AWS Recon

This is a multi-threaded tool designed for collecting inventory data with a focus on AWS security, and it is developed using Ruby.

This tool was created to facilitate the efficient gathering of a large volume of AWS resource attributes and metadata.

It aims to collect nearly everything that is relevant to the security configuration and posture of an AWS environment. Current tools, such as AWS Config, which perform some level of resource collection, often lack the necessary coverage and specificity to accurately assess security posture. This includes detailed resource attribute data, fully parsed policy documents, and the relationships among nested resources. AWS Recon improves the collection process for large accounts by utilizing automatic retries, which address issues related to network reliability or API throttling. It also implements automatic paging for large responses (greater than 100 resources per API call) and employs multi-threading for parallel requests to enhance collection speed. Project Goals: Achieve more comprehensive resource coverage than existing tools, particularly for ECS and EKS; provide more detailed resource information, including nested related resources in the output; offer flexible output formats (console, JSON lines, plain JSON, file, S3 bucket, and standard output); and ensure efficiency through multi-threading, rate limiting, automatic retries, and automatic result pagination.