This tool reports on the status of various resources in AWS and GCP accounts. It runs on a regular basis as a GitHub Action and sends the results to the #distributioneers channel on a regular basis as a Google spreadsheet linked via a Slack message.
Each page in the report spreadsheet represents the output of a report run. If no resources are found during a run, a new page is not created. Reports from more than 30 days ago are pruned to prevent the spreadsheet from filling up due to Google API restrictions.
The generated report contains the following columns of note:
gcp (Google Cloud Platform) or
aws (Amazon Web Services).
|Resource type - this value depends on the platform, but in general it will be
|The platform-provided region for the resource.
|The platform-provided identifier for the resource. The value of the ID can provide hints at why this resource was created and who owns it. This is the primary means through which you can query for this resource. In GCP, a search bar is provided at the top of the console—if the full ID value doesn’t come up with a match, try a broader query by removing characters from the end of the ID). In AWS, you will have to find the appropriate service using the “Type” and make sure you are in the correct region based on the “Location” before you can filter for a resource using this ID.
|In GCP, this value corresponds to the project this resource belongs to. In AWS this value currently doesn’t mean much.
|UTC time at which this resource was created.
|Additional metadata - the main thing to look for here is
labels (GCP) or
tags (AWS), which can provide more hints at why this resource was created and who owns it.
- the reporter currently only looks for VM instances, disks, and clusters—if a resource is not one of these types, the reporter will not pick it up
- the reporter only looks for active resources—if a resource was created and destroyed before the reporter runs, it won’t report it
- the reporter can only see what it has permissions to see - make sure that the
resources-reportIAM is provided the appropriate permissions