查询AWS中共享VPC的目的账户
[英]Query destination account to which a VPC is shared in AWS
问题描述
In AWS, I have a centralized.networking account that defines all the VPCs and su.nets.
在 AWS 中,我有一个定义所有 VPC 和 su.net 的 centralized.networking 帐户。 And each VPC is shared with target accounts using Resource Access Manager (RAM).每个 VPC 都使用资源访问管理器 (RAM) 与目标帐户共享。 Given an IP, need to find out the target account ID with which the VPC/su.net has been shared with.给定一个 IP,需要找出共享 VPC/su.net 的目标账户 ID。 Here is what I have done so far:这是我到目前为止所做的:
In the code below, vpc parameter contains the vpc lookup response and and ip_addr is the IP address we are looking for在下面的代码中, vpc参数包含 vpc 查找响应,而ip_addr是我们要查找的 IP 地址
def lookup_ipaddr (session, ec2_client, vpc, ip_addr):
found = False
if (ipaddress.ip_address(ip_addr) in ipaddress.ip_network(vpc['CidrBlock'])):
filters = [{'Name':'vpc-id', 'Values':[ vpc['VpcId'] ]}]
subnets = ec2_client.describe_subnets( Filters = filters )['Subnets']
for subnet in subnets:
if (ipaddress.ip_address(ip_addr) in ipaddress.ip_network(subnet['CidrBlock'])):
found = True
tags = subnet['Tags']
# tags returned by previous api is in different form than that required by RAM
for tag in tags:
tag['tagKey'] = tag['Key']
tag['tagValues'] = [tag['Value']]
del tag['Key']
del tag['Value']
print("\n\n")
print (tags)
print("\n\n")
resourceArn = subnet['SubnetArn']
ram_client = session.client('ram')
resp = ram_client.get_resource_shares (resourceOwner = 'SELF', tagFilters=tags)
However the API call get_resource_shares doesn't return any response (except Response Metadata).但是 API 调用get_resource_shares不返回任何响应(响应元数据除外)。 Any suggestion on how to find out the destination account ID/Principal with which the su.net was shared?关于如何找出与 su.net 共享的目标帐户 ID/Principal 的任何建议?
1 个解决方案
解决方案1
0 已采纳 2022-04-03 18:32:18
After a bit of digging, I was able to obtain the destination account id by using list_principals api of AWS Resource Access Manager (RAM): https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ram.html#RAM.Client.list_principals经过一番挖掘,我能够使用 AWS Resource Access Manager (RAM) 的list_principals api 获取目标账户 ID: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ ram.html#RAM.Client.list_principals
Here is the full python code:这是完整的 python 代码:
def lookup_ipaddr (session, ec2_client, vpc, ip_addr):
found = False
filters = [{'Name':'vpc-id', 'Values':[ vpc['VpcId'] ]}]
subnets = ec2_client.describe_subnets( Filters = filters )['Subnets']
for subnet in subnets:
if (ipaddress.ip_address(ip_addr) in ipaddress.ip_network(subnet['CidrBlock'])):
resourceArn = subnet['SubnetArn']
ram_client = session.client('ram')
resp = ram_client.list_principals(
resourceOwner = 'SELF',
resourceArn = resourceArn
)
print(f"Subnet {subnet['SubnetId']} is shared with account [{resp['principals'][0]['id']}]")
found = True
break
return found
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.