AWS Recon: multi-threaded AWS inventory collection tool

AWS Recon

A multi-threaded AWS security-focused inventory collection tool written in Ruby.

This tool was created to facilitate efficient collection of a large amount of AWS resource attributes and metadata. It aims to collect nearly everything that is relevant to the security configuration and posture of an AWS environment.

Existing tools (e.g. AWS Config) that do some form of resource collection lack the coverage and specificity to accurately measure security posture (e.g. detailed resource attribute data, fully parsed policy documents, and nested resource relationships).

AWS Recon handles collection from large accounts by taking advantage of automatic retries (either due to network reliability or API throttling), automatic paging of large responses (> 100 resources per API call), and multi-threading parallel requests to speed up collection.

Project Goals

  • More complete resource coverage than available tools (especially for ECS & EKS)
  • More granular resource detail, including nested related resources in the output
  • Flexible output (console, JSON lines, plain JSON, file, standard out)
  • Efficient (multi-threaded, rate-limited, automatic retries, and automatic result paging)
  • Easy to maintain and extend

Supported Services & Resources

Current “coverage” by service is listed below. The services without coverage will eventually be added. PRs are certainly welcome. 🙂

AWS Recon aims to collect all resources and metadata that are relevant in determining the security posture of your AWS account(s). However, it does not actually examine the resources for security posture – that is the job of other tools that take the output of AWS Recon as input.

  •  AdvancedShield
  •  Athena
  •  GuardDuty
  •  Macie
  •  Systems Manager
  •  Trusted Advisor
  •  ACM
  •  API Gateway
  •  AutoScaling
  •  CodePipeline
  •  CodeBuild
  •  CloudFormation
  •  CloudFront
  •  CloudWatch
  •  CloudWatch Logs
  •  CloudTrail
  •  Config
  •  DirectoryService
  •  DirectConnect
  •  DMS
  •  DynamoDB
  •  EC2
  •  ECR
  •  ECS
  •  EFS
  •  ELB
  •  EKS
  •  Elasticsearch
  •  Firehose
  •  FMS
  •  Glacier
  •  IAM
  •  KMS
  •  Kafka
  •  Kinesis
  •  Lambda
  •  Lightsail
  •  Organizations
  •  RDS
  •  Redshift
  •  Route53
  •  Route53Domains
  •  S3
  •  SageMaker
  •  SES
  •  ServiceQuotas
  •  Shield
  •  SNS
  •  SQS
  •  Transfer
  •  VPC
  •  WAF
  •  WAFv2
  •  Workspaces
  •  Xray



Copyright (c) 2020 Darkbit