diff --git a/.gitignore b/.gitignore index 62db527cd..1bee40bc3 100644 --- a/.gitignore +++ b/.gitignore @@ -9,6 +9,7 @@ htmlcov/ account-data/ tmp/ trusted_ips.png +resource_stats.png data/ private_commands/ output/ diff --git a/commands/report.py b/commands/report.py index 38b2b2036..c5884bdde 100644 --- a/commands/report.py +++ b/commands/report.py @@ -70,7 +70,7 @@ def report(accounts, config, args): account_stats = {} print('* Getting resource counts') for account in accounts: - account_stats[account['name']] = get_account_stats(account) + account_stats[account['name']] = get_account_stats(account,args.stats_all_resources) print(' - {}'.format(account['name'])) # Get names of resources @@ -374,6 +374,12 @@ def run(arguments): help="Number of days a user or role hasn't been used before it's marked inactive", default=90, type=int) + parser.add_argument( + "--stats_all_resources", + help="Show stats for all resource types", + action='store_true', + default=False, + dest='stats_all_resources') args, accounts, config = parse_arguments(arguments, parser) report(accounts, config, args) diff --git a/commands/stats.py b/commands/stats.py index 41f3772ec..b4dfa8a7a 100644 --- a/commands/stats.py +++ b/commands/stats.py @@ -61,7 +61,7 @@ def stats(accounts, config, args): # Collect counts account_stats = {} for account in accounts: - account_stats[account['name']] = get_account_stats(account) + account_stats[account['name']] = get_account_stats(account,args.stats_all_resources) resource_names = account_stats[account['name']]['keys'] # Print header @@ -81,10 +81,22 @@ def stats(accounts, config, args): def run(arguments): parser = argparse.ArgumentParser() - parser.add_argument('--output_image', - help='Name of output image', default='resource_stats.png', type=str) - parser.add_argument("--no_output_image", help="Don't create output image", - default=False, action='store_true') + parser.add_argument( + '--output_image', + help='Name of output image', + default='resource_stats.png', + type=str) + parser.add_argument( + "--no_output_image", + help="Don't create output image", + default=False, + action='store_true') + parser.add_argument( + "--stats_all_resources", + help="Show stats for all resource types", + action='store_true', + default=False, + dest='stats_all_resources') args, accounts, config = parse_arguments(arguments, parser) diff --git a/shared/common.py b/shared/common.py index 8dc2f86f4..8be53d3a7 100644 --- a/shared/common.py +++ b/shared/common.py @@ -190,7 +190,7 @@ def parse_arguments(arguments, parser=None): return (args, accounts, config) -def get_account_stats(account): +def get_account_stats(account, all_resources=False): """Returns stats for an account""" with open("stats_config.yaml", 'r') as f: @@ -202,6 +202,9 @@ def get_account_stats(account): stats = {} stats['keys'] = [] for resource in resources: + # If the resource is marked as verbose, and we're not showing all resources, skip it. + if resource.get('verbose',False) and not all_resources: + continue stats['keys'].append(resource['name']) stats[resource['name']] = {} @@ -209,6 +212,9 @@ def get_account_stats(account): region = Region(account, region_json) for resource in resources: + if resource.get('verbose',False) and not all_resources: + continue + # Skip global services (just CloudFront) if ('region' in resource) and (resource['region'] != region.name): continue diff --git a/stats_config.yaml b/stats_config.yaml index 544dab8a6..d944b1598 100644 --- a/stats_config.yaml +++ b/stats_config.yaml @@ -49,4 +49,73 @@ source: kms-list-keys - name: Lambda functions query: .Functions|length - source: lambda-list-functions \ No newline at end of file + source: lambda-list-functions +# Verbose resources +- name: Route53 hosted zones + query: .HostedZones|length + source: route53-list-hosted-zones + verbose: true +- name: Route53 domains + query: .Domains|length + source: route53domains-list-domains + verbose: true +- name: EC2 AMIs + query: .Images|length + source: ec2-describe-images + verbose: true +- name: Network ACLs + query: .NetworkAcls|length + source: ec2-describe-network-acls + verbose: true +- name: Route tables + query: .RouteTables|length + source: ec2-describe-route-tables + verbose: true +- name: EC2 snapshots + query: .Snapshots|length + source: ec2-describe-snapshots + verbose: true +- name: VPC endpoints + query: .VpcEndpointConnections|length + source: ec2-describe-vpc-endpoint-connections + verbose: true +- name: VPN connections + query: .VpnConnections|length + source: ec2-describe-vpn-connections + verbose: true +- name: DirectConnects + query: .connections|length + source: directconnect-describe-connections + verbose: true +- name: CloudSearch domains + query: .DomainStatusList|length + source: cloudsearch-describe-domains + verbose: true +- name: ECR repositories + query: .repositories|length + source: ecr-describe-repositories + verbose: true +- name: CloudFormation stacks + query: .Stacks|length + source: cloudformation-describe-stacks + verbose: true +- name: EFS + query: .FileSystems|length + source: efs-describe-file-systems + verbose: true +- name: Cloudwatch alarms + query: .MetricAlarms|length + source: cloudwatch-describe-alarms + verbose: true +- name: Config rules + query: .ConfigRules|length + source: config-describe-config-rules + verbose: true +- name: Event rules + query: .Rules|length + source: events-list-rules + verbose: true +- name: Log groups + query: .logGroups|length + source: logs-describe-log-groups + verbose: true \ No newline at end of file