How to fetch all aws resources in all regions in lambda function, with boto3 lib

Question

I am tring to log all my aws resources in all regions, (with multiple accounts) using boto3 lib.

I found that aws config is helpful.

I have already created aggregator

  ConfigurationAggregator:
    Type: 'AWS::Config::ConfigurationAggregator'
    Properties:
      AccountAggregationSources:
        - AccountIds: !Ref AccountIds
          AllAwsRegions: !Ref AllAwsRegions
      ConfigurationAggregatorName: MyAggregator

And i went through boto3 lib docs for aws config https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/config.html#ConfigService.Client.batch_get_aggregate_resource_config

But it requires various REQUIRED parameters like resourceid , region account id, resource type.

Which is the simplest boto3 API where i don't have to pass anything except Aggregator name, and in return i get list of all and everykind kind of aws resources, in all the regions.

I am not worried about whether resource is complianced or not, i just want to log each and every resource in one go.

Answer 1

I think select_aggregate_resource_config is what you need. Example of query can be: SELECT resourceId, resourceName, resourceType. You can play with advanced queries in AWS Web Console before you try it in code.

Answer 2

Solution was to create an multi acc / multi region aggregator And use that aggregator name in below aggregation function

            nextToken = ""
            res = []
            while (nextToken != None):
                data = client.list_aggregate_discovered_resources(ConfigurationAggregatorName=AWS_AGG_NAME, ResourceType=tp, Limit=AGG_LIMIT, NextToken=nextToken)
                do_your_logic_with_resource(rc)
                res = res + data['ResourceIdentifiers']
                nextToken = data['NextToken'] if 'NextToken' in data else None
            return res