Skip to content

feat(aws): Add interactive region selection for discovery#39

Open
JuanKRuiz wants to merge 1 commit intoGoogleCloudPlatform:masterfrom
JuanKRuiz:master
Open

feat(aws): Add interactive region selection for discovery#39
JuanKRuiz wants to merge 1 commit intoGoogleCloudPlatform:masterfrom
JuanKRuiz:master

Conversation

@JuanKRuiz
Copy link

@JuanKRuiz JuanKRuiz commented Sep 10, 2025

Description

This pull request introduces a critical usability enhancement by allowing the user to specify a single AWS region for the inventory scan.

1. The Problem (The Why)

The script's default behavior of iterating through all available AWS regions causes execution failures in corporate environments where Service Control Policies (SCPs) are enforced. When an SCP denies access to a non-enabled region—a common security and governance best practice—the script terminates abruptly with an UnauthorizedOperation error or similar. This completely blocks the tool's utility for users operating within these policy-restricted accounts.

2. The Solution (The How)

To address this blocker, an interactive workflow has been implemented at the script's startup:

  • Interactive Prompt: The user is prompted to enter an AWS region.
  • Scoped Scan (Single-Region): If a valid region is provided, the discovery scope is exclusively limited to that region. This prevents API calls to restricted regions, ensuring the script runs to completion.
  • Default Behavior (Backwards Compatible): If the user presses ENTER without providing a region, the script retains its original behavior, scanning all available regions to ensure backward compatibility.

3. The Impact & Benefits (The Value)

  • Unlocks Users: Enables engineers in organizations with robust security policies to use the tool without impediment.
  • Increased Robustness: The script now proactively handles a common failure point in governed AWS environments.
  • Operational Flexibility: Provides the option for a quick, targeted discovery in a single region in addition to the traditional full scan.

@JuanKRuiz
feat(aws-export): Add interactive region selection
c39fc40 
This change introduces an interactive prompt that allows the user to specify a single AWS region to scan, improving usability in restricted environments.

Prior to this change, the script attempted to scan all AWS regions by default. This caused errors in accounts where Service Control Policies (SCPs) block access to unused regions, halting execution.

Now, the script:
- Displays a banner and prompts the user to enter an AWS region.
- If a valid region is specified, the scan is limited to only that region.
- If no region is entered, the script maintains the previous behavior and scans all available regions.

This makes the tool more flexible and robust for operating in AWS environments with strict security policies.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@JuanKRuiz