awslabs/aws-multi-account-viewer

Serverless app designed for any customer with two or more accounts to view resources across accounts/regions in simple single pane of glass website

Serverless app designed for any customer with two or more accounts to view resources/tags across accounts/regions in simple single pane of glass website. It's split into 2 customizable parts:

• Back-End (CloudFormation templates and Python Lambdas)
• Front-End (React with Amplify)

Current working examples are:

• AWS Accounts in Organizations
• EC2, CLB/ALB/NLB, Lambda, ODCR, Reserved Instances, RDS, EKS, Lightsail
• IAM Users, Roles, Policy’s
• VPCs, Subnets
• S3 Buckets, EBS Volumes
• Private and Public IP's
• All Tags

Demo

Demo website coming this week.

On this Page

• Architecture
• Requirements
• Install Overview
• Deploying the Solution
• Adding New Services
• Troubleshooting
• License

Architecture

Requirements

• Python 3.7
• Node.js 8.10+
• Yarn or NPM
• At least 2 AWS accounts.

Install Overview

Administrator account is the account you will use to access all sub accounts and where you will store everything. SubAccounts only requires the SubAccountAccess template to be created.

• Clone repo.
• Run CloudFormation template in your sub accounts (SubAccountAccess.yaml).
• Run CloudFormation template in your main account (MainTemplate.yaml).
• Run React App.

Deploying the Solution

Sub Accounts

• Note the Account number for your Administrator Account and put it into the SubAccountAccess template.
• Edit the SubAccountAccess.yaml with your Administrator Account Number (this account number will be your Administrator account that will have access to view all the sub accounts from)
• Save and Run the SubAccountAccess.yaml in all your sub accounts you want to view. (I recommend using StackSets if you have them enabled otherwise manual is fine)

Administrator Account

• Create a new S3 bucket to store the lambda zip files

aws s3 mb s3://your-unique-bucket-name --region ap-southeast-2

• Package up all the lambdas into one zip file (e.g functions.zip): see example below or doco here

• The only external python modules: boto3

cd /aws-multi-account-viewer/Back-End/lambdas
python3.7 -m venv .venv
source .venv/bin/activate
cd build
pip install -r ../requirements.txt --target .
zip -r9 ../functions.zip .
cd ../
zip -g functions.zip list_table.py receive_sqs_message.py send_sqs_message.py
deactivate

• Copy the functions.zip file you just packaged into the s3 bucket you created earlier.

aws s3 cp functions.zip s3://your-unique-bucket-name

CloudFormation Parameters

Everyone's accounts and regions vary so this example is set to the free tier for DynamoDB AutoScaling is configured for DynamoDB so it will between the 2 parameters you specifiy.

• Update all the parameters to match your config/accounts/bucket in MainTemplate.yaml
• Deploy the CloudFormation template in the admin account once you have updated the paramaters
• Once the CloudFormation has completed copy the details in the outputs:
  • ApiGateWayEndPoint
  • UserPoolId
  • userPoolWebClientId

• Paste the outputs into Front-End/.env, or directly into Front-End/src/App.js:

• Create a user account for the Cognito User Pool (sign up is disabled, so users have to be created manually)
• Cognito > User Pools > {YourStackName} > Users and groups > Create User.
• Now navigate to Front-End and Install dependencies

cd /aws-multi-account-viewer/Front-End/
yarn

• Start React Page

yarn start

• You should now see a login page from React

• Log in with the user you created earlier.
• You now have a local version up and running, you could now safely host as a public s3 bucket. (not covered in this project but you can see examples online on how to set it up: S3-Public-Website)
• A really good article on setting React up with S3 by Antoine Sauvage: Here

Adding New Services

To add a new services, see example for this git commit:

• Example of adding a new service EKS here EKS

Troubleshooting

No data is being populated on the web site?

• Check SQS to make sure the messages are going through to lambda
• If there’s lots of messages in the queue then there’s an issue with the lambda or DynamoDB is throttling the requests.

Site breaks when hosted on s3?

• There's a good guide above on how to host React on S3, most common gotcha is error document:

Lambda Logs Overview?

• You can check all three lambdas logs easy in CloudWatch Insights:

Lambda Logs Error & Exceptions:

Copy and paste query below to only see Errors & Exceptions: (this example is showing throttle requests on DynamoDB because its set too low):

fields @message 
| filter @message like /Error/ or @message like /Exception/
| limit 50

Tables are empty?

• Check SQS queue to see what services are failing
• View CloudWatch Logs above across receive/send lambda's to see where the issue is.

License Summary

This sample code is made available under the MIT-0 license. See the LICENSE file.