A standalone SPA using the client side AWS JS SDK to get instance and reservation info for JIT comparison of running infrastructure
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
css
js
readme-assets/images
404.html
LICENSE
README.md
build.sh
crossdomain.xml
dev.html
humans.txt
index.html
main.css
main.js
robots.txt

README.md

AWSResco

Table of Contents


What

AWSResco is a standalone SPA using the client side AWS JS SDK to get instance and reservation info for JIT comparison of running infrastructure. This comparison provides a "Differential" value to the user to see where they are over or under allotted on their reservations.

The latest version is at: http://awsresco.s3-website-us-east-1.amazonaws.com/

Screenshot Example

img

Why?

In my time with working with AWS, the question of "Am I utilizing my reservations correctly?" has come up many times. AWS doesn't provide an interface, tool, or output that I am aware of that can provide this information in an easily consumable way. The closest tool AWS has is Reservation Utilization Reports which works well in some cases, mostly smaller organizations, but lacks granularity for others.

How it works

AWS Reservation Comparison (AWSResco) takes a look at AWS reservations for a given account and compares them against running infrastructure. It combines multiple reservation purchases of the same Instance Type, Availability Zone, Platform (windows or linux), and VPC (EC2-Classic or VPC) into a single object, then looks at all running instances and matches them with any reservation based on the same values.

This information is then presented to the user as:

  • The number of reservations of a given type, zone, platform, and vpc: Reservation Count
  • The number of running instances of a given type, zone, platform, and vpc: Running Instances
  • A differential, the number of reservations minus the number of running instances: Differential
  • The hard data on each reservation & running instance sets: Type, Zone, Windows, VPC, Runnings Ids, and Running Names

Security?

While AWSResco itself doesn't use HTTPS from S3 to the client's browser, all communication from the client's browser to AWS is over HTTPS. This means that your access and secret keys are never sent from your browser over anything other than HTTPS. This is enabled via http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Config.html#sslEnabled-property.

If you are worried about what the tool does with your keys, please feel free to review the code for any malicious usage. If you find anything concering, feel free to open an issue or pull request.

AWS IAM Policy for access

The policy you use for AWSResco should follow the least privilege access rules. In the case of AWSResco, the only access needed is for the the describeInstances and the describeReservedInstances API calls. The following is an example of the policy to use:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1452989493668",
      "Action": [
        "ec2:DescribeInstances",
        "ec2:DescribeReservedInstances"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

If you are using an IAM instance profile you need to use the (access key, secret key, token) tuple to authenticate. You can retrieve the values from the EC2 metadata API. First, find the name of your instance-profile:

curl http://169.254.169.254/latest/meta-data/iam/security-credentials/

Then, plug in the name at the end of the URL

curl http://169.254.169.254/latest/meta-data/iam/security-credentials/instance-profile

The resulting JSON will have the necessary credentials to utilize the site.

Gaps

Currently AWSResco does not take into account OfferingType, it assumes that only Heavy Utilization is being used as that was the original use case for the tool. There are plans to support all OfferingType variations - see Issue#3.

Development

  • Run with: python -m SimpleHTTPServer (or your favorite web server)
  • Navigate to: localhost:8000/dev.html (or your favorite web server's configuration)

Test

  • Manual process to test

Build

  • Run bash build.sh which will uglify css and javascript

Deploy

  • Manual process of pushing to S3

Build & Deploy Gaps

  • Changes to dev.html need to be copied to index.html at this time.
  • No publish scripts to get new version to S3.