This topic describes how to use the aws-scanner tool provided by Cloud Migration Hub (CMH) to survey your resources on Amazon Web Services (AWS) in offline mode.
Preparations
Grant permissions to an account
To use the aws-scanner tool to survey all your resources on AWS in offline mode, you must provide an AWS account that is granted the read permissions on all the resources. AWS provides a system policy that allows read-only access to AWS resources. You can use this policy to grant read-only permissions to your AWS account:
arn:aws:iam::aws:policy/ReadOnlyAccess
If you need a policy that covers the permissions on fewer resources, you can create a custom policy based on the ReadOnlyAccess policy of AWS.
Prepare a runtime environment
Tool server selection: The aws-scanner tool must be installed and run on a tool server that can access AWS endpoints over an external network.
Tool server specifications and OS requirements: The tool server requires at least 2 CPU cores and 4 GB of memory. No special requirement exists for the OS of the tool server.
Environment dependencies: The tool server on which you run the aws-scanner tool must use a Java 8 runtime environment. You can run the
java -version
command to view the Java version of the tool server.
Download an installation package of the aws-scanner tool
Download an installation package of the aws-scanner tool based on your OS. Then, upload the installation package to the tool server and decompress the installation package.
Operating system | Method to obtain an installation package |
Linux(X86) / Windows(X86) | Log on to the CMH console. In the left-side navigation pane, choose Assessment > Resource Collection. On the Offline Collection tab of the Resource Collection page, click Download Tool in the AWS section. |
To decompress the installation package, run the tar zxvf aws-scanner-x.x.tar.gz
command.
Configure a working directory
You must configure an empty directory as the working directory of the aws-scanner tool. In this example, the following directory is used:
|-aws-scanner/
|-aws-scanner-x.x.jar
Run the tool
You can run the following command on the CLI to conduct a survey. Then, you can analyze the survey results on the tool server. java -jar aws-scanner.jar ak sk region_id result_path product_code
# Command parameters
# 1. ak: the access key ID of your AWS account.
# 2. sk: the secret access key of your AWS account.
# 3. region_id: the region ID of your AWS account.
# 4. result_path: the path to which the survey results are exported.
# 5. product_code: the code of the AWS service that you want to survey. If you want to survey all AWS services, set the parameter to all. For more information about supported AWS services, see the following topic:
Supported source types and migration tools
#e.g. "java -jar aws-scanner.jar akxxxx skxxx cn-north-1 ./ all"
After the command is run, the following output is displayed in the CMH console:
java -jar aws-scanner.jar akxxx skxxx cn-north-1 ./ all
AK :akxxx;
SK :skxxx;
Region :cn-north-1;
path :./;
type :all;
Call the SDK to obtain resource data, ak:akxxx,sk:skxxx,region:cn-north-1,resourceType:aws_ec2
The number of obtained resource data entries: 473
Call the SDK to obtain resource data. ak:akxxx,sk:skxxx,region:cn-north-1,resourceType:aws_nat
The number of obtained resource data entries: 3
Call the SDK to obtain resource data, ak:akxxx,sk:skxxx,region:cn-north-1,resourceType:aws_security_group
The number of obtained resource data entries: 71
Call the SDK to obtain resource data. ak:akxxx,sk:skxxx,region:cn-north-1,resourceType:aws_vpc
The number of obtained resource data entries: 4
Call the SDK to obtain resource data, ak:akxxx,sk:skxxx,region:cn-north-1,resourceType:aws_avaliability_zone
The number of obtained resource data entries: 3
Call the SDK to obtain resource data, ak:akxxx,sk:skxxx,region:cn-north-1,resourceType:aws_elb
The number of obtained resource data entries: 70
Call the SDK to obtain resource data, ak:akxxx,sk:skxxx,region:cn-north-1,resourceType:aws_rds
The number of obtained resource data entries: 25
Call the SDK to obtain resource data, ak:akxxx,sk:skxxx,region:cn-north-1,resourceType:aws_elasticcache
The number of obtained resource data entries: 37
Call the SDK to obtain resource data, ak:akxxx,sk:skxxx,region:cn-north-1,resourceType::aws_s3
The number of obtained resource data entries: 17
A JSON file is generated. Go to the following path to view the generated file: ./
Analyze resource information on the tool server
After the tool is run, several files are generated in the output directory. The following figure shows the generated files.
You can open the xxxindex.html file to view the overview data of all surveyed AWS resources. You can view resources on the overview page. If a large number of resources exist, you can click more to view all resources on the details page.
Upload resource information
After you verify that the data is correct on the tool server, you can upload the JSON file to CMH.
Log on to the CMH console. In the left-side navigation pane, choose Assessment > Resource Collection. On the Offline Collection tab of the Resource Collection page, click Upload in the AWS section. In the dialog box that appears, upload the JSON file.
After the JSON file is uploaded, you can view the survey task in the CMH console. You can click the task ID to view the surveyed resources. The surveyed resources are automatically imported to CMH and are displayed in the resource list.