Why should I care about lost AWS resources?
Well, resources cost money, so that’s a thing.
But here’s another thing: What if you migrate accounts and forget about some old snapshots and volumes? An attacker gains access to the old AWS account. They mount the old snapshots and volumes onto new instances they have access to, and inspect the volumes. The package and configuration data is mostly old and irrelevant, but they find source code, and in that source code, credentials to access the company’s private GitHub.
And what about those instances that developers created to test a feature and then forgot about? How many vulnerabilities do they have?
Okay, so how do I find AWS resources that might be lost or forgotten?
Use open source cnquery to explore all the resources in your AWS account, across all regions.
Open the shell
Find snapshots
Find volumes
Find EC2 instances with no tags attached, or with a specific tag
Find AWS Security Groups with unrestricted ipRange access
Find the AWS EC2 instances that are using those security groups
Explore all the resources under the EC2 service
