- Newest
- Most votes
- Most comments
Hi there,
I understand that you are trying to get all EC2 instances across accounts using PowerShell.
Kindly find example PowerShell script below which retrieves all instances for all regions in an account:
# Get all regions
$regions = Get-AWSRegion | Select-Object Region -ExpandProperty Region
# Loop through each region to get instances
foreach ($region in $regions)
{
try
{
(Get-EC2Instance -region $region).Instances
}
catch
{
continue
}
}
The above example script will have to be adjusted to list instances from all accounts. In addition as you mention configuring credentials to grant permissions to run the script, recommend looking into configuring an IAM Role which can be used across accounts. Kindly find guidance on this linked below:
[+] Cross-Account IAM Roles in Windows PowerShell (example script included here as well):- https://aws.amazon.com/blogs/developer/cross-account-iam-roles-in-windows-powershell/
[+] How to Use a Single IAM User to Easily Access All Your Accounts by Using the AWS CLI (AWS CLI example, however can adjust for PowerShell too):- https://aws.amazon.com/blogs/security/how-to-use-a-single-iam-user-to-easily-access-all-your-accounts-by-using-the-aws-cli/
Lastly, I would like to highlight that you may wish to look into AWS Config Service or EC2 Global view. Kindly find guidance on this below:
a) AWS Config Service:
[+] https://aws.amazon.com/config/
- Enable AWS Config across member accounts/regions and then use Aggregator + Advance query feature.
- AWS Config is a monitoring service which records resources and presents you with a resources inventory.
- If you do decided to go down this route, please ensure all your member accounts/regions have Config enabled and are recording EC2 instances.
- To enable AWS Config across Organizations, visit: [+] https://aws.amazon.com/blogs/mt/managing-aws-organizations-accounts-using-aws-config-and-aws-cloudformation-stacksets/
- To set up an organization-wide aggregator in AWS Config: [+] https://docs.aws.amazon.com/config/latest/developerguide/setup-aggregator-console.html#add-an-aggregator-console
- To query all instances using Advanced query with Aggregator as scope: [+] https://aws.amazon.com/blogs/mt/introducing-aws-config-multi-account-multi-region-support-for-advanced-query/
- Kindly note - AWS Config does come at an additional cost therefore I would like to also link the pricing page: [+] https://aws.amazon.com/config/pricing/
b) EC2 Global View: You can get a list of some types of resources using the Amazon EC2 console.
[+] https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html#global-view
I hope you find the information above helpful.
Have a wonderful day further!
Thank you for your assistance, but it still does not work. Currently, we have access to all the accounts through a service account, but we are unable to retrieve information about the virtual machine (EC2). I am unsure of the cause of the problem
The aggregator can be used in PowerShell aws configservice select-aggregate-resource-config --expression "SELECT resourceId WHERE resourceType='AWS::EC2::Instance'" --configuration-aggregator-name XXXXXXXXX
Relevant content
- Accepted Answerasked a year ago
- asked 8 months ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 10 months ago
Hi All, I would appreciate it if someone could assist me with converting the AWC CLI to PowerShell
$export_AWS = aws configservice select-aggregate-resource-config --expression "SELECT accountId,awsRegion,arn,resourceId WHERE resourceType = 'AWS::EC2::Instance'" --configuration-aggregator-name XXXXXXXXX