This document describes how to run an inventory discovery on your Amazon Web Services (AWS) account by using the Migration Center discovery client CLI.
You can use mcdc
CLI to collect information about the following
assets in your AWS account:
- Amazon CloudFront (Preview)
- Amazon Elastic Compute Cloud (EC2)
- Amazon Elastic Container Service (ECS) (Preview)
- Amazon Elastic File System (EFS) (Preview)
- Amazon Elastic Kubernetes Service (EKS) (Preview)
- Amazon Redshift (Preview)
- Amazon Relational Database Service (RDS)
- Microsoft SQL Server
- MySQL
- PostgreSQL
- Amazon Simple Storage Service (S3) (Preview)
- Amazon Virtual Private Cloud (VPC) (Preview)
- AWS Lambda (Preview)
- Elastic Load Balancing (ELB) (Preview)
The mcdc
CLI then sends the collected information to
Migration Center where you can complete the assessment.
Limitations
When running an inventory discovery on your AWS account, the
mcdc
CLI has the following limitations:
- Only EC2 and RDS asset types are included in the TCO report. To export and analyze all asset types outside of Migration Center, export your inventory.
- The following information for EC2 instances is not collected:
- Memory usage is not collected. To collect this information, make sure that the Amazon CloudWatch agent is installed and configured on your EC2 instances.
- Free disk space. To collect this information, run a guest discovery.
- You cannot run the
mcdc
CLI on Linux machines to collect data from AWS Windows EC2 instances. To collect information from Windows EC2 instances, run themcdc
CLI on a Windows machine.
Data collected during inventory discovery
The mcdc
CLI collects the following information from the
supported AWS services:
Asset type | Data collected |
---|---|
Amazon EC2 |
Click to show the collected data.
|
Amazon RDS |
Click to show the collected data.
|
Amazon S3 |
Click to show the collected data.
|
Amazon EKS |
Click to show the collected data.
|
Amazon ECS |
Click to show the collected data.
|
ELB |
Click to show the collected data.
|
AWS Lambda |
Click to show the collected data.
|
Amazon CloudFront |
Click to show the collected data.
|
Amazon EFS |
Click to show the collected data.
|
Amazon Redshift |
Click to show the collected data.
|
Amazon VPC |
Click to show the collected data.
|
The mcdc
CLI collects metrics for the last 30 days
except for database memory usage. For database memory usage, AWS
saves only up to 7 days of data by default, so
the mcdc
CLI collects data for only the last 7 days.
Before you begin
Before you begin the inventory discovery, complete the following steps:
- Review the requirements for downloading and running the
mcdc
CLI. - Choose where to download the
mcdc
CLI and complete the steps to download themcdc
CLI. - Make sure that you have access to your AWS account.
Choose where to download the mcdc
CLI
You can download the mcdc
CLI to both Linux and Windows
machines. We recommend using a Windows EC2 instance to
download and run the mcdc
CLI, because it supports all
available collection methods.
You can download the mcdc
CLI to a location with access to
your target assets, such as the following:
- AWS CloudShell
- A Linux EC2 instance
- A Windows EC2 instance
- Any computer where you have installed the
mcdc
CLI and have remote access to your AWS account.
For instructions to download the mcdc
CLI,
see Download mcdc
CLI.
Create an AWS IAM policy
To authorize the mcdc
CLI to read the AWS asset inventory data,
create an AWS IAM policy
with the following permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudfront:ListDistributions",
"cloudfront:ListTagsForResource",
"cloudwatch:DescribeAlarms",
"cloudwatch:ListTagsForResource",
"cloudwatch:GetMetricData",
"ec2:DescribeRegions",
"ec2:DescribeInstances",
"ec2:DescribeInstanceTypes",
"ec2:DescribeVolumes",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeNetworkAcls",
"ecs:ListClusters",
"ecs:DescribeClusters",
"ecs:ListServices",
"ecs:DescribeServices",
"ecs:ListTasks",
"ecs:DescribeTasks",
"ecs:ListContainerInstances",
"ecs:DescribeContainerInstances",
"efs:DescribeFileSystems",
"efs:ListTagsForResource",
"efs:DescribeLifecycleConfiguration",
"efs:DescribeBackupPolicy",
"efs:DescribeReplicationConfigurations",
"efs:DescribeMountTargets",
"efs:DescribeAccessPoints",
"eks:ListClusters",
"eks:DescribeCluster",
"eks:ListNodegroups",
"eks:DescribeNodegroup",
"eks:ListFargateProfiles",
"eks:DescribeFargateProfile",
"autoscaling:DescribeAutoScalingGroups",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:DescribeInstanceHealth",
"lambda:ListFunctions",
"lambda:ListTags",
"lambda:ListEventSourceMappings",
"lambda:GetFunctionConcurrency",
"rds:DescribeDBInstances",
"rds:DescribeDBEngineVersions",
"pi:GetResourceMetrics",
"redshift:DescribeClusters",
"redshift-serverless:ListWorkgroups",
"redshift-serverless:GetNamespace",
"redshift-serverless:ListSnapshotCopyConfigurations",
"redshift-serverless:ListTagsForResource",
"s3:ListAllMyBuckets",
"s3:GetBucketLocation",
"s3:GetBucketTagging",
"s3:GetBucketVersioning",
"s3:GetLifecycleConfiguration",
"ssm:DescribeInstanceInformation"
],
"Resource": "*"
}
]
}
Authenticate to AWS
To authorize the mcdc
CLI to access your AWS environment,
authenticate your account using one of the following methods:
Use your existing AWS credentials
To use your existing AWS credentials, run the mcdc
CLI
commands directly from the AWS Cloud Shell.
If you run the mcdc
CLI from the AWS Cloud Shell, you
can use your existing credentials without an access key. In this case, the
mcdc
CLI can access your AWS environment to
discover AWS assets, as the access is granted by your credentials.
Create an access key for the mcdc
CLI
To create an access key for the mcdc
CLI, follow
these steps:
- Create a dedicated IAM user to interact with the AWS API.
- Attach the IAM policy you created in the previous section to your new user.
In the AWS console, navigate to the IAM user that you created in the previous step, and click User > Security Credentials > Create access key > Other > Next > Create access key.
For more information, see Create an access key.
Store the access key ID and access key. You need this information to scan your AWS inventory.
Optional: Set up access to collect guest operating system data
Guest operating system data enriches pricing reports, license reports, and asset details exports. This data also helps assess suitability for containerization migrations to Google Kubernetes Engine, GKE Autopilot, and Cloud Run. If you don't want to collect operating system data, you can skip this section.
To collect guest operating system data, the workstation running the mcdc
CLI
must connect to the target EC2 instances. Make sure that the following
ports are open on the target EC2 instances:
- Port 22 (SSH) for Linux machines
- Port 135 (WMI) for Windows machines
Discover assets in your AWS account
To discover assets in your AWS account, follow these steps:
In the command line terminal, change to the directory where you downloaded the
mcdc
CLI.Run the discovery:
AWS CloudShell
To discover assets in your AWS account, run the following command:
Linux
./mcdc discover aws --host-config \
[--services AWS_SERVICE_NAMES] \
[--region AWS_REGION]Windows
mcdc.exe discover aws --host-config \
[--services AWS_SERVICE_NAMES] \
[--region AWS_REGION]Replace the following:
- AWS_SERVICE_NAMES: the types of assets to discover.
Provide a comma-separated list. Supported values are
cloudfront
,dynamodb
,ecs
,efs
,eks
,elb
,lambda
,db
(RDS),redshift
,route53
,s3
,vm
(EC2), andvpc
. If you don't provide this flag, all supported asset types are discovered. - AWS_REGION: the AWS region where your EC2 instances and RDS databases are located. This flag is optional. If you don't provide this flag, assets from all enabled AWS regions are discovered.
AWS access key
To discover assets in your AWS account by using your AWS access key ID and access key, run the following command:
Linux
./mcdc discover aws --access-key-id AWS_ACCESS_KEY_ID \
--secret-access-key AWS_ACCESS_KEY \
[--services AWS_SERVICE_NAMES] \
[--region AWS_REGION]Windows
mcdc.exe discover aws --access-key-id AWS_ACCESS_KEY_ID \
--secret-access-key AWS_ACCESS_KEY \
[--services AWS_SERVICE_NAMES] \
[--region AWS_REGION]Replace the following:
- AWS_ACCESS_KEY_ID: the access key ID you
created in the Create an access key for the
mcdc
CLI section. - AWS_ACCESS_KEY: the access key that you created
in the Create an access key for the
mcdc
CLI section. - AWS_SERVICE_NAMES: the types of assets to discover.
Provide a comma-separated list. Supported values are
cloudfront
,dynamodb
,ecs
,efs
,eks
,elb
,lambda
,db
(RDS),redshift
,route53
,s3
,vm
(EC2), andvpc
. If you don't provide this flag, all supported asset types are discovered. - AWS_REGION: the AWS region where your AWS assets are located. This flag is optional. If you don't provide this flag, assets from all enabled AWS regions are discovered.
The output should look similar to the following:
[+] Collecting for AWS Account: 123456789012 [+] Collecting RDS in region eu-north-1 [✓] Collected 0 DB instances [!] No DB instances found [+] Collecting ECS in region eu-north-1 [+] Successfully collected data for 2 ECS clusters in region eu-north-1 [+] Collecting S3... [+] Successfully collected data for 74 S3 buckets [✓] Collection completed.
- AWS_SERVICE_NAMES: the types of assets to discover.
Provide a comma-separated list. Supported values are
Optional: To review the collected data, run the following command:
Linux
./mcdc discover ls
Windows
mcdc.exe discover ls
The output should look similar to the following:
VM Assets PLATFORM VM ID NAME COLLECTED DATA OS IP ADDRESSES i-011d6234b5769fe2a abc-rhel9.0-arm AWSVM Red Hat Enterprise Linux 192.0.2.1 i-08f7e5e469508460f def-rhel9.0-arm AWSVM Red Hat Enterprise Linux 192.0.2.2 i-09e28bb6eggg94db8 ghi-ol9.3 AWSVM Linux/UNIX 192.0.2.3 Database Assets GENERATED ID PROVIDER ENGINE arn:aws:rds:eu-west-1:12345678912:db:abc-sqlserver RDS SQL Server AWS CloudFront Distribution: 2 assets were collected. AWS ECS Cluster: 3 assets were collected. AWS EFS: 5 assets were collected. AWS Elastic Load Balancer: 7 assets were collected. AWS Lambda: 9 assets were collected. AWS Redshift: 2 assets were collected. AWS S3 Bucket: 77 assets were collected. AWS VPC: 84 assets were collected.
Optionally, use the
--asset-types
flag to display assets of a specific type. For example, to display only EC2 instances, run the following command:Linux
./mcdc discover ls --asset-types=vm
Windows
mcdc.exe discover ls --asset-types=vm
When using the
--asset-types
flag, only the following asset types are supported:db
: Relational Database Service (RDS)vm
: Elastic Compute Cloud (EC2)
After you discover your assets, to view the assets, export the collected data to Migration Center.
What's next
- Learn how to export collected data to Migration Center.
- Learn how to export inventory and performance data.
- Learn how to generate TCO reports.