Skip to content

Home

Jump to bottom
Janiko edited this page Sep 24, 2021 · 17 revisions

Welcome to the aws-inventory wiki!

This is a very simple version of my inventory script. It should help some hackers trying (like me) to understand how AWS environments work, and to check what resources you have used end created. AWS Config does the same but is $#!* expensive.

I will try to improve my script from times to times, to add more services, and may be to add features to inject results in some tools (to be defined).

First inspired from https://github.com/powerupcloud/AWSInventoryLambda but not forked because it has been too much modified. Then rewritten from scratch to be more pythonified.

TESTERS: WANTED!

If you can use aws-inventory with services that are not tested yet (for budget reasons ;), you're help will be much appreciated! Contact me if you can test expensive services (by sending reports & bugs).

First version

The first version was a quick and dirty try, in order to understand how to get all kind of information about AWS resources with AWS Python SDK.

Second version

This will be is an improved version, with results interpretation and a file containing all inventory information (a json file).

What you need to know

This code is not designed to be invulnerable.

...and?

Take care when using cost explorer; even if all functions are read only (in AWS IAM), cost explorer is not free.

More about IAM?

The policies included here are useful to call all needed services. But I didn't check yet if this is the minimal policy; it only includes list or read permissions, though.

Configuration

You have two configuration files you need to run this script. The 1st is a list of the AWS regions (I mean: normal regions), and I guess there's no question about this one.

The next file is a AWS policy file, with all IAM rights you need to have to run the script. Remember: the less is the better in a IAM world. DO NOT provide full IAM administrative rights to any user until you know what you are doing, and NEVER connect or run scripts as root.

To do

  1. A lot of compute services to add
  2. Use of Pagination for large inventories ==> done in most cases
  3. Multithreading (to speed it up)? May be it will force to write one inventory file for each service It works.
  4. Improve logging & displaying
  5. Genericitizing (glup)
  6. Add arguments
Clone this wiki locally