No, I know, I really should hide this sort of one-liner awfulness on a private wiki somewhere, but right now, I don't have one set up, so it'll have to live here...

Anyway, requirements: find all subnets across regions for an AWS account, and update the ones which automatically assign an IPv4 address to new instances, and update that to not do so.

Lovely hacky one-liner solution:

for region in `aws ec2 describe-regions --output text | cut -f3` ; do aws ec2 describe-subnets --region ${region} | jq -r '.Subnets[] | select(.MapPublicIpOnLaunch==true) | .SubnetId = "aws ec2 modify-subnet-attribute --subnet-id \(.SubnetId) --no-map-public-ip-on-launch --region=\(.AvailabilityZone[:-1])" | .SubnetId' ; done

The observant amongst you will notice that this only outputs the "aws ec2 modify-subnet-attribute" commands, but I'm fine with reading over what is about to be done, and then copy-pasta-ing the commands back into a terminal to run them.