Configuring Cloud Services
Enabling cloud service APIs
Ghostwriter can track cloud resources used for projects. If you provide access tokens for Amazon Web Services (AWS) and Digital Ocean (DO), Ghostwriter has a task that will collect all running server instances and check if any of them are attached to a completed project.
The task will report back with JSON detailing your active (powered-on) cloud servers. If you have Slack enabled, Ghostwriter will send notifications to let you know if an active cloud server is not tracked as part of a project or is tracked as part of a project that has ended.
You may spin up cloud servers on the same account that you do not want to be monitored. You can tag these servers with an "ignore tag" of your choosing. Provide a comma-separated list of tags for Ghostwriter to ignore when checking cloud assets.
Cloud Services Configuration
Ghostwriter is designed to use minimal AWS privileges so you do not need to assign any serious privileges to the keys you use for monitoring your AWS resources. Ghostwriteraccesses and reads from the following services:
- STS – Ghostwriter connects and calls
get-caller-identityto test your keys
- Lightsail – Collects your running Lightsail instances and related identifiers
- EC2 – Collects your running EC2 instances and related identifiers
- S3 – Collects your list of buckets
Fetching instance information from Lightdail and EC2 requires specifying a region. To determine which regions your account has enabled, Ghostwriter calls EC2's
Then, Ghostwriter uses an EC2 resource to call
instancesand a Lightsail client to call
get-instancesto build a list of instances. This data includes:
- Private IP(s)
- Public IP(s)
- Misc. Networking and Hardware
For S3, Ghostwriter calls
list-bucketsto get a list of all buckets. This data includes the bucket's name and the date on which it was created.