Hello Reader,

Today, I went down a rabbit hole of prompting and ended up adding a ton of new features to our application. Here’s what the latest version now includes:

New Features:

• AWS Organization Scanning: Detects other AWS accounts in the organization of the accessed account.
• Cross-Account Role Assumption: Verifies if the account key can assume the AWS Organizations role to enumerate other accounts.
• Parallel Region Scanning: Uses multiprocessing to scan all regions simultaneously for every accessible account.
• CloudTrail Logs: Identifies CloudTrail logs in each account and displays their locations in a dedicated GUI tab. Also checks if they are only stored by AWS (default storage).
• VPC Flow Logs: Lists VPC Flow logs in a separate GUI tab, showing where they are stored.
• EC2 Metadata: Adds detailed metadata for EC2 instances, snapshots, and EBS volumes.
• CloudWatch Log Groups: Provides support for CloudWatch Log groups.
• Lightsail Instances: Adds enumeration support for Lightsail instances.

A Different Approach:

Rather than listing the many individual prompts I used to add these features (and the iterative process of fixing errors), I decided to take a new approach. I asked the model to create a single prompt that could recreate the current state of this program. Here's what it generated:

Generated Prompt

Create a Python-based GUI application for enumerating AWS resources across multiple accounts and regions. The application should have the following specifications:

Core Requirements:

1. GUI Framework:

   • Use PySide6 for the interface.
   • Include a tabbed layout for different resource types.
   • Show real-time progress with progress bars.
   • Provide a resource tree view for navigation.
   • Include a log window for status messages.

2. AWS Integration:

   • Support both AWS profile and direct API key authentication.
   • Enable AWS Organizations support for multi-account scanning.
   • Implement cross-account role assumption.
   • Use boto3 with retry logic and error handling.
   • Support parallel processing of regions.

3. Resource Types to Enumerate:

   • EC2 Resources:
     • Instances (metadata: type, IPs, key name, platform).
     • Volumes (size, type, encryption, IOPS).
     • Snapshots (size, source, encryption).
     • Security groups.
   • Storage:
     • S3 buckets (with region mapping).
     • EBS volumes (with attachments).
   • Database:
     • RDS instances.
     • Lightsail databases.
   • Logging & Monitoring:
     • CloudTrail configurations.
     • CloudWatch Log Groups.
     • VPC Flow Logs.
     • Organization-wide logging detection.

4. Data Export:

   • Support for exporting in Excel, JSON, or text format.
   • Include metadata and a hierarchical structure in the export.
   • Use the AWS Account ID and timestamp as the default filename for uniqueness.

5. Progress Tracking:

   • Display overall, per-account, and region-specific progress.
   • Show status messages for operations.

Technical Specifications:

1. Multiprocessing:

   • Use Python’s multiprocessing to handle parallel region scanning.
   • Implement proper process cleanup and progress communication.

2. Error Handling:

   • Implement exponential backoff for API calls.
   • Handle permission issues gracefully.
   • Display clear error messages in the GUI.

3. Security:

   • Ensure secure credential handling.
   • Support AWS profiles and direct API key input.
   • Implement minimum required permissions.

4. GUI Features:

   • Tab-based views for resource types (EC2, storage, database, logging).
   • Progress dialogs with multiple progress bars.
   • Resource tree view for navigation.
   • Color-coded status indicators.

5. Dependencies:

   • boto3/botocore: AWS SDK.
   • PySide6: GUI framework.
   • pandas: Data handling.
   • openpyxl: Excel export.

6. File Structure:

   • aws_enumerator.py: Main application.
   • requirements.txt: Dependency list.
   • README.md: Project documentation.
   • License file.

Progress So Far:

The best part? I still haven’t written a single line of code myself! The application now has a polished interface and works as described. I've also updated the README file and requirements.txt, so everything is ready for you to try.

You can check out the latest version and give it a spin here:
AWSExaminer GitHub Repository

Stay tuned for more updates as we continue building!