Skip to content

Quick start

Requirements

To install aws-inspector you need:

  • AWS credentials: this is required to create the inventory file, as aws-inspector will need to call AWS APIs;
  • Docker: this is required to install aws-inspector.

Install

Please follow the installation guide.

Generate the inventory and the diagram

To generate the inventory:

docker run --rm \
  -v ~/.aws/credentials:/root/.aws/credentials:ro \
  -v `pwd`/inventory-config.yml:/opt/aws-inspector/inventory-config.yml:ro \
  -v `pwd`/output:/output \
  ghcr.io/pasdam/aws-inspector:latest \
  inventory -c /opt/aws-inspector/inventory-config.yml -o /output/inventory.yml

This command assumes an inventory configuration file named inventory-config.yml and a directory output are in the current folder.

It also assume that the AWS profile specified in the config exists in ~/.aws/credentials. The profile should have the permissions to read all the supported resources, no write permissions are needed.

Generate the diagram

From the inventory we generated above we can then create the diagram with:

docker run --rm \
  -v `pwd`/output/inventory.yml:/opt/aws-inspector/inventory.yml:ro \
  -v `pwd`/output:/output \
  ghcr.io/pasdam/aws-inspector:latest \
  diagram -f /opt/aws-inspector/inventory.yml -o /output/diagram.drawio

If you need to override some details about the infrastructure (ie. to clarify some resource names, you can edit the inventory YAML file before running the last command).

The output can then be opened in Draw.io, which can be used from the CLI as well, in case you need to export the diagram as image.