Skip to content

cloudforet-io/plugin-aws-ec2-inven-collector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

603 Commits
.github
.github
 
 
bin
bin
 
 
docs
docs
 
 
pkg
pkg
 
 
src
src
 
 
test
test
 
 
.DS_Store
.DS_Store
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

AWS EC2 Instance Collector



Version License: Apache 2.0

Plugin to collect EC2 information

SpaceONE's plugin-aws-ec2-inven-collector is a convenient tool to get EC2 resources information from AWS.

Find us also at Dockerhub

Latest stable version : 1.14.3

Please contact us if you need any further information. ([email protected])

AWS Service Endpoint (in use)

There is an endpoints used to collect AWS resources information. AWS endpoint is a URL consisting of a region and a service code.

https://ec2.[region-code].amazonaws.com
https://autoscaling.[region-code].amazonaws.com
https://elbv2.[region-code].amazonaws.com

We use a lots of endpoints because we collect information from many regions.

Region list

Below is the AWS region information. The regions we collect are not all regions supported by AWS. Exactly, we target the regions results returned by describe_regions() of AWS ec2 client.

No. Region name Region Code
1 US East (Ohio) us-east-2
2 US East (N. Virginia) us-east-1
3 US West (N. California) us-west-1
4 US West (Oregon) us-west-2
5 Asia Pacific (Mumbai) ap-south-1
6 Asia Pacific (Osaka) ap-northeast-3
7 Asia Pacific (Seoul) ap-northeast-2
8 Asia Pacific (Singapore) ap-southeast-1
9 Asia Pacific (Sydney) ap-southeast-2
10 Asia Pacific (Tokyo) ap-northeast-1
11 Canada (Central) ca-central-1
12 Europe (Frankfurt) eu-central-1
13 Europe (Ireland) eu-west-1
14 Europe (London) eu-west-2
15 Europe (Paris) eu-west-3
16 Europe (Stockholm) eu-north-1
17 South America (São Paulo) sa-east-1

Service list

The following is a list of services being collected and service code information.

No. Service name Service Code
1 EC2 Instance AmazonEC2

Authentication Overview

Registered service account on SpaceONE must have certain permissions to collect cloud service data Please, set authentication privilege for followings:


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "autoscaling:Describe*",
                "ec2:Describe*",
                "elasticloadbalancing:Describe*"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

Secret Data Configuration

To use the EC2 Collector plugin, AWS authentication information is required. You can configure authentication information using the following methods.

1. General Access Key Method (Single Account)

This method is used when collecting resources within the same AWS account.

Secret Data Format:

{
    "aws_access_key_id": "YOUR_ACCESS_KEY_ID",
    "aws_secret_access_key": "YOUR_SECRET_ACCESS_KEY"
}

Setup Method:

  1. Create IAM User in AWS Console

    • AWS Console → IAM → Users → Create User
    • Enter user name (e.g., spaceone-collector)
    • Select Access Key creation option

  2. Attach Managed Policy

    • Select one of the managed policies provided by AWS:
      • ReadOnlyAccess: Read-only permissions for all AWS services
      • Or use custom policy that includes only necessary services

  3. Create Access Key

    • IAM User → Security credentials → Create access key
    • Save Access Key ID and Secret Access Key in a secure location

2. Cross-Account Assume Role Method (Multi-Account)

This method is used when collecting resources from different AWS accounts.

Secret Data Format:

{
    "aws_access_key_id": "SOURCE_ACCOUNT_ACCESS_KEY_ID",
    "aws_secret_access_key": "SOURCE_ACCOUNT_SECRET_ACCESS_KEY",
    "role_arn": "arn:aws:iam::TARGET_ACCOUNT_ID:role/ROLE_NAME",
    "external_id": "OPTIONAL_EXTERNAL_ID"
}

Setup Method:

Source Account (Account that runs collection) Setup:

  1. Create IAM User and Set Permissions
    • AWS Console → IAM → Users → Create User
    • Enter user name (e.g., spaceone-cross-account-collector)
    • Create Access Key
    • Attach ReadOnlyAccess policy

Target Account (Account whose resources will be collected) Setup:

  1. Create Cross-Account Role

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::SOURCE_ACCOUNT_ID:user/SOURCE_USER_NAME"
            },
            "Action": "sts:AssumeRole",
            "Condition": {
                "StringEquals": {
                    "sts:ExternalId": "YOUR_EXTERNAL_ID"
                }
            }
        }
    ]
}

  2. Attach Managed Policy to Role

    • Attach ReadOnlyAccess policy to the created Role
    • Or attach custom policy that includes only necessary services

API List for collecting resources

Boto3 info

Release Note

Version 1.14.3

FIX BUG: Links in Security Group do not work

Version 1.12.1

Remove region filter in secret_data. It is not used.

Version 1.3.1

Support collect Large Capacity of EC2s (More than 2k)

  • Handling API 'rate exceeded'
  • Default maximum number of retries has set to handle up to 10k APIs

About

Plugin for AWS EC2

Topics

plugin inventory collector

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

6 stars

Watchers

4 watching

Forks

5 forks
Report repository

Releases

49 tags

Packages

No packages published

Contributors 15

Languages