# AWS This page documents AWS-specific details for the Discover Assets feature. ### Prerequisites * Your AWS account must be added to MechCloud using OIDC federation. Follow the [AWS onboarding guide](https://docs.mechcloud.io/cloud-computing/add-an-account/aws) to connect your account. * The IAM role used by MechCloud must allow read access to the resources you want to discover. At minimum attach **AmazonEC2ReadOnlyAccess** for EC2 and VPC inventory. ### How Discovery Works When you run Discover Assets against an AWS account MechCloud queries AWS APIs to enumerate resources across the selected regions. The results are rendered in a hierarchical view that reflects AWS's resource organization: * **Regions** - top-level grouping (e.g. `us-east-1`, `eu-west-1`) * **VPCs** - within each region * **Subnets** - within each VPC * **Instances** - resources scoped to a subnet or VPC * **Regional resources** - resources scoped to a region such as Elastic IPs and EBS volumes VPCs and subnets are displayed with their contained resources so you can see which EC2 instances sit inside which subnet and which EBS volumes are attached to which instance. ### Resource Cards Each discovered resource is displayed as a card with key attributes: **EC2 Instances** * Instance type (e.g. `t3.medium`, `m6i.large`) * Private and public IP addresses * Attached EBS volumes * Current state (`running`, `stopped`, `terminated`) **EBS Volumes** * Volume type (e.g. `gp3`, `gp2`, `io2`) * Size in GB * Attached instance (if any) * Availability Zone **Elastic IPs** * Public IP address * Associated resource (if any) * Allocation status ### VPC Resources The following resource types are displayed as VPC-level resources within each VPC: * **Security Groups** - with group name and description * **Internet Gateways** - with attachment state * **NAT Gateways** - with state * **VPN Connections** - with connection type * **Transit Gateways** - with state * **Load Balancers** - ALB, NLB and GLB with type indicator * **RDS Instances** - with engine and instance class * **RDS Clusters (Aurora)** - with engine * **ElastiCache** - cache clusters and replication groups with engine and node type * **EKS Clusters** - Kubernetes clusters * **ECS Services** - Fargate services with task count * **MSK Clusters** - Managed Kafka clusters with broker instance type * **DynamoDB Tables** - with billing mode * **S3 Buckets** - bucket name * **Route53 Hosted Zones** - with public/private indicator (discovered in us-east-1 only) ### Lifecycle Operations The following operations are available directly from the discovery view: | Operation | Scope | Description | | --------- | ------------------------------------------------- | -------------------------- | | Start | EC2 Instance | Start a stopped instance | | Stop | EC2 Instance | Stop a running instance | | Reboot | EC2 Instance | Restart a running instance | | Delete | EC2 Instance, EBS Volume, Elastic IP, VPC, Subnet | Remove the resource | All operations are available at the individual resource level and in bulk. **Cascading Deletes**: When deleting a VPC or subnet MechCloud automatically identifies and removes dependent resources such as EC2 instances, network interfaces, route table associations and security-group-bound resources in the correct order. No manual cleanup is required. ### Identifying Waste Use Discover Assets to spot resources that are incurring cost without providing value: * **Unattached EBS volumes** - volumes not attached to any EC2 instance continue to incur storage charges * **Unused Elastic IPs** - allocated public IPs not associated with a running resource can still be billed * **Stopped instances with attached volumes** - compute charges may stop, but EBS storage charges continue These resources can be deleted directly from the discovery UI with a single click.