How can I use boto3 to determine what subnet is private or public?

Question

I am currently checking route tables to determine which routes are public or private.

However, I'm wondering if there's a way to call a subnet or determine what subnet has network firewalls in it. This will enable to be more confident on to which subnet is private (since our private subnets are pointing to network firewalls) and to check those route tables with that subnet id.

I was thinking this would be a better option opposed to just checking all the route tables inside the vpc. Any advice or suggestions will help.

Is there a way to use ***describe_network_interfaces*** to achieve this solution well?

Answer

Hello. Please see if this helps. 'MapPublicIpOnLaunch' in the Response when describe_subnets() is called.

MapPublicIpOnLaunch has a true/false value and indicates whether instances launched in this subnet receive a public IPv4 address.

Refer: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2.html#EC2.Client.describe_subnets

Answer

Hi, there is not a direct command that returns if your subnet is either private or public. You can use for instance the [describe_subnets](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2.html#EC2.Client.describe_subnets) and get the subnet-id that the network firewall is using and the subnet-id that your instances are using and compare them. Another option can be: create a tag in your subnets where you identify subnets as private or public, and then with the same describe_subnets you can get tags and then know if these are private or public.

How can I use boto3 to determine what subnet is private or public?

관련 콘텐츠