AWS Inventory Report

In a Nutshell

What will I learn?	In this tutorial we will generate a simple inventory report that shows AWS resources deployed in a specific account, broken down by category.
Difficulty

What you'll need

Software & Services

• Docker version 16.14 or above
• An AWS User or Role with read-only permissions to list the resources AWS IAM read-only
• An active AWSH from AWSH Intro with some AWS credentials loaded

Permissions & Access

AWS provide an existing ReadOnlyAccess IAM Policy that covers all of the permissions needed for this tutorial. You can simply attach this AWS provided IAM Policy to your existing IAM User, Group or Role

Screenshot: Attach Existing IAM Policy

Tutorial

In each of the examples below we will take advantage of several of the environment variables that are loaded and set when we activate a set of credentials in AWSH

In each of the examples below we will take advantage of several of the environment variables that are loaded and set when we activate a set of credentials in AWSH

AWSH❯

env | grep ^AWS_
AWS_ACCOUNT_ALIAS=dummy-account
AWS_DEFAULT_REGION=eu-central-1
AWS_SESSION_EXPIRATION=2022-11-28 16:05:01
AWS_SECRET_ACCESS_KEY=f3hfuss77fffdUToVx+T1iFNV+6tLgL3dUhCJY6jhPccRQW
AWS_ID_NAME=dummy-account/[email protected]
AWS_ACCOUNT_NUMBER=011111221051
AWS_ACCESS_KEY_ID=ASIAQO7RUGABCDEFYXLOK
AWS_TOKEN_EXPIRY=1669651501

We will use these environment variables to generate useful report names

This tutorial also makes use of one of the built-in commands available in AWSH awsh report-inventory which allows us to generate our output report in multiple formats. To find out more about all of the helper commands and utilities available in AWSH check out the full documentation here.

The report will generate at least two files within the current directory or in the specified directory for any of the specified formats:

• aws-inventory-report-global.>format<: Brings inventory information about AWS Global resources, such as: AWS Cloudtrail, IAM certificates, IAM roles, IAM users and more.
• aws-inventory-report-eu-west-1.>format<: Brings inventory information about AWS resources that are region based, such as: EC2, ACM, VPC, EBS, ECS and more.

Simple Format Report

• Create a simple text inventory report

  AWSH❯

  awsh report-inventory

• Here is a sample output generated from the inventory report (simple)

  AWS Inventory Report: Global Resources
  ================================================================================
  
  AWS Account              : AIDAV5ExampleCCT3C
  Created from AWS Region  : eu-west-1
  Created By               : arn:aws:iam::12345678:user/joe.dolan
  Created Date             : Thu Jan  5 15:17:26 UTC 2022
  
  IAM ROLE POLICY ATTACHMENTS
  
  RoleName                                             PolicyName                          PolicyArn
  ---------------------------------------------------  ----------------------------------  ---------------------------------------------------------------------------
  AWSReservedSSO_AdministratorAccess_bf057cae2e5c3eef  AdministratorAccess                 arn:aws:iam::aws:policy/AdministratorAccess
  AWSReservedSSO_ViewOnlyAccess_002e0e3abbe44533       ViewOnlyAccess                      arn:aws:iam::aws:policy/job-function/ViewOnlyAccess
  AWSServiceRoleForAutoScaling                         AutoScalingServiceRolePolicy        arn:aws:iam::aws:policy/aws-service-role/AutoScalingServiceRolePolicy
  AWSServiceRoleForOrganizations                       AWSOrganizationsServiceTrustPolicy  arn:aws:iam::aws:policy/aws-service-role/AWSOrganizationsServiceTrustPolicy
  AWSServiceRoleForSSO                                 AWSSSOServiceRolePolicy             arn:aws:iam::aws:policy/aws-service-role/AWSSSOServiceRolePolicy
  AWSServiceRoleForSupport                             AWSSupportServiceRolePolicy         arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy
  AWSServiceRoleForTrustedAdvisor                      AWSTrustedAdvisorServiceRolePolicy  arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy

Markdown Format Report

• Get the data from the AWS API using AWSH

  AWSH❯

  awsh report-inventory -f pipe

• The Markdown format report is plain text but can be converted into many other common formats (HTML, PDF, MS Word, etc). One of our favourite online converters is https://dillinger.io/ or the extensions available for Microsoft VS Code

Screenshot: Markdown Report

HTML Format Report

Styling your HTML

The generated HTML automatically includes the Bootstrap framework and can be styled using any compatible CSS

• Create an HTML header for our report

  AWSH❯

  awsh report-inventory -f html -d .

Now that you've had a look around why not check out the full documentation here.

Open Source

Did you know that both AWSH and BLOX are completely Open Source? That's right - the software is available free of charge, and we make some of our revenue by helping others install, use, and troubleshoot it. Take copy for yourself!

AWSH: Containerized tools with lightweight access to AWS CLI and APIs in mind.

BLOX: Containerized tools for engineering teams who need to work with AWS and IAC every day.