Why should I care about lost AWS resources?

Well, resources cost money, so that’s a thing.

But here’s another thing: What if you migrate accounts and forget about some old snapshots and volumes? An attacker gains access to the old AWS account. They mount the old snapshots and volumes onto new instances they have access to, and inspect the volumes. The package and configuration data is mostly old and irrelevant, but they find source code, and in that source code, credentials to access the company’s private GitHub.

And what about those instances that developers created to test a feature and then forgot about? How many vulnerabilities do they have?

‍

Okay, so how do I find AWS resources that might be lost or forgotten?

Use open source cnquery to explore all the resources in your AWS account, across all regions.

Open the shell

AWS_PROFILE="vvdefault" cnquery shell aws

Find snapshots

aws.ec2.snapshots { id region startTime }

Find volumes

aws.ec2.volumes { arn createTime }

Find EC2 instances with no tags attached, or with a specific tag‍

aws.ec2.instances.where(tags['Name'] == "k8s-operator03") { instanceId region }

Find AWS Security Groups with unrestricted ipRange access

aws.ec2.securityGroups.where(ipPermissions { ipRanges.contains("0.0.0.0/0") }) { arn }

Find the AWS EC2 instances that are using those security groups

aws.ec2.instances.where(securityGroups.where(ipPermissions { ipRanges.contains("0.0.0.0/0") })) { arn }

Explore all the resources under the EC2 service

aws.ec2 { * }

References

• cnquery repo
• cnquery.io
• cnquery docs