Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Komiser: AWS Environment Inspector

DZone's Guide to

Komiser: AWS Environment Inspector

Check out this tool from developer Mohamed Labouardy that works to optimize your AWS environment and save you some money.

· Cloud Zone ·
Free Resource

Easily enforce open source policies in real time and reduce MTTRs from six weeks to six seconds with the Sonatype Nexus Platform. See for yourself - Free Vulnerability Scanner. 


In order to build HA & Resilient applications in AWS, you need to assume that everything will fail. Therefore, you always design and deploy your application in multiple AZ & regions, so you end up with many unused AWS resources (Snapshots, ELB, EC2, Elastic IP, etc) that could cost you a fortune.

One pillar of AWS Well-Architected Framework is cost opimization. That’s why you need to have a global overview of your AWS Infrastructure. Fortunately, AWS offers many fully-managed services like CloudWatch, CloudTrail, Trusted Advisor & AWS Config to help you achieve that. But, they require a deep understanding of AWS Platform and they are not straighforward.


That’s why I came up with Komiser, a tool that simplifies the process by querying the AWS API to fetch information about almost all critical services of AWS like EC2, RDS, ELB, S3, and Lambda, in real-time in a single Dashboard.

Note: To prevent excedding AWS API rate limit for requests, the response is cached in in-memory cache by default for 30 minutes.

Komiser supported AWS Services:













Compute:

  • Running/Stopped/Terminated EC2 instances
  • Current EC2 instances per region
  • EC2 instances per family type
  • Lambda Functions per runtime environment
  • Disassociated Elastic IP addresses
  • Total number of Key Pairs
  • Total number of Auto Scaling Groups

Network & Content Delivery:

  • Total number of VPCs
  • Total number of Network Access Control Lists
  • Total number of Security Groups
  • Total number of Route Tables
  • Total number of Internet Gateways
  • Total number of Nat Gateways
  • Elastic Load Balancers per family type (ELB, ALB, NLB)

Management Tools:

  • CloudWatch Alarms State
  • Billing Report (Up to 6 months)

Database:

  • DynamoDB Tables
  • DynamoDB Provisionned Throughput
  • RDS DB instances

Messaging:

  • SQS Queues
  • SNS Topics

Storage:

  • S3 Buckets
  • EBS Volumes
  • EBS Snapshots

Security Identity & Compliance:

  • IAM Roles
  • IAM Policies
  • IAM Groups
  • IAM Users

1 — Configuring Credentials

Komiser needs your AWS credentials to authenticate with AWS services. The CLI supports multiple methods of supporting these credentials. By default the CLI will source credentials automatically from its default credential chain. The common items in the credentials chain are the following:

Environment Credentials:

AWS_ACCESS_KEY_ID

AWS_SECRET_ACCESS_KEY

AWS_DEFAULT_REGION 

Shared Credentials file (~/.aws/credentials)

EC2 Instance Role Credentials

To get started, create a new IAM user, and assign to it this following IAM policy:


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "1",
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeRegions",
                "ec2:DescribeInstances",
                "ec2:DescribeVolumes",
                "ec2:DescribeVpcs",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeNatGateways",
                "ec2:DescribeRouteTables",
                "ec2:DescribeSnapshots",
                "ec2:DescribeNetworkAcls",
                "ec2:DescribeKeyPairs",
                "ec2:DescribeInternetGateways"
            ],
            "Resource": "*"
        },
        {
            "Sid": "2",
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeAddresses",
                "ec2:DescribeSnapshots",
                "elasticloadbalancing:DescribeLoadBalancers",
                "autoscaling:DescribeAutoScalingGroups",
                "ce:GetCostAndUsage",
                "s3:ListAllMyBuckets"
            ],
            "Resource": "*"
        },
        {
            "Sid": "3",
            "Effect": "Allow",
            "Action": [
                "lambda:ListFunctions",
                "dynamodb:ListTables",
                "dynamodb:DescribeTable",
                "rds:DescribeDBInstances",
                "cloudwatch:DescribeAlarms",
                "cloudfront:ListDistributions"
            ],
            "Resource": "*"
        },
        {
            "Sid": "4",
            "Effect": "Allow",
            "Action": [
                "sqs:ListQueues",
                "route53:ListHostedZones",
                "sns:ListTopics",
                "iam:ListGroups",
                "iam:ListRoles",
                "iam:ListPolicies",
                "iam:ListUsers"
            ],
            "Resource": "*"
        }
    ]
}

Next, generate a new AWS Access Key & Secret Key, then update ~/.aws/credentials file as below:

[default]
aws_access_key_id = AWS ACCESS KEY ID
aws_secret_access_key = AWS SECRET ACCESS KEY
region = us-east-1

2 — Installation

2.1 — CLI

Find the appropriate package for your system and download it. For linux:


wget https://s3.us-east-1.amazonaws.com/komiser/1.0.0/linux/komiser
chmod +x komiser

Note: The Komiser CLI is updated frequently with support for new AWS services. To see if you have the latest version, see the project Github repository.

After you install the Komiser CLI, you may need to add the path to the executable file to your PATH variable.

2.2 — Docker Image

Use the official Komiser Docker Image:


docker run -d -p 3000:3000 -e AWS_ACCESS_KEY_ID="" -e AWS_SECRET_ACCESS_KEY="" -e AWS_DEFAULT_REGION="" --name komiser mlabouardy/komiser

3 — Overview

Once installed, start the Komiser server:

komiser start --port 3000 --duration 30

If you point your favorite browser to http://localhost:3000, you should see Komiser Dashboard:

Hope it helps ! The CLI is still in its early stages, so you are welcome to contribute to the project on Github.

Automate open source governance at scale across the entire software supply chain with the Nexus Platform. Learn more.

Topics:
aws ,cloud ,devops ,monitoring

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}