A Django-based application for discovering, tracking, and managing AWS networking resources across multiple AWS accounts and regions. Features include a REST API, web interface, and External Dynamic List (EDL) endpoints for Palo Alto Networks firewall integration.

• Multi-Account & Multi-Region Support: Discover resources across multiple AWS accounts and regions
• Comprehensive Resource Tracking: Track VPCs, Subnets, EC2 Instances, ENIs, Security Groups, and their relationships
• REST API: Full-featured API for programmatic access to resource data
• Web Interface: User-friendly web UI for viewing and managing resources
• EC2 Instance Tracking: View instance details, state, type, and associated network interfaces
• External Dynamic Lists (EDL): Integration with Palo Alto Networks firewalls for dynamic IP address lists
• IP Address Lookup: Find ENIs by primary, public, or secondary IP addresses

• VPCs (Virtual Private Clouds)
• Subnets
• EC2 Instances with state, type, platform, and launch time tracking
• ENIs (Elastic Network Interfaces) with primary and secondary IPs
• Security Groups with detailed ingress/egress rules
• Resource Attachments (Load Balancers, etc.)

• Python 3.12+
• Poetry (for dependency management)
• AWS credentials with appropriate permissions

1. Clone the repository:

git clone https://github.com/jbhoorasingh/aws-resource-inventory.git
cd aws-resource-inventory

2. Install dependencies:

poetry install

3. Configure environment variables:

cp .env.example .env
# Edit .env with your configuration

4. Run database migrations:

poetry run python manage.py migrate

5. Create a superuser:

poetry run python manage.py createsuperuser

6. Start the development server:

poetry run python manage.py runserver

The application will be available at:

• Web UI: http://localhost:8000/
• Admin Panel: http://localhost:8000/admin/
• API: http://localhost:8000/api/
• EDL: http://localhost:8000/edl/

Use the discover_aws_resources management command to poll AWS and populate the database:

poetry run python manage.py discover_aws_resources \
  <account_number> \
  <access_key_id> \
  <secret_access_key> \
  <session_token> \
  <region1> [region2...] \
  --account-name "Account Name"

Example:

poetry run python manage.py discover_aws_resources \
  123456789012 \
  AKIAIOSFODNN7EXAMPLE \
  wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY \
  "" \
  us-east-1 us-west-2 \
  --account-name "Production Account"

Dry Run Mode (test without saving):

poetry run python manage.py discover_aws_resources ... --dry-run

The REST API provides comprehensive access to all resource data:

• Accounts: /api/accounts/
• VPCs: /api/vpcs/
• Subnets: /api/subnets/
• Security Groups: /api/security-groups/
• ENIs: /api/enis/

• Find by IP: /api/enis/by_ip/?ip=<address>
• Public IPs only: /api/enis/with_public_ip/
• Statistics: /api/enis/summary/
• Filter by region: /api/enis/by_region/?region=<region>
• Filter by owner: /api/enis/by_owner_account/?owner_account=<id>

All endpoints support filtering, pagination, and ordering.

EDL endpoints generate text files with IP addresses for Palo Alto Networks firewalls:

• EDL Summary: /edl/
• Account IPs: /edl/account/<account_id>/
• Security Group IPs: /edl/sg/<sg_id>/
• JSON Metadata: /edl/account/<account_id>/json/ or /edl/sg/<sg_id>/json/

EDL Format:

10.0.1.5 # eni-0123456789abcdef0, primary
10.0.1.6 # eni-0123456789abcdef0, secondary

EDL responses are cached for 5 minutes.

Create a .env file with the following variables:

Django Configuration:

SECRET_KEY=your-secret-key-here
DEBUG=True
ALLOWED_HOSTS=localhost,127.0.0.1

AWS Configuration:

AWS_ACCESS_KEY_ID=your-access-key-id
AWS_SECRET_ACCESS_KEY=your-secret-access-key
AWS_SESSION_TOKEN=your-session-token  # Optional, for temporary credentials
AWS_DEFAULT_REGION=us-east-1
AWS_REGIONS=us-east-1,us-west-2,eu-west-1

Database (optional):

# Defaults to SQLite if not specified
DATABASE_URL=postgresql://user:password@localhost:5432/aws_inventory

The application requires the following AWS permissions:

• ec2:DescribeVpcs
• ec2:DescribeSubnets
• ec2:DescribeSecurityGroups
• ec2:DescribeNetworkInterfaces
• ec2:DescribeInstances
• sts:GetCallerIdentity

AWSAccount
    └── Tracks account metadata and last poll time

VPC
    ├── Subnet
    │   ├── EC2Instance (instance details, state, type, IPs, launch time)
    │   │   └── ENI (many-to-one: multiple ENIs per instance)
    │   └── ENI (Elastic Network Interface)
    │       ├── EC2Instance (foreign key to attached instance)
    │       ├── ENISecondaryIP (secondary IPs)
    │       └── ENISecurityGroup (many-to-many with SecurityGroup)
    └── SecurityGroup
        └── SecurityGroupRule (ingress/egress rules)

Key Relationships:

• Each ENI can be attached to one EC2Instance (optional)
• Each EC2Instance can have multiple ENIs
• ENIs track both EC2 instances and other AWS resources (load balancers, etc.)

• Discovery Service (resources/services.py): Interacts with AWS APIs via boto3
• Management Command (resources/management/commands/): CLI for resource discovery
• REST API (resources/views.py): DRF ViewSets for API endpoints
• Web UI (resources/views_frontend.py): Server-side rendered views
• EDL (resources/views_edl.py): Palo Alto firewall integration

poetry run pytest

# Create new migration
poetry run python manage.py makemigrations

# Apply migrations
poetry run python manage.py migrate

# Production dependency
poetry add package-name

# Development dependency
poetry add --group dev package-name

poetry run python manage.py shell

• Django 4.2.7: Web framework
• Django REST Framework 3.14.0: REST API
• boto3 1.34.0: AWS SDK
• PostgreSQL/SQLite: Database
• Poetry: Dependency management

This project is licensed under the MIT License - see the LICENSE file for details.

Contributions are welcome! If you'd like to contribute to this project, please follow these steps:

1. Fork the repository and create a new branch for your feature or bugfix
2. Make your changes and ensure they follow the existing code style
3. Add tests for any new functionality or bug fixes
4. Run the test suite to ensure everything passes:

   poetry run pytest

5. Submit a pull request with a clear description of your changes

If you encounter any bugs or have suggestions for improvements, please open an issue on the GitHub issue tracker.

When reporting issues, please include:

• A clear description of the problem
• Steps to reproduce the issue
• Expected vs. actual behavior
• Any relevant error messages or logs

• Issue Tracker: https://github.com/jbhoorasingh/aws-resource-inventory/issues