diff --git a/lw_aws_inventory.sh b/lw_aws_inventory.sh index 2f946af..5d734a1 100755 --- a/lw_aws_inventory.sh +++ b/lw_aws_inventory.sh @@ -4,13 +4,15 @@ # You can specify a profile with the -p flag, or get JSON output with the -j flag. # Note that the script takes a while to run in large accounts with many resources. +# the -a flag takes a list of accounts comma separated, no space (i.e "account1,account2,account3") all must have valid lines in the config file -AWS_PROFILE=default - # Usage: ./lw_aws_inventory.sh -while getopts ":jp:" opt; do +while getopts a:p:j: opt; do case ${opt} in + a ) + IFS=', ' read -r -a accounts <<< "$OPTARG" + ;; p ) AWS_PROFILE=$OPTARG ;; @@ -38,67 +40,43 @@ ELB_V2=0 NAT_GATEWAYS=0 function getRegions { - aws --profile $AWS_PROFILE ec2 describe-regions --output json | jq -r '.[] | .[] | .RegionName' + aws --profile $account ec2 describe-regions --output json | jq -r '.[] | .[] | .RegionName' } function getInstances { region=$1 - aws --profile $AWS_PROFILE ec2 describe-instances --query 'Reservations[*].Instances[*].[InstanceId]' --region $r --output json --no-paginate | jq 'flatten | length' + aws --profile $account ec2 describe-instances --query 'Reservations[*].Instances[*].[InstanceId]' --region $r --output json --no-paginate | jq 'flatten | length' } function getRDSInstances { region=$1 - aws --profile $AWS_PROFILE rds describe-db-instances --region $r --output json --no-paginate | jq '.DBInstances | length' + aws --profile $account rds describe-db-instances --region $r --output json --no-paginate | jq '.DBInstances | length' } function getRedshift { region=$1 - aws --profile $AWS_PROFILE redshift describe-clusters --region $r --output json --no-paginate | jq '.Clusters | length' + aws --profile $account redshift describe-clusters --region $r --output json --no-paginate | jq '.Clusters | length' } function getElbv1 { region=$1 - aws --profile $AWS_PROFILE elb describe-load-balancers --region $r --output json --no-paginate | jq '.LoadBalancerDescriptions | length' + aws --profile $account elb describe-load-balancers --region $r --output json --no-paginate | jq '.LoadBalancerDescriptions | length' } function getElbv2 { region=$1 - aws --profile $AWS_PROFILE elbv2 describe-load-balancers --region $r --output json --no-paginate | jq '.LoadBalancers | length' + aws --profile $account elbv2 describe-load-balancers --region $r --output json --no-paginate | jq '.LoadBalancers | length' } function getNatGateways { region=$1 - aws --profile $AWS_PROFILE ec2 describe-nat-gateways --region $r --output json --no-paginate | jq '.NatGateways | length' + aws --profile $account ec2 describe-nat-gateways --region $r --output json --no-paginate | jq '.NatGateways | length' } -for r in $(getRegions); do - if [ "$JSON" != "true" ]; then - echo $r - fi - instances=$(getInstances $r) - EC2_INSTANCES=$(($EC2_INSTANCES + $instances)) - - rds=$(getRDSInstances $r) - RDS_INSTANCES=$(($RDS_INSTANCES + $rds)) - - redshift=$(getRedshift $r) - REDSHIFT_CLUSTERS=$(($REDSHIFT_CLUSTERS + $redshift)) - - elbv1=$(getElbv1 $r) - ELB_V1=$(($ELB_V1 + $elbv1)) - - elbv2=$(getElbv2 $r) - ELB_V2=$(($ELB_V2 + $elbv2)) - - natgw=$(getNatGateways $r) - NAT_GATEWAYS=$(($NAT_GATEWAYS + $natgw)) -done - -TOTAL=$(($EC2_INSTANCES + $RDS_INSTANCES + $REDSHIFT_CLUSTERS + $ELB_V1 + $ELB_V2 + $NAT_GATEWAYS)) function textoutput { echo "######################################################################" - echo "Lacework inventory collection complete." + echo "Lacework inventory collection complete for $account." echo "" echo "EC2 Instances: $EC2_INSTANCES" echo "RDS Instances: $RDS_INSTANCES" @@ -122,8 +100,35 @@ function jsonoutput { echo "}" } -if [ "$JSON" == "true" ]; then - jsonoutput -else - textoutput -fi \ No newline at end of file +for account in "${accounts[@]}"; do + for r in $(getRegions $account ); do + if [ "$JSON" != "true" ]; then + echo $r + fi + instances=$(getInstances $account $r) + EC2_INSTANCES=$(($EC2_INSTANCES + $instances)) + + rds=$(getRDSInstances $account $r) + RDS_INSTANCES=$(($RDS_INSTANCES + $rds)) + + redshift=$(getRedshift $account $r) + REDSHIFT_CLUSTERS=$(($REDSHIFT_CLUSTERS + $redshift)) + + elbv1=$(getElbv1 $account $r) + ELB_V1=$(($ELB_V1 + $elbv1)) + + elbv2=$(getElbv2 $account $r) + ELB_V2=$(($ELB_V2 + $elbv2)) + + natgw=$(getNatGateways $account $r) + NAT_GATEWAYS=$(($NAT_GATEWAYS + $natgw)) + done + echo "Finished the count for $account" + TOTAL=$(($EC2_INSTANCES + $RDS_INSTANCES + $REDSHIFT_CLUSTERS + $ELB_V1 + $ELB_V2 + $NAT_GATEWAYS)) + + if [ "$JSON" == "true" ]; then + jsonoutput + else + textoutput + fi +done \ No newline at end of file