AWS regions

Question

AWS regions

cnet62 opened this issue 5 years ago · comments

How can I limit the scan to a specific region ?

I’ve edited the aws-regions.json configuration to the us-east-1 region alone. However when I run a scan for s3 buckets the tool defaults to global region

Request advise

janiko71 · Answer 1 · Wed Apr 10 2019 22:32:16 GMT+0800 (China Standard Time)

Hi,
S3 is one of the lone services that are not "regionalized". As aws-inventory uses AWS standard APIs, there's no way to request buckets region by region: the API returns all the buckets that the user is allowed to access. Of course, there could be a filter within the script, after the API call, but in that case there would not add much value compared to a web console request, while the main purpose of this script was to be "worldwide" and to gather all resources through all the AWS regions.
Nevertheless, S3 is a very special service, and maybe a specific inventory might be useful, but separated from this global script. I will take a look.

Jardel Morais · Answer 2 · Thu Jun 04 2020 12:00:05 GMT+0800 (China Standard Time)

Hi Janiko!

I am trying to run for the first time and I'm not a python developer, so sorry if my question is dumy, but lets go:

When I run i get the error: You must specify a region, and I didn't see the "aws-regions.json file...

Where I put the region and account information?

janiko71 · Answer 3 · Thu Jun 04 2020 16:59:19 GMT+0800 (China Standard Time)

Hi,

To use this program, you need to have AWS CLI installed. See here: https://aws.amazon.com/cli/.
Then you need to configure AWS CLI, with a special AWS account with minimal rights (those in the inventory*.json files).
To do it : $ aws configure

Then test your AWS CLI in command line. Ex: aws s3 ls.

Regions are retrieved dynamically so you don't need to have a aws-regions.json as in the older versions of this script.

Let me know if it helps.

Jardel Morais · Answer 4 · Thu Jun 04 2020 21:18:48 GMT+0800 (China Standard Time)

Fine! Thank you so much, I will try this today

Guillem Liarte · Answer 5 · Fri Sep 10 2021 17:15:20 GMT+0800 (China Standard Time)

@jardelmorais did this work for you?

@janiko71 thanks for the script. I was hoping to find a place where I can set teh scope for regions ( I do not want it to try every region ) as a configuration parameter.

In AWS config I can set a default region. What would be interesting to do is to pass it an array. As in here:


nb_svc = 0
nb_units_todo = 0
nb_units_done = 0
regions = []
nb_regions = 0

in config.py , but to make it a configurable list of regions you want the inventory to be made of.

As a note, this is not a solution:

https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html

That sets a region per account. What if you manage more than one region per account?

Basically the default credentials, iterating over a list of regions would be perfect.

janiko71 · Answer 6 · Fri Sep 24 2021 17:40:28 GMT+0800 (China Standard Time)

Hi, I've added a 'regions' paramater in the DEV branch (git clone -b dev ... to get it).
To keep a coherent python syntax, it can be a single region or a list, with the same syntax as for services.
Ex : py inventory.py --regions us-east1 us-east-2 --services ec2 s3
You can test it. I'll pull it to the master branch after some tests.