Architecture

Set up one system to collect your resource inventory in all your accounts

Avoid throttling issues from multiple AWS describe calls by fostering solutions that collect data once, share it across tools, and store it in a centralized system like AWS Config or a data warehouse for efficient reporting.

Summary

As your organization grows there will be an increasing number of tools and services that will want inventory of resources and policies and settings in each cloud account. When all of these resources start to cause your describe calls to various AWS service endpoint to get throttle you know "you have arrived". Ideally try to foster solutions that collect once and share the data to each of the tools that wants the information. AWS Config might be an acceptable means to accomplish this. You'll want an up to date inventory of what is in all of your accounts. Don't have people going into the console in each account for this or running custom boto3 / cli commands all the time. Have one system get the inventory and put it in a datawarehouse or something with a similar reporting capability for folks that don't need real time access.

Applicable To

Always

Resources

Maturity

Medium

Functions
Reliability
Security
CSPS

AWS

Author

Houston Hopkins

Additional Links
View on GitHubContribute on GitHub
Back to Home