This script is a read-only utility that counts cloud resources in your AWS account. If you run this in your organization account, it will discover resources in all accounts in your organization.
No changes will be made to your account. No data will be sent anywhere and will remain in your cloud shell environment.
This script can run against an individual AWS account or all child accounts in an AWS Organization. When running the script in CloudShell, it will establish the session using the AWS Identity currently signed in. When running the script in your local environment, it will establish the session based on your AWS CLI configuration. Please see Local Environment Instructions for more details. If your AWS Identity is in the AWS Organization Management account, the script will use the default role OrganizationAccountAccessRole (or custom role if provided) to switch into each child account. If your AWS Identity is not in an AWS Organization Management account, the script will only process resources in this single account. Upon completion, a CSV report is generated with the findings.
Reported Resources will include a count of each of the following resource types per AWS Region:
| Resource | Description |
|---|---|
| Terminated VMs | Terminated EC2 Instances |
| Running VMs | Running EC2 Instances |
| Terminated Kubernetes Nodes | Terminated EKS Nodes |
| Running Kubernetes Nodes | Running EKS Nodes |
| Active EKS Fargate Profiles | Active EKS Fargate Profiles for each EKS Cluster. Excludes any existing Falcon Profiles eg. fp-falcon* |
| ECS Service Fargate Tasks | DesiredCount of tasks in Active ECS Services. Excludes standalone tasks or tasks that are scheduled outside of Services |
Open AWS Cloud Shell (overview, documentation) using one of the direct links:
| Region | Link |
|---|---|
| us-east-1 | Virginia, United States |
| us-east-2 | Ohio, United States |
| us-west-2 | Oregon, United States |
| eu-west-1 | Ireland |
| ap-northeast-1 | Tokyo, Japan |
curl https://raw.githubusercontent.com/CrowdStrike/cloud-resource-estimator/main/benchmark.sh | bashcat ./cloud-benchmark/*benchmark.csvexport AWS_ASSUME_ROLE_NAME="custom-role-name"