{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:ListUsers", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:ListUserPolicies", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:ListAttachedUserPolicies", "Resource": "*" } ] }Update 20171217: I just created a new PR with a couple of fixes:
* Lambda functions must finalize within a short period of time and therefore the amount of snapshots should be an external environment variable. * Reserved IP addresses might not be in use in which case we should show the instance id as empty, otherwise we get an exception.How difficult is to audit your AWS Cloud Infrastructure?
Instances, volumes, snapshots, RDS, security groups, elastic IPs and beyond. A single report to get all the invaluable information that will keep you informed to make critical and quick decisions.
The guys from powerupcloud shared an initial script in their blog which they put in github. I forked it and after some tweaks found it so useful that I decided to ask the author for a pull request. The new Lambda Function:
* Adds support for environment variables * Adds security groups listing * Removes hardcoded and non generic names * Corrects some comments * Retrieves the ownerId instead of hardcoding it * Adds the description for volumes for clearer identification * Lists the Elastic IPs with the instanceId the are assigned to for clearer identification * Has a TODO ;-: Naming conventions should be establishedHere is a quick start:
- Create IAM role | Name:Inventory; Role Type: AWSLambda; Policy: EC2ReadOnly, AmazonS3FullAccess, AmazonRDSReadOnlyAccess
- Create S3 bucket | Name: YourInventoryS3Name
- Create Lambda | Name: YourInventoryLambda; Description: Extracts the AWS Inventory; Runtime: Python; Role: Inventory; Timeout: 3 min; environment variables: SES_SMTP_USER, SES_SMTP_PASSWORD, S3_INVENTORY_BUCKET, MAIL_FROM, MAIL_TO
- Schedule the Lambda: Select Lambda | Trigger | Add Trigger | CloudWatch Events - Schedule | Rule Name: InventorySchedulerRule; Rule Description: Inventory Scheduler Rule; Schedule Expression: cron(0 14 ? * FRI *) if you want it to run every Friday at 9AM ET| Enable Trigger | Submit
- Verify the domain: SES | Manage Entities | Verify a New Domain ; yourdomain.com
- Follow the instructions. To complete the verification you must add several TXT/CNAME records to your domain's DNS settings
- Verify email addresses: SES | hit the domain | Verify a New Email Address | Confirm from email
- After getting confirmation go to SES | SMTP Settings | Create my SMTP Credentials | Provide a username like ‘anyusername’ for example and Amazon will show you the credentials (SMTP Username and SMTP Password). Keep them in safe place. You can also download them. This is the last time AWS will share them with you.
4 comments:
Hi, the script works perfectly, I am looking to get RDS DB Snapshot list within the script, but I could not able to make it... do you have any to list the RDS DB Snapshot to CSV format?
Thanks
@Prabhu, I recommend you fork the project in github and add support for RDS DB snapshots. The reason is not there is because nobody using the script is using such resource.
I tried executing the query and got the
"Calling the Invoke API failed with message: Network Error"
@Sabareesh, I recommend you post your issue in the github project. A network issue though sounds like some local issues to me though.
Post a Comment