I am tring to log all my aws resources in all regions, (with multiple accounts) using boto3 lib.
I found that aws config is helpful.
I have already created aggregator
ConfigurationAggregator:
Type: 'AWS::Config::ConfigurationAggregator'
Properties:
AccountAggregationSources:
- AccountIds: !Ref AccountIds
AllAwsRegions: !Ref AllAwsRegions
ConfigurationAggregatorName: MyAggregator
And i went through boto3 lib docs for aws config https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/config.html#ConfigService.Client.batch_get_aggregate_resource_config
But it requires various REQUIRED parameters like resourceid , region account id, resource type.
Which is the simplest boto3 API where i don't have to pass anything except Aggregator name, and in return i get list of all and everykind kind of aws resources, in all the regions.
I am not worried about whether resource is complianced or not, i just want to log each and every resource in one go.
Solution was to create an multi acc / multi region aggregator And use that aggregator name in below aggregation function
nextToken = ""
res = []
while (nextToken != None):
data = client.list_aggregate_discovered_resources(ConfigurationAggregatorName=AWS_AGG_NAME, ResourceType=tp, Limit=AGG_LIMIT, NextToken=nextToken)
do_your_logic_with_resource(rc)
res = res + data['ResourceIdentifiers']
nextToken = data['NextToken'] if 'NextToken' in data else None
return res