Skip to content

Instantly share code, notes, and snippets.

@corrupt952

corrupt952/Dockerfile

Last active September 8, 2022 08:45
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save corrupt952/4ac00cd58783ea30176b068243887b67 to your computer and use it in GitHub Desktop.
Save corrupt952/4ac00cd58783ea30176b068243887b67 to your computer and use it in GitHub Desktop.
Download ZIP
List lambda functions each account/region
Raw
README.md

List lambda functions each account/region

Run

docker compose run --rm app bundle install
docker compose run --rm app ./main.rb \
    --role-arn               'arn:aws:iam::12345678:role/viewer' \ # Specify IAM Role's ARN for organizations:ListAccounts can be executed
    --region                 'ap-northeast-1' \ # Specify region name where an Organizations
    --each-account-role-name 'viewer' # Specify IAM Role's name for lambda:ListFunctions can be executed
Raw
compose.yaml
services:
app:
build: .
volumes:
- bundle:/usr/local/bundle
- .:/app
secrets:
- source: aws
target: /home/app/.aws
volumes:
bundle: {}
secrets:
aws:
file: ~/.aws
Raw
Dockerfile
FROM ruby:3-buster
RUN useradd -m app
USER app
WORKDIR /app
Raw
Gemfile
# frozen_string_literal: true
source 'https://rubygems.org'
gem 'aws-sdk-organizations'
gem 'aws-sdk-lambda'
gem 'aws-sdk-ec2'
Raw
Gemfile.lock
GEM
remote: https://rubygems.org/
specs:
aws-eventstream (1.2.0)
aws-partitions (1.626.0)
aws-sdk-core (3.142.0)
aws-eventstream (~> 1, >= 1.0.2)
aws-partitions (~> 1, >= 1.525.0)
aws-sigv4 (~> 1.1)
jmespath (~> 1, >= 1.6.1)
aws-sdk-ec2 (1.330.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-lambda (1.85.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-organizations (1.70.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sigv4 (1.5.1)
aws-eventstream (~> 1, >= 1.0.2)
jmespath (1.6.1)
PLATFORMS
x86_64-linux
DEPENDENCIES
aws-sdk-ec2
aws-sdk-lambda
aws-sdk-organizations
BUNDLED WITH
2.3.7
Raw
main.rb
#!/usr/bin/env ruby
require 'yaml'
require 'optparse'
require 'aws-sdk-organizations'
require 'aws-sdk-lambda'
require 'aws-sdk-ec2'
def assume_role_credentials(role_arn)
Aws::AssumeRoleCredentials.new(
client: Aws::STS::Client.new,
role_arn: role_arn,
role_session_name: 'WEB-IDENTITY-FILE'
)
end
def aws_accounts(role_arn, region)
client = Aws::Organizations::Client.new(
region: region,
credentials: assume_role_credentials(role_arn),
)
accounts = client.list_accounts[:accounts].sort_by { |a| a[:name] }
end
def available_regions(role_arn)
credentials = assume_role_credentials role_arn
ec2_client = Aws::EC2::Client.new credentials: credentials
ec2_client.describe_regions[:regions]
rescue Aws::STS::Errors::AccessDenied => e
STDERR.puts "Access denied for #{role_arn}"
[]
end
def lambda_functions(role_arn, region)
client = Aws::Lambda::Client.new(
region: region,
credentials: assume_role_credentials(role_arn),
)
client.list_functions[:functions].sort_by { |f| f[:function_name] }
end
def main
options = ARGV.getopts('', 'role-arn:', 'region:', 'each-account-role-name:')
if options['role-arn'].nil? || options['each-account-role-name'].nil?
STDERR.puts 'Usage: main.rb --role-arn <role_arn> --region <region> --each-account-role-name <each_account_role_name>'
exit 1
end
options['region'] ||= 'us-east-1'
accounts = aws_accounts options['role-arn'], options['region']
functions = accounts.reduce({}) do |h, account|
assume_role_arn = "arn:aws:iam::#{account[:id]}:role/#{options['each-account-role-name']}"
regions = available_regions assume_role_arn
h[account[:name]] = regions.reduce({}) do |j, region|
j[region[:region_name]] = lambda_functions(assume_role_arn, region[:region_name])
.map { |f| { name: f[:function_name], runtime: f[:runtime] } }
j
end
h
end
puts YAML.dump functions
end
main if __FILE__ == $0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment