AWS将子网查询限制为单个子网ID

Question

我正试图在整个组织中自动创建VPC端点，我至少需要附加一个子网(AZ并不重要)，但我在将子网过滤到单个ID时遇到了一些困难。

import boto3
import json

def lambda_handler(event, context):
    ec2 = boto3.client('ec2')
    vpc = ec2.describe_vpcs()
    subnet = ec2.describe_subnets(
        Filters=[
            {
                'Name': 'availabilityZone',
                'Values':[
                    'us-east-1a',
                ],
                'Name': 'defaultForAz',
                'Values': [
                    'true',
                ]
            },
        ],
    )
    subs = subnet['Subnets']
    vpcs = vpc['Vpcs']

    for v in vpcs:
        ec2.create_vpc_endpoint(
            #DryRun=True,
            VpcEndpointType='Interface',
            VpcId=f"{v['VpcId']}",
            SubnetIds=[
                f"{subs['SubnetId']}",
            ],
            ServiceName='com.amazonaws.us-east-1.ssm',
            PrivateDnsEnabled=False
        )

我得到的错误是list indices must be integers or slices, not str

考虑到AWS boto3文档请求SubnetId值为“string”，我不确定如何纠正这个问题：

从AWS文档复制的

response = client.create_vpc_endpoint(
    DryRun=True|False,
    VpcEndpointType='Interface'|'Gateway'|'GatewayLoadBalancer',
    VpcId='string',
    ServiceName='string',
    PolicyDocument='string',
    RouteTableIds=[
        'string',
    ],
    SubnetIds=[
        'string',
    ],
    SecurityGroupIds=[
        'string',
    ],
    IpAddressType='ipv4'|'dualstack'|'ipv6',
    DnsOptions={
        'DnsRecordIpType': 'ipv4'|'dualstack'|'ipv6'|'service-defined'
    },
    ClientToken='string',
    PrivateDnsEnabled=True|False,
    TagSpecifications=[
        {
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-route-table'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-service'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ]
)

Answer 1

您将在这里传递一个完整的SubnetId字符串列表：

           SubnetIds=[
                f"{subs['SubnetId']}",
            ],

，但我在将子网过滤为单个ID时遇到一些困难

您有一个子网ID字符串的Python列表。如果您只想要列表中的一项，而不关心哪一项，那么只需引用列表中的第一项，就像其他Python列表一样：

           SubnetIds=[
                subs['SubnetId'][0],
            ],