I work in a centralized IT organization supporting various teams that manage their own AWS accounts. Currently, we have admin access to about 30 different AWS accounts but lack insight into what's happening within them. We need a way to generate comprehensive reports on the resources provisioned across these accounts without restructuring our current setup. What are some effective methods for gaining visibility into these resources?
5 Answers
How are you currently monitoring security configurations? I have a feeling the answer is not great. Visibility in that area seems crucial if you are supporting multiple teams.
Using a cloud asset inventory is key. You can go with AWS Resource Explorer or AWS Config, or even some third-party tools if you need something more robust.
For managing 30 accounts without a major overhaul, I'd recommend AWS Resource Explorer with an aggregator at the organization level. It’s the quickest way to get a resource inventory. If you also need to check security risks, using a Config aggregator on top would be beneficial. Both tools are built-in, so no need for extra software!
You’ve got a tricky situation! If your teams are managing their AWS accounts, you're kind of stuck in the middle. You really should consider making those teams responsible for their resources, or take full ownership yourself. There are tools like AWS Resource Explorer and cost and usage reports (CUR) that can help, but honestly, managing multiple AWS accounts without clear ownership is tough.
We all need some data to start this conversation about control. Just getting a report from the accounts would help since we have admin access.
Wait, are you suggesting a large organization should run everything in one AWS account? That's bold!
I’m in a similar boat and found that using Steampipe worked wonders for us. You could also write a simple Python script to loop through each account and gather the data you need. It’s straightforward and pretty effective. AWS Config is another option, though I've had a mixed experience with it, and Resource Explorer can give some insights too, but not for deep dives.
Exactly! That’s the big issue we’re facing!