AWS残存リソース検知シェル

vim aws_check_resources.sh

#!/bin/bash


# リージョン
R=(
ap-northeast-1
ap-northeast-3
us-east-1
us-east-2
us-west-1
us-west-2
eu-north-1
ap-south-1
eu-west-3
eu-west-2
eu-west-1
ap-northeast-2
sa-east-1
ca-central-1
ap-southeast-1
ap-southeast-2
eu-central-1
)


# 調査コマンド
C=(
'aws apigateway get-rest-apis'
'aws apigateway get-vpc-links'
'aws apigatewayv2 get-apis'
'aws apigatewayv2 get-vpc-links'
'aws appflow list-flows'
'aws apprunner list-services'
'aws batch describe-compute-environments'
'aws cloudformation list-stack-sets'
'aws cloudformation describe-stacks'
'aws cloudfront list-distributions --output json'
'aws cloudtrail list-trails'
'aws cloudwatch describe-alarms'
'aws codeartifact list-domains'
'aws codeartifact list-repositories'
'aws codebuild list-projects'
'aws codecommit list-repositories'
'aws codepipeline list-pipelines'
'aws codestar list-projects'
'aws cognito-identity list-identity-pools --max-results 10'
'aws cognito-idp list-user-pools --max-results 10'
'aws configservice describe-config-rules'
'aws configservice describe-configuration-recorders'
'aws dlm get-lifecycle-policies'
'aws datasync list-locations'
'aws datasync list-tasks'
'aws dax describe-clusters'
'aws deploy list-applications'
'aws detective list-graphs'
'aws dms describe-endpoints'
'aws dms describe-replication-instances'
'aws dms describe-replication-tasks'
'aws docdb describe-db-cluster-snapshots'
'aws docdb describe-db-clusters'
'aws docdb describe-db-instances'
'aws ds describe-directories'
'aws dynamodb list-backups'
'aws dynamodb list-tables'
'aws ec2 describe-nat-gateways'
'aws ec2 describe-addresses'
'aws ec2 describe-client-vpn-endpoints'
'aws ec2 describe-customer-gateways'
'aws ec2 describe-flow-logs'
'aws ec2 describe-images --owners self'
'aws ec2 describe-instances'
'aws ec2 describe-launch-templates'
'aws ec2 describe-snapshots --owner-ids self'
'aws ec2 describe-traffic-mirror-filters'
'aws ec2 describe-traffic-mirror-sessions'
'aws ec2 describe-traffic-mirror-targets'
'aws ec2 describe-transit-gateways'
'aws ec2 describe-volumes'
'aws ec2 describe-vpc-endpoints'
'aws ec2 describe-vpc-peering-connections'
'aws ec2 describe-vpn-connections'
'aws ec2 describe-vpn-gateways'
'aws ecr describe-repositories'
'aws ecs list-clusters'
'aws ecs list-task-definitions'
'aws efs describe-file-systems'
'aws elasticache describe-cache-clusters'
'aws elasticache describe-global-replication-groups'
'aws elasticache describe-replication-groups'
'aws elasticache describe-snapshots'
'aws elasticbeanstalk describe-applications'
'aws elasticbeanstalk describe-environments'
'aws elbv2 describe-load-balancers'
'aws elbv2 describe-target-groups'
'aws emr list-clusters'
'aws events list-archives'
'aws events list-replays'
'aws events list-rules'
'aws firehose list-delivery-streams --query "DeliveryStreamNames"'
'aws fis list-experiment-templates'
'aws fis list-experiments'
'aws forecast list-predictors'
'aws forecast list-datasets'
'aws forecast list-dataset-groups'
'aws forecast list-dataset-import-jobs'
'aws forecast list-datasets'
'aws forecast list-forecast-export-jobs'
'aws frauddetector get-detectors'
'aws fsx describe-file-systems'
'aws glacier list-vaults --account-id -'
'aws globalaccelerator list-accelerators'
'aws glue list-crawlers'
'aws glue get-databases'
'aws guardduty list-detectors'
'aws iot list-certificates'
'aws iot list-policies'
'aws iot list-things'
'aws iotanalytics list-channels'
'aws iotanalytics list-datasets'
'aws iotanalytics list-datastores'
'aws iotanalytics list-pipelines'
'aws iotevents list-detector-models'
'aws iotevents list-inputs'
'aws kafka list-clusters-v2'
'aws kendra list-indices'
'aws kinesis list-streams'
'aws kinesisanalytics list-applications --query "ApplicationSummaries"'
'aws kinesisvideo list-streams'
'aws lambda list-functions'
'aws lambda list-layers'
'aws lightsail get-instances'
'aws logs describe-log-groups'
'aws logs describe-resource-policies'
'aws memorydb describe-clusters'
'aws memorydb describe-snapshots'
'aws neptune describe-db-clusters'
'aws neptune describe-db-instances'
'aws neptune describe-db-cluster-snapshots'
'aws opensearch list-domain-names'
'aws personalize list-campaigns'
'aws personalize list-dataset-groups'
'aws personalize list-datasets'
'aws personalize list-schemas'
'aws personalize list-solutions'
'aws proton list-environment-templates'
'aws proton list-environments'
'aws proton list-repositories'
'aws proton list-service-instances'
'aws proton list-service-templates'
'aws proton list-services'
'aws qldb list-ledgers'
'aws rds describe-db-cluster-snapshots'
'aws rds describe-db-clusters'
'aws rds describe-db-instances'
'aws rds describe-db-proxies'
'aws rds describe-db-snapshots'
'aws rds describe-global-clusters'
'aws redshift describe-cluster-snapshots'
'aws redshift describe-clusters'
'aws route53 list-health-checks'
'aws route53 list-hosted-zones'
'aws route53resolver list-resolver-endpoints --query "ResolverEndpoints"'
'aws s3 ls'
'aws sagemaker list-models'
'aws secretsmanager list-secrets'
'aws servicecatalog list-portfolios'
'aws ses list-configuration-sets'
'aws ses list-identities'
'aws sesv2 list-configuration-sets'
'aws sns list-subscriptions'
'aws sns list-topics'
'aws sqs list-queues --output json'
'aws ssm describe-parameters'
'aws ssm list-commands'
'aws stepfunctions list-state-machines'
'aws storagegateway list-gateways'
'aws timestream-write list-databases'
'aws transcribe list-transcription-jobs'
'aws transfer list-servers'
'aws wafv2 list-web-acls --scope REGIONAL'
'aws workspaces describe-workspaces'
)

 

r_save=$(env | grep AWS_DEFAULT_REGION)
o_save=$(env | grep AWS_DEFAULT_OUTPUT)

export AWS_DEFAULT_OUTPUT="text"

for r in "${R[@]}" ; do

  echo REGION "${r}" start $(date)
  echo "----"

  eval "export AWS_DEFAULT_REGION=${r}"


  for c in "${C[@]}" ; do

    res=$(eval "${c}" 2>/dev/null )
    if [ $? -eq 0 ];then
      if [ -n "${res}" ];then
        echo "${c}"
        echo "${res}"
        echo "----"
      fi
    fi
  done

  echo REGION "${r}" end $(date)
  echo "----"


done


eval "${r_save}"
eval "${o_save}"

 


exit 0


chmod +x aws_check_resources.sh
./aws_check_resources.sh