| title | author | date |
|---|---|---|
find untagged and tagged resources across accounts |
hai tran |
06/10/2024 |
This repository provides a sample solution for finding both untagged and tagged resource acorss accounts by using AWS Resouce Explorer (ARE). It also automoate deploying a QuickSight dashboard for visualzing found resources. CloudFormation templates are provide for deploying:
- A Lambda function calling ARE to list all untagged and tagged resources
- A QuickSight dataset
- A QuickSight analysis
Before deploy this solution, you need to setup AWS Resource Explorer in the management account or a delegated administration account, and turn on multi-account search.
-
Already setup a S3 bucket for saving QuickSight manifest.json and found results from the Lambda function.
-
Already setup a QuickSight account and an user.
Below is the project structure:
|--template
|--cf-analysis.yaml
|--cf-dataset.yaml
|--cf-lambda.yaml
|--README.mdStep 1. Deploy the Lambda function
aws cloudformation create-stack \
--stack-name lambda-aws-resource-explorer-stack \
--template-body file://cf-lambda.yaml \
--parameters '[{"ParameterKey": "LambdaLayerArn", "ParameterValue": "<YOUR_LAMBDA_LAYER_ARN>"},{"ParameterKey":"S3BucketName","ParameterValue":"<YOUR_S3_BUCKET_NAME>"},{"ParameterKey":"AREViewArn","ParameterValue":"<YOUR_ARE_VIEW_ARN>"}]' \
--capabilities CAPABILITY_NAMED_IAMIMPORTANT: The resouce-explorer-2 client is not supported in boto3 and botocore 1.34.X and older version, so you need to add a Lambda layer with boto3 and botocore 1.35.29 or later. If AWS Lamdbda already use boto3 and botocore 1.35.29 or later, then you can skip setting the Lambda layer and YOUR_LAMBDA_LAYER_ARN.
Step 3. Create a QuickSight dataset
aws cloudformation create-stack \
--stack-name cfn-dataset \
--template-body file://cf-dataset.yaml \
--parameters '[{"ParameterKey": "QuickSightUserArn","ParameterValue": "<YOUR_QUICKSIGHT_USER_ARN>"},{"ParameterKey":"S3BucketName","ParameterValue":"<YOUR_S3_BUCKET>"},{"ParameterKey":"S3KeyName","ParameterValue":"quicksight/manifest.json"},{"ParameterKey":"DataSetIdentifier","ParameterValue":"<YOUR_DATASET_NAME>"}]' \
--capabilities CAPABILITY_NAMED_IAMStep 4. Create a QuickSight analysis
aws cloudformation create-stack \
--stack-name cfn--analysis \
--template-body file://cf-analysis.yaml \
--parameters '[{"ParameterKey":"QuickSightUserArn","ParameterValue":"<YOUR_QUICKSIGHT_USER_ARN>"},{"ParameterKey":"DataSetIdentifier","ParameterValue":"<YOUR_DATASET_NAME>"}]' \
--capabilities CAPABILITY_NAMED_IAM \