All Products
Search
Document Center

Cloud Migration Hub:Survey AWS resources in offline mode

Last Updated:Aug 06, 2024

This topic describes how to use the aws-scanner tool provided by Cloud Migration Hub (CMH) to survey your resources on Amazon Web Services (AWS) in offline mode.

Preparations

Grant permissions to an account

To use the aws-scanner tool to survey all your resources on AWS in offline mode, you must provide an AWS account that is granted the read permissions on all the resources. AWS provides a system policy that allows read-only access to AWS resources. You can use this policy to grant read-only permissions to your AWS account:

arn:aws:iam::aws:policy/ReadOnlyAccess

If you need a policy that covers the permissions on fewer resources, you can create a custom policy based on the ReadOnlyAccess policy of AWS.

Prepare a runtime environment

  1. Tool server selection: The aws-scanner tool must be installed and run on a tool server that can access AWS endpoints over an external network.

  2. Tool server specifications and OS requirements: The tool server requires at least 2 CPU cores and 4 GB of memory. No special requirement exists for the OS of the tool server.

  3. Environment dependencies: The tool server on which you run the aws-scanner tool must use a Java 8 runtime environment. You can run the java -version command to view the Java version of the tool server.

Download an installation package of the aws-scanner tool

Download an installation package of the aws-scanner tool based on your OS. Then, upload the installation package to the tool server and decompress the installation package.

Operating system

Method to obtain an installation package

Linux(X86) / Windows(X86)

Log on to the CMH console. In the left-side navigation pane, choose Assessment > Resource Collection. On the Offline Collection tab of the Resource Collection page, click Download Tool in the AWS section.

To decompress the installation package, run the tar zxvf aws-scanner-x.x.tar.gz command.

Configure a working directory

You must configure an empty directory as the working directory of the aws-scanner tool. In this example, the following directory is used:

|-aws-scanner/
            |-aws-scanner-x.x.jar

Run the tool

You can run the following command on the CLI to conduct a survey. Then, you can analyze the survey results on the tool server. java -jar aws-scanner.jar ak sk region_id result_path product_code

# Command parameters 
# 1. ak: the access key ID of your AWS account. 
# 2. sk: the secret access key of your AWS account.
# 3. region_id: the region ID of your AWS account.
# 4. result_path: the path to which the survey results are exported.
# 5. product_code: the code of the AWS service that you want to survey. If you want to survey all AWS services, set the parameter to all. For more information about supported AWS services, see the following topic: 
 
Supported source types and migration tools 


#e.g. "java -jar aws-scanner.jar  akxxxx  skxxx cn-north-1 ./ all"

After the command is run, the following output is displayed in the CMH console:

java -jar aws-scanner.jar  akxxx  skxxx cn-north-1 ./ all
AK :akxxx;
SK :skxxx;
Region :cn-north-1;
path :./;
type :all;
Call the SDK to obtain resource data, ak:akxxx,sk:skxxx,region:cn-north-1,resourceType:aws_ec2
The number of obtained resource data entries: 473
Call the SDK to obtain resource data. ak:akxxx,sk:skxxx,region:cn-north-1,resourceType:aws_nat
The number of obtained resource data entries: 3
Call the SDK to obtain resource data, ak:akxxx,sk:skxxx,region:cn-north-1,resourceType:aws_security_group
The number of obtained resource data entries: 71
Call the SDK to obtain resource data. ak:akxxx,sk:skxxx,region:cn-north-1,resourceType:aws_vpc
The number of obtained resource data entries: 4
Call the SDK to obtain resource data, ak:akxxx,sk:skxxx,region:cn-north-1,resourceType:aws_avaliability_zone
The number of obtained resource data entries: 3
Call the SDK to obtain resource data, ak:akxxx,sk:skxxx,region:cn-north-1,resourceType:aws_elb
The number of obtained resource data entries: 70
Call the SDK to obtain resource data, ak:akxxx,sk:skxxx,region:cn-north-1,resourceType:aws_rds
The number of obtained resource data entries: 25
Call the SDK to obtain resource data, ak:akxxx,sk:skxxx,region:cn-north-1,resourceType:aws_elasticcache
The number of obtained resource data entries: 37
Call the SDK to obtain resource data, ak:akxxx,sk:skxxx,region:cn-north-1,resourceType::aws_s3
The number of obtained resource data entries: 17
A JSON file is generated. Go to the following path to view the generated file: ./

Analyze resource information on the tool server

After the tool is run, several files are generated in the output directory. The following figure shows the generated files.image

You can open the xxxindex.html file to view the overview data of all surveyed AWS resources. You can view resources on the overview page. If a large number of resources exist, you can click more to view all resources on the details page.image

Upload resource information

After you verify that the data is correct on the tool server, you can upload the JSON file to CMH.

Log on to the CMH console. In the left-side navigation pane, choose Assessment > Resource Collection. On the Offline Collection tab of the Resource Collection page, click Upload in the AWS section. In the dialog box that appears, upload the JSON file.

image.png

After the JSON file is uploaded, you can view the survey task in the CMH console. You can click the task ID to view the surveyed resources. The surveyed resources are automatically imported to CMH and are displayed in the resource list.

image.png