Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS regions #20

Open
cnet62 opened this issue Apr 9, 2019 · 6 comments
Open

AWS regions #20

cnet62 opened this issue Apr 9, 2019 · 6 comments

Comments

@cnet62
Copy link

cnet62 commented Apr 9, 2019

How can I limit the scan to a specific region ?

I’ve edited the aws-regions.json configuration to the us-east-1 region alone. However when I run a scan for s3 buckets the tool defaults to global region

Request advise
@janiko71
Copy link
Owner

Hi,
S3 is one of the lone services that are not "regionalized". As aws-inventory uses AWS standard APIs, there's no way to request buckets region by region: the API returns all the buckets that the user is allowed to access. Of course, there could be a filter within the script, after the API call, but in that case there would not add much value compared to a web console request, while the main purpose of this script was to be "worldwide" and to gather all resources through all the AWS regions.
Nevertheless, S3 is a very special service, and maybe a specific inventory might be useful, but separated from this global script. I will take a look.

@jardelmorais
Copy link

jardelmorais commented Jun 4, 2020
edited
Loading

Hi Janiko!

I am trying to run for the first time and I'm not a python developer, so sorry if my question is dumy, but lets go:

When I run i get the error: You must specify a region, and I didn't see the "aws-regions.json file...

Where I put the region and account information?

@janiko71
Copy link
Owner

janiko71 commented Jun 4, 2020

Hi,

To use this program, you need to have AWS CLI installed. See here: https://aws.amazon.com/cli/.
Then you need to configure AWS CLI, with a special AWS account with minimal rights (those in the inventory*.json files).
To do it : $ aws configure

Then test your AWS CLI in command line. Ex: aws s3 ls.

Regions are retrieved dynamically so you don't need to have a aws-regions.json as in the older versions of this script.

Let me know if it helps.

@jardelmorais
Copy link

Fine! Thank you so much, I will try this today

@guillemlc
Copy link

guillemlc commented Sep 10, 2021
edited
Loading

@jardelmorais did this work for you?

@janiko71 thanks for the script. I was hoping to find a place where I can set teh scope for regions ( I do not want it to try every region ) as a configuration parameter.

In AWS config I can set a default region. What would be interesting to do is to pass it an array. As in here:


nb_svc = 0
nb_units_todo = 0
nb_units_done = 0
regions = []
nb_regions = 0

in config.py , but to make it a configurable list of regions you want the inventory to be made of.

As a note, this is not a solution:

https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html

That sets a region per account. What if you manage more than one region per account?

Basically the default credentials, iterating over a list of regions would be perfect.

@janiko71
Copy link
Owner

Hi, I've added a 'regions' paramater in the DEV branch (git clone -b dev ... to get it).
To keep a coherent python syntax, it can be a single region or a list, with the same syntax as for services.
Ex : py inventory.py --regions us-east1 us-east-2 --services ec2 s3
You can test it. I'll pull it to the master branch after some tests.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@cnet62 @guillemlc @janiko71 @jardelmorais