A unified solution for collecting cloud resource counts across AWS, Azure, GCP, and OCI for LogicMonitor licensing purposes.
This tool collects resource inventory from cloud providers and calculates LogicMonitor license requirements by categorizing resources into:
- IaaS - Virtual machines and compute instances
- PaaS - Managed services, containers, serverless functions
- Non-Compute - Storage, networking, and other infrastructure resources
pip install lm-cloud-inventoryOr install from source:
git clone https://github.com/logicmonitor/lm-cloud-resource-inventory.git
cd lm-cloud-resource-inventory
pip install .# Run inventory and calculate licenses
lmci run -p aws -o aws_summary.csv
lmci run -p azure -o azure_summary.csv
lmci run -p gcp -o gcp_summary.csv
lmci run -p oci -o oci_summary.csv| Option | Description |
|---|---|
-v, --verbose |
Enable verbose logging (shows debug info and full tracebacks) |
--version |
Show version and exit |
--help |
Show help message |
Collect inventory and calculate licenses in one step. This is the primary command for most users.
lmci run -p <provider> [options]| Option | Provider | Description |
|---|---|---|
-p, --provider |
All | Cloud provider: aws, azure, gcp, oci (required) |
-o, --output |
All | Output CSV file (default: license_summary.csv) |
-d, --detailed |
All | Generate detailed CSV with per-region breakdown |
--show-unmapped |
All | List resource types not mapped to license categories |
--profile |
AWS | AWS CLI profile name |
-s, --subscription |
Azure | Subscription ID (can be repeated for multiple) |
--project |
GCP | GCP project ID |
--compartment |
OCI | OCI compartment OCID |
Examples:
# AWS - basic
lmci run -p aws
# AWS - with named profile
lmci run -p aws --profile production -o aws_prod.csv
# Azure - all subscriptions
lmci run -p azure
# Azure - specific subscriptions
lmci run -p azure -s "sub-id-1" -s "sub-id-2"
# GCP - auto-detect project from credentials
lmci run -p gcp
# GCP - explicit project
lmci run -p gcp --project my-project-id
# OCI - entire tenancy
lmci run -p oci
# OCI - specific compartment
lmci run -p oci --compartment ocid1.compartment.oc1..xxx
# Any provider - with detailed output
lmci run -p aws -d -o detailed_report.csvCollect inventory only (saves JSON for later calculation).
lmci collect -p <provider> [options]| Option | Provider | Description |
|---|---|---|
-p, --provider |
All | Cloud provider (required) |
-o, --output |
All | Output JSON file (default: inventory.json) |
--profile |
AWS | AWS CLI profile name |
--region |
AWS | AWS region for API calls (default: us-east-1) |
--organization |
AWS | IAM role name for cross-account access |
--organization |
GCP | GCP organization ID for org-wide inventory |
-s, --subscription |
Azure | Subscription ID (repeatable) |
--project |
GCP | GCP project ID |
--compartment |
OCI | OCI compartment OCID |
Calculate licenses from an existing inventory JSON file.
lmci calculate -i <inventory.json> [options]| Option | Description |
|---|---|
-i, --input |
Input inventory JSON file (required) |
-o, --output |
Output CSV file (default: license_summary.csv) |
-d, --detailed |
Generate detailed CSV |
--show-unmapped |
List unmapped resource types |
Show required permissions for each cloud provider.
lmci permissions -p aws
lmci permissions -p azure
lmci permissions -p gcp
lmci permissions -p oci| Provider | API Used | Performance |
|---|---|---|
| AWS | AWS Resource Explorer | ~2-5 minutes |
| Azure | Azure Resource Graph | ~1-2 minutes |
| GCP | Cloud Asset Inventory | ~1-2 minutes |
| OCI | OCI Search Service | ~1 minute |
For a complete list of supported resources, see LogicMonitor Cloud Services Documentation.
The following AWS services are not indexed by AWS Resource Explorer and will not be collected:
| Service | Resource Type |
|---|---|
| CloudSearch | Domain |
| MediaConnect | Flow |
| MediaConvert | Queue |
| OpsWorks | Stack |
| Q Business | Application |
| QuickSight | Dashboard (dataset/datasource are supported) |
| Simple Workflow (SWF) | Domain |
| Application Migration Service | Source Server |
| ElasticTranscoder | Pipeline |
If you have significant usage of these services, contact your LogicMonitor representative for manual inventory assistance.
- Python 3.9+
- Cloud provider credentials configured via one of:
- CLI tools (
aws,az,gcloud,oci) - recommended for local use - Environment variables
- Service account files
- CLI tools (
- Read-only permissions (see Permissions Documentation)
Configure credentials for each cloud provider before running the inventory.
Option 1: AWS CLI (Recommended)
# Install AWS CLI and configure
aws configure
# Verify
aws sts get-caller-identityOption 2: Environment Variables
export AWS_ACCESS_KEY_ID="your-access-key"
export AWS_SECRET_ACCESS_KEY="your-secret-key"
export AWS_DEFAULT_REGION="us-east-1"Option 3: Named Profiles
# Use a specific profile
lmci run -p aws --profile productionResources: AWS CLI Configuration
Option 1: Azure CLI (Recommended)
# Sign in
az login
# Verify
az account list --output tableOption 2: Service Principal
export AZURE_CLIENT_ID="appId"
export AZURE_CLIENT_SECRET="password"
export AZURE_TENANT_ID="tenant"Resources: Azure CLI Authentication
Option 1: gcloud CLI (Recommended)
# Initialize and authenticate
gcloud init
gcloud auth application-default login
# Verify
gcloud config listOption 2: Service Account Key
export GOOGLE_APPLICATION_CREDENTIALS="/path/to/service-account-key.json"The tool will automatically extract the project_id from the service account JSON file.
Resources: GCP Application Default Credentials
Option 1: OCI CLI (Recommended)
# Run setup wizard
oci setup config
# Verify
oci iam region listConfiguration is stored in ~/.oci/config.
Resources: OCI CLI Quickstart
Each cloud provider offers a browser-based shell with credentials pre-configured - the fastest way to run the inventory tool.
| Provider | Cloud Shell | Notes |
|---|---|---|
| AWS | AWS CloudShell | Python pre-installed, credentials automatic |
| Azure | Azure Cloud Shell | Python pre-installed, az authenticated |
| GCP | Google Cloud Shell | Python & gcloud pre-installed |
| OCI | OCI Cloud Shell | OCI CLI pre-installed |
The default output includes resource type breakdown by category:
Provider,Account,Category,ResourceType,Region,Count
aws,123456789012,IaaS,ec2:instance,us-east-1,42
aws,123456789012,IaaS,ec2:instance,us-west-2,15
aws,123456789012,PaaS,lambda:function,us-east-1,28
TOTAL,,IaaS,,,57
TOTAL,,PaaS,,,28
TOTAL,,Non-Compute,,,125
Same as summary but saved to a separate _detailed.csv file.
The _inventory.json file contains raw resource data for analysis:
[
{
"provider": "aws",
"account_id": "123456789012",
"region": "us-east-1",
"resource_type": "ec2:instance",
"count": 42,
"timestamp": "2024-12-22T10:30:00Z"
}
]AWS Resource Explorer is required. Enable it in your account:
- Go to AWS Resource Explorer Console
- Enable Resource Explorer
- Create an aggregator index for cross-region queries
# Verify credentials
aws sts get-caller-identityCheck Permissions Documentation for required IAM permissions.
# Verify login
az account showEnsure you have the Reader role on the subscription(s).
# Verify auth
gcloud auth listEnsure you have the roles/cloudasset.viewer role.
# Verify config
cat ~/.oci/configEnsure the policy allows: Allow group <group> to inspect all-resources in tenancy
pip install .Security:
- Read-only access only - no write/modify/delete operations
- Uses provider credential chains - no credential storage
- Only communicates with cloud provider APIs
Data Collected:
- Resource type counts
- Account/subscription identifiers
- Region/location information
NOT Collected:
- Resource names or IDs
- Resource content or data
- Configuration details
- Credentials or secrets
- Pre-sales: Contact your LogicMonitor Sales Engineer
- Customers: Contact your Customer Success Manager
MIT License - See LICENSE file for details.