I'm just curious to see what others are using to manage/track the lifecycle of their AWS resources/assets? Any CMDB or other type of single pane of glass inventory solution?

Morning Denis, what do you mean by AWS resources/assets ? Accounts ?

sorry @Santiago Campuzano, I was referring to any type of AWS resource, especially EC2 and RDS instances for example. One of the use cases is to track the lifecycle of an instance, for audit purposes for example. Back in the day, when everything was done manually, someone would create a VM and then create an asset record in a CMDB tool. When the VM was deleted, the record would have to be deleted as well.

The most easy and powerful way of doing that is to use proper tagging. We have 4-5 tags on average per resource.

I've used ServiceNow in the past, where our pipelines would call the ServiceNow API to create/update/delete records. But I'm trying to stay away from ServiceNow, but I'm also trying to cover scenarios where we don't necessarily have full control of the deployment process. For example, a sandbox environment where users may create their instances manually.

To give you an example, we have: Billing, Owner, CreationTime, Team, etc

I completely agree with that, Tag is certainly key to the success here. But you mentioned 3rd party inventory tools and this is what I'm interested on. Any recommendations on that?

TBH, we have worked with in-house custom solutions... Python applications creating/updating Google Spreadsheets

yeah, that's always an option. However, I'm trying to stay away from in-house solutions, given that we are a really small team and the overhead to maintain such a system can be significant, right?

Yep, you're right. In our case we need pretty much basic information about the resources, our account is not that large (~2.000 ec2 instances)

well, that's a pretty decent size. We are probably half of that size today, but my biggest problem is the size of the team. If I can find a SaaS solution with reasonable cost, I'd definitely go for that 😄

You're right... if the price is reasonable, go for it !

sounds good. Thanks for the feedback btw. Let's see if anyone else has had experience with any other tools, it'd be nice to hear what others are doing in this space.

have you tried starting with aws config? it has an inventory feature for aws resources

I've looked into AWS config in the past, but I don't think it had support for multi-account/Organization at the time. I'll have another look, thanks !

multi-account is a bit harder, no matter what solution you go with. but it does now at least have organizations-level support, if all your accounts are at least part of one aws organization

yeah, I think they are moving towards that, by adding support for most services at the org-level.

unfortunately i need multi-org management 😞

I'll give that a go and see how that plays out, thanks again. At this point we are only managing a single org

if nothing else, it may at least give you one integration point to point some other tool at 🙂

agreed. Our Security Team is using Prisma Cloud, which has inventory capabilities. But it's not always easy to convince security teams to give us API access, etc 😄

Have you looked at CloudAware? I know some F500 companies that use it as their Cloud CMDB for the big 3 providers

Thanks @Sean Holmes ! I haven't heard of them before, but will certainly have a look now. Thanks for sharing!