はじめに
ネットニュースを見ていたら、「Service Screener v2」というものを見つけたので、勉強ついでにサンドボックス環境で試してみました。
なにができる?
以下は、GitHub の README に記載の概要になります。
Service Screener is a tool that runs automated checks on AWS environments and provides recommendations based on AWS and community best practices.
AWS customers can use this tool on their own environments and use the recommendations to improve the Security, Reliability, Operational Excellence, Performance Efficiency and Cost Optimisation at the service level.
This tool aims to complement the AWS Well Architected Tool.
AWS 環境を自動でチェックし、セキュリティやコスト最適化の観点から推奨事項を提供するツールです。
AWSのベストプラクティスや Well-Architected Framework に基づいて診断してくれます。
実行環境の準備
README を参考に実行環境の準備を行います。実行環境はCloudShellを利用します。
1.作業ディレクトリに移動
ディレクトリ移動
~ $ cd /tmp
2.現在のディレクトリにPython仮想環境を作成
Python仮想環境作成
tmp $ python3 -m venv .
3.Python仮想環境を有効化
Python仮想環境の有効化
tmp $ source bin/activate
4.pip(Pythonパッケージ管理ツール)を最新バージョンにアップグレード
pipアップグレード
(tmp) tmp $ python3 -m pip install --upgrade pip
Requirement already satisfied: pip in ./lib/python3.9/site-packages (21.3.1)
Collecting pip
Downloading pip-25.1.1-py3-none-any.whl (1.8 MB)
|████████████████████████████████| 1.8 MB 12.9 MB/s
Installing collected packages: pip
Attempting uninstall: pip
Found existing installation: pip 21.3.1
Uninstalling pip-21.3.1:
Successfully uninstalled pip-21.3.1
Successfully installed pip-25.1.1
5.既存の service-screener-v2 ディレクトリを削除(存在する場合)
ディレクトリ削除
(tmp) tmp $ rm -rf service-screener-v2
6.GitHub から Service Screener のコードをクローン
クローン
(tmp) tmp $ git clone https://github.com/aws-samples/service-screener-v2.git
Cloning into 'service-screener-v2'...
remote: Enumerating objects: 4597, done.
remote: Counting objects: 100% (1115/1115), done.
remote: Compressing objects: 100% (280/280), done.
remote: Total 4597 (delta 895), reused 877 (delta 824), pack-reused 3482 (from 1)
Receiving objects: 100% (4597/4597), 3.82 MiB | 19.36 MiB/s, done.
Resolving deltas: 100% (2663/2663), done.
7.クローンしたディレクトリに移動
ディレクトリ移動
(tmp) tmp $ cd service-screener-v2
8.必要な Python パッケージをインストール
Python パッケージインストール
(tmp) service-screener-v2 $ pip install -r requirements.txt
Obtaining file:///tmp/service-screener-v2 (from -r requirements.txt (line 9))
Installing build dependencies ... done
Checking if build backend supports build_editable ... done
Getting requirements to build editable ... done
Preparing editable metadata (pyproject.toml) ... done
Collecting boto3>=1.35 (from -r requirements.txt (line 1))
Downloading boto3-1.38.46-py3-none-any.whl.metadata (6.6 kB)
Collecting packaging>=23.1 (from -r requirements.txt (line 2))
Downloading packaging-25.0-py3-none-any.whl.metadata (3.3 kB)
Collecting XlsxWriter>=3.1.0 (from -r requirements.txt (line 3))
Downloading xlsxwriter-3.2.5-py3-none-any.whl.metadata (2.7 kB)
Collecting netaddr>=0.9.0 (from -r requirements.txt (line 4))
Downloading netaddr-1.3.0-py3-none-any.whl.metadata (5.0 kB)
Collecting requests>=2.31.0 (from -r requirements.txt (line 5))
Downloading requests-2.32.4-py3-none-any.whl.metadata (4.9 kB)
Collecting openpyxl>=3.1.2 (from -r requirements.txt (line 6))
Downloading openpyxl-3.1.5-py2.py3-none-any.whl.metadata (2.5 kB)
Collecting multiprocess>=0.70 (from -r requirements.txt (line 7))
Downloading multiprocess-0.70.18-py39-none-any.whl.metadata (7.5 kB)
Collecting simple-term-menu>=1.6.4 (from -r requirements.txt (line 8))
Downloading simple_term_menu-1.6.6-py3-none-any.whl.metadata (29 kB)
Collecting botocore<1.39.0,>=1.38.46 (from boto3>=1.35->-r requirements.txt (line 1))
Downloading botocore-1.38.46-py3-none-any.whl.metadata (5.7 kB)
Collecting jmespath<2.0.0,>=0.7.1 (from boto3>=1.35->-r requirements.txt (line 1))
Downloading jmespath-1.0.1-py3-none-any.whl.metadata (7.6 kB)
Collecting s3transfer<0.14.0,>=0.13.0 (from boto3>=1.35->-r requirements.txt (line 1))
Downloading s3transfer-0.13.0-py3-none-any.whl.metadata (1.7 kB)
Collecting python-dateutil<3.0.0,>=2.1 (from botocore<1.39.0,>=1.38.46->boto3>=1.35->-r requirements.txt (line 1))
Downloading python_dateutil-2.9.0.post0-py2.py3-none-any.whl.metadata (8.4 kB)
Collecting urllib3<1.27,>=1.25.4 (from botocore<1.39.0,>=1.38.46->boto3>=1.35->-r requirements.txt (line 1))
Downloading urllib3-1.26.20-py2.py3-none-any.whl.metadata (50 kB)
Collecting six>=1.5 (from python-dateutil<3.0.0,>=2.1->botocore<1.39.0,>=1.38.46->boto3>=1.35->-r requirements.txt (line 1))
Downloading six-1.17.0-py2.py3-none-any.whl.metadata (1.7 kB)
Collecting charset_normalizer<4,>=2 (from requests>=2.31.0->-r requirements.txt (line 5))
Downloading charset_normalizer-3.4.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (35 kB)
Collecting idna<4,>=2.5 (from requests>=2.31.0->-r requirements.txt (line 5))
Downloading idna-3.10-py3-none-any.whl.metadata (10 kB)
Collecting certifi>=2017.4.17 (from requests>=2.31.0->-r requirements.txt (line 5))
Downloading certifi-2025.6.15-py3-none-any.whl.metadata (2.4 kB)
Collecting et-xmlfile (from openpyxl>=3.1.2->-r requirements.txt (line 6))
Downloading et_xmlfile-2.0.0-py3-none-any.whl.metadata (2.7 kB)
Collecting dill>=0.4.0 (from multiprocess>=0.70->-r requirements.txt (line 7))
Downloading dill-0.4.0-py3-none-any.whl.metadata (10 kB)
Downloading boto3-1.38.46-py3-none-any.whl (139 kB)
Downloading botocore-1.38.46-py3-none-any.whl (13.7 MB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 13.7/13.7 MB 16.9 MB/s eta 0:00:00
Downloading jmespath-1.0.1-py3-none-any.whl (20 kB)
Downloading python_dateutil-2.9.0.post0-py2.py3-none-any.whl (229 kB)
Downloading s3transfer-0.13.0-py3-none-any.whl (85 kB)
Downloading urllib3-1.26.20-py2.py3-none-any.whl (144 kB)
Downloading packaging-25.0-py3-none-any.whl (66 kB)
Downloading xlsxwriter-3.2.5-py3-none-any.whl (172 kB)
Downloading netaddr-1.3.0-py3-none-any.whl (2.3 MB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 2.3/2.3 MB 15.3 MB/s eta 0:00:00
Downloading requests-2.32.4-py3-none-any.whl (64 kB)
Downloading charset_normalizer-3.4.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (149 kB)
Downloading idna-3.10-py3-none-any.whl (70 kB)
Downloading openpyxl-3.1.5-py2.py3-none-any.whl (250 kB)
Downloading multiprocess-0.70.18-py39-none-any.whl (133 kB)
Downloading simple_term_menu-1.6.6-py3-none-any.whl (27 kB)
Downloading certifi-2025.6.15-py3-none-any.whl (157 kB)
Downloading dill-0.4.0-py3-none-any.whl (119 kB)
Downloading six-1.17.0-py2.py3-none-any.whl (11 kB)
Downloading et_xmlfile-2.0.0-py3-none-any.whl (18 kB)
Building wheels for collected packages: ServiceScreenerV2
Building editable for ServiceScreenerV2 (pyproject.toml) ... done
Created wheel for ServiceScreenerV2: filename=servicescreenerv2-2.0-0.editable-py3-none-any.whl size=7849 sha256=5a5cd2ccbffb12333fc8c3faa2a55b57732926d211cb5c7381e5140c2865f8b8
Stored in directory: /tmp/pip-ephem-wheel-cache-93k5n0lo/wheels/48/b9/16/c34a56b58d7bc2beab3cdb804fa9bf2bc6b66b6796c3db032d
Successfully built ServiceScreenerV2
Installing collected packages: ServiceScreenerV2, XlsxWriter, urllib3, six, simple-term-menu, packaging, netaddr, jmespath, idna, et-xmlfile, dill, charset_normalizer, certifi, requests, python-dateutil, openpyxl, multiprocess, botocore, s3transfer, boto3
Successfully installed ServiceScreenerV2-2.0 XlsxWriter-3.2.5 boto3-1.38.46 botocore-1.38.46 certifi-2025.6.15 charset_normalizer-3.4.2 dill-0.4.0 et-xmlfile-2.0.0 idna-3.10 jmespath-1.0.1 multiprocess-0.70.18 netaddr-1.3.0 openpyxl-3.1.5 packaging-25.0 python-dateutil-2.9.0.post0 requests-2.32.4 s3transfer-0.13.0 simple-term-menu-1.6.6 six-1.17.0 urllib3-1.26.20
9.Lambdaの依存パッケージを解凍して準備
依存パッケージの解凍
(tmp) service-screener-v2 $ python3 unzip_botocore_lambda_runtime.py
10.screener というショートカットコマンドを定義
ショートカットコマンド定義
(tmp) service-screener-v2 $ alias screener='python3 $(pwd)/main.py'
以上で実行環境の準備ができました!
実行してみる
screenerコマンドを使って実行してみます。
実行
(tmp) service-screener-v2 $ screener --regions ap-northeast-1
-- Acquiring identify info...
=================================================
Processing the following account id: <AWSアカウントID>
=================================================
[info] Empty CF stacked created successfully, name:ssv2-ddd7b96dcee9
PREPARING -- CLOUDFRONT::us-east-1
PREPARING -- LAMBDA::ap-northeast-1
PREPARING -- EC2::ap-northeast-1
PREPARING -- IAM::us-east-1
... (Lambda) - s3_transfer
COMPLETED -- CLOUDFRONT::us-east-1 (0.87s)
PREPARING -- CLOUDTRAIL::ap-northeast-1
... (CloudTrail:Common)
COMPLETED -- CLOUDTRAIL::ap-northeast-1 (0.126s)
PREPARING -- ELASTICACHE::ap-northeast-1
Generating IAM Credential Report...
COMPLETED -- ELASTICACHE::ap-northeast-1 (0.112s)
PREPARING -- EKS::ap-northeast-1
COMPLETED -- EKS::ap-northeast-1 (0.264s)
PREPARING -- DYNAMODB::ap-northeast-1
... (Lambda) - http-crud-tutorial-function
... (Compute Optimizer Recommendations)
... (Cost Explorer Recommendations)
... (Dynamodb::Generic)
... (Dynamodb::Table) - Dynamodb::ServiceScreenerAutomationStack-screenerscheduler1291276B-167F233RSBOS5
COMPLETED -- LAMBDA::ap-northeast-1 (2.273s)
PREPARING -- GUARDDUTY::ap-northeast-1
COMPLETED -- GUARDDUTY::ap-northeast-1 (0.096s)
PREPARING -- KMS::ap-northeast-1
... (EC2) - i-0d850360d4fdf180b
... (KMS) - 2f75a300-5cb5-4843-b31e-142813ed1352 (arn:aws:kms:ap-northeast-1:<AWSアカウントID>:key/2f75a300-5cb5-4843-b31e-142813ed1352)
... (KMS) - 9179978d-0090-4ea9-b94a-c34d7dd07c81 (arn:aws:kms:ap-northeast-1:<AWSアカウントID>:key/9179978d-0090-4ea9-b94a-c34d7dd07c81)
COMPLETED -- KMS::ap-northeast-1 (0.969s)
PREPARING -- CLOUDWATCH::ap-northeast-1
... (Cloudwatch Logs) - /aws/batch/job
... (Cloudwatch Logs) - /aws/lambda/ServiceScreenerAutomation-BucketNotificationsHandl-kC2Ul6tZnFwr
... (Cloudwatch Logs) - /aws/lambda/ServiceScreenerAutomation-CustomVpcRestrictDefault-SI9Ae5gdsRDY
... (Cloudwatch Logs) - /aws/lambda/ServiceScreenerAutomation-ScreenerResultsProcessor-bWz534KsHqIG
... (Cloudwatch Logs) - /aws/lambda/ServiceScreenerAutomationSt-ScreenerUpdate84451128-zztrQpOF58Es
... (Cloudwatch Logs) - /aws/lambda/http-crud-tutorial-function
... (Cloudwatch Logs) - /aws/lambda/s3_transfer
... (Cloudwatch Logs) - /aws/lambda/test
... (Cloudwatch Logs) - RDSOSMetrics
COMPLETED -- CLOUDWATCH::ap-northeast-1 (0.273s)
PREPARING -- REDSHIFT::ap-northeast-1
COMPLETED -- REDSHIFT::ap-northeast-1 (0.084s)
PREPARING -- APIGATEWAY::ap-northeast-1
... (APIGateway) - HTTP::http-crud-tutorial-api
COMPLETED -- APIGATEWAY::ap-northeast-1 (0.693s)
PREPARING -- S3::ap-northeast-1
... (S3Account)
... (EC2) - i-0d2ae47c7ec1152a2
... (Dynamodb::Table) - Dynamodb::http-crud-tutorial-items
Public access configuration not set
COMPLETED -- DYNAMODB::ap-northeast-1 (4.731s)
... (EC2) - i-06095b59ed03f16de
PREPARING -- OPENSEARCH::ap-northeast-1
COMPLETED -- OPENSEARCH::ap-northeast-1 (0.068s)
... (S3Bucket) - aws-cloudtrail-logs-<AWSアカウントID>-0848e890
... (IAM::User) - <root_account>
... (IAM::User) - xxxxxxxxxxxx
... (S3Bucket) - aws-cloudtrail-logs-<AWSアカウントID>-18082a56
... (IAM::User) - xxxxxxxxxxxx
... (EC2) - i-054637ba95dd24da6
... (IAM::User) - xxxxxxxxxxxx
... (S3Bucket) - aws-cloudtrail-logs-<AWSアカウントID>-4c820bf2
... (EBS) - vol-0e31fad5767a456c6
... (IAM::User) - xxxxxxxxxxxx
... (EBS) - vol-03b880f469c653401
... (IAM::User) - xxxxxxxxxxxx
... (S3Bucket) - aws-test-003
... (EBS) - vol-0589cb083900ee71b
... (IAM::User) - xxxxxxxxxxxx
... (EBS) - vol-09afd060c86b5c65d
... (S3Bucket) - cdk-hnb659fds-assets-<AWSアカウントID>-ap-northeast-1
... (IAM::User) - xxxxxxxxxxxx
... (S3Bucket) - cf-templates-1lvuh4nwumhrz-ap-northeast-1
... (EBS::Snapshots)
... (S3Bucket) - config-bucket-<AWSアカウントID>
... (IAM::User) - xxxxxxxxxxxx
... (EC2::Security Group) - sg-0a553fb86aa994e61
... (EC2::Security Group) - sg-0ab6cddefbd7ad106
... (EC2::Security Group) - sg-0b7bb8471f640f9e1
... (EC2::Security Group) - sg-007d09551c91408ca
... (EC2::Security Group) - sg-0619241a2fccd22d0
... (EC2::Security Group) - sg-0b70a01d187042f4d
... (EC2::Security Group) - sg-07917c9912f691b29
... (Elastic IP Recommendations) - xxxxxxxxxxxx
... (Elastic IP Recommendations) - xxxxxxxxxxxx
... (Elastic IP Recommendations) - xxxxxxxxxxxx
... (Elastic IP Recommendations) - xxxxxxxxxxxx
... (Elastic IP Recommendations) - xxxxxxxxxxxx
... (VPC::Virtual Private Cloud) - vpc-03bc366f8ef721100
... (VPC::Virtual Private Cloud) - vpc-0eb64fec4dbbd7079
... (VPC::Virtual Private Cloud) - vpc-0f14b34ff3c65429e
... (NACL::Network ACL) - acl-0253f97c67c0921f9
... (NACL::Network ACL) - acl-0e4e12f067eeceb16
... (NACL::Network ACL) - acl-041aab37f0a2d76b3
... (S3Bucket) - iki-chat-rock-test
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (S3Bucket) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (S3Bucket) - myshop-web-mod333
... (IAM::User) - xxxxxxxxxxxx
COMPLETED -- EC2::ap-northeast-1 (17.89s)
PREPARING -- EFS::ap-northeast-1
COMPLETED -- EFS::ap-northeast-1 (0.069s)
... (S3Bucket) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (S3Macie)
COMPLETED -- S3::ap-northeast-1 (15.748s)
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::User) - xxxxxxxxxxxx
... (IAM::Role) - cdk-hnb659fds-cfn-exec-role-<AWSアカウントID>-ap-northeast-1
... (IAM::Role) - cdk-hnb659fds-deploy-role-<AWSアカウントID>-ap-northeast-1
... (IAM::Role) - cdk-hnb659fds-file-publishing-role-<AWSアカウントID>-ap-northeast-1
... (IAM::Role) - cdk-hnb659fds-image-publishing-role-<AWSアカウントID>-ap-northeast-1
... (IAM::Role) - cdk-hnb659fds-lookup-role-<AWSアカウントID>-ap-northeast-1
... (IAM::Role) - EC2AutoStartStopRole
... (IAM::Role) - EC2RDP
... (IAM::Role) - xxxxxxxxxxxx
... (IAM::Role) - xxxxxxxxxxxx
... (IAM::Role) - xxxxxxxxxxxx
... (IAM::Role) - xxxxxxxxxxxx
... (IAM::Role) - xxxxxxxxxxxx
... (IAM::Role) - xxxxxxxxxxxx
... (IAM::Role) - xxxxxxxxxxxx
... (IAM::Role) - xxxxxxxxxxxx
... (IAM::Role) - xxxxxxxxxxxx
... (IAM::Role) - xxxxxxxxxxxx
... (IAM::Role) - xxxxxxxxxxxx
... (IAM::Role) - xxxxxxxxxxxx
... (IAM::Group) - xxxxxxxxxxxx
... (IAM::Group) - xxxxxxxxxxxx
... (IAM::Group) - xxxxxxxxxxxx
... (IAM:Account)
NoSuchEntity
COMPLETED -- IAM::us-east-1 (97.836s)
PREPARING -- RDS::ap-northeast-1
COMPLETED -- RDS::ap-northeast-1 (2.041s)
[info] Empty CF stacked deleted successfully, name:ssv2-ddd7b96dcee9
Total Resources scanned: 146.00 | No. Rules executed: 752.00
Time consumed (seconds): 100.775
ApigatewaypageBuilder class not found, using default pageBuilder
ElasticachepageBuilder class not found, using default pageBuilder
IampageBuilder class not found, using default pageBuilder
RedshiftpageBuilder class not found, using default pageBuilder
CloudtrailpageBuilder class not found, using default pageBuilder
LambdapageBuilder class not found, using default pageBuilder
OpensearchpageBuilder class not found, using default pageBuilder
DynamodbpageBuilder class not found, using default pageBuilder
CloudfrontpageBuilder class not found, using default pageBuilder
KmspageBuilder class not found, using default pageBuilder
EkspageBuilder class not found, using default pageBuilder
S3pageBuilder class not found, using default pageBuilder
RdspageBuilder class not found, using default pageBuilder
Ec2pageBuilder class not found, using default pageBuilder
EfspageBuilder class not found, using default pageBuilder
CloudwatchpageBuilder class not found, using default pageBuilder
Generating Framework - MSR
Generating Framework - FTR
Generating Framework - SSB
Generating Framework - WAFS
*** [WATool] Attempting to deploy WA Tools in this region: ap-northeast-1
No milestones found for workload c5d02da16eab1ec000e13eb036b8a33f... creating milestone...
Milestone Number: 1
Generating Framework - CIS
Generating Framework - NIST
Generating Framework - RMiT
Generating Framework - SPIP
Generating Framework - RBI
... Running CP - TA, it can takes up to 60 seconds
Error: TA unable to generate. Access denied due to support level
Pages generated, download output.zip to view
CloudShell user, you may use this path: =====> /tmp/service-screener-v2/output.zip <=====
@ Thank you for using Service Screener, script spent 104.667s to complete @
実行が完了すると output.zip というファイルが出力される。
確認
(tmp) service-screener-v2 $ ls -al | grep output.zip
-rw-rw-r--. 1 cloudshell-user cloudshell-user 2619594 Jun 30 13:04 output.zip
(tmp) service-screener-v2 $
実行結果の確認
出力されたファイルをダウンロードする。
CloudShell の アクション > ファイルのダウンロード をクリックする。
出力先のパスを入力し ダウンロード をクリックする。
output.zip を解凍し、index.html をクリックする。
ブラウザが起動しチェック結果について確認できる。
チェック項目をざっと確認してみましょう。
FINDINGS
ここで検出結果をすべて確認できます。
ここではリソースの項目、概要、重要度くらいしか確認できないので、あんまり見ることはないですかね…
MODERNIZE
ここはベータ版の機能のようです。
EC2インスタンスの項目では、CPUをAMDに移行できそうだとか、コンテナ化できそうだとかいろいろと推奨事項がでてきています。
TA (Trusted Advisor)
本環境では取得できなかったため、スキップします。
Compliances / Frameworks
ここではいくつかのコンプライアンスやフレームワークベースで対応状況をレポートしてくれる箇所のようです。
例としてCISの画面を見てみます。
カテゴリやルール ID あわせてステータス、説明が表示されています。
これは実際にチェックするときに見やすいので使いやすい思います。
References
ここではサービスごとの推奨状況や観点ごとのステータスを表示してくれています。
ここもかなり見やすいです。
説明したように、セキュリティ以外のチェックもしてくれるので、パフォーマンスやコストなど様々な観点での環境自動チェックツールとして利用できますね!
さいごに
今回は AWS 環境チェックツール「Service Screener v2」を使ってみました。
Service Screener では実際の環境ベースでの自動チェックがこちらで行えるので、既存 AWS 環境の課題を自動で作成し、セキュリティやコスト最適化の観点で洗い出しできるので良いですよね。
お客様の環境で使ったりすることはまだまだ難しいと思いますが、自分の環境や会社のサンドボックス環境で使ってみたり、カスタマイズできるのかを検証することも面白いと思います。
次回は「Service Screener v2」をスケジュール実行できる「Screener Scheduler」について紹介しようと思います。