https://github.com/Alfresco/sweeper

A tool to check for rogue/orphaned AWS services running that cost money
https://github.com/Alfresco/sweeper

Last synced: 3 months ago
JSON representation

A tool to check for rogue/orphaned AWS services running that cost money

• Host: GitHub
• URL: https://github.com/Alfresco/sweeper
• Owner: Alfresco
• License: apache-2.0
• Created: 2017-11-13T16:32:42.000Z (almost 7 years ago)
• Default Branch: master
• Last Pushed: 2017-12-21T14:24:27.000Z (almost 7 years ago)
• Last Synced: 2024-06-28T06:37:03.401Z (5 months ago)
• Language: Python
• Homepage:
• Size: 25.4 KB
• Stars: 14
• Watchers: 5
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.md

Awesome Lists containing this project

README

        
# Sweeper

## Description

A tool that sweeps your AWS account for still running or orphaned services that may be costing you money. The tool doesn't destroy them, it only informs you of what is running. This tool takes its inspiration from the ["Avoiding Unexpected Charges"](http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/checklistforunwantedcharges.html) checklist.

## Features

- Runs a report based on still running services in your AWS accounts

- Highlights potential cost saving resources that could be removed

## Requirements

Please ensure you have Python running locally. 2.x or 3.x should work fine.

Before running please install the boto3 libraries either globally or locally.

Globally:

```

pip install boto3

```

Locally:

```

pip install boto3 -t .

```

Please also ensure that `aws configure` has been performed. It isn't an essential command but allows for multiple AWS accounts to be checked

## Configuration

The configuration file `config.yml` contains three current sections; `regions_to_exclude`,`checks_to_exclude` and `profiles`. In the `regions_to_exclude` section, populate it with a list of regions that you do not want to check as part of the sweep.

The `checks_to_exclude` section, populate it with a list of checks to skip e.g. `elb` or `opsworks`. An example has been included in this repo.

The `profiles` section should include the name of profiles you wish to check. These name should be found in your `~/.aws/credentials` file

## Usage

```

python Sweeper.py

```

This will run Sweeper using the default config file. If you do not provide the `profiles` config parameters Sweeper will look for AWS credentials in your environment variables

```

python Sweeper.py -c 

```

This will run Sweeper using a specified config file, not the default.

```

python Sweeper.py -p 

```

This will run Sweeper with an AWS profile or profiles. These profiles can be found in your credentials file. If you want to check more than one profile, provide a csv list of profiles e.g. `python Sweeper.py -p default1,default2`

```

python Sweeper.py -o 

```

This will run Sweeper and output the results into a text file with the name of your choice e.g. `python Sweeper.py -o results.txt`

## IAM Policy

This is the policy to apply to a new user/role to run the Sweeper checks:

```

{

    "Version": "2012-10-17",

    "Statement": [

        {

            "Effect": "Allow",

            "Action": "elasticloadbalancing:DescribeLoadBalancers",

            "Resource": "*"

        },

        {

            "Effect": "Allow",

            "Action": "ec2:DescribeVolumes",

            "Resource": "*"

        },

        {

            "Effect": "Allow",

            "Action": "ec2:DescribeAddresses",

            "Resource": "*"

        },

        {

            "Effect": "Allow",

            "Action": "rds:DescribeDBSnapshots",

            "Resource": "*"

        },

        {

            "Effect": "Allow",

            "Action": "rds:DescribeDBInstances",

            "Resource": "*"

        },

        {

            "Effect": "Allow",

            "Action": "elasticbeanstalk:DescribeEnvironments",

            "Resource": "*"

        },

        {

            "Effect": "Allow",

            "Action": [

                "opsworks:DescribeStacks",

                "opsworks:DescribeElasticIps",

                "opsworks:DescribeElasticLoadBalancers",

                "opsworks:DescribeInstances",

                "opsworks:DescribeRdsDbInstances",

                "opsworks:DescribeVolumes",

                "opsworks:DescribeEcsClusters"

            ],

            "Resource": "*"

        }

    ]

}

```

## Future changes

- Extra checks to be added (S3)

- Use instance profiles if running on an Ec2 instance

- Appropriate use of roles when running in a Lambda

## Develop

Work in progress will be on the `Develop` branch. If you want to use the latest improvements, use this branch. All releases are tagged from the `Master` branch

## Contribution Guidelines

Please fork from Develop. Any forks to Master will be ignored. Raise a PR and the code will be reviewed in time. I will routinely merge from Develop to Master with new features that are in the Develop branch