Why should I care about lost AWS resources?
Well, resources cost money, so that’s a thing.
But here’s another thing: What if you migrate accounts and forget about some old snapshots and volumes? An attacker gains access to the old AWS account. They mount the old snapshots and volumes onto new instances they have access to, and inspect the volumes. The package and configuration data is mostly old and irrelevant, but they find source code, and in that source code, credentials to access the company’s private GitHub.
And what about those instances that developers created to test a feature and then forgot about? How many vulnerabilities do they have?
Monitor your infrastructure for security misconfigurations and maps those checks automatically to top compliance frameworks.
Okay, so how do I find AWS resources that might be lost or forgotten?
Use open source cnquery to explore all the resources in your AWS account, across all regions.
Open the shell
AWS_PROFILE="vvdefault" cnquery shell awsFind snapshots
aws.ec2.snapshots { id region startTime }Find volumes
aws.ec2.volumes { arn createTime }Find EC2 instances with no tags attached, or with a specific tag
aws.ec2.instances.where(tags['Name'] == "k8s-operator03") { instanceId region }Find AWS Security Groups with unrestricted ipRange access
aws.ec2.securityGroups.where(ipPermissions { ipRanges.contains("0.0.0.0/0") }) { arn }Find the AWS EC2 instances that are using those security groups
aws.ec2.instances.where(securityGroups.where(ipPermissions { ipRanges.contains("0.0.0.0/0") })) { arn }Explore all the resources under the EC2 service
aws.ec2 { * }References
