readme.md in aws_recon-0.2.8 vs readme.md in aws_recon-0.2.9

- old
+ new

@@ -30,18 +30,18 @@ To run locally, first install the gem: ``` $ gem install aws_recon -Fetching aws_recon-0.2.7.gem +Fetching aws_recon-0.2.8.gem Fetching aws-sdk-resources-3.76.0.gem Fetching aws-sdk-3.0.1.gem Fetching parallel-1.19.2.gem ... Successfully installed aws-sdk-3.0.1 Successfully installed parallel-1.19.2 -Successfully installed aws_recon-0.2.7 +Successfully installed aws_recon-0.2.8 ``` Or add it to your Gemfile using `bundle`: ``` @@ -49,24 +49,24 @@ Fetching gem metadata from https://rubygems.org/ Resolving dependencies... ... Using aws-sdk 3.0.1 Using parallel 1.19.2 -Using aws_recon 0.2.2 +Using aws_recon 0.2.8 ``` To run via a Docker a container, pass the necessary AWS credentials into the Docker `run` command. For example: ``` -$ docker run --rm \ +$ docker run -t --rm \ -e AWS_REGION \ -e AWS_ACCESS_KEY_ID \ -e AWS_SECRET_ACCESS_KEY \ -e AWS_SESSION_TOKEN \ -v $(pwd)/output.json:/recon/output.json \ - aws_recon:latest \ - aws_recon -v -s EC2 -r us-east-1,us-east-2 + darkbitio/aws_recon:latest \ + aws_recon -v -s EC2 -r global,us-east-1,us-east-2 ``` ## Usage @@ -80,33 +80,41 @@ ``` $ AWS_PROFILE=<profile> aws_recon ``` -To run from a Docker container using `aws-vault` managed credentials (output to file): +To run from a Docker container using `aws-vault` managed credentials (output to stdout): ``` -$ aws-vault exec darkbit -- docker run --rm \ +$ aws-vault exec <vault_profile> -- docker run -t --rm \ -e AWS_REGION \ -e AWS_ACCESS_KEY_ID \ -e AWS_SECRET_ACCESS_KEY \ -e AWS_SESSION_TOKEN \ - -v $(pwd)/output.json:/recon/output.json \ - aws_recon:latest \ - aws_recon -s EC2 -v -r us-east-1,us-east-2 + darkbitio/aws_recon:latest \ + aws_recon -j -s EC2 -r global,us-east-1,us-east-2 ``` -To run from a Docker container using `aws-vault` managed credentials (output to stdout): +To run from a Docker container using `aws-vault` managed credentials and output to a file, you will need to satisfy a couple of requirements. First, Docker needs access to bind mount the path you specify (or a parent path above). Second, you need to create an empty file to save the output into (e.g. `output.json`). This is because we are only mounting that one file into the Docker container at run time. For example: +Create an empty file. + ``` -$ aws-vault exec darkbit -- docker run --rm \ +$ touch output.json +``` + +Run the `aws_recon` container, specifying the output file. + +``` +$ aws-vault exec <vault_profile> -- docker run -t --rm \ -e AWS_REGION \ -e AWS_ACCESS_KEY_ID \ -e AWS_SECRET_ACCESS_KEY \ -e AWS_SESSION_TOKEN \ - aws_recon:latest \ - aws_recon -j -s EC2 -r us-east-1,us-east-2 + -v $(pwd)/output.json:/recon/output.json \ + darkbitio/aws_recon:latest \ + aws_recon -s EC2 -v -r global,us-east-1,us-east-2 ``` You may want to use the `-v` or `--verbose` flag initially to see status and activity while collection is running. In verbose mode, the console output will show: @@ -174,10 +182,10 @@ Most users will want to limit collection to relevant services and regions. Running without any options will attempt to collect all resources from all 16 regular regions. ``` $ aws_recon -h -AWS Recon - AWS Inventory Collector (0.2.7) +AWS Recon - AWS Inventory Collector (0.2.8) Usage: aws_recon [options] -r, --regions [REGIONS] Regions to scan, separated by comma (default: all) -n, --not-regions [REGIONS] Regions to skip, separated by comma (default: none) -s, --services [SERVICES] Services to scan, separated by comma (default: all)