Open behemphi opened 3 years ago
I tried to run this script using AWS cloudshell and was unsuccessful. These are the steps to reproduce:
Login to AWS management console using admin permissions. Go to AWS CloudShell service Click Actions Upload file. Then upload the file from here: https://github.com/lacework-dev/scripts/blob/main/bash/lw_aws_inventory.sh Run the file using ./lw_aws_inventory.sh
I get these results: [cloudshell-user@ip-10-0-27-187 ~]$ ./lw_aws_inventory.sh ###################################################################### Lacework inventory collection complete.
Total Resources:
ECS Fargate Clusters: 0 ECS Fargate Running Containers/Tasks: 0
Lambda Functions Exist: No [cloudshell-user@ip-10-0-27-187 ~]$
These are not accurate. I think the script might be failing for the same reason as this GitHub issue: https://github.com/lacework-dev/scripts/issues/12 . We use control tower to deny access to all regions except for us-east-1, ap-northeast-1, and us-west-2 (https://aws.amazon.com/blogs/aws/new-for-aws-control-tower-region-deny-and-guardrails-to-help-you-meet-data-residency-requirements/).
We lock down unused regions, even to ourselves. Thus the script fails.
Recommend that user be able to specify regions as a list manually.