Skip to content
/ aws-list-resources Public

Uses the AWS Cloud Control API to list resources that are present in a given AWS account and region(s). Discovered resources are written to a JSON result file.

License

AGPL-3.0 license
174 stars 35 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

welldone-cloud/aws-list-resources

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

46 Commits
doc
doc
 
 
.gitignore
.gitignore
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
aws_list_resources.py
aws_list_resources.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

aws-list-resources

Uses the AWS Cloud Control API to list resources that are present in a given AWS account and region(s). Discovered resources are written to a JSON result file. See example result file here.

Usage

Make sure you have AWS credentials configured for your target account. This can either be done using environment variables or by specifying a named profile in the optional --profile argument.

Ensure you run at least Python 3.10 (or newer) and install dependencies:

pip install -r requirements.txt

Example invocations:

python aws_list_resources.py --regions us-east-1,eu-central-1

python aws_list_resources.py --regions ALL

python aws_list_resources.py --regions ALL --include-resource-types AWS::EC2::*,AWS::DynamoDB::*

Supported arguments

--exclude-resource-types 
    Do not list the specified comma-separated resource types (supports wildcards).
--include-resource-types 
    Only list the specified comma-separated resource types (supports wildcards).
--only-store-counts 
    Only store resource counts instead of extended resource information.
--profile PROFILE
    Named AWS profile to use when running the command.
--regions REGIONS
    Comma-separated list of target AWS regions or 'ALL'.
--show-stats
    Show stats about collected resources at the end of the run. Can contain duplicates due to AWS returning the same resource information for multiple regions.

Notes

  • The script can only discover resources that are supported by the AWS Cloud Control API and offer support for the List operation: https://docs.aws.amazon.com/cloudcontrolapi/latest/userguide/supported-resources.html

  • The script filters out default resources that AWS provides in each account and that often cannot be modified or deleted. However, AWS may create new default resources any time that the script does not correctly filter yet. Please create an issue in case you notice missing filters.

Minimum IAM permissions required

The script requires read access to all AWS services you want to list resources for. As an example, if you want to list resources of the type AWS::EC2::*, you can grant permissions using the AWS-managed policy AmazonEC2ReadOnlyAccess. If you want to list any kind of resource type, you can use the AWS-managed policy ReadOnlyAccess. In any case, the following permissions are always required:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeRegions",
                "cloudformation:ListResources",
                "cloudformation:ListTypes"
            ],
            "Resource": "*"
        }
    ]
}

About

Uses the AWS Cloud Control API to list resources that are present in a given AWS account and region(s). Discovered resources are written to a JSON result file.

Resources

Readme

License

AGPL-3.0 license
Activity
Custom properties

Stars

174 stars

Watchers

6 watching

Forks

35 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages