pwmcintyre/find_ec2.py

## find_ec2.py
#!/usr/bin/env python3
import boto3

# constants
role_name = 'OrganizationAccountAccessRole'
regions_in_scope = [
    'us-east-2',
    'us-east-1',
    'us-west-1',
    'us-west-2',
    # 'af-south-1',
    # 'ap-east-1',
    'ap-south-1',
    # 'ap-northeast-3',
    'ap-northeast-2',
    'ap-southeast-1',
    'ap-southeast-2',
    'ap-northeast-1',
    'ca-central-1',
    # 'cn-north-1',
    # 'cn-northwest-1',
    'eu-central-1',
    'eu-west-1',
    'eu-west-2',
    # 'eu-south-1',
    'eu-west-3',
    'eu-north-1',
    # 'me-south-1',
    'sa-east-1',
    # 'us-gov-east-1'
    # 'us-gov-west-1'
]
looking_for_instances = [
    "i-0e41e21b4dd97712b",
    "i-0b0b65125e90caa25",
    "i-0998aafbb816812b3",
    "i-018378690e937e71c",
]
class bcolors:
    HEADER = '\033[95m'
    OKBLUE = '\033[94m'
    OKGREEN = '\033[92m'
    WARNING = '\033[93m'
    FAIL = '\033[91m'
    ENDC = '\033[0m'
    BOLD = '\033[1m'
    UNDERLINE = '\033[4m'

# get accounts for this org
# assumes you're running in root account
accounts = []
NextToken = None
orgs_client = boto3.client('organizations')
while True:
    getListAccounts = orgs_client.list_accounts(NextToken=NextToken) if NextToken else orgs_client.list_accounts()
    accounts.extend(getListAccounts['Accounts'])
    if getListAccounts['NextToken'] not in getListAccounts:
        break
    else:
        NextToken = getListAccounts['NextToken']

# for each child account
sts_client = boto3.client("sts")
for account in accounts:

    print ( "Name: {0.BOLD}{1[Name]: <30}{0.ENDC} ID: {0.BOLD}{1[Id]: <14}{0.ENDC} Status: {0.BOLD}{1[Status]: <10}{0.ENDC}".format( bcolors, account ) )

    # assume role
    assumed_role_object = sts_client.assume_role(
        RoleArn="arn:aws:iam::{0[Id]}:role/{1}".format(account, role_name),
        RoleSessionName=account['Name']
    )
    credentials=assumed_role_object['Credentials']

    # for each region in scope
    for region in regions_in_scope:

        found = []
        error = None
        try:

            # get session
            session=boto3.Session(
                region_name=region,
                aws_access_key_id=credentials['AccessKeyId'],
                aws_secret_access_key=credentials['SecretAccessKey'],
                aws_session_token=credentials['SessionToken'],
            )

            # find ...
            resource=session.resource(service_name="ec2")
            ids = [instance.id for instance in resource.instances.all()]
            found = list(set(ids) & set(looking_for_instances))

        except Exception as e:
            error = e

        print( "region: {0: <15} {1} {2}".format(region, found, error or "") )
	#!/usr/bin/env python3
	import boto3

	# constants
	role_name = 'OrganizationAccountAccessRole'
	regions_in_scope = [
	'us-east-2',
	'us-east-1',
	'us-west-1',
	'us-west-2',
	# 'af-south-1',
	# 'ap-east-1',
	'ap-south-1',
	# 'ap-northeast-3',
	'ap-northeast-2',
	'ap-southeast-1',
	'ap-southeast-2',
	'ap-northeast-1',
	'ca-central-1',
	# 'cn-north-1',
	# 'cn-northwest-1',
	'eu-central-1',
	'eu-west-1',
	'eu-west-2',
	# 'eu-south-1',
	'eu-west-3',
	'eu-north-1',
	# 'me-south-1',
	'sa-east-1',
	# 'us-gov-east-1'
	# 'us-gov-west-1'
	]
	looking_for_instances = [
	"i-0e41e21b4dd97712b",
	"i-0b0b65125e90caa25",
	"i-0998aafbb816812b3",
	"i-018378690e937e71c",
	]
	class bcolors:
	HEADER = '\033[95m'
	OKBLUE = '\033[94m'
	OKGREEN = '\033[92m'
	WARNING = '\033[93m'
	FAIL = '\033[91m'
	ENDC = '\033[0m'
	BOLD = '\033[1m'
	UNDERLINE = '\033[4m'

	# get accounts for this org
	# assumes you're running in root account
	accounts = []
	NextToken = None
	orgs_client = boto3.client('organizations')
	while True:
	getListAccounts = orgs_client.list_accounts(NextToken=NextToken) if NextToken else orgs_client.list_accounts()
	accounts.extend(getListAccounts['Accounts'])
	if getListAccounts['NextToken'] not in getListAccounts:
	break
	else:
	NextToken = getListAccounts['NextToken']

	# for each child account
	sts_client = boto3.client("sts")
	for account in accounts:

	print ( "Name: {0.BOLD}{1[Name]: <30}{0.ENDC} ID: {0.BOLD}{1[Id]: <14}{0.ENDC} Status: {0.BOLD}{1[Status]: <10}{0.ENDC}".format( bcolors, account ) )

	# assume role
	assumed_role_object = sts_client.assume_role(
	RoleArn="arn:aws:iam::{0[Id]}:role/{1}".format(account, role_name),
	RoleSessionName=account['Name']
	)
	credentials=assumed_role_object['Credentials']

	# for each region in scope
	for region in regions_in_scope:

	found = []
	error = None
	try:

	# get session
	session=boto3.Session(
	region_name=region,
	aws_access_key_id=credentials['AccessKeyId'],
	aws_secret_access_key=credentials['SecretAccessKey'],
	aws_session_token=credentials['SessionToken'],
	)

	# find ...
	resource=session.resource(service_name="ec2")
	ids = [instance.id for instance in resource.instances.all()]
	found = list(set(ids) & set(looking_for_instances))

	except Exception as e:
	error = e

	print( "region: {0: <15} {1} {2}".format(region, found, error or "") )