Is there a way to list all resources in AWS

Question

Is there a way to list all resources in AWS? For all regions, all resources.. Such as list all EC2 instances, all VPCs, all APIs in API Gateway, etc... I would like to list all resources for my account, since it's hard for me to find which resources I can relinquish now.

Answer 1

You could use the aws resourcegroupstaggingapi get-resources --region <region> command, which is used to list all AWS resources for the specified AWS region that comply with the specified tag filters

Answer 2

You may not know this AWS resource search tool exists

• It support fuzzy search, n-gram search, full text search, match by resource name, ID (like ec2 id, vpc id, security group id).
• View resource details in CLI, like view list of attached IAM policies of an IAM role, attached security groups of an EC2 instance.
• Open web url of the selected resources, or associated resources like IAM role, security group, vpc, etc, ...

Search S3 Bucket.

Search StepFunction execution, which is a child resource of StepFunction state machine.

Answer 3

I think this may help! Here, you need to enter the region name and you have to configure AWS CLI before try this.

aws resourcegroupstaggingapi get-resources --region region_name

It will list all the resources in the region by the following format.

- ResourceARN: arn:aws:cloudformation:eu-west-1:5524534535:stack/auction-services-dev/*******************************
  Tags:
  - Key: STAGE
    Value: dev
- ResourceARN: arn:aws:cloudformation:eu-west-1:********************
Tags:
-- More  --

Answer 4

Use CLI to export all resources to CSV

Step 1: Activate AWS Resource Explorer

https://resource-explorer.console.aws.amazon.com/resource-explorer

Step 2: Use AWS CLI to list resources

aws resource-explorer-2 search --query-string arn --output text > resources.csv

Answer 5

On this Nov 8, 2022, AWS announced a new service named AWS Resource Explorer, a managed capability that simplifies the search and discovery of resources that provides a list of all services like EC2, Kinesis, DynamoDB, and many more across AWS Regions in your AWS account.

To turn on AWS Resource Explorer, see the AWS Resource Explorer console. Read about getting started in the AWS Resource Explorer documentation, or explore the AWS Resource Explorer product page

The announcing page link Announcing AWS Resource Explorer.

Hopefully, you will get a way to solve your problem.

Answer 6

You can use a query in the AWS Config Console here. (Region may change for you) https://console.aws.amazon.com/config/home?region=us-east-1#/resources/query

the query will look like.

SELECT
  resourceId,
  resourceName,
  resourceType,
  relationships
WHERE
relationships.resourceId = 'vpc-#######'

Here is further documentation.

https://docs.aws.amazon.com/config/latest/developerguide/query-using-sql-editor-console.html

Answer 7

Here is a good article listing the tools to list resources in AWS cloud. https://link.medium.com/tZbs8eLyohb

Among them, CloudYali https://www.cloudyali.io is the newly launched service. It shows all the cloud resources from different accounts, regions, from present as well from past, available in one central place.

Answer 8

Use PacBot (Policy as Code Bot) - an Open Source project which is a platform for continuous compliance monitoring, compliance reporting and security automation for the cloud. All resources across all accounts and all regions are discovered by PacBot, then evaluated against these policies to gauge policy conformance.

Omni Search features are also available giving ability to search all discovered resources. You can even terminate/delete resources through PacBot.

Omni Search

Search Results Page With Results filtering

Asset 360 / Asset Details Page

Here are the key PacBot capabilities:

• Continuous compliance assessment.
• Detailed compliance reporting.
• Auto-Fix for policy violations.
• Omni Search - Ability to search all discovered resources.
• Simplified policy violation tracking.
• Self-Service portal.
• Custom policies and custom auto-fix actions.
• Dynamic asset grouping to view compliance.
• Ability to create multiple compliance domains.
• Exception management.
• Email Digests.
• Supports multiple AWS accounts.
• Completely automated installer.
• Customizable dashboards.
• OAuth2 Support.
• Azure AD integration for login.
• Role-based access control.
• Asset 360 degree.

Answer 9

There's a cloud management platform that does this. It enables users to manage multiple AWS accounts from a single dashboard as well as providing AWS Inventory management. It's free: https://cloudplexo.com.

Answer 10

Yes. Use the Tag Editor.

Set "Regions" to "All Regions", "Resource Types" to "All supported resource types" and then click on "Search Resources".

Answer 11

Amazon is continuously trying to improve user experience. However, there are other multiple ways to check Resources you are using in AWS. I believe this New EC2 dashboard is quite cool. Clicking on link will directly navigate you to particular resource control panel.

Answer 12

Another open source tool for this is Cloud Query https://docs.cloudquery.io/

Answer 13

You can run advanced queries via AWS Config (and from the CLI for Config), that will list all resources. If you define an aggregator that covers all reasons (and perhaps multiple accounts), you can get a very comprehensive view . . . As simple as "SELECT *"

Answer 14

Edit: This answer is deprecated and is incorrect. There are several ways to list AWS resources (the AWS Tag Editor, etc.). Check the other answers for more details.

---

No.

Each AWS Service (eg Amazon EC2, Amazon S3) have their own set of API calls. Also, each Region is independent.

To obtain a list of all resources, you would have to make API calls to every service in every region.

You might want to activate AWS Config:

AWS Config provides a detailed view of the configuration of AWS resources in your AWS account. This includes how the resources are related to one another and how they were configured in the past so that you can see how the configurations and relationships change over time.

However, AWS Config only collects information about EC2/VPC-related resources, not everything in your AWS account.

Answer 15

You can use the Tag Editor.

1. Go to AWS Console
2. In the TOP Navigation Pane, click Resource Groups Dropdown
3. Click Tag Editor

Here we can select either a particular region in which we want to search or select all regions from the dropdown. Then we can select actual resources which we want to search or we can also click on individual resources.

Answer 16

EDIT: This answer is deprecated. Check the other answers.

No,
There is no way to get all resources within your account in one go. Each region is independent and for some services like IAM concept of a region does not exist at all. Although there are API calls available to list down resources and services.
For example:

To get list of all available regions for your account:

output, err := client.DescribeRegions(&ec2.DescribeRegionsInput{})

To get list of IAM users, roles or group you can use:

client.GetAccountAuthorizationDetails(&iam.GetAccountAuthorizationDetailsInput{})

You can find more detail about API calls and their use at: https://docs.aws.amazon.com/sdk-for-go/api/service/iam/

Above link is only for IAM. Similarly, you can find API for all other resources and services.

Upvotes: -2

Answer 17

I know it is old question but I would like to help too.

Actually, we have AWS Config, which help us to search for all resources in our cloud. You can perform SQL queries too.

I really encourage you all to know this awesome service.

Answer 18

Another option is use this script that execute "aws configservice list-discovered-resources --resource-type" for every resource

for i in  AWS::EC2::CustomerGateway AWS::EC2::EIP AWS::EC2::Host AWS::EC2::Instance AWS::EC2::InternetGateway AWS::EC2::NetworkAcl AWS::EC2::NetworkInterface AWS::EC2::RouteTable AWS::EC2::SecurityGroup AWS::EC2::Subnet AWS::CloudTrail::Trail AWS::EC2::Volume AWS::EC2::VPC AWS::EC2::VPNConnection AWS::EC2::VPNGateway AWS::IAM::Group AWS::IAM::Policy AWS::IAM::Role AWS::IAM::User AWS::ACM::Certificate AWS::RDS::DBInstance AWS::RDS::DBSubnetGroup AWS::RDS::DBSecurityGroup AWS::RDS::DBSnapshot AWS::RDS::EventSubscription AWS::ElasticLoadBalancingV2::LoadBalancer AWS::S3::Bucket AWS::SSM::ManagedInstanceInventory AWS::Redshift::Cluster AWS::Redshift::ClusterSnapshot AWS::Redshift::ClusterParameterGroup AWS::Redshift::ClusterSecurityGroup  AWS::Redshift::ClusterSubnetGroup AWS::Redshift::EventSubscription AWS::CloudWatch::Alarm AWS::CloudFormation::Stack AWS::DynamoDB::Table AWS::AutoScaling::AutoScalingGroup AWS::AutoScaling::LaunchConfiguration AWS::AutoScaling::ScalingPolicy AWS::AutoScaling::ScheduledAction AWS::CodeBuild::Project AWS::WAF::RateBasedRule AWS::WAF::Rule AWS::WAF::WebACL AWS::WAFRegional::RateBasedRule AWS::WAFRegional::Rule AWS::WAFRegional::WebACL AWS::CloudFront::Distribution  AWS::CloudFront::StreamingDistribution AWS::WAF::RuleGroup AWS::WAFRegional::RuleGroup AWS::Lambda::Function AWS::ElasticBeanstalk::Application AWS::ElasticBeanstalk::ApplicationVersion AWS::ElasticBeanstalk::Environment AWS::ElasticLoadBalancing::LoadBalancer AWS::XRay::EncryptionConfig AWS::SSM::AssociationCompliance AWS::SSM::PatchCompliance AWS::Shield::Protection AWS::ShieldRegional::Protection AWS::Config::ResourceCompliance AWS::CodePipeline::Pipeline; do aws configservice list-discovered-resources --resource-type $i; done

Answer 19

It's way late but you should look at this. Not CLI I know but still worth just knocking out a little shell script to do what you need:

https://pypi.org/project/aws-list-all/

It's a python library that in it's own words:

"Project description List all resources in an AWS account, all regions, all services(*). Writes JSON files for further processing.

(*) No guarantees for completeness. Use billing alerts if you are worried about costs."

Answer 20

Yes.

I had the same issue, trying to figure out what exactly is going on in my AWS account.

Eventually, I ended up writing AWSRetriver, a desktop tool to list AWS resources on all regions.

It is a simple and straight-forward tool that lists everything... (hopefully)

Answer 21

The AWS Billing Management Console will give you a Month-to-Date Spend by Service rundown.

Answer 22

Try this

For only ec2:

from skew import scan

    arn = scan('arn:aws:ec2:us-west-2:123456789012:instance/i-12345678')
    for resource in arn:
        print(resource.data)

For all resources:

arn = scan('arn:aws:*:*:<<youraccountId>>:instance*')
for resource in arn:
    print(resource.data)

Reference : https://github.com/scopely-devops/skew

Answer 23

The AWS-provided tools are not useful because they are not comprehensive.

In my own quest to mitigate this problem and pull a list of all of my AWS resources, I found this: https://github.com/JohannesEbke/aws_list_all

I have not tested it yet, but it looks legit.

Answer 24

I am also looking for similar feature "list all resources" in AWS but could not find anything good enough.

"Resource Groups" does not help because it only list resources which have been tagged and user have to specify the tag. If you miss to tag a resource, that won't appear in "Resource Groups" .

UI of "Create a resource group"

A more suitable feature is "Resource Groups"->"Tag Editor" as already mentioned in the previous post. Select region(s) and resource type(s) to see listing of resources in Tag editor. This serves the purpose but not very user-friendly because I have to enter region and resource type every time I want to use it. I am still looking for easy to use UI.

UI of "Find resource" under "Tag Editor"

Answer 25

I'd go with the "tag editor" in "resource groups" for this, as suggested by Ashwini.

You can easily list all resources in all regions without any setup etc.
And although this does include all the default VPCs + security groups etc (so you'll get ~140 items even if your account is empty), you can still fairly easily filter this, either within tag editor, or export to csv and filter in Excel, for example.