I'm trying to programatically set the routes that a vpn should push to clients, one of the main ones being the VPC network. Is there a way to get the VPC CIDR block from within my vpn instance?
Asked
Active
Viewed 1,997 times
1
-
By "within my vpn instance", do you mean you have an EC2 instance running within your VPC, and you'd like to be able programmatically discover the CIDR range(s) of that VPC, from that EC2 instance? – Castaglia Apr 29 '16 at 22:14
-
@Castaglia yes that's right – c4urself May 01 '16 at 05:08
2 Answers
7
You can get the VPC CIDR block by doing e.g.
$ metadata="http://169.254.169.254/latest/meta-data"
$ mac=$(curl -s $metadata/network/interfaces/macs/ | head -n1 | tr -d '/')
$ cidr=$(curl -s $metadata/network/interfaces/macs/$mac/vpc-ipv4-cidr-block/)
Jukka
- 686
- 3
- 4
0
Sure, use awscli, boto, or your favorite language's AWS API.
First, use the EC2 metadata service to get the instance ID. With that information, you can get the VPC for the instance, and then from the VPC ID, you can get the CIDR range.
These steps obviously need to be run from the instance itself, so you'll need to assign an Instance Role to the server with appropriate IAM privileges to read the above data.
EEAA
- 108,414
- 18
- 172
- 242