v1.6.0

What's New

Resource Currency Tracking (is_current)

Queries no longer use heavy scan_id IN (SELECT ...) subqueries. A new indexed is_current column on the resources table tracks which resources are live vs historical.

• Before: every query ran a nested subquery against the scans table
• After: every query uses AND is_current=1 ==> simple, fast, indexed

The migration runs once automatically and handles:

• Concurrent processes: try/except on ALTER TABLE, immediate commit, idempotent UPDATE
• Partial scans: finds latest scan per (account, service), not per account, so scanning only ec2,s3 doesn't mark your lambda resources as stale

NLQ Parser Improvements

• Fixed: the word "and" in natural language queries is no longer interpreted as a filter value (e.g., "show me their name and runtime" no longer generates runtime='and')
• Fixed: plural field names are now supported ==> "show me their names and runtimes" correctly adds both name and runtime columns to the result
• Fixed: multi-field SELECT ==> "show me their X and Y" now extracts all requested fields, not just the first one

Shell Completion (bash, zsh, fish)

Tab completion for all commands and options, with no extra dependencies (uses Click's built-in completion system).

Activate:

eval "$(awsmap completion bash)"     # add to ~/.bashrc
eval "$(awsmap completion zsh)"      # add to ~/.zshrc
awsmap completion fish > ~/.config/fish/completions/awsmap.fish

What gets completed:

Context	Completions
awsmap <TAB>	Subcommands
awsmap -s <TAB>	Service names
awsmap -r <TAB>	AWS region names
awsmap -p <TAB>	AWS profiles from ~/.aws/credentials and ~/.aws/config
awsmap query -n <TAB>	Pre-built query names
awsmap query -a <TAB>	Account aliases, profiles, and IDs
awsmap config set <TAB>	Configuration keys
awsmap examples <TAB>	Service names from the examples library

Bash 4.4+ required. macOS ships Bash 3.2 which is not supported. Install modern Bash via brew install bash or use zsh.

Files Changed

• src/aws_inventory/db.py ==> is_current column, migration, store_scan() marks old resources
• src/aws_inventory/collector.py ==> passes scanned services list to store_scan()
• src/aws_inventory/nlq.py ==> replaced scan subquery with is_current=1, fixed conjunction and plural parsing
• src/aws_inventory/queries_lib.py ==> updated aliased scan filter substitution for is_current
• src/aws_inventory/completions.py ==> new module with all shell completion functions
• src/aws_inventory/cli.py ==> wired completers to options, added completion subcommand
• README.md ==> shell completion documentation with macOS Bash fix instructions

Install / Upgrade

pip install --upgrade awsmap

# or Docker
docker pull tarekcheikh/awsmap

v1.5.0

v1.5.0

What's New

Local SQLite Database

Scan results are now stored automatically in ~/.awsmap/inventory.db. Query your inventory history, compare across accounts, and track changes over time.

# Scan as usual — results are stored automatically
awsmap -p production

# Query stored inventory with SQL
awsmap query "SELECT service, COUNT(*) as count FROM resources GROUP BY service ORDER BY count DESC"

# Query across multiple accounts
awsmap query -n admin-users -a production

Natural Language Queries — Zero Dependencies

Ask questions in plain English. No LLM, no API keys, no network required. The built-in parser is a deterministic NL-to-SQL engine tested against 1500 realistic questions with a 100% pass rate.

awsmap ask show me all EC2 instances without Owner tag
awsmap ask how many Lambda functions per region
awsmap ask which S3 buckets are in eu-west-1
awsmap ask -a production show me IAM users

Covers listing, counting, aggregation, region filters, negation, tags, multi-service queries, synonyms, typo tolerance, relative time, numeric fields, and 150+ AWS services.

Pre-Built Query Library (30 Queries)

Ready-to-use security, compliance, and operational queries — no SQL knowledge required.

awsmap query --list                              # List all queries
awsmap query -n admin-users                      # IAM users with admin permissions
awsmap query -n users-without-mfa                # Users without MFA
awsmap query -n open-security-groups             # Security groups open to 0.0.0.0/0
awsmap query -n resources-by-tag -P tag=Owner    # Resources with a specific tag
awsmap query -n missing-tag -P tag=Environment   # Resources missing a tag
awsmap query --show admin-users                  # View query SQL without running
awsmap query -F my-query.sql                     # Run SQL from a file

Users can add custom queries by placing .sql files in ~/.awsmap/queries/.

Examples Library (1381 Questions)

Browse and run 1381 pre-built questions organized across 51 AWS services.

awsmap examples                    # List services with question counts
awsmap examples lambda             # List Lambda questions
awsmap examples lambda 5           # Run question #5
awsmap examples --search "public"  # Search all questions

Configuration System

Set persistent defaults so you don't have to repeat CLI flags.

awsmap config set profile production
awsmap config set regions us-east-1,eu-west-1
awsmap config set services ec2,s3,lambda
awsmap config set format json
awsmap config list

5 New Service Collectors (150 Total)

• dsql — Aurora DSQL clusters
• datazone — Domains, projects, environments
• timestream-influxdb — DB instances, parameter groups
• bedrock (extended) — Agents, knowledge bases, data sources
• s3 (extended) — Table buckets, namespaces, tables

Service & Region Validation

Invalid service names and regions are rejected immediately with fuzzy-match suggestions:

$ awsmap -s labda
Error: Unknown service 'labda'. Did you mean: lambda?

$ awsmap -r eu-wst-1
Error: Unknown region 'eu-wst-1'. Did you mean: eu-west-1?

Other Improvements

• awsmap --version now shows the installed version
• Multi-account support: scan multiple profiles, query across all accounts with awsmap ask
• Removed unused pyyaml dependency
• Updated minimum Python version to 3.9 (3.8 EOL October 2024), added Python 3.13 support

Full Backward Compatibility

All existing commands work exactly as before — no breaking changes. The SQLite database is created automatically on first scan.

Install / Upgrade

pip install --upgrade awsmap

v1.4.0

What's New

Exclude Default Resources (--exclude-defaults)

New CLI flag to filter out AWS-created default resources from the inventory.
Default VPCs, subnets, security groups, route tables, internet gateways,
NACLs, and DHCP options can now be excluded for a "user-created only" view.
Default resources are also visually marked with a "DEFAULT" badge in HTML
reports, so they remain identifiable even without filtering.

Dynamic Dashboard

The Top Services and Top Regions charts now update in real-time when you
filter by region, service, tag, or search. The summary stat cards (Total
Resources, Services, Regions, Resource Types) and per-service resource
counts also reflect the current filtered view.

Bug Fix

• Fixed Lambda collector not loading due to missing aiobotocore dependency

AWS-Aligned Design

The HTML report has been redesigned to match the AWS Console look and feel,
based on the Cloudscape Design System:

• AWS color palette: Cloudscape blue, AWS orange accent, dark header
• Flat, professional styling with bordered cards and solid bar charts
• Compact layout with industry-standard spacing (14px base, Cloudscape density)
• Better readability on smaller screens and laptops
• Cleaner tag badges, region pills, and button styles

v1.3.0

5 New Service Collectors

• Aurora DSQL — clusters with encryption and multi-region details
• Amazon DataZone — domains, projects, and environments
• Timestream for InfluxDB — DB instances and parameter groups
• Bedrock Agents (extension) — agents, knowledge bases, and data sources
• S3 Tables (extension) — table buckets, namespaces, and tables

Input Validation

• Unknown service names are now rejected immediately with fuzzy match suggestions (e.g. access-analyzer → "Did you mean: accessanalyzer?")
• Invalid or disabled regions are rejected with close match suggestions (e.g. us-east-9 → "Did you mean: us-east-1, us-east-2?")
• Service validation runs before AWS credentials check — no wasted API calls

HTML Report Fixes

• Fixed text overflow in detail panels where long ARNs and values bled into adjacent cells
• Fixed word splitting that broke normal words mid-character (e.g. "for" split as "f" / "or")

Other

• AWS default Timestream InfluxDB parameter groups are now filtered from results
• Updated service count from 140+ to 150+
• Updated ROADMAP.md with structured service gap analysis (67 new collectors + 24 extensions)

v1.2.0

What's Changed

Expandable Resource Detail Panels

The HTML report now shows resource metadata (engine, encryption, instance type, storage class, etc.) in expandable panels below each resource row. Click any resource to
reveal its full details.

• Expandable detail grid with type-aware formatting (boolean Yes/No coloring, list badges, null handling)
• Search matches inside detail fields auto-expand panels with highlighted matches
• Performance optimized: search input fires after you stop typing, detail text pre-cached for fast filtering
• Expand All / Collapse All includes detail panels
• Print view shows all details expanded
• CSV export correctly excludes detail rows

Contributors

Thanks to @rianbk for this contribution! (#3)

Full Changelog: v1.1.0...v1.2.0

v1.1.0

What's Changed

CLI Improvements

• Renamed --service to --services to follow AWS CLI conventions for multi-value options
• Short flag -s remains unchanged

Migration

If you have scripts using --service, update them to --services:

# Before
awsmap -p myprofile --service ec2,s3,rds

# After
awsmap -p myprofile --services ec2,s3,rds

Full Changelog: https://github.com/TocConsulting/awsmap/compare/v1.0.0...v1.1.0

v1.0.0 - Map Your AWS Infrastructure

awsmap v1.0.0

Fast, comprehensive AWS resource inventory across 140+ services.

Features

• 140+ AWS Services - EC2, Lambda, RDS, S3, ECS, EKS, and many more
• Multi-Region Scanning - Parallel execution across all AWS regions
• Beautiful HTML Reports - Interactive reports with filtering, search, and dark mode
• Multiple Output Formats - HTML, JSON, CSV
• Tag Collection - Collect and filter by resource tags
• AWS Profile & SSO Support - Works with named profiles and AWS SSO
• Smart Global Services - Intelligent handling of global vs regional services
• Performance Optimized - Region-aware collectors to avoid endpoint timeouts

Installation

pip install awsmap

Docker

docker pull tarekcheikh/awsmap:1.0.0

Quick Start

awsmap -p my-profile -o inventory.html