AWS Infrastructure Inventory Discovery Blog

Streamline Your AWS Inventory with Automated Discovery and Reporting

Managing resources across multiple AWS accounts and regions can be a daunting task, especially as your cloud infrastructure grows. To simplify this process, I have developed an AWS Inventory Discovery tool that scans all your AWS accounts across all regions and compiles a comprehensive, searchable HTML report. In this blog, I'll walk you through the features, benefits, and the technical details of this solution.

Introduction

As organizations scale their use of AWS, keeping track of resources scattered across various accounts and regions becomes increasingly challenging. Manual inventory management is not only time-consuming but also prone to errors. This is where the AWS Inventory Discovery tool comes in.

Features

  • Comprehensive Scanning: The tool scans all your AWS accounts across all regions, ensuring no resource is left unaccounted for.
  • Detailed Reporting: Generates a detailed HTML report that lists all discovered resources, including their ARNs and regions.
  • Searchable Interface: The HTML report includes a search functionality, making it easy to find specific resources quickly.
  • Visual Representation: Includes pie charts to provide a visual summary of your resources, helping you quickly understand the distribution of resources across various dimensions.
  • User-Friendly: The generated report is easy to navigate, allowing users to drill down into resource details with just a few clicks.

Benefits

  • Improved Visibility: Gain a clear overview of all your AWS resources across accounts and regions.
  • Time Savings: Automate the discovery process, freeing up time for your team to focus on more critical tasks.
  • Error Reduction: Minimize the risk of overlooking resources or making mistakes in manual inventories.
  • Enhanced Security: Quickly identify and manage resources to ensure compliance with security policies and best practices.

How It Works

Prerequisites

Before you begin, ensure you have the following set up:

  • AWS CLI: Install the AWS Command Line Interface (CLI).
    • pip install awscli
  • AWS Credentials: Export your AWS profile or access keys and secrets, and specify the region.
    • export AWS_PROFILE=your-aws-profile
# Or
export AWS_ACCESS_KEY_ID=your-access-key-id
export AWS_SECRET_ACCESS_KEY=your-secret-access-key
export AWS_DEFAULT_REGION=your-default-region

Bash Script

    #!/bin/bash

# Ensure AWS CLI is installed
if ! command -v aws &> /dev/null
then
    echo "AWS CLI could not be found. Please install it before proceeding."
    exit
fi

# Set AWS credentials and region
export AWS_PROFILE=your-aws-profile
# Or
export AWS_ACCESS_KEY_ID=your-access-key-id
export AWS_SECRET_ACCESS_KEY=your-secret-access-key
export AWS_DEFAULT_REGION=your-default-region

#!/bin/bash

# Script Name: aws_inventory_discovery.sh
# Author: Praveen HA
# Description: This script automates the discovery of AWS resources across multiple accounts and regions and generates a detailed HTML report.

# Ensure AWS CLI is installed
AccountID=""
regions=$(aws ec2 describe-regions --query "Regions[].RegionName" --output text)
#regions=(ap-south-1 eu-north-1  eu-west-3  eu-west-1  ap-northeast-3  ap-northeast-2  ap-northeast-1  ca-central-1  sa-east-1   ap-southeast-1  ap-southeast-2  eu-central-1  us-east-1  us-east-2  us-west-1  us-west-2 )

# Initialize arrays to store data
declare -a summary_data=()
declare -a detailed_data=()

# Fetch resources from all regions
for region in $regions; do
    # Fetch resource ARNs and process them
    data=$(aws --region $region resourcegroupstaggingapi get-resources | jq -r '.ResourceTagMappingList[].ResourceARN' | \
    awk -v region=$region -F '[:/]' '
        {
            resourceType = "unknown"
            if ($3 == "s3") {
                resourceType = "bucket"
            } else if ($3 == "sns") {
                resourceType = "topic"
            } else {
                resourceType = $6  
            }

            # Construct a unique key for each service-resource pair
            pair = $3 ":" resourceType
            count[pair]++
        }
        END {
            for (pair in count) {
                split(pair, s, ":")  # Split the pair back into service and resource
                service = s[1]
                resource = s[2]
                print "{\"service\":\"" service "\", \"resource\":\"" resource "\", \"count\":" count[pair] "}"
            }
        }
    ')

    # Append to summary_data
    summary_data+=($data)

    # Fetch detailed resource information
    detailed_info=$(aws resourcegroupstaggingapi get-resources --region $region | jq -r --arg region $region '.ResourceTagMappingList[] | {Resource_Arn: .ResourceARN, Region: ($region // "Global"), Detailed_Service: (.ResourceARN | split(":")[2])}')

    # Append to detailed_data
    detailed_data+=($detailed_info)
done

# Process summary data
summary_json=$(printf "%s\n" "${summary_data[@]}" | jq -s 'group_by(.service, .resource) | map({service: .[0].service, resource: .[0].resource, count: map(.count) | add})')
total_resources=$(echo "$summary_json" | jq 'map(.count) | add')

# Process detailed data
detailed_json=$(printf "%s\n" "${detailed_data[@]}" | jq -s .)

# Generate HTML
cat < index.html



    
    
    AWS Resources
    


    
    AWS Resources for Account ID: $AccountID
    
    
    Total Resources: $total_resources
    
    
    
    
        
            
    
                Service
                Resource
                Count
            
    
            
        
        
    
    

    
    Detailed AWS Resources
    
    
    
    
        
            
    
                Resource ARN
                Region
                Detailed Service
            
    
            
        
        
    
    

    
    
        
    
    

    
    


EOF

Generating the Report

Once the tool completes the scan, it generates an HTML report in the output directory. The report includes a search bar for quickly locating resources by their ARNs or regions and pie charts to visualize the distribution of resources.

Example Report

Here’s a glimpse of what the generated report looks like:

Example Report

Use Cases

  • Audit and Compliance: Ensure that all resources are accounted for during audits.
  • Cost Management: Identify unused or underutilized resources to optimize costs.
  • Security Review: Regularly review your resources to ensure they comply with your security standards.

Conclusion

The AWS Inventory Discovery tool is a powerful solution for managing AWS resources across multiple accounts and regions. By automating the discovery process, providing a detailed, searchable report, and including visual summaries with pie charts, this tool helps organizations save time, reduce errors, and maintain better control over their cloud infrastructure.

Clone the AWS Inventory Discovery tool and get started today!

Comments

Post a Comment

Popular posts from this blog

AWS CLI Get Security Group ID with Name.[ wild card support] Bash Script

  Hi guys, If you are wondering How can I get the ID of an AWS security group if I know the name? Here is the solution. Get the Security ID with the wild card Name. #!/bin/bash #Author Praveen SearchString=<*YourSearchString*> # Note : wild cards supported for VPCS in `aws ec2 --output text --query 'Vpcs[*].{VpcId:VpcId}' describe-vpcs` ; do aws ec2 describe-security-groups --filter Name=vpc-id,Values=$VPCS Name=group-name,Values=$searchstring --query 'SecurityGroups[*].[GroupId]' --output text done 2. With the above solution we can automate the other tasks. eg: add tags to security groups. for VPCS in `aws ec2 --output text --query 'Vpcs[*].{VpcId:VpcId}' describe-vpcs` ; do echo " Tagging Search String Created Security Groups" aws ec2 describe-security-groups --filter Name=vpc-id,Values=$VPCS Name=group- name,Values=$searchstring --query 'SecurityGroups[*].[GroupId]' --output text | xargs - I {} aws ...
Read more

AWS CLI Get Security Group ID with Name. Python Boto3 [ wild card support] Python Boto3

 """ Author Praveen This Simple Boto Script will list the AWS  security group with name provide [ Wildcard supported] """ import boto3 AWS_REGION = "us-west-2" fullauth = boto3.session.Session(profile_name='<YourProfile>') ec2 = fullauth.client('ec2' , region_name=AWS_REGION) group_name = '*<YourSearchString>' response = ec2.describe_security_groups(     Filters=[         dict(Name='group-name', Values=[group_name])     ] ) for securityGroup in response['SecurityGroups']:    print("SG ID: {}, Name: {}".format(securityGroup['GroupId'], securityGroup['GroupName'])) #This will list Security Group Name along with Security Group ID     print("SG ID: {}".format(securityGroup['GroupId'])) # This will List Only Security Group IDS
Read more

AMI Age Calculator of Running AWS EC2 Instances and Generate CSV Report

#!/bin/bash # Initialize variables with default values ACCOUNTID="<Your AccountID>" REGION="<Your Region>" OUTPUT_CSV="$ACCOUNTID-$REGION-ami_age_report.csv" # Define the CSV file name rm -rf $OUTPUT_CSV # Parse command line options while getopts "a:b:" option; do case $option in a) ACCOUNTID=${OPTARG} ;; b) REGION=${OPTARG} ;; *) echo "usage: $0 [-a ACCOUNTID] [-b REGION]" >&2 exit 1 ;; esac done # List instances and AMI IDs in the specified region instances_json=$(aws ec2 describe-instances --region "$REGION" --query 'Reservations[*].Instances[*].[InstanceId,ImageId]' --output json) # For local # Get the current timestamp current_time=$(date -u +%s) # Initialize the CSV file with headers echo "AccountID,Region,InstanceID,AMIID,AMIAge (months)" > "$OUTPUT_CSV" # Iterate through instances and append to the CSV file for row in $(echo "$insta...
Read more