Skip to content

Commit

Permalink
fix: get subnet_ids from all interfaces on an EC2 instance (#8500)
Browse files Browse the repository at this point in the history
  • Loading branch information
@paladin-dranser
paladin-dranser committed Apr 19, 2023
1 parent 338b6f5 commit 62283f2
Show file tree
Hide file tree
Showing 11 changed files with 2,391 additions and 3 deletions.
4 changes: 2 additions & 2 deletions c7n/filters/vpc.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,10 +97,10 @@ def match(self, related):
def process(self, resources, event=None):
related = self.get_related(resources)
if self.check_igw in [True, False]:
self.route_tables = self.get_route_tables(related)
self.route_tables = self.get_route_tables()
return [r for r in resources if self.process_resource(r, related)]

def get_route_tables(self, subnets):
def get_route_tables(self):
rmanager = self.manager.get_resource_manager('aws.route-table')
route_tables = {}
for r in rmanager.resources():
Expand Down
2 changes: 1 addition & 1 deletion c7n/resources/ec2.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,7 @@ class SecurityGroupFilter(net_filters.SecurityGroupFilter):
@filters.register('subnet')
class SubnetFilter(net_filters.SubnetFilter):

RelatedIdsExpression = "SubnetId"
RelatedIdsExpression = "NetworkInterfaces[].SubnetId"


@filters.register('vpc')
Expand Down
960 changes: 960 additions & 0 deletions tests/data/placebo/ec2_igw_subnet/ec2.DescribeInstances_1.json
View file

Large diffs are not rendered by default.

132 changes: 132 additions & 0 deletions tests/data/placebo/ec2_igw_subnet/ec2.DescribeRouteTables_1.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,132 @@
{
"status_code": 200,
"data": {
"RouteTables": [
{
"Associations": [
{
"Main": true,
"RouteTableAssociationId": "rtbassoc-0b43dc648fee5290c",
"RouteTableId": "rtb-0ec6756e539873794",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-0ec6756e539873794",
"Routes": [
{
"DestinationCidrBlock": "10.0.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
}
],
"Tags": [],
"VpcId": "vpc-06a22444b7946ea01",
"OwnerId": "644160558196"
},
{
"Associations": [
{
"Main": true,
"RouteTableAssociationId": "rtbassoc-27e73d56",
"RouteTableId": "rtb-75bad00b",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-75bad00b",
"Routes": [
{
"DestinationCidrBlock": "172.31.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
},
{
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": "igw-b394c6c8",
"Origin": "CreateRoute",
"State": "active"
}
],
"Tags": [],
"VpcId": "vpc-330ae54e",
"OwnerId": "644160558196"
},
{
"Associations": [
{
"Main": false,
"RouteTableAssociationId": "rtbassoc-0dbbe4eb7b82da103",
"RouteTableId": "rtb-0ce1e28a01f647d5a",
"SubnetId": "subnet-00a7ff0f29a2f7dd7",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-0ce1e28a01f647d5a",
"Routes": [
{
"DestinationCidrBlock": "10.0.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
}
],
"Tags": [
{
"Key": "Name",
"Value": "private"
}
],
"VpcId": "vpc-06a22444b7946ea01",
"OwnerId": "644160558196"
},
{
"Associations": [
{
"Main": false,
"RouteTableAssociationId": "rtbassoc-0a1406fe54d107160",
"RouteTableId": "rtb-093c0ae5ab7524554",
"SubnetId": "subnet-02e1a5b426e2b16a9",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-093c0ae5ab7524554",
"Routes": [
{
"DestinationCidrBlock": "10.0.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
},
{
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": "igw-0186e33a1d5903db5",
"Origin": "CreateRoute",
"State": "active"
}
],
"Tags": [
{
"Key": "Name",
"Value": "public"
}
],
"VpcId": "vpc-06a22444b7946ea01",
"OwnerId": "644160558196"
}
],
"ResponseMetadata": {}
}
}
66 changes: 66 additions & 0 deletions tests/data/placebo/ec2_igw_subnet/ec2.DescribeSubnets_1.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
{
"status_code": 200,
"data": {
"Subnets": [
{
"AvailabilityZone": "us-east-1a",
"AvailabilityZoneId": "use1-az2",
"AvailableIpAddressCount": 246,
"CidrBlock": "10.0.1.0/24",
"DefaultForAz": false,
"MapPublicIpOnLaunch": false,
"MapCustomerOwnedIpOnLaunch": false,
"State": "available",
"SubnetId": "subnet-00a7ff0f29a2f7dd7",
"VpcId": "vpc-06a22444b7946ea01",
"OwnerId": "644160558196",
"AssignIpv6AddressOnCreation": false,
"Ipv6CidrBlockAssociationSet": [],
"Tags": [
{
"Key": "Name",
"Value": "private"
}
],
"SubnetArn": "arn:aws:ec2:us-east-1:644160558196:subnet/subnet-00a7ff0f29a2f7dd7",
"EnableDns64": false,
"Ipv6Native": false,
"PrivateDnsNameOptionsOnLaunch": {
"HostnameType": "ip-name",
"EnableResourceNameDnsARecord": false,
"EnableResourceNameDnsAAAARecord": false
}
},
{
"AvailabilityZone": "us-east-1a",
"AvailabilityZoneId": "use1-az2",
"AvailableIpAddressCount": 248,
"CidrBlock": "10.0.2.0/24",
"DefaultForAz": false,
"MapPublicIpOnLaunch": false,
"MapCustomerOwnedIpOnLaunch": false,
"State": "available",
"SubnetId": "subnet-02e1a5b426e2b16a9",
"VpcId": "vpc-06a22444b7946ea01",
"OwnerId": "644160558196",
"AssignIpv6AddressOnCreation": false,
"Ipv6CidrBlockAssociationSet": [],
"Tags": [
{
"Key": "Name",
"Value": "public"
}
],
"SubnetArn": "arn:aws:ec2:us-east-1:644160558196:subnet/subnet-02e1a5b426e2b16a9",
"EnableDns64": false,
"Ipv6Native": false,
"PrivateDnsNameOptionsOnLaunch": {
"HostnameType": "ip-name",
"EnableResourceNameDnsARecord": false,
"EnableResourceNameDnsAAAARecord": false
}
}
],
"ResponseMetadata": {}
}
}
7 changes: 7 additions & 0 deletions tests/data/placebo/ec2_igw_subnet/ec2.DescribeTags_1.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{
"status_code": 200,
"data": {
"Tags": [],
"ResponseMetadata": {}
}
}
12 changes: 12 additions & 0 deletions tests/terraform/ec2_igw_subnet/datasources.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
data "aws_ami" "amazon_linux" {
most_recent = true

owners = ["amazon"]

filter {
name = "name"
values = [
"amzn-ami-hvm-*-x86_64-gp2",
]
}
}
94 changes: 94 additions & 0 deletions tests/terraform/ec2_igw_subnet/main.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
resource "aws_instance" "public_auto_assigned" {
ami = data.aws_ami.amazon_linux.id
instance_type = "t2.micro"
subnet_id = aws_subnet.public.id
associate_public_ip_address = true
}

resource "aws_instance" "private_auto_assigned" {
ami = data.aws_ami.amazon_linux.id
instance_type = "t2.micro"
subnet_id = aws_subnet.private.id
associate_public_ip_address = false
}

resource "aws_instance" "public_primary_interface" {
ami = data.aws_ami.amazon_linux.id
instance_type = "t2.micro"

network_interface {
delete_on_termination = false
device_index = 0
network_interface_id = aws_network_interface.public_primary_interface_public.id
}

network_interface {
delete_on_termination = false
device_index = 1
network_interface_id = aws_network_interface.public_primary_interface_private.id
}
}

resource "aws_network_interface" "public_primary_interface_public" {
subnet_id = aws_subnet.public.id
security_groups = [aws_security_group.this.id, ]
}

resource "aws_network_interface" "public_primary_interface_private" {
subnet_id = aws_subnet.private.id
security_groups = [aws_security_group.this.id, ]
}

resource "aws_instance" "public_secondary_interface" {
ami = data.aws_ami.amazon_linux.id
instance_type = "t2.micro"

network_interface {
delete_on_termination = false
device_index = 0
network_interface_id = aws_network_interface.public_secondary_interface_private.id
}

network_interface {
delete_on_termination = false
device_index = 1
network_interface_id = aws_network_interface.public_secondary_interface_public.id
}
}

resource "aws_network_interface" "public_secondary_interface_public" {
subnet_id = aws_subnet.public.id
security_groups = [aws_security_group.this.id, ]
}

resource "aws_network_interface" "public_secondary_interface_private" {
subnet_id = aws_subnet.private.id
security_groups = [aws_security_group.this.id, ]
}

resource "aws_instance" "private_interfacies_only" {
ami = data.aws_ami.amazon_linux.id
instance_type = "t2.micro"

network_interface {
delete_on_termination = false
device_index = 0
network_interface_id = aws_network_interface.private_interfacies_only_1.id
}

network_interface {
delete_on_termination = false
device_index = 1
network_interface_id = aws_network_interface.private_interfacies_only_2.id
}
}

resource "aws_network_interface" "private_interfacies_only_1" {
subnet_id = aws_subnet.private.id
security_groups = [aws_security_group.this.id, ]
}

resource "aws_network_interface" "private_interfacies_only_2" {
subnet_id = aws_subnet.private.id
security_groups = [aws_security_group.this.id, ]
}

0 comments on commit 62283f2

Please sign in to comment.