- What
- Why?
- How it works
- Security?
- AWS IAM Policy for access
- Gaps
- Development
- Test
- Build
- Deploy
- Build & Deploy Gaps
AWSResco is a standalone SPA using the client side AWS JS SDK to get instance and reservation info for JIT comparison of running infrastructure. This comparison provides a "Differential" value to the user to see where they are over or under allotted on their reservations.
The latest version is at: http://awsresco.s3-website-us-east-1.amazonaws.com/
In my time with working with AWS, the question of "Am I utilizing my reservations correctly?" has come up many times. AWS doesn't provide an interface, tool, or output that I am aware of that can provide this information in an easily consumable way. The closest tool AWS has is Reservation Utilization Reports which works well in some cases, mostly smaller organizations, but lacks granularity for others.
AWS Reservation Comparison (AWSResco) takes a look at AWS reservations for a given account and compares them against running infrastructure. It combines multiple reservation purchases of the same Instance Type, Availability Zone, Platform (windows or linux), and VPC (EC2-Classic or VPC) into a single object, then looks at all running instances and matches them with any reservation based on the same values.
This information is then presented to the user as:
- The number of reservations of a given type, zone, platform, and vpc:
Reservation Count - The number of running instances of a given type, zone, platform, and vpc:
Running Instances - A differential, the number of reservations minus the number of running instances:
Differential - The hard data on each reservation & running instance sets:
Type,Zone,Windows,VPC,Runnings Ids, andRunning Names
While AWSResco itself doesn't use HTTPS from S3 to the client's browser, all communication from the client's browser to AWS is over HTTPS. This means that your access and secret keys are never sent from your browser over anything other than HTTPS. This is enabled via http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Config.html#sslEnabled-property.
If you are worried about what the tool does with your keys, please feel free to review the code for any malicious usage. If you find anything concering, feel free to open an issue or pull request.
The policy you use for AWSResco should follow the least privilege access rules. In the case of AWSResco, the only access needed is for the the describeInstances and the describeReservedInstances API calls. The following is an example of the policy to use:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1452989493668",
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeReservedInstances"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
Currently AWSResco does not take into account OfferingType, it assumes that only Heavy Utilization is being used as that was the original use case for the tool. There are plans to support all OfferingType variations - see Issue#3.
- Run with:
python -m SimpleHTTPServer(or your favorite web server) - Navigate to:
localhost:8000/dev.html(or your favorite web server's configuration)
- Manual process to test
- Run
sudo bash build.shwhich will uglify css and javascript
- Manual process of pushing to S3
- Changes to
dev.htmlneed to be copied toindex.htmlat this time. - No publish scripts to get new version to S3.