docker compose run --rm app bundle install
docker compose run --rm app ./main.rb \
--role-arn 'arn:aws:iam::12345678:role/viewer' \ # Specify IAM Role's ARN for organizations:ListAccounts can be executed
--region 'ap-northeast-1' \ # Specify region name where an Organizations
--each-account-role-name 'viewer' # Specify IAM Role's name for lambda:ListFunctions can be executed
Last active
September 8, 2022 08:45
-
-
Save corrupt952/4ac00cd58783ea30176b068243887b67 to your computer and use it in GitHub Desktop.
List lambda functions each account/region
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
services: | |
app: | |
build: . | |
volumes: | |
- bundle:/usr/local/bundle | |
- .:/app | |
secrets: | |
- source: aws | |
target: /home/app/.aws | |
volumes: | |
bundle: {} | |
secrets: | |
aws: | |
file: ~/.aws |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM ruby:3-buster | |
RUN useradd -m app | |
USER app | |
WORKDIR /app |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# frozen_string_literal: true | |
source 'https://rubygems.org' | |
gem 'aws-sdk-organizations' | |
gem 'aws-sdk-lambda' | |
gem 'aws-sdk-ec2' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
GEM | |
remote: https://rubygems.org/ | |
specs: | |
aws-eventstream (1.2.0) | |
aws-partitions (1.626.0) | |
aws-sdk-core (3.142.0) | |
aws-eventstream (~> 1, >= 1.0.2) | |
aws-partitions (~> 1, >= 1.525.0) | |
aws-sigv4 (~> 1.1) | |
jmespath (~> 1, >= 1.6.1) | |
aws-sdk-ec2 (1.330.0) | |
aws-sdk-core (~> 3, >= 3.127.0) | |
aws-sigv4 (~> 1.1) | |
aws-sdk-lambda (1.85.0) | |
aws-sdk-core (~> 3, >= 3.127.0) | |
aws-sigv4 (~> 1.1) | |
aws-sdk-organizations (1.70.0) | |
aws-sdk-core (~> 3, >= 3.127.0) | |
aws-sigv4 (~> 1.1) | |
aws-sigv4 (1.5.1) | |
aws-eventstream (~> 1, >= 1.0.2) | |
jmespath (1.6.1) | |
PLATFORMS | |
x86_64-linux | |
DEPENDENCIES | |
aws-sdk-ec2 | |
aws-sdk-lambda | |
aws-sdk-organizations | |
BUNDLED WITH | |
2.3.7 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env ruby | |
require 'yaml' | |
require 'optparse' | |
require 'aws-sdk-organizations' | |
require 'aws-sdk-lambda' | |
require 'aws-sdk-ec2' | |
def assume_role_credentials(role_arn) | |
Aws::AssumeRoleCredentials.new( | |
client: Aws::STS::Client.new, | |
role_arn: role_arn, | |
role_session_name: 'WEB-IDENTITY-FILE' | |
) | |
end | |
def aws_accounts(role_arn, region) | |
client = Aws::Organizations::Client.new( | |
region: region, | |
credentials: assume_role_credentials(role_arn), | |
) | |
accounts = client.list_accounts[:accounts].sort_by { |a| a[:name] } | |
end | |
def available_regions(role_arn) | |
credentials = assume_role_credentials role_arn | |
ec2_client = Aws::EC2::Client.new credentials: credentials | |
ec2_client.describe_regions[:regions] | |
rescue Aws::STS::Errors::AccessDenied => e | |
STDERR.puts "Access denied for #{role_arn}" | |
[] | |
end | |
def lambda_functions(role_arn, region) | |
client = Aws::Lambda::Client.new( | |
region: region, | |
credentials: assume_role_credentials(role_arn), | |
) | |
client.list_functions[:functions].sort_by { |f| f[:function_name] } | |
end | |
def main | |
options = ARGV.getopts('', 'role-arn:', 'region:', 'each-account-role-name:') | |
if options['role-arn'].nil? || options['each-account-role-name'].nil? | |
STDERR.puts 'Usage: main.rb --role-arn <role_arn> --region <region> --each-account-role-name <each_account_role_name>' | |
exit 1 | |
end | |
options['region'] ||= 'us-east-1' | |
accounts = aws_accounts options['role-arn'], options['region'] | |
functions = accounts.reduce({}) do |h, account| | |
assume_role_arn = "arn:aws:iam::#{account[:id]}:role/#{options['each-account-role-name']}" | |
regions = available_regions assume_role_arn | |
h[account[:name]] = regions.reduce({}) do |j, region| | |
j[region[:region_name]] = lambda_functions(assume_role_arn, region[:region_name]) | |
.map { |f| { name: f[:function_name], runtime: f[:runtime] } } | |
j | |
end | |
h | |
end | |
puts YAML.dump functions | |
end | |
main if __FILE__ == $0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment