Finding subnet IDs in AMS
Several resources require that you specify a subnet, or list of subnets, at configuration time. To find subnets, you can use either the AMS console or AMS SKMS API/CLI. Note that the AMS SKMS API/CLI is private and must be installed before you can use it.
AMS Console:
In the navigation pane, select VPCs and the relevant VPC. The VPC details page for the selected VPC opens with a table of subnets, click a subnet ID to open the details page and find the ID.
AMS SKMS API ListSubnetSummaries or CLI:
Note
The AMS CLI must be installed for these commands to work. To install the AMS API or CLI, go to the AMS console Developers Resources
page. For reference material on the AMS CM API or AMS SKMS API, see the AMS Information Resources section in the User Guide. You may need to add a --profile option for
authentication; for example, aws amsskms . You may also need to add the ams-cli-command --profile SAML--region option as all AMS
commands run out of us-east-1; for example aws amscm .ams-cli-command --region=us-east-1
Note
The AMS API/CLI (amscm and amsskms) endpoints are in the AWS N. Virginia Region, us-east-1. Depending on how your
authentication is set, and what AWS Region your account and resources are in, you may need to add --region us-east-1
when issuing commands. You may also need to add --profile saml, if that is your authentication method.
To find the subnets for your VPC, you can search with the list-subnet-summaries command as shown.
Note
If you're looking for subnets that are not in an AMS account, you can try aws ec2 describe-subnets --region us-west-2.
The SKMS API/CLI ListSubnetSummaries operation:
A simple list:
aws amsskms list-subnet-summariesOutput to a table:
aws amsskms list-subnet-summaries --output tableThe SKMS API ListSubnetSummaries operation has parameters to narrow the results based on visibility. In addition, you can Filter results based on name. If you're using the CLI, you can also use the
--queryoption to narrow the output or search on a portion of a value. For example, to find all of the subnets for a particular VPC, you can use this command:aws amsskms list-subnet-summaries --query "SubnetSummaries.sort_by(@,&Visibility.Name)[].[Visibility.Name,SubnetId,Name]" --output tableWhich returns something like this:
-------------------------------------------------------------------- | ListSubnetSummaries | +---------+------------ -------+---------------------------+ | Private| subnet-01234567890abcdef | Demo Deployment Zone #1 | | Private| subnet-01234567890abcdef | Demo Deployment Zone #1 | | Public | subnet-01234567890abcdef | Demo DMZ #1 | | Public | subnet-01234567890abcdef | Demo DMZ #1 | +---------+---------- ---------+---------------------------+For information about using CLI queries, see How to Filter the Output with the --query Option and the query language reference, JMESPath Specification
. If you have multiple VPCs, include a VPC filter in the command, and then run the command for each VPC. For example:
list-subnet-summaries --filter Attribute=VpcId,Value=vpc-xxxxxxxx --query "SubnetSummaries.sort_by(@,&Visibility.Name)[].[Visibility.Name,SubnetId,Name]" --output tableIn AWS, use describe-subnets.
For information about using CLI queries, see
How to Filter the Output with the --query Option and the query language reference, JMESPath Specification
Subnet names
Your AMS subnets are created automatically after input is gathered from you and added to the system. AMS uses a formula to create your subnet names:
AACCOUNT_ID-SUBNET-TYPE-AZ-IDENTIFIER.
The subnet type would be either dmz, shared-services, or customer-application.
Should you have more than one customer-application subnet, an optional identifier may be added to the subnet name,
after the account ID, to indicated that the subnet is an "additional" or "reserved" subnet.
