-
-
Notifications
You must be signed in to change notification settings - Fork 65
Home
This is a very simple version of my inventory script. It should help some hackers trying (like me) to understand how AWS environments work, and to check what resources you have used end created. AWS Config does the same but is $#!* expensive.
I will try to improve my script from times to times, to add more services, and may be to add features to inject results in some tools (to be defined).
First inspired from https://github.com/powerupcloud/AWSInventoryLambda but not forked because it has been too much modified. Then rewritten from scratch to be more pythonified.
The first version was a quick and dirty try, in order to understand how to get all kind of information about AWS resources with AWS Python SDK.
This will be is an improved version, with results interpretation and a file containing all inventory information (a json file).
This code is not designed to be invulnerable.
Take care when using cost explorer; even if all functions are read only (in AWS IAM), cost explorer is not free.
The policies included here are useful to call all needed services. But I didn't check yet if this is the minimal policy; it only includes list or read permissions, though.
You have two configuration files you need to run this script. The 1st is a list of the AWS regions (I mean: normal regions), and I guess there's no question about this one.
The next file is a AWS policy file, with all IAM rights you need to have to run the script. Remember: the less is the better in a IAM world. DO NOT provide full IAM administrative rights to any user until you know what you are doing, and NEVER connect or run scripts as root.
- A lot of compute services to add
- Use of Pagination for large inventories ==> done in most cases
- Multithreading (to speed it up)?
May be it will force to write one inventory file for each serviceIt works. Improve logging & displayingGenericitizing (glup)Add arguments