Finding AWS Resources by IP Address

Included in AWS

2022-06-12 903 words 5 minutes

Contents

Finding EC2 Instances by IP Address

In the EC2 Console

In the AWS EC2 Management Console, you can search for EC2 instances using a private or public IP address. Filter by either Private IP address or Public IPv4 address in the search field:

Results after searching for an EC2 Instance with a private IP address.

Results after searching for an EC2 Instance with a public IP address.

Using the AWS CLI

The AWS CLI can be used to find EC2 instances by either private or public IP address.

Using a Private IP Address

To find EC2 instances by private IP address, the command looks like this (Replace --region with your region if it’s not set by default. Replace Values with the IP address):

1
aws ec2 describe-instances --region=us-west-1 --filter Name=private-ip-address,Values=10.0.0.1

Using a Public IP Address

To find EC2 instances by public IP address, the Name filter changes to ip-address but otherwise the command is the same as the one from above:

1
aws ec2 describe-instances --region=us-west-1 --filter Name=ip-address,Values=10.0.0.1

Specifying Multiple IP Addresses

For either of these commands, you can specify several IP addresses by adding them to the Values filter as such:

1
aws ec2 describe-instances --region=us-west-1 --filter Name=private-ip-address,Values=10.0.0.1,10.0.0.2,10.0.0.3

Example Output

The output for these commands will look something like this:

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
{
    "Reservations": [
        {
            "Groups": [],
            "Instances": [
                {
                    "AmiLaunchIndex": 0,
                    "ImageId": "ami-1234abcd",
                    "InstanceId": "i-001122334455abcd",
                    "InstanceType": "t3.micro",
                    "KeyName": "key-name",
                    "LaunchTime": "2022-01-01T00:00:00.000Z",
                    "Monitoring": {
                        "State": "enabled"
                    },
                    "Placement": {
                        "AvailabilityZone": "us-west-1a",
                        "GroupName": "",
                        "Tenancy": "default"
                    },
                    "PrivateDnsName": "ip-10-0-0-1.ec2.internal",
                    "PrivateIpAddress": "10.0.0.1",
                    "ProductCodes": [],
                    "PublicDnsName": "",
                    "State": {
                        "Code": 16,
                        "Name": "running"
                    },
                    "StateTransitionReason": "",
                    "SubnetId": "subnet-1234abcd",
                    "VpcId": "vpc-1234abcd",
                    "Architecture": "x86_64",
                    "BlockDeviceMappings": [
                        {
                            "DeviceName": "/dev/xvda",
                            "Ebs": {
                                "AttachTime": "2022-01-01T00:00:00.000Z",
                                "DeleteOnTermination": true,
                                "Status": "attached",
                                "VolumeId": "vol-012345abcdef"
                            }
                        }
                    ],
                    "ClientToken": "00000000",
                    "EbsOptimized": false,
                    "Hypervisor": "xen",
                    "IamInstanceProfile": {
                        "Arn": "arn:aws:iam::0000000000",
                        "Id": "ABCDEF12345"
                    },
                    "NetworkInterfaces": [
                        {
                            "Attachment": {
                                "AttachTime": "2022-00-00T00:00:00.000Z",
                                "AttachmentId": "eni-attach-abcd1234",
                                "DeleteOnTermination": true,
                                "DeviceIndex": 0,
                                "Status": "attached",
                                "NetworkCardIndex": 0
                            },
                            "Description": "",
                            "Groups": [
                                {
                                    "GroupName": "security-group-1",
                                    "GroupId": "sg-abc123"
                                },
                                {
                                    "GroupName": "security-group-2",
                                    "GroupId": "sg-def456"
                                }
                            ],
                            "Ipv6Addresses": [],
                            "MacAddress": "aa:00:bb:22:cc:33",
                            "NetworkInterfaceId": "eni-abcd1234",
                            "OwnerId": "112233445566",
                            "PrivateDnsName": "ip-10-0-0-1.ec2.internal",
                            "PrivateIpAddress": "10.0.0.1",
                            "PrivateIpAddresses": [
                                {
                                    "Primary": true,
                                    "PrivateDnsName": "ip-10-0-0-1.ec2.internal",
                                    "PrivateIpAddress": "10.0.0.1"
                                }
                            ],
                            "SourceDestCheck": true,
                            "Status": "in-use",
                            "SubnetId": "subnet-abcd1234",
                            "VpcId": "vpc-abcd1234",
                            "InterfaceType": "interface"
                        }
                    ],
                    "RootDeviceName": "/dev/xvda",
                    "RootDeviceType": "ebs",
                    "SecurityGroups": [
                        {
                            "GroupName": "security-group-1",
                            "GroupId": "sg-123abc"
                        },
                        {
                            "GroupName": "security-group-2",
                            "GroupId": "sg-456def"
                        }
                    ],
                    "SourceDestCheck": true,
                    "Tags": [

                        {
                            "Key": "App",
                            "Value": "Testing App"
                        }
                    ],
                    "VirtualizationType": "hvm",
                    "CpuOptions": {
                        "CoreCount": 1,
                        "ThreadsPerCore": 2
                    },
                    "CapacityReservationSpecification": {
                        "CapacityReservationPreference": "open"
                    },
                    "HibernationOptions": {
                        "Configured": false
                    },
                    "MetadataOptions": {
                        "State": "applied",
                        "HttpTokens": "optional",
                        "HttpPutResponseHopLimit": 1,
                        "HttpEndpoint": "enabled",
                        "HttpProtocolIpv6": "disabled",
                        "InstanceMetadataTags": "disabled"
                    },
                    "EnclaveOptions": {
                        "Enabled": false
                    },
                    "PlatformDetails": "Linux/UNIX",
                    "UsageOperation": "RunInstances",
                    "UsageOperationUpdateTime": "2022-01-01T00:00:00.000Z",
                    "PrivateDnsNameOptions": {},
                    "MaintenanceOptions": {
                        "AutoRecovery": "default"
                    }
                }
            ],
            "OwnerId": "112233445566",
            "RequesterId": "112233445566",
            "ReservationId": "r-012345abcdef"
        }
    ]
}

Finding Other Resources by IP Address

In the AWS Console

To identify other AWS resources (such as Lambdas) based on IP address, you can search for the corresponding ENI. In the AWS Console, browse to the EC2 console and click on Network Interfaces on the left hand side. Then search by “Primary private IPv4 address” (or “Public IPv4 address” if you want to search by a public IP address).

Results after searching for Elastic Network Interface using a private IP address

You can then poke around through the ENI details to figure out what resource is associated with the IP address.

Using the AWS CLI

This can also be done using the AWS CLI with the following command, replacing --region and Values as needed:

1
aws ec2 describe-network-interfaces --region=us-west-1 --filters Name=addresses.private-ip-address,Values=10.0.0.1

Here’s what the output looks like

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
{
    "NetworkInterfaces": [
        {
            "Attachment": {
                "AttachmentId": "ela-attach-12345abcde",
                "DeleteOnTermination": false,
                "DeviceIndex": 1,
                "InstanceOwnerId": "amazon-aws",
                "Status": "attached"
            },
            "AvailabilityZone": "us-west-1a",
            "Description": "Test AWS Lambda",
            "Groups": [
                {
                    "GroupName": "test-group",
                    "GroupId": "sg-01234abcde"
                }
            ],
            "InterfaceType": "lambda",
            "Ipv6Addresses": [],
            "MacAddress": "00:aa:11:bb:22:cc",
            "NetworkInterfaceId": "eni-012345abcdef",
            "OwnerId": "112233445566",
            "PrivateDnsName": "ip-10-0-0-1.ec2.internal",
            "PrivateIpAddress": "10.0.0.1",
            "PrivateIpAddresses": [
                {
                    "Primary": true,
                    "PrivateDnsName": "ip-10-0-0-1.ec2.internal",
                    "PrivateIpAddress": "10.0.0.1"
                }
            ],
            "RequesterId": "AAABBBCCCDDDEEEFFF:112233445566",
            "RequesterManaged": false,
            "SourceDestCheck": true,
            "Status": "in-use",
            "SubnetId": "subnet-1234abcd",
            "TagSet": [
                {
                    "Key": "App",
                    "Value": "Lambda Test"
                }
            ],
            "VpcId": "vpc-1234abcd"
        }
    ]
}

Check the value of InterfaceType for clues as to what resource is using the ENI. In this case, it’s a Lambda function.

References

Thanks to this Serverfault post for information regarding EC2 Instances: https://serverfault.com/questions/710931/is-it-possible-to-get-aws-ec2-instance-id-based-on-its-ip-address

Thanks to this AWS support page for the information regarding ENIs: How can I find the resource that owns the unknown IP addresses in my Amazon VPC?