forked from lacework-dev/scripts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlw_aws_inventory.sh
executable file
·129 lines (107 loc) · 3.33 KB
/
lw_aws_inventory.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
#!/bin/bash
# Script to fetch AWS inventory for Lacework sizing.
# Requirements: awscli, jq
# You can specify a profile with the -p flag, or get JSON output with the -j flag.
# Note that the script takes a while to run in large accounts with many resources.
AWS_PROFILE=default
# Usage: ./lw_aws_inventory.sh
while getopts ":jp:" opt; do
case ${opt} in
p )
AWS_PROFILE=$OPTARG
;;
j )
JSON="true"
;;
\? )
echo "Usage: ./lw_aws_inventory.sh [-p profile] [-j]" 1>&2
exit 1
;;
: )
echo "Usage: ./lw_aws_inventory.sh [-p profile] [-j]" 1>&2
exit 1
;;
esac
done
shift $((OPTIND -1))
# Set the initial counts to zero.
EC2_INSTANCES=0
RDS_INSTANCES=0
REDSHIFT_CLUSTERS=0
ELB_V1=0
ELB_V2=0
NAT_GATEWAYS=0
function getRegions {
aws --profile $AWS_PROFILE ec2 describe-regions --output json | jq -r '.[] | .[] | .RegionName'
}
function getInstances {
region=$1
aws --profile $AWS_PROFILE ec2 describe-instances --query 'Reservations[*].Instances[*].[InstanceId]' --region $r --output json --no-paginate | jq 'flatten | length'
}
function getRDSInstances {
region=$1
aws --profile $AWS_PROFILE rds describe-db-instances --region $r --output json --no-paginate | jq '.DBInstances | length'
}
function getRedshift {
region=$1
aws --profile $AWS_PROFILE redshift describe-clusters --region $r --output json --no-paginate | jq '.Clusters | length'
}
function getElbv1 {
region=$1
aws --profile $AWS_PROFILE elb describe-load-balancers --region $r --output json --no-paginate | jq '.LoadBalancerDescriptions | length'
}
function getElbv2 {
region=$1
aws --profile $AWS_PROFILE elbv2 describe-load-balancers --region $r --output json --no-paginate | jq '.LoadBalancers | length'
}
function getNatGateways {
region=$1
aws --profile $AWS_PROFILE ec2 describe-nat-gateways --region $r --output json --no-paginate | jq '.NatGateways | length'
}
for r in $(getRegions); do
if [ "$JSON" != "true" ]; then
echo $r
fi
instances=$(getInstances $r)
EC2_INSTANCES=$(($EC2_INSTANCES + $instances))
rds=$(getRDSInstances $r)
RDS_INSTANCES=$(($RDS_INSTANCES + $rds))
redshift=$(getRedshift $r)
REDSHIFT_CLUSTERS=$(($REDSHIFT_CLUSTERS + $redshift))
elbv1=$(getElbv1 $r)
ELB_V1=$(($ELB_V1 + $elbv1))
elbv2=$(getElbv2 $r)
ELB_V2=$(($ELB_V2 + $elbv2))
natgw=$(getNatGateways $r)
NAT_GATEWAYS=$(($NAT_GATEWAYS + $natgw))
done
TOTAL=$(($EC2_INSTANCES + $RDS_INSTANCES + $REDSHIFT_CLUSTERS + $ELB_V1 + $ELB_V2 + $NAT_GATEWAYS))
function textoutput {
echo "######################################################################"
echo "Lacework inventory collection complete."
echo ""
echo "EC2 Instances: $EC2_INSTANCES"
echo "RDS Instances: $RDS_INSTANCES"
echo "Redshift Clusters: $REDSHIFT_CLUSTERS"
echo "v1 Load Balancers: $ELB_V1"
echo "v2 Load Balancers: $ELB_V2"
echo "NAT Gateways: $NAT_GATEWAYS"
echo "===================="
echo "Total Resources: $TOTAL"
}
function jsonoutput {
echo "{"
echo " \"ec2\": \"$EC2_INSTANCES\","
echo " \"rds\": \"$RDS_INSTANCES\","
echo " \"redshift\": \"$REDSHIFT_CLUSTERS\","
echo " \"v1_lb\": \"$ELB_V1\","
echo " \"v2_lb\": \"$ELB_V2\","
echo " \"nat_gw\": \"$NAT_GATEWAYS\","
echo " \"total\": \"$TOTAL\""
echo "}"
}
if [ "$JSON" == "true" ]; then
jsonoutput
else
textoutput
fi