2回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
I would say to start simple and create a script that accept region and account id as argument. A nice example is this one: https://anandmandilwar.com/2023/06/14/python-boto3-script-to-list-all-the-aws-resources-in-default-vpc-across-all-the-listed-aws-regions/
0
Adding to the other answer (which is correct - a script is one way to do this):
- While you can use an IAM user per region...
- ...IAM users are global within each account so you don't have to do that and it's far more convenient to use a single IAM user (or role) that has the permission required (read only in this case, it appears).
- There is no cost difference.
Also: Have you considered using AWS Config for this? There's nothing wrong with having a script to gather this information; but in large, multi-account environment Config can automatically collect the information you need and you can query Config directly.
Where are you planning on running your script, and what is your outcome here, why do you want to do this?