Skip to main content

How to Collect AWS Resource Data

The Amazon Web Services (AWS) collector is configured within the Resoto Worker configuration via the config command in Resoto Shell.

Prerequisites

This guide assumes that you have already installed Resoto.

Directions

1. Enable the AWS Collector

  1. Open the Resoto Worker configuration via the config command in Resoto Shell:

    > config edit resoto.worker
  2. Add aws to the list of collectors by modifying the configuration as follows:

    resotoworker:
    ...
    # List of collectors to run
    collector:
    - 'aws'
    ...
    ...

2. Authenticate with AWS

Resoto supports the authentication mechanisms described in the Boto3 SDK documentation. You can authenticate with AWS via an instance profile, an access key, or profiles. These credentials can be defined in the Resoto Worker configuration or as environment variables.

  1. Configure an instance profile.

  2. Open the Resoto Worker configuration via the config command in Resoto Shell:

    > config edit resoto.worker
  3. Add the contents of your credentials file to the resotoworker section of the configuration as follows:

    Resoto Worker configuration
    resotoworker:
    ...
    write_files_to_home_dir:
    - path: ~/.aws/credentials
    content: |
    [default]
    region = us-west-2

    role_arn = arn:aws:iam::235059640852:role/Resoto
    external_id = a5eMybsyGIowimdZqpZWxxxxxxxxxxxx
    credential_source = Ec2InstanceMetadata
    ...
    note

    If you do not wish to save the contents of your credentials file to Resoto's database, you can alternatively mount the ~/.aws directory to the resotoworker container.

    info

    Since Resoto is running on your local machine, it can access the credentials file directly at ~/.aws/credentials.

  4. Modify the aws section of the configuration as follows, making sure that aws.access_key_id and aws.secret_access_key are set to null:

    Resoto Worker configuration
    resotoworker:
    ...
    ...
    aws:
    # AWS Access Key ID (null to load from env - recommended)
    access_key_id: null
    # AWS Secret Access Key (null to load from env - recommended)
    secret_access_key: null
    ...

3. Authorize Resoto Access to AWS

See How to Roll Out Resoto AWS Permissions with CloudFormation for a step-by-step guide on how to roll out Resoto permissions organization-wide.

info

If you prefer to deploy the role yourself, the S3 URL of the template to create the ResotoAccess role is https://resotopublic.s3.amazonaws.com/cf/resoto-role.template.

4. Trigger Resource Collection

  1. By default, Resoto performs resource collection each hour. To immediately trigger a collect run, use the workflow run command in Resoto Shell:

    > workflow run collect
  2. Once the collect run completes, you can view a summary of collected AWS resources using the following search:

    > search is(aws_resource) | count kind

Contact Us

 

 

 

Some Engineering Inc.