AWS Patrol

Automated AWS infrastructure monitoring, security audit, and cost analysis with visual report generation.

Prerequisites

• Python 3.8+ with boto3
• AWS credentials configured (profile or env vars)
• Node.js + Puppeteer (for screenshot generation)
• Required AWS permissions: ReadOnlyAccess (EC2, RDS, ELB, CloudWatch, IAM, S3, Cost Explorer, Savings Plans, Health, Pinpoint SMS)

Configuration (Environment Variables)

Workflow

1. Collect Resource Metrics

python3 scripts/patrol.py

Outputs aws-patrol-detail.json with:

• EC2: CPU, network, status checks (alerts if CPU>80% or status check failed)
• RDS: CPU, memory, connections, storage, IOPS (alerts if CPU>80%, low memory, low storage)
• ELB: target group health, unhealthy targets
• CloudWatch alarms in ALARM state
• AWS Health events (last 7 days)
• SMS/Pinpoint sender registration status

2. Collect Security & Cost Data

python3 scripts/patrol-security-cost.py

Outputs aws-security-cost.json with:

• Security: IAM users without MFA, old access keys (>90d), open security groups (0.0.0.0/0 on sensitive ports), unencrypted EBS, public S3 buckets
• Cost: 30-day total & daily trend, SP utilization & coverage (7-day daily), RDS/ElastiCache RI coverage, active SPs & RIs, waste detection (stopped instances, unattached volumes, unused EIPs, old snapshots, low-CPU instances)

3. Generate Visual Report

python3 scripts/gen-report.py '<JSON>'

Accepts a JSON argument with fields:

• date, weekday, ec2Count, rdsCount, elbCount
• costTotal, costDaily, unattachedVol, unusedEip, lowCpu, oldSnap
• spUtilPct, spCovPct, rdsRiPct, ecRiPct
• noMfa, unencEbs, openSg, oldKeys, s3Risk
• highCpu (array: {name, cpu, type, level})
• spRiDetails (string summary)
• health (array: {type, title, desc})
• sms (array: {name, status, level})
• actions (array: {date, level, title, desc, daysLeft, daysLevel})

Outputs daily-report.html.

4. Screenshot & Deliver

# Start HTTP server
python3 -m http.server 18923 &
# Screenshot
node -e "const p=require('puppeteer');(async()=>{const b=await p.launch({headless:'new',args:['--no-sandbox']});const pg=await b.newPage();await pg.setViewport({width:520,height:800,deviceScaleFactor:2});await pg.goto('http://localhost:18923/daily-report.html',{waitUntil:'networkidle0'});await pg.screenshot({path:'daily-report.png',fullPage:true});await b.close()})()"
# Stop server
kill %1

Send daily-report.png via messaging with a brief summary.

Scheduling (Cron Example)

Set up a daily 9:00 AM patrol via OpenClaw cron (systemEvent → main session):

每天 9:00 运行 aws-patrol 巡检流程，采集数据 → 生成报告 → 截图推送

Anomaly Investigation

When high CPU, Health alerts, or SMS issues are detected, don't just report numbers — investigate root cause (check CloudWatch trends, recent deployments, process-level metrics) and include analysis in the report.