-
Notifications
You must be signed in to change notification settings - Fork 6
Unique Asset Identifier is not unique #173
Comments
Ooh that's a good point. I think this was from an older version where we weren't generating arn's for all entries. If we check that all entries now have an arn, I think it's a good idea to use that as the Unique Asset Identifier like you suggest. If not, we might have to construct one, something like We will also need to decide if we want to keep the name in the inventory in another field, maybe Comments |
Btw, I migrated to using this - https://aws.amazon.com/blogs/publicsector/automating-creation-fedramp-integrated-inventory-workbook/ |
The Unique Asset Identifier is generally unique per Asset Type (per region per account where it matters). However, it's not unique for the entire column. From the inventory template:
ARNs aren't used in most other documents or in vulnerability scanning tools, so slightly skeptical about using it as such. If we move the ARN from Serial #/Asset Tag# to Unique Asset Identifier, I do think we need to put the current contents of Unique Asset Identifier somewhere else. I'm just skeptical about putting them in Comments, as I would like to be able to sort based on them, which can't be easily done when we're already overloading Comments for other things. Would welcome thoughts... |
I reviewed the code (https://github.com/aws-samples/fedramp-integrated-inventory-workbook) for that blog post recently, and it is pretty lacking and has several bugs. For one, it adds a duplicate row if something has multiple IP addresses, which doesn't make any sense to me. Also, it only supports EC2, ELB/ELBv2, RDS, and DynamoDB -- but misses a lot of the important details to actually make such an inventory useful. So, I would not recommend using. |
Many resource types seem to use the resource name as the Unique Asset Identifier which results in many duplicates.
e.g. Creating a Lambda function called test and a SQS queue called test will result in duplicate Unique Asset Identifiers "test".
Should the Unique Asset Identifier be the ARN or similar? as it should be unique across resources, regions, and accounts.
The text was updated successfully, but these errors were encountered: