[小ネタ] AWS Config のリソース記録の対象となるリソース数を確認してみる
こんにちは!コンサルティング部のくろすけです!
AWS Config のリソース記録の記録方法を変更するにあたり、利用料金の増加が気になりました。
そこで、試算の参考とするために、 AWS CLI を使って AWS Config のリソース記録対象となるリソースの数を確認してみました。
前提
料金試算については、下記をご確認ください。
やってみる
下記のコマンドで、AWS Config のリソース記録の対象となるリソースの数を出力します。
単一リージョン
お試しの際にはREGION
を対象のリージョンに変更してください。
bash -c 'read -r -d "" RESOURCE_TYPES << EOM
AWS::EC2::CustomerGateway
AWS::EC2::EIP
AWS::EC2::Host
AWS::EC2::Instance
AWS::EC2::InternetGateway
AWS::EC2::NetworkAcl
AWS::EC2::NetworkInterface
AWS::EC2::RouteTable
AWS::EC2::SecurityGroup
AWS::EC2::Subnet
AWS::CloudTrail::Trail
AWS::EC2::Volume
AWS::EC2::VPC
AWS::EC2::VPNConnection
AWS::EC2::VPNGateway
AWS::EC2::RegisteredHAInstance
AWS::EC2::NatGateway
AWS::EC2::EgressOnlyInternetGateway
AWS::EC2::VPCEndpoint
AWS::EC2::VPCEndpointService
AWS::EC2::FlowLog
AWS::EC2::VPCPeeringConnection
AWS::Elasticsearch::Domain
AWS::IAM::Group
AWS::IAM::Policy
AWS::IAM::Role
AWS::IAM::User
AWS::ElasticLoadBalancingV2::LoadBalancer
AWS::ACM::Certificate
AWS::RDS::DBInstance
AWS::RDS::DBSubnetGroup
AWS::RDS::DBSecurityGroup
AWS::RDS::DBSnapshot
AWS::RDS::DBCluster
AWS::RDS::DBClusterSnapshot
AWS::RDS::EventSubscription
AWS::S3::Bucket
AWS::S3::AccountPublicAccessBlock
AWS::Redshift::Cluster
AWS::Redshift::ClusterSnapshot
AWS::Redshift::ClusterParameterGroup
AWS::Redshift::ClusterSecurityGroup
AWS::Redshift::ClusterSubnetGroup
AWS::Redshift::EventSubscription
AWS::SSM::ManagedInstanceInventory
AWS::CloudWatch::Alarm
AWS::CloudFormation::Stack
AWS::ElasticLoadBalancing::LoadBalancer
AWS::AutoScaling::AutoScalingGroup
AWS::AutoScaling::LaunchConfiguration
AWS::AutoScaling::ScalingPolicy
AWS::AutoScaling::ScheduledAction
AWS::DynamoDB::Table
AWS::CodeBuild::Project
AWS::WAF::RateBasedRule
AWS::WAF::Rule
AWS::WAF::RuleGroup
AWS::WAF::WebACL
AWS::WAFRegional::RateBasedRule
AWS::WAFRegional::Rule
AWS::WAFRegional::RuleGroup
AWS::WAFRegional::WebACL
AWS::CloudFront::Distribution
AWS::CloudFront::StreamingDistribution
AWS::Lambda::Function
AWS::NetworkFirewall::Firewall
AWS::NetworkFirewall::FirewallPolicy
AWS::NetworkFirewall::RuleGroup
AWS::ElasticBeanstalk::Application
AWS::ElasticBeanstalk::ApplicationVersion
AWS::ElasticBeanstalk::Environment
AWS::WAFv2::WebACL
AWS::WAFv2::RuleGroup
AWS::WAFv2::IPSet
AWS::WAFv2::RegexPatternSet
AWS::WAFv2::ManagedRuleSet
AWS::XRay::EncryptionConfig
AWS::SSM::AssociationCompliance
AWS::SSM::PatchCompliance
AWS::Shield::Protection
AWS::ShieldRegional::Protection
AWS::Config::ConformancePackCompliance
AWS::Config::ResourceCompliance
AWS::ApiGateway::Stage
AWS::ApiGateway::RestApi
AWS::ApiGatewayV2::Stage
AWS::ApiGatewayV2::Api
AWS::CodePipeline::Pipeline
AWS::ServiceCatalog::CloudFormationProvisionedProduct
AWS::ServiceCatalog::CloudFormationProduct
AWS::ServiceCatalog::Portfolio
AWS::SQS::Queue
AWS::KMS::Key
AWS::QLDB::Ledger
AWS::SecretsManager::Secret
AWS::SNS::Topic
AWS::SSM::FileData
AWS::Backup::BackupPlan
AWS::Backup::BackupSelection
AWS::Backup::BackupVault
AWS::Backup::RecoveryPoint
AWS::ECR::Repository
AWS::ECS::Cluster
AWS::ECS::Service
AWS::ECS::TaskDefinition
AWS::EFS::AccessPoint
AWS::EFS::FileSystem
AWS::EKS::Cluster
AWS::OpenSearch::Domain
AWS::EC2::TransitGateway
AWS::Kinesis::Stream
AWS::Kinesis::StreamConsumer
AWS::CodeDeploy::Application
AWS::CodeDeploy::DeploymentConfig
AWS::CodeDeploy::DeploymentGroup
AWS::EC2::LaunchTemplate
AWS::ECR::PublicRepository
AWS::GuardDuty::Detector
AWS::EMR::SecurityConfiguration
AWS::SageMaker::CodeRepository
AWS::Route53Resolver::ResolverEndpoint
AWS::Route53Resolver::ResolverRule
AWS::Route53Resolver::ResolverRuleAssociation
AWS::DMS::ReplicationSubnetGroup
AWS::DMS::EventSubscription
AWS::MSK::Cluster
AWS::StepFunctions::Activity
AWS::WorkSpaces::Workspace
AWS::WorkSpaces::ConnectionAlias
AWS::SageMaker::Model
AWS::ElasticLoadBalancingV2::Listener
AWS::StepFunctions::StateMachine
AWS::Batch::JobQueue
AWS::Batch::ComputeEnvironment
AWS::AccessAnalyzer::Analyzer
AWS::Athena::WorkGroup
AWS::Athena::DataCatalog
AWS::Detective::Graph
AWS::GlobalAccelerator::Accelerator
AWS::GlobalAccelerator::EndpointGroup
AWS::GlobalAccelerator::Listener
AWS::EC2::TransitGatewayAttachment
AWS::EC2::TransitGatewayRouteTable
AWS::DMS::Certificate
AWS::AppConfig::Application
AWS::AppSync::GraphQLApi
AWS::DataSync::LocationSMB
AWS::DataSync::LocationFSxLustre
AWS::DataSync::LocationS3
AWS::DataSync::LocationEFS
AWS::DataSync::Task
AWS::DataSync::LocationNFS
AWS::EC2::NetworkInsightsAccessScopeAnalysis
AWS::EKS::FargateProfile
AWS::Glue::Job
AWS::GuardDuty::ThreatIntelSet
AWS::GuardDuty::IPSet
AWS::SageMaker::Workteam
AWS::SageMaker::NotebookInstanceLifecycleConfig
AWS::ServiceDiscovery::Service
AWS::ServiceDiscovery::PublicDnsNamespace
AWS::SES::ContactList
AWS::SES::ConfigurationSet
AWS::Route53::HostedZone
AWS::IoTEvents::Input
AWS::IoTEvents::DetectorModel
AWS::IoTEvents::AlarmModel
AWS::ServiceDiscovery::HttpNamespace
AWS::Events::EventBus
AWS::ImageBuilder::ContainerRecipe
AWS::ImageBuilder::DistributionConfiguration
AWS::ImageBuilder::InfrastructureConfiguration
AWS::DataSync::LocationObjectStorage
AWS::DataSync::LocationHDFS
AWS::Glue::Classifier
AWS::Route53RecoveryReadiness::Cell
AWS::Route53RecoveryReadiness::ReadinessCheck
AWS::ECR::RegistryPolicy
AWS::Backup::ReportPlan
AWS::Lightsail::Certificate
AWS::RUM::AppMonitor
AWS::Events::Endpoint
AWS::SES::ReceiptRuleSet
AWS::Events::Archive
AWS::Events::ApiDestination
AWS::Lightsail::Disk
AWS::FIS::ExperimentTemplate
AWS::DataSync::LocationFSxWindows
AWS::SES::ReceiptFilter
AWS::GuardDuty::Filter
AWS::SES::Template
AWS::AmazonMQ::Broker
AWS::AppConfig::Environment
AWS::AppConfig::ConfigurationProfile
AWS::Cloud9::EnvironmentEC2
AWS::EventSchemas::Registry
AWS::EventSchemas::RegistryPolicy
AWS::EventSchemas::Discoverer
AWS::FraudDetector::Label
AWS::FraudDetector::EntityType
AWS::FraudDetector::Variable
AWS::FraudDetector::Outcome
AWS::IoT::Authorizer
AWS::IoT::SecurityProfile
AWS::IoT::RoleAlias
AWS::IoT::Dimension
AWS::IoTAnalytics::Datastore
AWS::Lightsail::Bucket
AWS::Lightsail::StaticIp
AWS::MediaPackage::PackagingGroup
AWS::Route53RecoveryReadiness::RecoveryGroup
AWS::ResilienceHub::ResiliencyPolicy
AWS::Transfer::Workflow
AWS::EKS::IdentityProviderConfig
AWS::EKS::Addon
AWS::Glue::MLTransform
AWS::IoT::Policy
AWS::IoT::MitigationAction
AWS::IoTTwinMaker::Workspace
AWS::IoTTwinMaker::Entity
AWS::IoTAnalytics::Dataset
AWS::IoTAnalytics::Pipeline
AWS::IoTAnalytics::Channel
AWS::IoTSiteWise::Dashboard
AWS::IoTSiteWise::Project
AWS::IoTSiteWise::Portal
AWS::IoTSiteWise::AssetModel
AWS::IVS::Channel
AWS::IVS::RecordingConfiguration
AWS::IVS::PlaybackKeyPair
AWS::KinesisAnalyticsV2::Application
AWS::RDS::GlobalCluster
AWS::S3::MultiRegionAccessPoint
AWS::DeviceFarm::TestGridProject
AWS::Budgets::BudgetsAction
AWS::Lex::Bot
AWS::CodeGuruReviewer::RepositoryAssociation
AWS::IoT::CustomMetric
AWS::Route53Resolver::FirewallDomainList
AWS::RoboMaker::RobotApplicationVersion
AWS::EC2::TrafficMirrorSession
AWS::IoTSiteWise::Gateway
AWS::Lex::BotAlias
AWS::LookoutMetrics::Alert
AWS::IoT::AccountAuditConfiguration
AWS::EC2::TrafficMirrorTarget
AWS::S3::StorageLens
AWS::IoT::ScheduledAudit
AWS::Events::Connection
AWS::EventSchemas::Schema
AWS::MediaPackage::PackagingConfiguration
AWS::KinesisVideo::SignalingChannel
AWS::AppStream::DirectoryConfig
AWS::LookoutVision::Project
AWS::Route53RecoveryControl::Cluster
AWS::Route53RecoveryControl::SafetyRule
AWS::Route53RecoveryControl::ControlPanel
AWS::Route53RecoveryControl::RoutingControl
AWS::Route53RecoveryReadiness::ResourceSet
AWS::RoboMaker::SimulationApplication
AWS::RoboMaker::RobotApplication
AWS::HealthLake::FHIRDatastore
AWS::Pinpoint::Segment
AWS::Pinpoint::ApplicationSettings
AWS::Events::Rule
AWS::EC2::DHCPOptions
AWS::EC2::NetworkInsightsPath
AWS::EC2::TrafficMirrorFilter
AWS::EC2::IPAM
AWS::IoTTwinMaker::Scene
AWS::NetworkManager::TransitGatewayRegistration
AWS::CustomerProfiles::Domain
AWS::AutoScaling::WarmPool
AWS::Connect::PhoneNumber
AWS::AppConfig::DeploymentStrategy
AWS::AppFlow::Flow
AWS::AuditManager::Assessment
AWS::CloudWatch::MetricStream
AWS::DeviceFarm::InstanceProfile
AWS::DeviceFarm::Project
AWS::EC2::EC2Fleet
AWS::EC2::SubnetRouteTableAssociation
AWS::ECR::PullThroughCacheRule
AWS::GroundStation::Config
AWS::ImageBuilder::ImagePipeline
AWS::IoT::FleetMetric
AWS::IoTWireless::ServiceProfile
AWS::NetworkManager::Device
AWS::NetworkManager::GlobalNetwork
AWS::NetworkManager::Link
AWS::NetworkManager::Site
AWS::Panorama::Package
AWS::Pinpoint::App
AWS::Redshift::ScheduledAction
AWS::Route53Resolver::FirewallRuleGroupAssociation
AWS::SageMaker::AppImageConfig
AWS::SageMaker::Image
AWS::ECS::TaskSet
AWS::Cassandra::Keyspace
AWS::Signer::SigningProfile
AWS::Amplify::App
AWS::AppMesh::VirtualNode
AWS::AppMesh::VirtualService
AWS::AppRunner::VpcConnector
AWS::AppStream::Application
AWS::CodeArtifact::Repository
AWS::EC2::PrefixList
AWS::EC2::SpotFleet
AWS::Evidently::Project
AWS::Forecast::Dataset
AWS::IAM::SAMLProvider
AWS::IAM::ServerCertificate
AWS::Pinpoint::Campaign
AWS::Pinpoint::InAppTemplate
AWS::SageMaker::Domain
AWS::Transfer::Agreement
AWS::Transfer::Connector
AWS::KinesisFirehose::DeliveryStream
AWS::Amplify::Branch
AWS::AppIntegrations::EventIntegration
AWS::AppMesh::Route
AWS::Athena::PreparedStatement
AWS::EC2::IPAMScope
AWS::Evidently::Launch
AWS::Forecast::DatasetGroup
AWS::GreengrassV2::ComponentVersion
AWS::GroundStation::MissionProfile
AWS::MediaConnect::FlowEntitlement
AWS::MediaConnect::FlowVpcInterface
AWS::MediaTailor::PlaybackConfiguration
AWS::MSK::Configuration
AWS::Personalize::Dataset
AWS::Personalize::Schema
AWS::Personalize::Solution
AWS::Pinpoint::EmailTemplate
AWS::Pinpoint::EventStream
AWS::ResilienceHub::App
AWS::ACMPCA::CertificateAuthority
AWS::AppConfig::HostedConfigurationVersion
AWS::AppMesh::VirtualGateway
AWS::AppMesh::VirtualRouter
AWS::AppRunner::Service
AWS::CustomerProfiles::ObjectType
AWS::DMS::Endpoint
AWS::EC2::CapacityReservation
AWS::EC2::ClientVpnEndpoint
AWS::Kendra::Index
AWS::KinesisVideo::Stream
AWS::Logs::Destination
AWS::Pinpoint::EmailChannel
AWS::S3::AccessPoint
AWS::NetworkManager::CustomerGatewayAssociation
AWS::NetworkManager::LinkAssociation
AWS::IoTWireless::MulticastGroup
AWS::Personalize::DatasetGroup
AWS::IoTTwinMaker::ComponentType
AWS::CodeBuild::ReportGroup
AWS::SageMaker::FeatureGroup
AWS::MSK::BatchScramSecret
AWS::AppStream::Stack
AWS::IoT::JobTemplate
AWS::IoTWireless::FuotaTask
AWS::IoT::ProvisioningTemplate
AWS::InspectorV2::Filter
AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation
AWS::ServiceDiscovery::Instance
AWS::Transfer::Certificate
AWS::MediaConnect::FlowSource
AWS::APS::RuleGroupsNamespace
AWS::CodeGuruProfiler::ProfilingGroup
AWS::Route53Resolver::ResolverQueryLoggingConfig
AWS::Batch::SchedulingPolicy
AWS::ACMPCA::CertificateAuthorityActivation
AWS::AppMesh::GatewayRoute
AWS::AppMesh::Mesh
AWS::Connect::Instance
AWS::Connect::QuickConnect
AWS::EC2::CarrierGateway
AWS::EC2::IPAMPool
AWS::EC2::TransitGatewayConnect
AWS::EC2::TransitGatewayMulticastDomain
AWS::ECS::CapacityProvider
AWS::IAM::InstanceProfile
AWS::IoT::CACertificate
AWS::IoTTwinMaker::SyncJob
AWS::KafkaConnect::Connector
AWS::Lambda::CodeSigningConfig
AWS::NetworkManager::ConnectPeer
AWS::ResourceExplorer2::Index
AWS::AppStream::Fleet
AWS::Cognito::UserPool
AWS::Cognito::UserPoolClient
AWS::Cognito::UserPoolGroup
AWS::EC2::NetworkInsightsAccessScope
AWS::EC2::NetworkInsightsAnalysis
AWS::Grafana::Workspace
AWS::GroundStation::DataflowEndpointGroup
AWS::ImageBuilder::ImageRecipe
AWS::KMS::Alias
AWS::M2::Environment
AWS::QuickSight::DataSource
AWS::QuickSight::Template
AWS::QuickSight::Theme
AWS::RDS::OptionGroup
AWS::Redshift::EndpointAccess
AWS::Route53Resolver::FirewallRuleGroup
AWS::SSM::Document
EOM
REGION="ap-northeast-1"; \ # リージョンを指定
grand_total=0; \
echo "=============================="; \
echo "AWS Config Resource Count"; \
echo "=============================="; \
echo "Region: ${REGION}"; \
region_total=0; \
while read -r type; do
if [[ -n "${type}" ]]; then
count=$(aws configservice list-discovered-resources \
--region "${REGION}" \
--resource-type "${type}" \
--query "resourceIdentifiers | length(@)" \
--output text 2>/dev/null); \
if [[ $? -ne 0 || -z "${count}" ]]; then
echo "${type}: Failed or not supported in ${REGION}"; \
count=0; \
fi; \
echo "${type}: ${count}"; \
region_total=$((region_total + count)); \
fi; \
done <<< "$RESOURCE_TYPES"; \
echo ""; \
echo "=============================="; \
echo "Total in ${REGION}: ${region_total}"; \
echo "=============================="'
長いので中略しますが、出力結果は以下のようになります。
==============================
AWS Config Resource Count
==============================
Region: ap-northeast-1
AWS::EC2::CustomerGateway: 0
AWS::EC2::EIP: 0
AWS::EC2::Host: 0
AWS::EC2::Instance: 0
...<中略>...
AWS::RDS::OptionGroup: 2
AWS::Redshift::EndpointAccess: 0
AWS::Route53Resolver::FirewallRuleGroup: 0
AWS::SSM::Document: 1
==============================
Total in ap-northeast-1: 219
==============================
全リージョン
全ての有効化されたリージョンに対応したコマンドも作成しました。
が、1リージョンあたり数分かかるためリージョン数によっては結構時間がかかります。
未使用のリージョンが多い場合は、単一リージョンの出力結果をもとに、概算で全体を推定するのがおすすめです。
bash -c 'read -r -d "" RESOURCE_TYPES << EOM
AWS::EC2::CustomerGateway
AWS::EC2::EIP
AWS::EC2::Host
AWS::EC2::Instance
AWS::EC2::InternetGateway
AWS::EC2::NetworkAcl
AWS::EC2::NetworkInterface
AWS::EC2::RouteTable
AWS::EC2::SecurityGroup
AWS::EC2::Subnet
AWS::CloudTrail::Trail
AWS::EC2::Volume
AWS::EC2::VPC
AWS::EC2::VPNConnection
AWS::EC2::VPNGateway
AWS::EC2::RegisteredHAInstance
AWS::EC2::NatGateway
AWS::EC2::EgressOnlyInternetGateway
AWS::EC2::VPCEndpoint
AWS::EC2::VPCEndpointService
AWS::EC2::FlowLog
AWS::EC2::VPCPeeringConnection
AWS::Elasticsearch::Domain
AWS::IAM::Group
AWS::IAM::Policy
AWS::IAM::Role
AWS::IAM::User
AWS::ElasticLoadBalancingV2::LoadBalancer
AWS::ACM::Certificate
AWS::RDS::DBInstance
AWS::RDS::DBSubnetGroup
AWS::RDS::DBSecurityGroup
AWS::RDS::DBSnapshot
AWS::RDS::DBCluster
AWS::RDS::DBClusterSnapshot
AWS::RDS::EventSubscription
AWS::S3::Bucket
AWS::S3::AccountPublicAccessBlock
AWS::Redshift::Cluster
AWS::Redshift::ClusterSnapshot
AWS::Redshift::ClusterParameterGroup
AWS::Redshift::ClusterSecurityGroup
AWS::Redshift::ClusterSubnetGroup
AWS::Redshift::EventSubscription
AWS::SSM::ManagedInstanceInventory
AWS::CloudWatch::Alarm
AWS::CloudFormation::Stack
AWS::ElasticLoadBalancing::LoadBalancer
AWS::AutoScaling::AutoScalingGroup
AWS::AutoScaling::LaunchConfiguration
AWS::AutoScaling::ScalingPolicy
AWS::AutoScaling::ScheduledAction
AWS::DynamoDB::Table
AWS::CodeBuild::Project
AWS::WAF::RateBasedRule
AWS::WAF::Rule
AWS::WAF::RuleGroup
AWS::WAF::WebACL
AWS::WAFRegional::RateBasedRule
AWS::WAFRegional::Rule
AWS::WAFRegional::RuleGroup
AWS::WAFRegional::WebACL
AWS::CloudFront::Distribution
AWS::CloudFront::StreamingDistribution
AWS::Lambda::Function
AWS::NetworkFirewall::Firewall
AWS::NetworkFirewall::FirewallPolicy
AWS::NetworkFirewall::RuleGroup
AWS::ElasticBeanstalk::Application
AWS::ElasticBeanstalk::ApplicationVersion
AWS::ElasticBeanstalk::Environment
AWS::WAFv2::WebACL
AWS::WAFv2::RuleGroup
AWS::WAFv2::IPSet
AWS::WAFv2::RegexPatternSet
AWS::WAFv2::ManagedRuleSet
AWS::XRay::EncryptionConfig
AWS::SSM::AssociationCompliance
AWS::SSM::PatchCompliance
AWS::Shield::Protection
AWS::ShieldRegional::Protection
AWS::Config::ConformancePackCompliance
AWS::Config::ResourceCompliance
AWS::ApiGateway::Stage
AWS::ApiGateway::RestApi
AWS::ApiGatewayV2::Stage
AWS::ApiGatewayV2::Api
AWS::CodePipeline::Pipeline
AWS::ServiceCatalog::CloudFormationProvisionedProduct
AWS::ServiceCatalog::CloudFormationProduct
AWS::ServiceCatalog::Portfolio
AWS::SQS::Queue
AWS::KMS::Key
AWS::QLDB::Ledger
AWS::SecretsManager::Secret
AWS::SNS::Topic
AWS::SSM::FileData
AWS::Backup::BackupPlan
AWS::Backup::BackupSelection
AWS::Backup::BackupVault
AWS::Backup::RecoveryPoint
AWS::ECR::Repository
AWS::ECS::Cluster
AWS::ECS::Service
AWS::ECS::TaskDefinition
AWS::EFS::AccessPoint
AWS::EFS::FileSystem
AWS::EKS::Cluster
AWS::OpenSearch::Domain
AWS::EC2::TransitGateway
AWS::Kinesis::Stream
AWS::Kinesis::StreamConsumer
AWS::CodeDeploy::Application
AWS::CodeDeploy::DeploymentConfig
AWS::CodeDeploy::DeploymentGroup
AWS::EC2::LaunchTemplate
AWS::ECR::PublicRepository
AWS::GuardDuty::Detector
AWS::EMR::SecurityConfiguration
AWS::SageMaker::CodeRepository
AWS::Route53Resolver::ResolverEndpoint
AWS::Route53Resolver::ResolverRule
AWS::Route53Resolver::ResolverRuleAssociation
AWS::DMS::ReplicationSubnetGroup
AWS::DMS::EventSubscription
AWS::MSK::Cluster
AWS::StepFunctions::Activity
AWS::WorkSpaces::Workspace
AWS::WorkSpaces::ConnectionAlias
AWS::SageMaker::Model
AWS::ElasticLoadBalancingV2::Listener
AWS::StepFunctions::StateMachine
AWS::Batch::JobQueue
AWS::Batch::ComputeEnvironment
AWS::AccessAnalyzer::Analyzer
AWS::Athena::WorkGroup
AWS::Athena::DataCatalog
AWS::Detective::Graph
AWS::GlobalAccelerator::Accelerator
AWS::GlobalAccelerator::EndpointGroup
AWS::GlobalAccelerator::Listener
AWS::EC2::TransitGatewayAttachment
AWS::EC2::TransitGatewayRouteTable
AWS::DMS::Certificate
AWS::AppConfig::Application
AWS::AppSync::GraphQLApi
AWS::DataSync::LocationSMB
AWS::DataSync::LocationFSxLustre
AWS::DataSync::LocationS3
AWS::DataSync::LocationEFS
AWS::DataSync::Task
AWS::DataSync::LocationNFS
AWS::EC2::NetworkInsightsAccessScopeAnalysis
AWS::EKS::FargateProfile
AWS::Glue::Job
AWS::GuardDuty::ThreatIntelSet
AWS::GuardDuty::IPSet
AWS::SageMaker::Workteam
AWS::SageMaker::NotebookInstanceLifecycleConfig
AWS::ServiceDiscovery::Service
AWS::ServiceDiscovery::PublicDnsNamespace
AWS::SES::ContactList
AWS::SES::ConfigurationSet
AWS::Route53::HostedZone
AWS::IoTEvents::Input
AWS::IoTEvents::DetectorModel
AWS::IoTEvents::AlarmModel
AWS::ServiceDiscovery::HttpNamespace
AWS::Events::EventBus
AWS::ImageBuilder::ContainerRecipe
AWS::ImageBuilder::DistributionConfiguration
AWS::ImageBuilder::InfrastructureConfiguration
AWS::DataSync::LocationObjectStorage
AWS::DataSync::LocationHDFS
AWS::Glue::Classifier
AWS::Route53RecoveryReadiness::Cell
AWS::Route53RecoveryReadiness::ReadinessCheck
AWS::ECR::RegistryPolicy
AWS::Backup::ReportPlan
AWS::Lightsail::Certificate
AWS::RUM::AppMonitor
AWS::Events::Endpoint
AWS::SES::ReceiptRuleSet
AWS::Events::Archive
AWS::Events::ApiDestination
AWS::Lightsail::Disk
AWS::FIS::ExperimentTemplate
AWS::DataSync::LocationFSxWindows
AWS::SES::ReceiptFilter
AWS::GuardDuty::Filter
AWS::SES::Template
AWS::AmazonMQ::Broker
AWS::AppConfig::Environment
AWS::AppConfig::ConfigurationProfile
AWS::Cloud9::EnvironmentEC2
AWS::EventSchemas::Registry
AWS::EventSchemas::RegistryPolicy
AWS::EventSchemas::Discoverer
AWS::FraudDetector::Label
AWS::FraudDetector::EntityType
AWS::FraudDetector::Variable
AWS::FraudDetector::Outcome
AWS::IoT::Authorizer
AWS::IoT::SecurityProfile
AWS::IoT::RoleAlias
AWS::IoT::Dimension
AWS::IoTAnalytics::Datastore
AWS::Lightsail::Bucket
AWS::Lightsail::StaticIp
AWS::MediaPackage::PackagingGroup
AWS::Route53RecoveryReadiness::RecoveryGroup
AWS::ResilienceHub::ResiliencyPolicy
AWS::Transfer::Workflow
AWS::EKS::IdentityProviderConfig
AWS::EKS::Addon
AWS::Glue::MLTransform
AWS::IoT::Policy
AWS::IoT::MitigationAction
AWS::IoTTwinMaker::Workspace
AWS::IoTTwinMaker::Entity
AWS::IoTAnalytics::Dataset
AWS::IoTAnalytics::Pipeline
AWS::IoTAnalytics::Channel
AWS::IoTSiteWise::Dashboard
AWS::IoTSiteWise::Project
AWS::IoTSiteWise::Portal
AWS::IoTSiteWise::AssetModel
AWS::IVS::Channel
AWS::IVS::RecordingConfiguration
AWS::IVS::PlaybackKeyPair
AWS::KinesisAnalyticsV2::Application
AWS::RDS::GlobalCluster
AWS::S3::MultiRegionAccessPoint
AWS::DeviceFarm::TestGridProject
AWS::Budgets::BudgetsAction
AWS::Lex::Bot
AWS::CodeGuruReviewer::RepositoryAssociation
AWS::IoT::CustomMetric
AWS::Route53Resolver::FirewallDomainList
AWS::RoboMaker::RobotApplicationVersion
AWS::EC2::TrafficMirrorSession
AWS::IoTSiteWise::Gateway
AWS::Lex::BotAlias
AWS::LookoutMetrics::Alert
AWS::IoT::AccountAuditConfiguration
AWS::EC2::TrafficMirrorTarget
AWS::S3::StorageLens
AWS::IoT::ScheduledAudit
AWS::Events::Connection
AWS::EventSchemas::Schema
AWS::MediaPackage::PackagingConfiguration
AWS::KinesisVideo::SignalingChannel
AWS::AppStream::DirectoryConfig
AWS::LookoutVision::Project
AWS::Route53RecoveryControl::Cluster
AWS::Route53RecoveryControl::SafetyRule
AWS::Route53RecoveryControl::ControlPanel
AWS::Route53RecoveryControl::RoutingControl
AWS::Route53RecoveryReadiness::ResourceSet
AWS::RoboMaker::SimulationApplication
AWS::RoboMaker::RobotApplication
AWS::HealthLake::FHIRDatastore
AWS::Pinpoint::Segment
AWS::Pinpoint::ApplicationSettings
AWS::Events::Rule
AWS::EC2::DHCPOptions
AWS::EC2::NetworkInsightsPath
AWS::EC2::TrafficMirrorFilter
AWS::EC2::IPAM
AWS::IoTTwinMaker::Scene
AWS::NetworkManager::TransitGatewayRegistration
AWS::CustomerProfiles::Domain
AWS::AutoScaling::WarmPool
AWS::Connect::PhoneNumber
AWS::AppConfig::DeploymentStrategy
AWS::AppFlow::Flow
AWS::AuditManager::Assessment
AWS::CloudWatch::MetricStream
AWS::DeviceFarm::InstanceProfile
AWS::DeviceFarm::Project
AWS::EC2::EC2Fleet
AWS::EC2::SubnetRouteTableAssociation
AWS::ECR::PullThroughCacheRule
AWS::GroundStation::Config
AWS::ImageBuilder::ImagePipeline
AWS::IoT::FleetMetric
AWS::IoTWireless::ServiceProfile
AWS::NetworkManager::Device
AWS::NetworkManager::GlobalNetwork
AWS::NetworkManager::Link
AWS::NetworkManager::Site
AWS::Panorama::Package
AWS::Pinpoint::App
AWS::Redshift::ScheduledAction
AWS::Route53Resolver::FirewallRuleGroupAssociation
AWS::SageMaker::AppImageConfig
AWS::SageMaker::Image
AWS::ECS::TaskSet
AWS::Cassandra::Keyspace
AWS::Signer::SigningProfile
AWS::Amplify::App
AWS::AppMesh::VirtualNode
AWS::AppMesh::VirtualService
AWS::AppRunner::VpcConnector
AWS::AppStream::Application
AWS::CodeArtifact::Repository
AWS::EC2::PrefixList
AWS::EC2::SpotFleet
AWS::Evidently::Project
AWS::Forecast::Dataset
AWS::IAM::SAMLProvider
AWS::IAM::ServerCertificate
AWS::Pinpoint::Campaign
AWS::Pinpoint::InAppTemplate
AWS::SageMaker::Domain
AWS::Transfer::Agreement
AWS::Transfer::Connector
AWS::KinesisFirehose::DeliveryStream
AWS::Amplify::Branch
AWS::AppIntegrations::EventIntegration
AWS::AppMesh::Route
AWS::Athena::PreparedStatement
AWS::EC2::IPAMScope
AWS::Evidently::Launch
AWS::Forecast::DatasetGroup
AWS::GreengrassV2::ComponentVersion
AWS::GroundStation::MissionProfile
AWS::MediaConnect::FlowEntitlement
AWS::MediaConnect::FlowVpcInterface
AWS::MediaTailor::PlaybackConfiguration
AWS::MSK::Configuration
AWS::Personalize::Dataset
AWS::Personalize::Schema
AWS::Personalize::Solution
AWS::Pinpoint::EmailTemplate
AWS::Pinpoint::EventStream
AWS::ResilienceHub::App
AWS::ACMPCA::CertificateAuthority
AWS::AppConfig::HostedConfigurationVersion
AWS::AppMesh::VirtualGateway
AWS::AppMesh::VirtualRouter
AWS::AppRunner::Service
AWS::CustomerProfiles::ObjectType
AWS::DMS::Endpoint
AWS::EC2::CapacityReservation
AWS::EC2::ClientVpnEndpoint
AWS::Kendra::Index
AWS::KinesisVideo::Stream
AWS::Logs::Destination
AWS::Pinpoint::EmailChannel
AWS::S3::AccessPoint
AWS::NetworkManager::CustomerGatewayAssociation
AWS::NetworkManager::LinkAssociation
AWS::IoTWireless::MulticastGroup
AWS::Personalize::DatasetGroup
AWS::IoTTwinMaker::ComponentType
AWS::CodeBuild::ReportGroup
AWS::SageMaker::FeatureGroup
AWS::MSK::BatchScramSecret
AWS::AppStream::Stack
AWS::IoT::JobTemplate
AWS::IoTWireless::FuotaTask
AWS::IoT::ProvisioningTemplate
AWS::InspectorV2::Filter
AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation
AWS::ServiceDiscovery::Instance
AWS::Transfer::Certificate
AWS::MediaConnect::FlowSource
AWS::APS::RuleGroupsNamespace
AWS::CodeGuruProfiler::ProfilingGroup
AWS::Route53Resolver::ResolverQueryLoggingConfig
AWS::Batch::SchedulingPolicy
AWS::ACMPCA::CertificateAuthorityActivation
AWS::AppMesh::GatewayRoute
AWS::AppMesh::Mesh
AWS::Connect::Instance
AWS::Connect::QuickConnect
AWS::EC2::CarrierGateway
AWS::EC2::IPAMPool
AWS::EC2::TransitGatewayConnect
AWS::EC2::TransitGatewayMulticastDomain
AWS::ECS::CapacityProvider
AWS::IAM::InstanceProfile
AWS::IoT::CACertificate
AWS::IoTTwinMaker::SyncJob
AWS::KafkaConnect::Connector
AWS::Lambda::CodeSigningConfig
AWS::NetworkManager::ConnectPeer
AWS::ResourceExplorer2::Index
AWS::AppStream::Fleet
AWS::Cognito::UserPool
AWS::Cognito::UserPoolClient
AWS::Cognito::UserPoolGroup
AWS::EC2::NetworkInsightsAccessScope
AWS::EC2::NetworkInsightsAnalysis
AWS::Grafana::Workspace
AWS::GroundStation::DataflowEndpointGroup
AWS::ImageBuilder::ImageRecipe
AWS::KMS::Alias
AWS::M2::Environment
AWS::QuickSight::DataSource
AWS::QuickSight::Template
AWS::QuickSight::Theme
AWS::RDS::OptionGroup
AWS::Redshift::EndpointAccess
AWS::Route53Resolver::FirewallRuleGroup
AWS::SSM::Document
EOM
REGIONS=$(aws ec2 describe-regions --query "Regions[].RegionName" --output text); \
grand_total=0; \
echo "=============================="; \
echo "AWS Config Resource Count (All Regions)"; \
echo "=============================="; \
echo "----------------------------------------"; \
for region in ${REGIONS}; do
echo "Region: ${region}"; \
region_total=0; \
while read -r type; do
if [[ -n "${type}" ]]; then
count=$(aws configservice list-discovered-resources \
--region "${region}" \
--resource-type "${type}" \
--query "resourceIdentifiers | length(@)" \
--output text 2>/dev/null); \
if [[ $? -ne 0 || -z "${count}" ]]; then
echo "${type}: Failed or not supported in ${region}"; \
count=0; \
fi; \
echo "${type}: ${count}"; \
region_total=$((region_total + count)); \
fi; \
done <<< "$RESOURCE_TYPES"; \
echo "Total in ${region}: ${region_total}"; \
grand_total=$((grand_total + region_total)); \
echo "----------------------------------------"; \
done; \
echo ""; \
echo "=============================="; \
echo "Grand Total (All Regions): ${grand_total}"; \
echo "=============================="'
あとがき
AWS Config のリソース記録は、セキュリティやガバナンスの観点から非常に重要な機能ですが、対象リソース数に応じてコストが増加するため、事前の把握と試算が欠かせません。
今回は、CLI を使って「記録されるリソースの数」を確認する方法をご紹介しました。
コスト最適化や記録対象の見直しに役立てていただければ幸いです。