By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Tag editor in GUI shows all resources even with or without tags but aws CLI or boto3 does not

0

Enter image description here [https://ibb.co/XW5yjVf] When I go to tag editor and choose "All supported resource types" I can see ALL the resources with or without tags and the total is about 937 resources

But when I use boto3

tagclient = session.client('resourcegroupstaggingapi') 
paginator =tagclient.get_paginator('get_resources')
c = 0
for page in paginator.paginate():
    c += len(page["ResourceTagMappingList"])
print(c)

I see only 681 resources. Why the discrepancy? Is boto3 showing ONLY tagged resources?

So My question is, Is there a way using aws cli or boto3 to show all resources irrespective of whether they are tagged or not?

Thanks

Shanthi

Topics
Management & GovernanceDevOps
Tags
AWS Management ConsoleAWS Command Line InterfaceDevOpsTagging
Language
English
shanthiz
asked 9 months ago306 views
1 Answer
1

The AWS Resource Groups Tagging API (which Boto3 is interacting with when you use the 'resourcegroupstaggingapi' client) will only return resources that are taggable and that are tagged at least once. This is likely why you're seeing a smaller number of resources compared to the AWS Tag Editor, which displays all resources, regardless of whether or not they have been tagged.

As I know, there is no direct way to get a list of all resources in your AWS account regardless of whether they are tagged or not using AWS CLI or Boto3. AWS does not have a unified API call to retrieve all resources. You would have to call each service individually and handle pagination and other issues for each.

However, there are a couple of possible workarounds:

  • AWS Config: AWS Config provides a detailed view of the configuration of AWS resources in your AWS account. This includes how the resources are related to one another and how they were configured in the past so that you can see how the configurations and relationships change over time.

  • Third-party tools: There are some third-party tools, like CloudMapper, CloudCustodian, etc., that can collect this information by making describe calls for all supported resource types.

Remember that in each case, you're likely to encounter differences due to the types of resources that each method can discover. This is primarily driven by the permissions in the IAM policy for the role that is performing the action.

profile picture
Ercan -flightlesstux-
answered 9 months ago
  • shanthiz
    9 months ago

    Thanks. You are correct even AWS config misses a few types of resource types

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content