DenCowboy
Reputation: 15116
Get all tags for resources retrieved with AWS Config
I'm using an AWS Custom Config Rule created with Lambda. I'm using an example from the official AWS docs (Example Function for Periodic Evaluations )
resource_identifiers = []
for resource_type in resource_types:
resource_identifiers.append(AWS_CONFIG_CLIENT.list_discovered_resources(resourceType=resource_type))
The above works fine. I end up with a list of dicts (all resources with different resource types). A dict looks like this. (source)
{
'resourceIdentifiers': [
{
'resourceType': 'AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Host'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway'|'AWS::EC2::RegisteredHAInstance'|'AWS::EC2::NatGateway'|'AWS::EC2::EgressOnlyInternetGateway'|'AWS::EC2::VPCEndpoint'|'AWS::EC2::VPCEndpointService'|'AWS::EC2::FlowLog'|'AWS::EC2::VPCPeeringConnection'|'AWS::Elasticsearch::Domain'|'AWS::IAM::Group'|'AWS::IAM::Policy'|'AWS::IAM::Role'|'AWS::IAM::User'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::ACM::Certificate'|'AWS::RDS::DBInstance'|'AWS::RDS::DBSubnetGroup'|'AWS::RDS::DBSecurityGroup'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBCluster'|'AWS::RDS::DBClusterSnapshot'|'AWS::RDS::EventSubscription'|'AWS::S3::Bucket'|'AWS::S3::AccountPublicAccessBlock'|'AWS::Redshift::Cluster'|'AWS::Redshift::ClusterSnapshot'|'AWS::Redshift::ClusterParameterGroup'|'AWS::Redshift::ClusterSecurityGroup'|'AWS::Redshift::ClusterSubnetGroup'|'AWS::Redshift::EventSubscription'|'AWS::SSM::ManagedInstanceInventory'|'AWS::CloudWatch::Alarm'|'AWS::CloudFormation::Stack'|'AWS::ElasticLoadBalancing::LoadBalancer'|'AWS::AutoScaling::AutoScalingGroup'|'AWS::AutoScaling::LaunchConfiguration'|'AWS::AutoScaling::ScalingPolicy'|'AWS::AutoScaling::ScheduledAction'|'AWS::DynamoDB::Table'|'AWS::CodeBuild::Project'|'AWS::WAF::RateBasedRule'|'AWS::WAF::Rule'|'AWS::WAF::RuleGroup'|'AWS::WAF::WebACL'|'AWS::WAFRegional::RateBasedRule'|'AWS::WAFRegional::Rule'|'AWS::WAFRegional::RuleGroup'|'AWS::WAFRegional::WebACL'|'AWS::CloudFront::Distribution'|'AWS::CloudFront::StreamingDistribution'|'AWS::Lambda::Function'|'AWS::NetworkFirewall::Firewall'|'AWS::NetworkFirewall::FirewallPolicy'|'AWS::NetworkFirewall::RuleGroup'|'AWS::ElasticBeanstalk::Application'|'AWS::ElasticBeanstalk::ApplicationVersion'|'AWS::ElasticBeanstalk::Environment'|'AWS::WAFv2::WebACL'|'AWS::WAFv2::RuleGroup'|'AWS::WAFv2::IPSet'|'AWS::WAFv2::RegexPatternSet'|'AWS::WAFv2::ManagedRuleSet'|'AWS::XRay::EncryptionConfig'|'AWS::SSM::AssociationCompliance'|'AWS::SSM::PatchCompliance'|'AWS::Shield::Protection'|'AWS::ShieldRegional::Protection'|'AWS::Config::ConformancePackCompliance'|'AWS::Config::ResourceCompliance'|'AWS::ApiGateway::Stage'|'AWS::ApiGateway::RestApi'|'AWS::ApiGatewayV2::Stage'|'AWS::ApiGatewayV2::Api'|'AWS::CodePipeline::Pipeline'|'AWS::ServiceCatalog::CloudFormationProvisionedProduct'|'AWS::ServiceCatalog::CloudFormationProduct'|'AWS::ServiceCatalog::Portfolio'|'AWS::SQS::Queue'|'AWS::KMS::Key'|'AWS::QLDB::Ledger'|'AWS::SecretsManager::Secret'|'AWS::SNS::Topic'|'AWS::SSM::FileData'|'AWS::Backup::BackupPlan'|'AWS::Backup::BackupSelection'|'AWS::Backup::BackupVault'|'AWS::Backup::RecoveryPoint'|'AWS::ECR::Repository'|'AWS::ECS::Cluster'|'AWS::ECS::Service'|'AWS::ECS::TaskDefinition'|'AWS::EFS::AccessPoint'|'AWS::EFS::FileSystem'|'AWS::EKS::Cluster'|'AWS::OpenSearch::Domain'|'AWS::EC2::TransitGateway'|'AWS::Kinesis::Stream'|'AWS::Kinesis::StreamConsumer'|'AWS::CodeDeploy::Application'|'AWS::CodeDeploy::DeploymentConfig'|'AWS::CodeDeploy::DeploymentGroup'|'AWS::EC2::LaunchTemplate'|'AWS::ECR::PublicRepository'|'AWS::GuardDuty::Detector'|'AWS::EMR::SecurityConfiguration'|'AWS::SageMaker::CodeRepository'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::Route53Resolver::ResolverRule'|'AWS::Route53Resolver::ResolverRuleAssociation'|'AWS::DMS::ReplicationSubnetGroup'|'AWS::DMS::EventSubscription'|'AWS::MSK::Cluster'|'AWS::StepFunctions::Activity'|'AWS::WorkSpaces::Workspace'|'AWS::WorkSpaces::ConnectionAlias'|'AWS::SageMaker::Model'|'AWS::ElasticLoadBalancingV2::Listener'|'AWS::StepFunctions::StateMachine'|'AWS::Batch::JobQueue'|'AWS::Batch::ComputeEnvironment'|'AWS::AccessAnalyzer::Analyzer'|'AWS::Athena::WorkGroup'|'AWS::Athena::DataCatalog'|'AWS::Detective::Graph'|'AWS::GlobalAccelerator::Accelerator'|'AWS::GlobalAccelerator::EndpointGroup'|'AWS::GlobalAccelerator::Listener'|'AWS::EC2::TransitGatewayAttachment'|'AWS::EC2::TransitGatewayRouteTable'|'AWS::DMS::Certificate',
'resourceId': 'string',
'resourceName': 'string',
'resourceDeletionTime': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Now how I can I retrieve the tags for each resource? The resource type can be different. There is a method list_tags_for_resource but it requires the resource_arn which I don't know. I only know id, type and name. I can try to substitute an arn for each type but this will take too long and will be too complex. Then I have to initiate a client for each resource_type and request the tags.
Is there a clear way on how to retrieve the tags for a resource?
Upvotes: 0
Views: 1617
Answers (1)
Kiran Kumar
Reputation: 3
you will just need to find the ARN of each resource, at time they will not show in AWS console. Here are examples of 3 types of resources & their ARN
arn:aws:ec2:us-west-2:xxx:ec2/vol-xxx
arn:aws:ec2:us-west-2:xxx:snapshot/snap-xxx
arn:aws:ec2:us-west-2:xxx:instance/i-xxx
Then get tags like below
aws resourcegroupstaggingapi get-resources --profile xxx--region us-east-1
import boto3
AWS_REGION = "us-east-1"
AWS_PROFILE = "xxx"
session=boto3.session.Session(profile_name=AWS_PROFILE)
#
client = session.client('resourcegroupstaggingapi',region_name=AWS_REGION)
client.get_resources(
TagFilters=[
{
'Key': 'Owner',
'Values': [
'xxxx'
]
},
],
ResourceTypeFilters=[
's3'
]
)
To get a list of all tag values
The following get-tag-values example displays all of the values used for the specified key for all resources in the
aws resourcegroupstaggingapi get-tag-values \
--key=Environment
Upvotes: 0
Related Questions
- How do i Get Object tags using python boto3
- Can I programmatically find all untagged resources?
- Get list of EC2 instances with specific Tag and Value in Boto3
- Query aws to list all resources using boto3 python sdk
- AWS resource tagging (python/boto3)
- how to get all the resources in an AWS account irrespective of the resource type
- How to get AWS config aggregate resources
- AWS : Python Script to Retrieve list of resources are currently in use
- Getting tags from python 3 dictionary object. AWS Boto3 Python 3
- Fetching ElastiCache Tags