Last active
April 30, 2024 17:40
-
-
Save reecestart/5d11d609fa4af1fd8b5cd0e4e05e25d7 to your computer and use it in GitHub Desktop.
Will print out RDS DB Instance DB Identifiers with their ENI and Private IP. Will only work if one SG is used per RDS DB (EDIT: Updated to work for DB Clusters e.g. Aurora Serverless)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| ec2_client = boto3.client('ec2') | |
| rds_client = boto3.client('rds') | |
| rdsNetworkInterfaces = ec2_client.describe_network_interfaces( | |
| Filters=[ | |
| { | |
| 'Name': 'attachment.instance-owner-id', | |
| 'Values': [ | |
| 'amazon-rds', | |
| ] | |
| }, | |
| ] | |
| ) | |
| rdsDBInstances = rds_client.describe_db_instances() | |
| for rds in rdsDBInstances['DBInstances']: | |
| for eni in rdsNetworkInterfaces['NetworkInterfaces']: | |
| vpcSecurityGroups = rds['VpcSecurityGroups'] | |
| groups = eni['Groups'] | |
| for vpcSecurityGroup in vpcSecurityGroups: | |
| for group in groups: | |
| if group['GroupId'] == vpcSecurityGroup['VpcSecurityGroupId']: | |
| print(rds['DBInstanceIdentifier'] + ' ' + eni['NetworkInterfaceId'] + ' ' + eni['PrivateIpAddress']) | |
| rdsNetworkInterfaces = ec2_client.describe_network_interfaces( | |
| Filters=[ | |
| { | |
| 'Name': 'attachment.instance-owner-id', | |
| 'Values': [ | |
| 'amazon-aws' | |
| ] | |
| }, | |
| ] | |
| ) | |
| rdsDBClusters = rds_client.describe_db_clusters() | |
| for rds in rdsDBClusters['DBClusters']: | |
| for eni in rdsNetworkInterfaces['NetworkInterfaces']: | |
| vpcSecurityGroups = rds['VpcSecurityGroups'] | |
| groups = eni['Groups'] | |
| for vpcSecurityGroup in vpcSecurityGroups: | |
| for group in groups: | |
| if group['GroupId'] == vpcSecurityGroup['VpcSecurityGroupId']: | |
| print(rds['DBClusterIdentifier'] + ' ' + eni['NetworkInterfaceId'] + ' ' + eni['PrivateIpAddress']) |
+1
Hey Reece, thanks for the solution.
In my environment I have multiple security groups attached to a single RDS instance. So I had to come up with something different.
The following code will work ONLY with RDS private instances (not publicly accessible), as I use the socket library to get the (private) address of the RDS instance. As output you get a dictionary (eniID:RDSInstanceName) printed to stdout, but if you uncomment the last few lines you'll add a tag on the eni showing who is the actual owner of the network interface.
import socket
import pprint
import boto3
ec2_client = boto3.client("ec2")
rds_client = boto3.client("rds")
rdsNetworkInterfaces = ec2_client.describe_network_interfaces(
Filters=[
{
"Name": "attachment.instance-owner-id",
"Values": [
"amazon-rds"
]
}
]
)
RDSInstances = rds_client.describe_db_instances()
endPointResolution = {}
for database in RDSInstances["DBInstances"]:
if not database["PubliclyAccessible"]:
RDSIdentifier = database["DBInstanceIdentifier"]
RDSEndpoint = database["Endpoint"]["Address"]
RDSPrivateIP = socket.gethostbyname(RDSEndpoint)
endPointResolution[RDSPrivateIP] = RDSIdentifier
eniToRDS = {}
for eni in rdsNetworkInterfaces["NetworkInterfaces"]:
eniID = eni["NetworkInterfaceId"]
eniPrivateIp = eni["PrivateIpAddress"]
eniToRDS[eniID] = endPointResolution[eniPrivateIp]
# I like to tag my RDS-managed network interfaces, but this is optional
# ec2_client.create_tags(Resources=[eniID], Tags=[{"Key": "managedBy",
# "Value": "rds-" + endPointResolution[eniPrivateIp]}])
pprint.pprint(eniToRDS)
oh this is just all kinds of amazing, thank you!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
+1