Skip to content

Snapshot the CloudFormation stack sets in an AWS organization

Notifications You must be signed in to change notification settings

iainelder/aws-stack-set-snapshot

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

aws-stack-set-snapshot

Dumps all instances of all stack sets.

This allows you to compute statistics across all stack instances, such as total instance count and ratio of CURRENT instances.

Quick Start

Run the tool in the organization management account.

Dump a snapshot.

poetry run python aws_stack_set_snapshot.py > stack_sets.json

Count the instances in each stack set.

cat stack_sets.json \
| jq 'map({StackSetName, Status, Instances: (.Instances | length)})' \
| in2csv --no-inference --format json \
| csvlook --no-inference \
| less

Columns:

  • StackSetName
  • Status
  • Instances

Show the result of the latest operation.

cat stack_sets.json \
| jq '
map({
    StackSetName,
    Status,
    LastOperation: (
        .Operations[0]
        | if . == null then {}
          else {Status, CreationTimestamp, EndTimestamp} end)
})
| sort_by(.LastOperation.CreationTimestamp)
| reverse
' \
| in2csv --no-inference --format json \
| csvlook --no-inference \
| less

Columns:

  • StackSetName
  • Status
  • LastOperation/Status
  • LastOperation/CreationTimestamp
  • LastOperation/EndTimestamp

Compute the aggregate status of all the instances.

cat stack_sets.json \
| jq '
map(select(.Status == "ACTIVE"))
| map(
    {StackSetName}
    + (
        .Instances
        | reduce .[] as $i (
            {
                "CURRENT_RATIO": 0,
                "TOTAL": 0,
                "CURRENT_SUCCEEDED": 0
            }
            ; .[$i.Status + "_" + $i.StackInstanceStatus.DetailedStatus] += 1
            | .["TOTAL"] += 1
            | .["CURRENT_RATIO"] = (100 * .["CURRENT_SUCCEEDED"] / .["TOTAL"] | floor)
        )
    )
)
| sort_by(.CURRENT_RATIO, .StackSetName)
' \
| in2csv --no-inference --format json \
| csvlook --no-inference \
| less

Columns:

  • StackSetName
  • CURRENT_RATIO
  • TOTAL
  • CURRENT_SUCCEEDED
  • OUTDATED_FAILED
  • OUTDATED_CANCELLED
  • INOPERABLE_INOPERABLE
  • OUTDATED_PENDING

Show the target regions and organizational units.

cat stack_sets.json \
| jq '
map(select(.Status == "ACTIVE"))
| map(
    {StackSetName}
    + (
        .Instances
        | reduce .[] as $i (
            {
                "Regions": {},
                "OrganizationalUnitIds": {}
            }
            ; .Regions[$i.Region] += 1
            | .OrganizationalUnitIds[$i.OrganizationalUnitId] += 1
        )
        | .Regions = (.Regions | keys | join(","))
        | .OrganizationalUnitIds = (.OrganizationalUnitIds | keys | join(","))
    )
)
' \
| in2csv --no-inference --format json \
| csvlook --no-inference \
| less

Columns:

  • StackSetName
  • Regions
  • OrganizationalUnitIds

TODO

jq lacks date arithmetic, so it's difficult to compute these:

  • Days since last operation
  • Duration of last operation
  • Numer of operations per day (SERVICE_MANAGED stack sets operate automatically)

The SERVICE_MANAGED permission model is not supported in delegated administrator accounts. The tool is hard-coded to use the SELF permission model, so it currently works only in the organization management account.

Transform the JSON into a dimensional model with these dimensions (not exhaustive):

  • Region
  • Account (rolls up to Organizational unit, root, organization)
  • Stack set
  • Status reason (with a pattern to match examples in the wild)

Implementation

Returns the Summaries list of ListStackSets and adds extra keys to each stack set description.

Merges the complete description into each summary result given by DescribeStackSet.

The Instance key is populated for each stack set by the Summaries list of ListStackInstances.

The Operations key is populated for each stack set by the Summaries list of the ListStackSetOperations.

Other Tools

rain now has a stackset command for operating on stack sets. I haven't tried it yet, but it may complement this tool.

About

Snapshot the CloudFormation stack sets in an AWS organization

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages