fixed.

Lightning Network Fee Siphoning Attack LN-fee-siphoning is a collection of scripts to subtract BTC from Lightning Network enabled custodial services b

Reckless_Satoshi 14 Oct 15, 2022