aws-cidr-finder 
Overview
aws-cidr-finder is a Python CLI tool which finds unused CIDR blocks (IPv4 only currently) in your AWS VPCs and outputs them to STDOUT. It is very simple, but can be quite useful for users who manage many subnets across one or more VPCs.
Use aws-cidr-finder -h to see command options.
An Example
It is easiest to see the value of this tool through an example. Pretend that we have the following VPC setup in AWS:
- A VPC whose CIDR is
172.31.0.0/16, with aNametag ofHello World - Six subnets in that VPC whose CIDRs are:
172.31.0.0/20172.31.16.0/20172.31.32.0/20172.31.48.0/20172.31.64.0/20172.31.80.0/20
aws-cidr-finder allows you to quickly compute the CIDRs that you still have available in the VPC without having to do a lot of annoying/tedious octet math. If we issue this command:
aws-cidr-finder --profile myprofile
We should see this output:
Here are the available CIDR blocks in the 'Hello World' VPC:
CIDR IP Count
--------------- ----------
172.31.96.0/19 8192
172.31.128.0/17 32768
Total 40960
You should notice that by default, aws-cidr-finder will automatically "simplify" the CIDRs by merging adjacent free CIDR blocks so that the resulting table shows the maximum contiguous space per CIDR (in other words, the resulting table has the fewest number of rows possible). This is why the result of the command displayed only two CIDRs: a /19 and a /17.
Note that the first CIDR is
/19instead of, for example,/18, because the/18CIDR would mathematically have to begin at IP address172.31.64.0, and that IP address is already taken by a subnet!
However, we can change this "simplification" behavior by specifying the --mask CLI flag:
aws-cidr-finder --profile myprofile --mask 20
Now, the expected output should look something like this:
Here are the available CIDR blocks in the 'Hello World' VPC:
CIDR IP Count
--------------- ----------
172.31.96.0/20 4096
172.31.112.0/20 4096
172.31.128.0/20 4096
172.31.144.0/20 4096
172.31.160.0/20 4096
172.31.176.0/20 4096
172.31.192.0/20 4096
172.31.208.0/20 4096
172.31.224.0/20 4096
172.31.240.0/20 4096
Total 40960
With the --mask argument, we can now query our available network space to our desired level of detail, as long as we do not specify a smaller mask than the largest mask in the original list. For example:
$ aws-cidr-finder --profile myprofile --mask 18
Desired mask (18) is incompatible with the available CIDR blocks!
Encountered a CIDR whose mask is 19, which is higher than 18. Offending CIDR: 172.31.96.0/19
Run the command again without the --masks argument to see the full list.
Installation
If you have Python >=3.10 and <4.0 installed, aws-cidr-finder can be installed from PyPI using something like
pip install aws-cidr-finder
Configuration
All that needs to be configured in order to use this CLI is an AWS profile or keypair. The former may be specified using the --profile argument on the CLI, while the keypair must be specified in environment variables. If both are available simultaneously, aws-cidr-finder will prefer the profile.
The environment variables for the keypair approach are AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY respectively.
You should also ensure that the profile/keypair you are using has the AWS IAM access needed to make the underlying API calls via Boto. Here is a minimal IAM policy document that fills this requirement:
{
"Effect": "Allow",
"Action": [
"ec2:DescribeVpcs",
"ec2:DescribeSubnets"
],
"Resource": "*"
}
Read more about the actions shown above here.
Contributing
See CONTRIBUTING.md for developer-oriented information.
2 Apr 7, 2022
1 Dec 7, 2021
5 Oct 7, 2022
4 Mar 18, 2022
8 Sep 9, 2022
189 Dec 8, 2022
30 Nov 8, 2022
123 Dec 26, 2022
1.9k Jan 7, 2023
80 Dec 16, 2022
19 Jan 04, 2023
4 Nov 08, 2021
20.6k Jan 04, 2023
20 Dec 29, 2021
2 Nov 18, 2021
4 Mar 14, 2022
29 Dec 15, 2022
3.9k Jan 03, 2023
0 Apr 25, 2022
138 Jan 06, 2023
1 May 08, 2022
10 Oct 21, 2022
372 Jan 04, 2023
2 Jul 12, 2022
70 Jan 02, 2023
32 Nov 12, 2022
63 Dec 31, 2022
72 Aug 22, 2022
14 Oct 15, 2022