Resources report tool Resources Report

This tool reports on the status of various resources in AWS and GCP accounts. It runs on a regular basis as a GitHub Action and sends the results to the #distributioneers channel on a regular basis as a Google spreadsheet linked via a Slack message.

Using the report

Each page in the report spreadsheet represents the output of a report run. If no resources are found during a run, a new page is not created. Reports from more than 30 days ago are pruned to prevent the spreadsheet from filling up due to Google API restrictions.

The generated report contains the following columns of note:

PlatformEither gcp (Google Cloud Platform) or aws (Amazon Web Services).
TypeResource type - this value depends on the platform, but in general it will be resource-category::resource-type.
LocationThe platform-provided region for the resource.
IDThe platform-provided identifier for the resource. The value of the ID can provide hints at why this resource was created and who owns it. This is the primary means through which you can query for this resource. In GCP, a search bar is provided at the top of the console - if the full ID value doesn’t come up with a match, try a broader query by removing characters from the end of the ID). In AWS, you will have to find the appropriate service using the “Type” and make sure you are in the correct region based on the “Location” before you can filter for a resource using this ID.
OwnerIn GCP, this value corresponds to the project this resource belongs to. In AWS this value currently doesn’t mean much.
CreatedUTC time at which this resource was created.
MetaAdditional metadata - the main thing to look for here is labels (GCP) or tags (AWS), which can provide more hints at why this resource was created and who owns it.

Why isn’t my resource in the report

  • the reporter currently only looks for VM instances, disks, and clusters - if a resource is not one of these types, the reporter will not pick it up
  • the reporter only looks for active resources - if a resource was created and destroyed before the reporter runs, it won’t report it
  • the reporter can only see what it has permissions to see - make sure that the resources-report IAM is provided the appropriate permissions

To troubleshoot, refer to the run logs or try running it directly to reproduce the issue.