Skip to main content

AWS Inventory Report

In a Nutshell
What will I learn?In this tutorial we will generate a simple inventory report that shows AWS resources deployed in a specific account, broken down by category.

What you'll need

Software & Services

Permissions & Access

AWS provide an existing ReadOnlyAccess IAM Policy that covers all of the permissions needed for this tutorial. You can simply attach this AWS provided IAM Policy to your existing IAM User, Group or Role

Attach Existing IAM Policy
Screenshot: Attach Existing IAM Policy


In each of the examples below we will take advantage of several of the environment variables that are loaded and set when we activate a set of credentials in AWSH

In each of the examples below we will take advantage of several of the environment variables that are loaded and set when we activate a set of credentials in AWSH

env | grep ^AWS_
AWS_SESSION_EXPIRATION=2022-11-28 16:05:01
AWS_ID_NAME=dummy-account/[email protected]

We will use these environment variables to generate useful report names

This tutorial also makes use of one of the built-in commands available in AWSH awsh report-inventory which allows us to generate our output report in multiple formats. To find out more about all of the helper commands and utilities available in AWSH check out the full documentation here.

The report will generate at least two files within the current directory or in the specified directory for any of the specified formats:

  • aws-inventory-report-global.>format<: Brings inventory information about AWS Global resources, such as: AWS Cloudtrail, IAM certificates, IAM roles, IAM users and more.
  • aws-inventory-report-eu-west-1.>format<: Brings inventory information about AWS resources that are region based, such as: EC2, ACM, VPC, EBS, ECS and more.

Simple Format Report

  • Create a simple text inventory report

    awsh report-inventory
  • Here is a sample output generated from the inventory report (simple)

    AWS Inventory Report: Global Resources

    AWS Account : AIDAV5ExampleCCT3C
    Created from AWS Region : eu-west-1
    Created By : arn:aws:iam::12345678:user/joe.dolan
    Created Date : Thu Jan 5 15:17:26 UTC 2022


    RoleName PolicyName PolicyArn
    --------------------------------------------------- ---------------------------------- ---------------------------------------------------------------------------
    AWSReservedSSO_AdministratorAccess_bf057cae2e5c3eef AdministratorAccess arn:aws:iam::aws:policy/AdministratorAccess
    AWSReservedSSO_ViewOnlyAccess_002e0e3abbe44533 ViewOnlyAccess arn:aws:iam::aws:policy/job-function/ViewOnlyAccess
    AWSServiceRoleForAutoScaling AutoScalingServiceRolePolicy arn:aws:iam::aws:policy/aws-service-role/AutoScalingServiceRolePolicy
    AWSServiceRoleForOrganizations AWSOrganizationsServiceTrustPolicy arn:aws:iam::aws:policy/aws-service-role/AWSOrganizationsServiceTrustPolicy
    AWSServiceRoleForSSO AWSSSOServiceRolePolicy arn:aws:iam::aws:policy/aws-service-role/AWSSSOServiceRolePolicy
    AWSServiceRoleForSupport AWSSupportServiceRolePolicy arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy
    AWSServiceRoleForTrustedAdvisor AWSTrustedAdvisorServiceRolePolicy arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy

Markdown Format Report

  • Get the data from the AWS API using AWSH

    awsh report-inventory -f pipe
  • The Markdown format report is plain text but can be converted into many other common formats (HTML, PDF, MS Word, etc). One of our favourite online converters is or the extensions available for Microsoft VS Code

Markdown Report
Screenshot: Markdown Report

HTML Format Report

Styling your HTML

The generated HTML automatically includes the Bootstrap framework and can be styled using any compatible CSS

  • Create an HTML header for our report

    awsh report-inventory -f html -d .

Now that you've had a look around why not check out the full documentation here.

Open Source

Did you know that both AWSH and BLOX are completely Open Source? That's right - the software is available free of charge, and we make some of our revenue by helping others install, use, and troubleshoot it. Take copy for yourself!

AWSH: Containerized tools with lightweight access to AWS CLI and APIs in mind.
GitHub license Docker Pulls

BLOX: Containerized tools for engineering teams who need to work with AWS and IAC every day.
GitHub license Docker Pulls