Listing all Resources in Your AWS Account
Why did I need to list all resources?
Certain situations require one to be able to list all resources in an AWS account.
Management recently decided to assign some new responsibilities to my team in a different part of the organization. We would continue supporting some of our existing infrastruction, while a different team would take responsibility for the remainder.
But we needed to start with a list of all the resources in our AWS account to form the basis of these negotiations.
aws resourcegroupstaggingapi get-resources
To be honest, it is currently unclear1 to me whether there is any single method that will provide a definitive list of all resources in an AWS account.
The documentation2 for the aws resourcegroupstaggingapi get-resources call
says that it:
Returns all the tagged or previously tagged resources that are located in the specified Amazon Web Services Region for the account.
So it appears that if you never tagged a specific resource, it won’t appear in this list.
However, having run this command in our account, it returned an awful many resources that do not currently have tags, and I can’t imagine that we tagged and then intentionally untagged so many resources in our account.
In any case–
The method outlined below works well for us because we have tagged (almost) all of our resources.
Examples
Assuming that the AWS CLI is configured, the following command will provide a list of all AWS resources.
aws --profile=prod --region=us-west-2 resourcegroupstaggingapi get-resources
One may use jq or similar tools (or even a JMESPath query with the --query
argument) to further filter and refine the JSON-encoded results. For example,
one can generate a sorted list of ARNs with the following command.
aws resourcegroupstaggingapi get-resources \
| jq -c -r '.ResourceTagMappingList[].ResourceARN' \
| sort \
| less
