I am auditing security groups and right now my task is to find ENIs with no public IP addresses with inbound security group rules that reference public IP addresses.
I have code that iterates over ENIs and looks at the Security Groups attached to each one and I'm hoping to recycle that. Here's that code:
used_sgs = {}
enis = ec2_conn.get_all_network_interfaces()
for eni in enis:
eni_sgs = eni.groups
for sg in eni_sgs:
sgn = sg.name
if sgn not in used_sgs:
used_sgs[sgn] = 0
used_sgs[sgn]+=1
Is there an attribute I can sniff to see if an ENI has a public IP? Or do I have to take some other route (iterate over instances, or grab the ENI attachment, or something else)?
Aucun commentaire:
Enregistrer un commentaire