NEW: aws inventory script using config as data source

This commit is contained in:
xpk 2023-08-24 08:41:14 +08:00
parent f7cd2a52f6
commit 94776e997f
Signed by: xpk
GPG Key ID: CD4FF6793F09AB86

11
aws/aws-inventory3.sh Executable file
View File

@ -0,0 +1,11 @@
#!/bin/bash
exclude_services=("AWS::AppConfig::DeploymentStrategy" "AWS::Athena::WorkGroup" "AWS::Cassandra::Keyspace" "AWS::CloudWatch::Alarm" "AWS::CodeDeploy::DeploymentConfig" "AWS::Config::ResourceCompliance" "AWS::EC2::DHCPOptions" "AWS::EC2::EC2Fleet" "AWS::EC2::LaunchTemplate" "AWS::EC2::NetworkAcl" "AWS::EC2::NetworkInsightsPath" "AWS::EC2::RouteTable" "AWS::EC2::SubnetRouteTableAssociation" "AWS::EventSchemas::Registry" "AWS::IAM::Policy" "AWS::RDS::DBSubnetGroup" "AWS::S3::AccountPublicAccessBlock" "AWS::Route53Resolver::ResolverRuleAssociation" "AWS::Route53Resolver::ResolverRule" "AWS::EC2::FlowLog" "AWS::Events::Rule" "AWS::SecretsManager::Secret" "AWS::SSM::PatchCompliance" "AWS::SSM::ManagedInstanceInventory" "AWS::SSM::AssociationCompliance" "AWS::IAM::Role" "AWS::RDS::DBSnapshot" "AWS::EC2::NetworkInterface" "AWS::Backup::RecoveryPoint" "AWS::Route53Resolver::ResolverRuleAssociation" "AWS::Events::EventBus" "AWS::GuardDuty::IPSet" "AWS::Config::ConfigurationRecorder" "AWS::Backup::BackupSelection" "AWS::KMS::Key" )
aws configservice get-discovered-resource-counts | jq -cr '.resourceCounts[] | .resourceType' | while read r; do
if [[ " ${exclude_services[@]} " =~ "${r}" ]]; then
continue
fi
echo "* $r"
aws configservice list-discovered-resources --resource-type $r | jq -cr '.resourceIdentifiers[] | .resourceId' | nl
done