Dumps to CSV all the resources in an organization's member accounts

Last update: Dec 24, 2021

Overview

AWS Org Inventory

Dumps to CSV all the resources in an organization's member accounts.

Set your environment's AWS_PROFILE and AWS_DEFAULT_REGION variables.

The AWS_PROFILE should be configured to use a role in the organization management account that can assume OrganizationAccountAccessRole in the member accounts.

Redirect the dumper's output to save the file.

The dumper uses Botocove to query each member account.

Why?

This tool fills in the gaps in AWS Config's inventory.

Sadly AWS Config supports only a subset of all the resource types you may have.

AWS Config's organization aggregators are great, but they may not update instantly with new resources.

Installation

The package is published to PyPy as aws-org-inventory, so you can install it with pip or anything equivalent.

pip install aws-org-inventory

Basic example

Configure environment:

export AWS_PROFILE=OrgMgmtRole
export AWS_DEFAULT_REGION=eu-west-1

Dump inventory of CloudWatch log groups:

aws-org-inventory logs describe_log_groups logGroups

Dump inventory of support cases:

aws-org-inventory support describe_cases cases

Dump inventory of EC2 key pairs:

aws-org-inventory ec2 describe_key_pairs KeyPairs

Try doing those with AWS Config!

General use

To derive arguments for other use cases, check the boto service documentation.

The value passed to the boto3.client method that would instantiate a client for the service is parameter 1.

Find the method of that client that lists or describes the resource type that you want to dump.

The name of the method is parameter 2.

Find in the method's response syntax the top-level key for the list of objects.

The name of the key is parameter 3.

Error output

On stderr you will always see a summary of the botocove result and any exceptions. These exceptions may reveal problems such as an incorrect command invocation, a misconfigured AWS account, or a bug in the program (feel free to report those!)

If Botocove fails to get a session for an account, it will output the ID to stderr like this.

Invalid session Account IDs as list: ['111111111111']

That account's resources will not be included in the main output.

Development

Use Poetry to build and push a new version to PyPI.

poetry build
poetry publish

TODO

TODO: query multiple regions (see aws-boto-multiregion-client for example)

TODO: ensure that org management account is included in results

TODO: give example of how to use AwsOrgInventory class in other applications

TODO: improve CLI

TODO: Use boto's service model to automate the parameters given a resource type

TODO: improve error handling

Comments

Fix PyPI package description

"The author of this package has not provided a project description."

I think I can fix it with the readme option.

https://github.com/python-poetry/poetry/issues/1979

https://python-poetry.org/docs/pyproject/#readme

opened by iainelder 1
Bump ipython from 7.28.0 to 7.31.1
Bumps ipython from 7.28.0 to 7.31.1.

Commits

e321e76 release 7.31.1

67ca2b3 Merge pull request from GHSA-pq7m-3gw7-gq5x

2794330 back to dev

be343e7 release 7.31.0

0fcf2c4 Merge pull request #13428 from meeseeksmachine/auto-backport-of-pr-13427-on-7.x

b8db9b1 Backport PR #13427: wn 731

7f253dc Merge pull request #13412 from bnavigator/backport-inspect

4f26796 fix xxlimited_35 import name

77ca4a6 don't run nose-based iptest on py310, only pytest

533e509 back to decorator skip

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Define a config file format
Support configuration for multiple organizations.

Each organization should have a:

user-defined label

management account profile

list of regions

list of organizations units (OUs) to exclude
opened by iainelder 0
Include organization management account in results

botocove by default returns results from member accounts, but not the organization management account.

You can pass a list of account IDs instead.

This might work, but it feel like it's duplicate what botocove already does internally.

Contact the botocove maintainers to see if we can update the tool to return results for the management account.

opened by iainelder 0

Derive transformation from boto model

services = boto3.Session().get_available_services()

def get_shape(service, method):

    meta = boto3.client(service).meta
    api = meta.method_to_api_mapping[method]
    output_shape = meta.service_model.operation_model(api).output_shape
    key = next(k for k, v in output_shape.members.items())
    return output_shape.members[key]

See boto-multiregion-client

Build a table of: key, list / or scalar for top key, scalar or dict for members of list

opened by iainelder 0

Improve compatibility with csvsql

Using aws-org-inventory version 0.2.0.

cases.csv was created using this command:

poetry run aws-org-inventory support describe_cases cases > cases.csv

$ csvsql --snifflimit 0 --query 'SELECT 1 FROM cases' -- cases.csv
/home/isme/.local/pipx/venvs/csvkit/lib/python3.8/site-packages/agate/utils.py:276: UnnamedColumnWarning: Column 0 has no name. Using "a".
OperationalError: (sqlite3.OperationalError) duplicate column name: status
[SQL: 
CREATE TABLE cases (
	a FLOAT, 
	"Id" FLOAT, 
	"Arn" VARCHAR, 
	"Email" VARCHAR, 
	"Name" VARCHAR, 
	"Status" VARCHAR, 
	"AssumeRoleSuccess" BOOLEAN, 
	"caseId" VARCHAR, 
	"displayId" FLOAT, 
	subject VARCHAR, 
	status VARCHAR, 
	"serviceCode" VARCHAR, 
	"categoryCode" VARCHAR, 
	"severityCode" VARCHAR, 
	"submittedBy" VARCHAR, 
	"timeCreated" TIMESTAMP, 
	"recentCommunications" VARCHAR, 
	"ccEmailAddresses" VARCHAR, 
	language VARCHAR, 
	CHECK ("AssumeRoleSuccess" IN (0, 1))
)

]
(Background on this error at: http://sqlalche.me/e/13/e3q8)

Several issues to fix here (maybe split them out):

Avoid duplicate column names by removing less-useful columns added by botocove (Arn, Email, Name, Status) so that only Id remains
Rename Id column to InventoryAccountId (not just AccountId because it may still clash with stack set APIs)
Remove or replace the unnamed index column (this forced me to use snifflimit)
- replace with AccountId and Id of resource (may be hard to determine resource Id in the general case)
- can you have a data frame without an index, or at least hide it on export?
- replace with a monotonically increasing id

opened by iainelder 0

Releases(v0.5.2.post1)

v0.5.2.post1(Mar 19, 2022)

Source code(tar.gz)
Source code(zip)
v0.5.2(Mar 15, 2022)

Source code(tar.gz)
Source code(zip)
v0.5.1(Mar 15, 2022)

Source code(tar.gz)
Source code(zip)

Owner

Iain Samuel McLean Elder

AWS Certified Solutions Architect. Freelance consultant.

GitHub Repository

OpenSea Python Bot coded purely in Python3.

OpenSea Python Bot coded purely in Python3. It utilises everything from OpenSea API to continuously monitor NFT's. It can be used to snipe or monitor if something falls below floor value.

20 Dec 29, 2021

Easy to use phishing tool with 63 website templates. Author is not responsible for any misuse.

PyPhisher [+] Created By KasRoudra [+] Description : Ultimate phishing tool in python. Includes popular websites like facebook, twitter, instagram, gi

1.1k Jan 01, 2023

A project that automatically sends you a Medium article on a topic of your choosing to your email address daily.

Daily Article from Medium ✏️ About A project that automatically sends you a Medium article on a topic of your choosing to your email address daily. No

2 Apr 27, 2022

Unofficial instagram API, give you access to ALL instagram features (like, follow, upload photo and video and etc)! Write on python.

Instagram-API-python Unofficial Instagram API to give you access to ALL Instagram features (like, follow, upload photo and video, etc)! Written in Pyt

1 Nov 19, 2021

Filters to block and remove copycat-websites from DuckDuckGo and Google. Specific to dev websites like StackOverflow or GitHub.

uBlock-Origin-dev-filter Filters to block and remove copycat-websites from DuckDuckGo and Google. Specific to dev websites like StackOverflow or GitHu

1.7k Dec 30, 2022

Reverse engineered connection to the TradingView ticker in Python

Tradingview-ticker Reverse engineered connection to the TradingView ticker in Python. Makes a websocket connection to the Tradeview website and receiv

20 Dec 02, 2022

BSDotPy, A module to get a bombsquad player's account data.

BSDotPy BSDotPy, A module to get a bombsquad player's account data from bombsquad's servers. Badges Provided By: shields.io Acknowledgements Issues Pu

3 Feb 17, 2022

Efetuar teste de automação usando linguagem gherkin

🚀 Teste-de-Automação - QA---CI-T 🚀 Descrição • Primeira Parte • Segunda Parte • Terceira Parte Contributors Descrição Efetuamos testes de automação

6 Dec 07, 2021

This is a simple bot for running Python code through Discord

Python Code Runner Discord Bot This is a simple bot for running Python code through Discord. It was originally developed for the Beginner.Codes Discor

1 Feb 14, 2022

A repo containing toolings and software useful for a DevOps Engineer

DevOps-Tooling A repo containing toolings and software useful for a DevOps Engineer (or if you're setting up your Mac from the beginning) Currently se

45 Dec 12, 2022

Self-adjusting, auto-compounding multi-pair DCA crypto trading bot using Python, AWS Lambda & 3Commas API

Self-adjusting, auto-compounding multi-pair DCA crypto trading bot using Python, AWS Lambda & 3Commas API The following code describes how we can leve

21 Dec 07, 2022

An Unofficial TikTok API Wrapper In Python

This is an unofficial api wrapper for TikTok.com in python. With this api you are able to call most trending and fetch specific user information as well as much more.

2.9k Jan 08, 2023

Send SMS text messages via email with as many accounts as you want :)

SMS-Spammer Send SMS text messages via email with as many accounts as you want :) Example Set Up Guide! To start log into the gmail account you would

10 Oct 25, 2022

Rhythm bot clone for discord written in Python and uses YouTube to get media files.

Tunebot About Rhythm bot clone for discord written in Python and uses YouTube to get media files. Usage You need a .env file within the same directory

1 Oct 21, 2021

Automatically download any NFT collection from OpenSea.

OpenSea NFT Stealer The sole purpose of this script is to download any NFT collection from OpenSea. How does it work? Basically, the OpenSea website a

111 Dec 29, 2022

IBD Style Relative Strength Percentile Ranking of Stocks (i.e. 0-100 Score).

relative-strength IBD Style Relative Strength Percentile Ranking of Stocks (i.e. 0-100 Score). I also made a TradingView indicator, but it cannot give

57 Jan 06, 2023

Python wrapper for CoWin API's

Cowin Tracker Python API wrapper for CoWin, India's digital platform launched by the government to help citizens register themselves for the vaccinati

43 Jun 11, 2022

API which uses discord+mojang api to scrape NameMC searches/droptime/dropping status of minecraft names, and texture links

2 Dec 22, 2021

AWS CloudSaga - Simulate security events in AWS

AWS CloudSaga - Simulate security events in AWS AWS CloudSaga is for customers to test security controls and alerts within their Amazon Web Services (

325 Dec 01, 2022

AWS Blog post code for running feature-extraction on images using AWS Batch and Cloud Development Kit (CDK).

Batch processing with AWS Batch and CDK Welcome This repository demostrates provisioning the necessary infrastructure for running a job on AWS Batch u

7 Oct 18, 2022