aws-cidr-finder 
Overview
aws-cidr-finder is a Python CLI tool which finds unused CIDR blocks (IPv4 only currently) in your AWS VPCs and outputs them to STDOUT. It is very simple, but can be quite useful for users who manage many subnets across one or more VPCs.
Use aws-cidr-finder -h to see command options.
An Example
It is easiest to see the value of this tool through an example. Pretend that we have the following VPC setup in AWS:
- A VPC whose CIDR is
172.31.0.0/16, with aNametag ofHello World - Six subnets in that VPC whose CIDRs are:
172.31.0.0/20172.31.16.0/20172.31.32.0/20172.31.48.0/20172.31.64.0/20172.31.80.0/20
aws-cidr-finder allows you to quickly compute the CIDRs that you still have available in the VPC without having to do a lot of annoying/tedious octet math. If we issue this command:
aws-cidr-finder --profile myprofile
We should see this output:
Here are the available CIDR blocks in the 'Hello World' VPC:
CIDR IP Count
--------------- ----------
172.31.96.0/19 8192
172.31.128.0/17 32768
Total 40960
You should notice that by default, aws-cidr-finder will automatically "simplify" the CIDRs by merging adjacent free CIDR blocks so that the resulting table shows the maximum contiguous space per CIDR (in other words, the resulting table has the fewest number of rows possible). This is why the result of the command displayed only two CIDRs: a /19 and a /17.
Note that the first CIDR is
/19instead of, for example,/18, because the/18CIDR would mathematically have to begin at IP address172.31.64.0, and that IP address is already taken by a subnet!
However, we can change this "simplification" behavior by specifying the --mask CLI flag:
aws-cidr-finder --profile myprofile --mask 20
Now, the expected output should look something like this:
Here are the available CIDR blocks in the 'Hello World' VPC:
CIDR IP Count
--------------- ----------
172.31.96.0/20 4096
172.31.112.0/20 4096
172.31.128.0/20 4096
172.31.144.0/20 4096
172.31.160.0/20 4096
172.31.176.0/20 4096
172.31.192.0/20 4096
172.31.208.0/20 4096
172.31.224.0/20 4096
172.31.240.0/20 4096
Total 40960
With the --mask argument, we can now query our available network space to our desired level of detail, as long as we do not specify a smaller mask than the largest mask in the original list. For example:
$ aws-cidr-finder --profile myprofile --mask 18
Desired mask (18) is incompatible with the available CIDR blocks!
Encountered a CIDR whose mask is 19, which is higher than 18. Offending CIDR: 172.31.96.0/19
Run the command again without the --masks argument to see the full list.
Installation
If you have Python >=3.10 and <4.0 installed, aws-cidr-finder can be installed from PyPI using something like
pip install aws-cidr-finder
Configuration
All that needs to be configured in order to use this CLI is an AWS profile or keypair. The former may be specified using the --profile argument on the CLI, while the keypair must be specified in environment variables. If both are available simultaneously, aws-cidr-finder will prefer the profile.
The environment variables for the keypair approach are AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY respectively.
You should also ensure that the profile/keypair you are using has the AWS IAM access needed to make the underlying API calls via Boto. Here is a minimal IAM policy document that fills this requirement:
{
"Effect": "Allow",
"Action": [
"ec2:DescribeVpcs",
"ec2:DescribeSubnets"
],
"Resource": "*"
}
Read more about the actions shown above here.
Contributing
See CONTRIBUTING.md for developer-oriented information.
2 Apr 7, 2022
1 Dec 7, 2021
5 Oct 7, 2022
4 Mar 18, 2022
8 Sep 9, 2022
189 Dec 8, 2022
30 Nov 8, 2022
123 Dec 26, 2022
1.9k Jan 7, 2023
72 Aug 22, 2022
13 Jan 06, 2023
79 Dec 13, 2022
6.2k Dec 31, 2022
4 Oct 18, 2021
63 Dec 25, 2022
40 Jan 01, 2023
2 Apr 26, 2022
3 Feb 22, 2022
26 Aug 05, 2022
41 Jan 05, 2023
41 Nov 01, 2022
188 Jan 06, 2023
740 Dec 18, 2022
8 Sep 27, 2022
1 Nov 25, 2021
75 Jan 04, 2023
2 Mar 19, 2022
2 Nov 16, 2021
197 Dec 23, 2022