====== Virtual Private Cloud (VPC) ======

FIXME intro blurb on VPC, AZ, subnets, IG / NAT gateway

{{aws:st-setip_iot.png?300 |VPC with two AZ and subnets}}


===== Show unused Security Groups =====


<code bash>
#!/bin/bash

#Get all security groups and check against network interfaces thety are allocated to.
echo "" > security_groups.txt
for SG in
$(aws ec2 describe-security-groups --profile nonprod_admin | jq --raw-output '.[][] | [.GroupId, .GroupName, .Description ] | @csv')
do
echo $SG
#echo $SG | tee  security_groups.txt | cut -f1 -d | aws ec2 describe-network-interfaces --filters Name=group-id,Values=${SG} --profile nonprod_admin
done

# clean up temporary mess
rm security_groups.txt
</code>


===== Get subnets in VPC =====


<code>
$ aws ec2 describe-subnets | jq .Subnets.[].SubnetId
"subnet-1234abcdab7899876"
"subnet-12341bcd207959876"
</code>


===== IPv4 Regex =====


This works in Cloudformation to tempate the allowed digits in and IPv4 address. Not exhaustively tested.

<code>
"^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(22))$"
</code>

CF Template example:-
<code yaml>
  "Parameters": {
    "VPCCIDR": {
      "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(22))$",
      "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/22",
      "Default": "192.168.192.0/22",
      "Description": "CIDR block for VPC",
      "Type": "String"
    }
</code>


This may bea better example:- [[https://ihateregex.io/expr/ip/]]


===== IPv6 Regex =====

FIXME