AWS

Finding Lost AWS Resources with cnquery

We all understand that resources get lost in the cloud. Between working across regions, migrating accounts, and the ability to quickly spin up an instance and forget about it, it’s almost inevitable to have some mystery resources lurking in your AWS account.

Mondoo_graphics_Finding lost AWS resources-02

Why should I care about lost AWS resources?

Well, resources cost money, so that’s a thing.

But here’s another thing: What if you migrate accounts and forget about some old snapshots and volumes? An attacker gains access to the old AWS account. They mount the old snapshots and volumes onto new instances they have access to, and inspect the volumes. The package and configuration data is mostly old and irrelevant, but they find source code, and in that source code, credentials to access the company’s private GitHub.

And what about those instances that developers created to test a feature and then forgot about? How many vulnerabilities do they have?

Monitor your infrastructure for security misconfigurations and maps those checks automatically to top compliance frameworks.

Okay, so how do I find AWS resources that might be lost or forgotten?

Use open source cnquery to explore all the resources in your AWS account, across all regions.

Open the shell

AWS_PROFILE="vvdefault" cnquery shell aws

Find snapshots

aws.ec2.snapshots { id region startTime }

Find volumes

aws.ec2.volumes { arn createTime }

Find EC2 instances with no tags attached, or with a specific tag

aws.ec2.instances.where(tags['Name'] == "k8s-operator03") { instanceId region }

Find AWS Security Groups with unrestricted ipRange access

aws.ec2.securityGroups.where(ipPermissions { ipRanges.contains("0.0.0.0/0") }) { arn }

Find the AWS EC2 instances that are using those security groups

aws.ec2.instances.where(securityGroups.where(ipPermissions { ipRanges.contains("0.0.0.0/0") })) { arn }

Explore all the resources under the EC2 service

aws.ec2 { * }

References

Victoria Jeffrey

Victoria Jeffrey (also known as vj) is an Engineering Manager/Software Engineer living near Denver, Colorado. She's been doing this coding and DevOps and security thing for over seven years now, and still loves every minute of it. Vj spends her free time hanging with her family, binging too much tv, and fulfilling her suburban mom obligations by going to pilates and trying to maintain a small herb garden.

You might also like

Mondoo May 2024 Release Highlights
Releases
Mondoo April 2024 Release Highlights
Linux
Exploring the Latest Security Features in Ubuntu 24.04