EC2 Classic Resource Finder 2.0 is here. Read more below.
EC2-Classic Networking is Retiring Find out how to prepare here
We launched Amazon VPC on 5-Sep-2009 as an enhancement over EC2-Classic and while we maintained EC2-Classic in its current state for our existing customers, we continuously made improvements, added cutting edge instances, and networking features on Amazon VPC. In the spirit of offering the best customer experience, we firmly believe that all our customers should migrate their resources from EC2-Classic to Amazon VPC. To help determine what resources may be running in EC2-Classic, this script will help identify resources running in EC2-Classic in an ad-hoc, self-service manner. For more information on migrating to VPC, visit our docs.
Version 2.0 of this script is now available, named py-Classic-Resource-Finder.py. This new iteration still loops through all regions where EC2-Classic is supported and determine if EC2-Classic is enabled and what, if any, resources are running or configured to run in EC2-Classic. The multi-account-wrapper is now built in and uses command line arguments to run. Additionally, use of multiple AWS Credential profiles is now supported. This will output to a set of CSVs in a folder created for each account it is run against. The script is now written in Python and uses Boto3. It runs using multiprocessing to improve runtimes. Please note, because this runs multiple processes simultaneously it may consume more CPU. It is suggested not to run this on the same instance, or computer that is running any critical workloads that may become deprived of computational resources while this is running. Additionally, this fixes an issue with the version 1 script where AWS ElasticBeanstalk Environments with a space in the name may render a false positive. Any errors rendered in the Error CSV should be investigated to determine if the output was still accurate.
This script is designed to run using Python 3 and requires the Boto3. Credentials must be pre-configured using the AWS CLI, or an instance IAM profile, if using Amazon EC2. You can read more about how to pre-authenticate here
Currently, this iterates through all EC2 regions which support EC2-Classic and creates the following CSVs prepended with the date and time in a folder for each account it is run against:
| File Name | Description | Output |
|---|---|---|
| Classic_Platform_Status.csv | Regions with the ability to launch resources into EC2-Classic | Region, Status (Enabled, Disabled) |
| Classic_EIPs.csv | Elastic IPs allocated for EC2-Classic | IP Address, Region |
| Classic_EC2_Instances.csv | EC2 Instances provisioned in EC2-Classic | Instance ID, Region |
| Classic_SGs.csv | Security Groups configured in EC2-Classic | Security Group ID, Region |
| Classic_ClassicLink_VPCs.csv | VPCs with ClassicLink Enabled | VPC ID, Region |
| Classic_Auto_Scaling_Groups.csv | Auto-Scaling groups configured to launch EC2 Instances into EC2-Classic | ASG ARN, Region |
| Classic_CLBs.csv | Classic Load Balancers provisioned in EC2-Classic | CLB Name, Region |
| Classic_RDS_Instances.csv | RDS Database Instances provisioned in EC2-Classic | DB Instance ARN, Region |
| Classic_ElastiCache_Clusters.csv | ElastiCache clusters provisioned in EC2-Classic | Cluster ARN, Region |
| Classic_Redshift_Clusters.csv | Redshift clusters provisioned in EC2-Classic | Cluster Identifier, Region |
| Classic_ElasticBeanstalk_Applications_Environments.csv | ElasticBeanstalk Applications and Environments configured to run in EC2-Classic | Application Name, Environment Name, Region |
| Classic_DataPipelines.csv | DataPipelines configured to launch instances in EC2-Classic | Pipeline ID, Region |
| Classic_EMR_Clusters.csv | EMR Clusters that may be configured to launch instances in EC2-Classic | Cluster ID, Region |
| Classic_OpsWorks_Stacks.csv | OpsWorks stacks that have resources configured for EC2-Classic | Stack ID, Region |
| Error.txt | This outputs any errors encountered when running the script. | print text of error outputs |
The script requires IAM permissions which can be configured using either aws configure, or an IAM role on EC2. The following permissions are required (against all resources):
If you are utilizing ElasticBeanstalk, you will need the following additional permissions to identify environments and applications configured to launch resources in EC2-Classic. If you do not utilize ElasticBeanstalk, you can ignore the below permissions, and the script will continue to run successfully for all other services and produce an empty CSB for ElasticBeanstalk.
The following permissions to allow the identification of ElasticBeanstalk environments that launch resources in EC2-Classic can be limited to a resource of arn:aws:s3:::elasticbeanstalk-*
py-Classic-Resource-Finder.py can be called without any arguments and will be run against the account for the default configured credential.
python3 py-Classic-Resource-Finder.py -o -r <role name> -e <external ID>
or
python3 py-Classic-Resource-Finder.py --organization --rolename <role name> --externalid <external ID>
python3 py-Classic-Resource-Finder.py -o -r <role name>
or
python3 py-Classic-Resource-Finder.py --organization --rolename <role name>
python3 py-Classic-Resource-Finder.py -p <profile name>
or
python3 py-Classic-Resource-Finder.py --profile <profile name>
Use a comma delimited list of profile names. Do not put a space around the commas.
python3 py-Classic-Resource-Finder.py -p <profile name 1>,<profile name 2>,<profile name 3>
or
python3 py-Classic-Resource-Finder.py --profile <profile name 1>,<profile name 2>,<profile name 3>
See CONTRIBUTING for more information.
This library is licensed under the MIT-0 License. See the LICENSE file.