Why Resource Discovery?
AWS has many services with new ones constantly being added and existing ones expanded with new features (119 new AWS services from re:Invent 2022). The ecosystem allows developers to piece together many different services to form a customized cloud experience. While the convenience of quickly deploying services at a large scale comes with a trade-off in terms of manageability, it can be challenging to track the resources being created and utilized in an AWS account. This is not only crucial for cost-effectiveness, but also for security purposes. Unused resources and those that are unknown may have greater vulnerabilities in terms of security configuration. In addition, resources with unexpected dependencies may pose problems with availability, access control, and authorization.
For the longest time, it has been a time-consuming and potentially frustrating task to locate resources from the AWS Management Console (Search experience with AWS Console Reddit thread), particularly if you have a large number of resources and use multiple AWS regions.
Introducing AWS Resource Explorer
AWS recently released a new service called AWS Resource Explorer, to help users easily search and discover their cloud resources such as EC2 instances, S3 buckets, and DynamoDB tables across AWS regions.
Resource Explorer scans the resources in each of the AWS regions in the user’s account and maintains an index in each region with the details of that region’s resources. Once the data is available, the user can leverage a unified dashboard to search or filter those resources using metadata such as names, regions, IDs, or tags.
They can also go to the corresponding service console from the search results to perform additional actions.
Users can also leverage the AWS Command Line Interface (CLI) or any of the SDKs to search for resources.
Resource Explorer is still quite new and has some limitations:
- It supports 18 services out of 200 AWS services (The complete list of supported services)
- Only available in a subset of regions and does not support searching across multiple accounts inside an organization (It only works on an AWS account scope).
- It was built with a consistency model of 36 hours before new resources are discovered in the dashboard.
- It doesn’t support search across attributes of a resource, such as IP address, Image name, resource visibility, etc.
There might be a better way
Komiser is an open-source cloud-agnostic resource manager. It integrates with multiple cloud providers (including AWS), builds a cloud asset inventory, and helps you break down your cost at the resource level.
For a step-by-step installation guide, check out this video or head over to the official documentation.
Having an asset inventory can be useful for several reasons:
- Security: you’ll be able to identify potential security vulnerabilities and misconfigurations in your cloud environment. By keeping track of all your resources, you can ensure that they are configured securely and that only authorized users have access to them.
- Cost Optimization: you’ll understand how your cloud resources are being used, which can help you identify resources that are underutilized or not needed at all. This can help you optimize your cloud spending by shutting down or scaling down resources that are not needed.
- Compliance: many industries are subject to regulatory compliance, such as HIPAA or PCI-DSS. An asset inventory can help you understand which resources are subject to compliance and ensure that they are configured in a compliant manner.
- Governance: it can help in establishing a governance framework for your cloud resources. This can help you set policies and procedures for creating, modifying, and deleting cloud resources, as well as ensure that they are being used in an appropriate manner.
- Disaster Recovery: it can also help you prepare for a disaster recovery situation. By knowing which resources are critical to your operations, you can ensure that they are protected and can be quickly restored in the event of an outage.
How Does Komiser Work?
Contrary to AWS Resource Explorer, which works only on an AWS account scope, not across multiple accounts in an organization. Komiser supports multiple cloud accounts across different cloud providers, including AWS, Oracle Cloud, DigitalOcean, CIVO, Azure, and GCP.
You’re using a different cloud provider? You can help us in covering the long tail of cloud service providers by contributing to the project. Check out our contribution guidelines to get started or join our community on Discord.
Once a cloud account has been integrated into Komiser and the correct set of permissions has been given, Komiser will begin syncing a cloud account’s cost data and resource metadata. Komiser fetches data about your infrastructure on a periodic interval that is set at a maximum of every hour.
Komiser comes with a resource inventory feature where you can have an active resource inventory of all your cloud resources along with relevant information such as source account, region, cost, and the tags that are applied to it.
Below is an example of what the inventory page looks like after you have connected your AWS account:
You can filter the results using built-in fields and metadata (e.g: tags, resource’s name, cloud provider, service, etc).
You can quickly identify any untagged or improperly tagged resources across your cloud infrastructure providers and regions. You can use bulk actions to add tags to multiple resources at a time, or quickly navigate to the resources in the appropriate service console to take actions (e.g. deleting under-utilized resources).
Optionally, you could create custom views for your team with a filtered list of their cloud resources. For example, you can create a view that holds resources associated with your sandbox environment, as identified by tags attached to your resources (e.g. Environment=sandbox).
When trying to find the needle in the AWS haystack you are going to need the best tool. AWS might get there someday and expand Resource Explorer to be that silver bullet. But until that day comes, if you are looking for a comprehensive natively multi-cloud resource discovery tool to cover your back, give Komiser a try.
Regardless if you are a Developer, DevOps, or Cloud engineer. Dealing with the cloud can be tough at times, especially on your own. If you are using Tailwarden or Komiser and want to share your thoughts doubts and insights with other cloud practitioners feel free to join our Tailwarden discord server. Where you will find tips, community calls, and much more.
Top comments (0)