aws-inventory-manager 2.1.0

Know Everything About Your AWS Environment

AWS Inventory Manager

Know Everything About Your AWS Environment

Collections | Inventory Snapshots | Configuration Drift | Security Scanning | Cost Analysis | Resource Cleanup | IaC Generation

Documentation | Quick Start | Features | Contributing

---

What It Does

One CLI that inventories 27 AWS services and 80+ resource types, then lets you track drift, enforce compliance, generate Terraform and CDK, scan for security issues, manage Lambda code, query resources with SQL, and clean up what shouldn't be there. 60+ commands. Zero agents running in your account.

Note: "Snapshot" in this tool means an inventory snapshot (a catalog of what exists), not an AWS EBS or RDS snapshot. No AWS snapshots are created.

Problem	Solution
"What's actually running in our account?"	Snapshot 80+ resource types across all regions in one command
"What changed since last week?"	Field-level configuration drift detection between snapshots
"Are we following security best practices?"	12+ CIS-aligned checks with severity filtering
"Someone spun up a bunch of test resources"	Delete everything created after a baseline snapshot
"I need Terraform for existing resources"	Generate Terraform or CDK from live inventory with guardrails
"What's in that Lambda function?"	Extract, view, and diff deployment packages across snapshots
"Are our guardrails being followed?"	YAML-based compliance policies with BLOCK/WARN/AUTO-FIX
"I need a resource explorer for the team"	Launch a web UI with awsinv serve

---

Quick Start

pip install aws-inventory-manager

Or with pipx: pipx install aws-inventory-manager

# 1. Organize snapshots into a collection
awsinv collection create prod-baseline --description "Production account"

# 2. Capture current state into the collection
awsinv snapshot create my-baseline --collection prod-baseline --region us-east-1

# 3. View what was captured
awsinv snapshot report

# 4. Track changes
awsinv delta --snapshot my-baseline --show-diff

# 5. Find security issues
awsinv security scan --severity HIGH

# 6. Clean up (always preview first!)
awsinv cleanup preview my-baseline
awsinv cleanup execute my-baseline --yes

See the full Getting Started tutorial for a complete walkthrough.

---

Features

• Collections -- Named containers for organizing snapshots by account, environment, or team (guide)
• Inventory Snapshots -- 27 AWS services, 80+ resource types, multi-region, Lambda code collection, SQLite storage (guide)
• Change Tracking -- Field-level drift detection with before/after diff (guide)
• Security Scanning -- 12+ CIS-aligned checks across severity levels (guide)
• Cost Analysis -- Per-inventory cost tracking, date ranges, service breakdown (guide)
• Resource Cleanup -- Baseline cleanup, purge mode, protection rules, 43 deletable types (guide)
• AWS Config Integration -- Auto-detected, up to 5x faster collection (guide)
• Query & Analysis -- SQL queries, resource search, cross-snapshot history (guide)
• Creator Tracking -- CloudTrail-based resource provenance (guide)
• IaC Generation -- Terraform, CDK TypeScript, CDK Python via AI (guide)
• Guardrails -- Policy-based compliance checking, AI auto-fix, CI/CD ready (guide)
• Web UI -- Resource Explorer with advanced filtering and export (guide)
• Lambda Code -- List, extract, view, diff, and fetch Lambda deployment code (guide)

---

Documentation

Full documentation is available at troylar.github.io/aws-inventory-manager.

Section	Description
Getting Started	Installation, first snapshot, common workflows
Configuration	Environment variables, AWS Config, data storage, multi-account
Guides	How-to guides for every feature
Guardrails	Policy-based compliance checking
Reference	CLI reference, IAM permissions, supported resources, database schema
Development	Contributing, testing, architecture
FAQ	Troubleshooting and frequently asked questions

---

Common Workflows

# Development environment reset
awsinv snapshot create morning-baseline --region us-east-1
# ... work all day ...
awsinv cleanup execute morning-baseline --yes

# Pre/post deployment comparison
awsinv snapshot create pre-deploy --region us-east-1,us-west-2
# ... deploy ...
awsinv delta --snapshot pre-deploy --show-diff

# Sandbox account cleanup
awsinv cleanup purge --protect-tag "baseline=true" --preview
awsinv cleanup purge --protect-tag "baseline=true" --yes

See Common Workflows for more examples.

---

Command Quick Reference

Command Group	Description
awsinv collection	Create, list, show, delete snapshot collections
awsinv snapshot	Create, list, export, enrich snapshots
awsinv delta	Track changes since a baseline
awsinv security	Run CIS-aligned security scans
awsinv cost	Cost analysis with date ranges
awsinv cleanup	Delete resources (preview/execute/purge)
awsinv lambda	Lambda code: list, extract, show, diff, fetch
awsinv query	SQL queries and resource search
awsinv generate	Generate Terraform/CDK from snapshots
awsinv guardrails	Compliance checking and policy management
awsinv serve	Launch web-based Resource Explorer

See the full CLI Reference for all options.

---

Supported Resources

27 AWS services, 80+ resource types. 43 support deletion via cleanup.

See Supported Resource Types for the full list.

---

Development

git clone https://github.com/troylar/aws-inventory-manager.git
cd aws-inventory-manager
pip install -e ".[dev]"

invoke test              # All tests with coverage
invoke test-unit         # Unit tests only (faster)
invoke quality           # Lint + typecheck
invoke quality --fix     # Auto-fix issues
invoke build             # Build distributable package

2400+ tests, 61% overall coverage.

---

Contributing

1. Fork the repository
2. Create a feature branch (git checkout -b feature/my-feature)
3. Run tests: invoke test
4. Run quality checks: invoke quality
5. Submit a pull request

See CONTRIBUTING.md for detailed guidelines.

License

MIT License - see LICENSE

Support

• Issues: GitHub Issues
• Discussions: GitHub Discussions

---

Built for AWS practitioners who need visibility and control