使用PacBot (Policy as Code Bot)——一个开源项目，它是一个用于持续合规监控、合规报告和云安全自动化的平台。PacBot发现所有帐户和所有区域的所有资源，然后根据这些策略进行评估，以衡量策略的一致性。

Omni搜索功能也提供了搜索所有发现的资源的能力。您甚至可以通过PacBot终止/删除资源。

Omni搜索

带有结果过滤的搜索结果页

资产360 /资产详情页面

以下是PacBot的主要功能:

Continuous compliance assessment. Detailed compliance reporting. Auto-Fix for policy violations. Omni Search - Ability to search all discovered resources. Simplified policy violation tracking. Self-Service portal. Custom policies and custom auto-fix actions. Dynamic asset grouping to view compliance. Ability to create multiple compliance domains. Exception management. Email Digests. Supports multiple AWS accounts. Completely automated installer. Customizable dashboards. OAuth2 Support. Azure AD integration for login. Role-based access control. Asset 360 degree.

aws提供的工具用处不大，因为它们不够全面。

在我试图缓解这个问题并获取我所有AWS资源的列表时，我发现了这个:https://github.com/JohannesEbke/aws_list_all

我还没有测试，但它看起来是合法的。

这是一篇很好的文章，列出了在AWS云中列出资源的工具。 https://link.medium.com/tZbs8eLyohb

其中，CloudYali https://www.cloudyali.io是新推出的服务。它显示了来自不同账户、地区、现在和过去的所有云资源，都可以在一个中心位置使用。

另一个选择是使用这个脚本为每个资源执行“aws configservice list-discovered-resources——resource-type”

for i in  AWS::EC2::CustomerGateway AWS::EC2::EIP AWS::EC2::Host AWS::EC2::Instance AWS::EC2::InternetGateway AWS::EC2::NetworkAcl AWS::EC2::NetworkInterface AWS::EC2::RouteTable AWS::EC2::SecurityGroup AWS::EC2::Subnet AWS::CloudTrail::Trail AWS::EC2::Volume AWS::EC2::VPC AWS::EC2::VPNConnection AWS::EC2::VPNGateway AWS::IAM::Group AWS::IAM::Policy AWS::IAM::Role AWS::IAM::User AWS::ACM::Certificate AWS::RDS::DBInstance AWS::RDS::DBSubnetGroup AWS::RDS::DBSecurityGroup AWS::RDS::DBSnapshot AWS::RDS::EventSubscription AWS::ElasticLoadBalancingV2::LoadBalancer AWS::S3::Bucket AWS::SSM::ManagedInstanceInventory AWS::Redshift::Cluster AWS::Redshift::ClusterSnapshot AWS::Redshift::ClusterParameterGroup AWS::Redshift::ClusterSecurityGroup  AWS::Redshift::ClusterSubnetGroup AWS::Redshift::EventSubscription AWS::CloudWatch::Alarm AWS::CloudFormation::Stack AWS::DynamoDB::Table AWS::AutoScaling::AutoScalingGroup AWS::AutoScaling::LaunchConfiguration AWS::AutoScaling::ScalingPolicy AWS::AutoScaling::ScheduledAction AWS::CodeBuild::Project AWS::WAF::RateBasedRule AWS::WAF::Rule AWS::WAF::WebACL AWS::WAFRegional::RateBasedRule AWS::WAFRegional::Rule AWS::WAFRegional::WebACL AWS::CloudFront::Distribution  AWS::CloudFront::StreamingDistribution AWS::WAF::RuleGroup AWS::WAFRegional::RuleGroup AWS::Lambda::Function AWS::ElasticBeanstalk::Application AWS::ElasticBeanstalk::ApplicationVersion AWS::ElasticBeanstalk::Environment AWS::ElasticLoadBalancing::LoadBalancer AWS::XRay::EncryptionConfig AWS::SSM::AssociationCompliance AWS::SSM::PatchCompliance AWS::Shield::Protection AWS::ShieldRegional::Protection AWS::Config::ResourceCompliance AWS::CodePipeline::Pipeline; do aws configservice list-discovered-resources --resource-type $i; done

Yes.

我也遇到了同样的问题，试图弄清楚我的AWS账户到底发生了什么。

最终，我编写了AWSRetriver，这是一个列出所有地区AWS资源的桌面工具。

这是一个简单而直接的工具，列出了一切…(希望)

您可以在AWS配置控制台中使用查询。(地区可能因您而异)https://console.aws.amazon.com/config/home?region=us-east-1#/resources/query

查询将看起来像。

SELECT
  resourceId,
  resourceName,
  resourceType,
  relationships
WHERE
relationships.resourceId = 'vpc-#######'

下面是进一步的文档。

https://docs.aws.amazon.com/config/latest/developerguide/query-using-sql-editor-console.html