aws-organization-ec2-list

command module

v0.0.0-...-3a26494 Latest Latest Go to latest Published: Jan 19, 2021 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/FlorianValery/aws-organization-ec2-list

Links

Open Source Insights

README ¶

aws-organization-ec2-list

Custom script that allows you to query all the EC2 instances within an AWS organization.

Requirements

In order to make the API calls in each account, you will need a role that your user can assume deployed at the organization level -- e.g. OrganizationEc2ReadRole. This role must have read permissions for EC2:

AWS Managed policy

arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess

Custom policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "ec2:Describe*",
            "Resource": "*"
        },
    ]
}

Additionally, this same role will need organization permissions in the master Organization account, so we are able to automatically retrieve all the accounts IDs within our Org. This will be useful as our organization might grow in the future. You can use the AWS managed policy:

arn:aws:iam::aws:policy/AWSOrganizationsReadOnlyAccess

Usage

Clone the repo locally

git clone https://github.com/FlorianValery/aws-organization-ec2-list.git

Update the config/default.json file with the proper region, master account ID and cross-accounts role that your user can assume

{
  "Region": "us-east-1",
  "OrganizationRole": "OrganizationEc2ReadRole",
  "MasterAccountID": "000000000000"
}

Export your AWS credentials using the CLI or tools like Awsume

awsume master-role

Build the script package and run it

go build -o app
./app

Output example in a csv file

Account Name,Account ID,Instance Name,Instance Size,Instance ID,Image ID,Platform,Private IP,State,Timestamp
account-prod,000000000000,awesome_app,t3.micro,i-00000000000000aa,ami-000000000000aa,linux,10.0.0.1,running,2021-01-18 00:00:00 +0000 UTC
account-prod,000000000000,awesome_app,t3.micro,i-11111111111111bb,ami-11111111111111bb,linux,10.100.0.0,running,2021-12-18 100:00:00 +0000 UTC
account-staging,111111111111,awesome_db,t3.micro,i-11111111111111cc,ami-11111111111111cc,linux,10.10.0.1,running,2021-01-18 00:00:00 +0000 UTC
[...]

This repo is used as the source code for this complete guide

Documentation ¶

Overview ¶

Cross account logic, forked from https://maori.geek.nz/assuming-roles-in-aws-with-go-aeeb28fab418

aws.go includes all the functions that make AWS API calls

Helper functions Includes handling error logic

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
config

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL