Script to report the resource usage in AWS

Script to report the resource usage in AWS

Along with CRON Job automation for the script

This is a simple shell script that will help us to fetch resources from AWS Account. Using this script in our organization, we can track our resource usage so that we can limit unwanted resources to avoid bills. However, there will be a few prerequisites, which I have listed below.

Note: I'm doing the entire process on an Ubuntu machine, so based on your Operating system steps may vary

Pre-Requisites:

  • AWS CLI

  • Access key

Installation of prerequisites:

AWS CLI:

So on Ubuntu, I used a simple command where my package manager[apt] took care of everything the command is

sudo apt install awscli

Here is the link where you can refer to install AWS CLI based on your operating system Install AWS CLI for your OS

Create and configure access key:

To access our AWS account resources we should have an access key in our local machine to communicate and authenticate into our AWS account for that firstly we have to create the access key in our AWS account

Step 1:

Login into your AWS account and click on your AWS account name which will be located in the right corner

and select the security credentials once the security page is loaded, scroll and find the access key then click create access key it will prompt you with some warning read that and click Create

then it will create an access key ID and secret, copy that and put them in a safe place

Step 2:

Now let's configure that access key in our local machine

open the terminal and type

aws configure

once you run the above command, it will prompt you to enter the access key ID and secret paste them that's it also adds the default region name if required

Now scripting part.....

Script:

#!/bin/bash
###########################################################################
#This script is used to track the resource that we have in our aws account#
###########################################################################

##### List IAM Users #####
echo "IAM users are:" > resources.txt

echo "Before JSON Parsing" >> resources.txt
aws iam list-users >> resources.txt

echo "After JSON Parsing by filtering with username alone" >> resources.txt
aws iam list-users | jq '.Users[].UserName' >> resources.txt

##### List Ec2 Instances #####
echo "EC2 Instances that we have:" >> resources.txt
aws ec2 describe-instances | jq '.Reservations[].Instances[].Tags[].Value' >> resources.txt

##### list IAM Group #####
echo "IAM Groups are:" >> resources.txt

aws iam list-groups >> resources.txt

##### List S3 Bucket #####
echo "S3 buckets are:" >> resources.txt
aws s3 ls >> resources.txt

so this script will fetch the ec2 instance, s3 bucket, IAM user and IAM groups

to fetch those details, we should know all the resource commands.

That we can refer from this link: AWS CLI Command Reference

The explanation for IAM User Commands:[Same applies to remaining commands]

##### List IAM Users #####
echo "IAM users are:" > resources.txt

echo "Before JSON Parsing" 
aws iam list-users >> resources.txt

echo "After JSON Parsing by filtering with username alone" >> resources.txt
aws iam list-users | jq '.Users[].UserName' >> resources.txt

Initially, I added a print command that will print IAM users and

I voluntarily appended that print statement in the resources.txt file [It's optional if you want you can or else remove >> resources.txt]

We can see all the data in the resources.txt file, which will get created automatically after the script completes its run.

aws iam list-users
  • So the above command is used to list the IAM users, but it will print the IAM user along with all the metadata of the user

  •               "Users": [
                          {
                              "Path": "/",
                              "UserName": "Admin",
                              "UserId": "AIDAUNJYNNMM3S4XSNXCS",
                              "Arn": "arn:aws:iam::303450385177:user/Admin",
                              "CreateDate": "2022-10-30T13:59:35Z",
                              "PasswordLastUsed": "2023-02-22T14:19:41Z"
                          },
    
  • To get particular metadata from the details, I used JSON parse to filter out the particular detail

      aws iam list-users | jq '.Users[].UserName' >> resources.txt
    
  • The above command is used to parse the particular value from the JSON

To use the script:

create a .sh file in your machine using

touch aws_resource_tracker.sh
chmod +x aws_resource_tracker

and give the execute permission to that script file, open the script file using the vim editor

vim aws_resource_tracker.sh

paste the script I provided and save it

now execute the script using

./aws_resource_tracker.sh

the output that we get in the resources.txt file is


IAM users are:
Before JSON Parsing
{
    "Users": [
        {
            "Path": "/",
            "UserName": "Admin",
            "UserId": "AIDAUNJYNNMM3S4XSNXCS",
            "Arn": "arn:aws:iam::303450385177:user/Admin",
            "CreateDate": "2022-10-30T13:59:35Z",
            "PasswordLastUsed": "2023-02-22T14:19:41Z"
        },
        {
            "Path": "/",
            "UserName": "Ironman",
            "UserId": "AIDAUNJYNNMMRP74QLMUT",
            "Arn": "arn:aws:iam::303450385177:user/Ironman",
            "CreateDate": "2023-02-22T14:21:40Z"
        },
        {
            "Path": "/",
            "UserName": "Spiderman",
            "UserId": "AIDAUNJYNNMMQRVXCPJSQ",
            "Arn": "arn:aws:iam::303450385177:user/Spiderman",
            "CreateDate": "2023-02-22T14:21:57Z"
        }
    ]
}
After JSON Parsing by filtering with username alone
"Admin"
"Ironman"
"Spiderman"

EC2 Instances that we have:
"MyUbuntu_server"

IAM Groups are:
{
    "Groups": [
        {
            "Path": "/",
            "GroupName": "Demo-Group",
            "GroupId": "AGPAUNJYNNMMWFAFO2N7H",
            "Arn": "arn:aws:iam::303450385177:group/Demo-Group",
            "CreateDate": "2022-10-30T14:17:06Z"
        }
    ]
}

S3 buckets are:
2022-11-19 18:51:41 elasticbeanstalk-ap-northeast-1-303450385177

Automate Using CRON JOB:

To improvise this script, we can schedule this script to run at a particular time daily using CRON Job

Run sudo nano /etc/crontab

this will open the crontab file that we have in the etc/ directory

Let me add the job now to run this shell scripting file daily at 16:40[4:40 pm]

40 16 * * * ubuntu bash /home/ubuntu/aws_resource_tracker.sh

after adding the above line in the crontab file, then save and exit

now it will run that script automatically daily at 4:40 pm

Follow me for more content like this...

GitHub link for this project : Devops-Project/Scripting Project/Resource tracker[AWS]