PyPI - aws-inventory-manager - Versions diffs - 0.13.2__py3-none-any.whl - Mend

aws-inventory-manager 0.13.2__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of aws-inventory-manager might be problematic. Click here for more details.

Files changed (145) hide show

aws_inventory_manager-0.13.2.dist-info/LICENSE +21 -0
aws_inventory_manager-0.13.2.dist-info/METADATA +1226 -0
aws_inventory_manager-0.13.2.dist-info/RECORD +145 -0
aws_inventory_manager-0.13.2.dist-info/WHEEL +5 -0
aws_inventory_manager-0.13.2.dist-info/entry_points.txt +2 -0
aws_inventory_manager-0.13.2.dist-info/top_level.txt +1 -0
src/__init__.py +3 -0
src/aws/__init__.py +11 -0
src/aws/client.py +128 -0
src/aws/credentials.py +191 -0
src/aws/rate_limiter.py +177 -0
src/cli/__init__.py +12 -0
src/cli/config.py +130 -0
src/cli/main.py +3626 -0
src/config_service/__init__.py +21 -0
src/config_service/collector.py +346 -0
src/config_service/detector.py +256 -0
src/config_service/resource_type_mapping.py +328 -0
src/cost/__init__.py +5 -0
src/cost/analyzer.py +226 -0
src/cost/explorer.py +209 -0
src/cost/reporter.py +237 -0
src/delta/__init__.py +5 -0
src/delta/calculator.py +206 -0
src/delta/differ.py +185 -0
src/delta/formatters.py +272 -0
src/delta/models.py +154 -0
src/delta/reporter.py +234 -0
src/models/__init__.py +21 -0
src/models/config_diff.py +135 -0
src/models/cost_report.py +87 -0
src/models/deletion_operation.py +104 -0
src/models/deletion_record.py +97 -0
src/models/delta_report.py +122 -0
src/models/efs_resource.py +80 -0
src/models/elasticache_resource.py +90 -0
src/models/group.py +318 -0
src/models/inventory.py +133 -0
src/models/protection_rule.py +123 -0
src/models/report.py +288 -0
src/models/resource.py +111 -0
src/models/security_finding.py +102 -0
src/models/snapshot.py +122 -0
src/restore/__init__.py +20 -0
src/restore/audit.py +175 -0
src/restore/cleaner.py +461 -0
src/restore/config.py +209 -0
src/restore/deleter.py +976 -0
src/restore/dependency.py +254 -0
src/restore/safety.py +115 -0
src/security/__init__.py +0 -0
src/security/checks/__init__.py +0 -0
src/security/checks/base.py +56 -0
src/security/checks/ec2_checks.py +88 -0
src/security/checks/elasticache_checks.py +149 -0
src/security/checks/iam_checks.py +102 -0
src/security/checks/rds_checks.py +140 -0
src/security/checks/s3_checks.py +95 -0
src/security/checks/secrets_checks.py +96 -0
src/security/checks/sg_checks.py +142 -0
src/security/cis_mapper.py +97 -0
src/security/models.py +53 -0
src/security/reporter.py +174 -0
src/security/scanner.py +87 -0
src/snapshot/__init__.py +6 -0
src/snapshot/capturer.py +451 -0
src/snapshot/filter.py +259 -0
src/snapshot/inventory_storage.py +236 -0
src/snapshot/report_formatter.py +250 -0
src/snapshot/reporter.py +189 -0
src/snapshot/resource_collectors/__init__.py +5 -0
src/snapshot/resource_collectors/apigateway.py +140 -0
src/snapshot/resource_collectors/backup.py +136 -0
src/snapshot/resource_collectors/base.py +81 -0
src/snapshot/resource_collectors/cloudformation.py +55 -0
src/snapshot/resource_collectors/cloudwatch.py +109 -0
src/snapshot/resource_collectors/codebuild.py +69 -0
src/snapshot/resource_collectors/codepipeline.py +82 -0
src/snapshot/resource_collectors/dynamodb.py +65 -0
src/snapshot/resource_collectors/ec2.py +240 -0
src/snapshot/resource_collectors/ecs.py +215 -0
src/snapshot/resource_collectors/efs_collector.py +102 -0
src/snapshot/resource_collectors/eks.py +200 -0
src/snapshot/resource_collectors/elasticache_collector.py +79 -0
src/snapshot/resource_collectors/elb.py +126 -0
src/snapshot/resource_collectors/eventbridge.py +156 -0
src/snapshot/resource_collectors/iam.py +188 -0
src/snapshot/resource_collectors/kms.py +111 -0
src/snapshot/resource_collectors/lambda_func.py +139 -0
src/snapshot/resource_collectors/rds.py +109 -0
src/snapshot/resource_collectors/route53.py +86 -0
src/snapshot/resource_collectors/s3.py +105 -0
src/snapshot/resource_collectors/secretsmanager.py +70 -0
src/snapshot/resource_collectors/sns.py +68 -0
src/snapshot/resource_collectors/sqs.py +82 -0
src/snapshot/resource_collectors/ssm.py +160 -0
src/snapshot/resource_collectors/stepfunctions.py +74 -0
src/snapshot/resource_collectors/vpcendpoints.py +79 -0
src/snapshot/resource_collectors/waf.py +159 -0
src/snapshot/storage.py +351 -0
src/storage/__init__.py +21 -0
src/storage/audit_store.py +419 -0
src/storage/database.py +294 -0
src/storage/group_store.py +749 -0
src/storage/inventory_store.py +320 -0
src/storage/resource_store.py +413 -0
src/storage/schema.py +288 -0
src/storage/snapshot_store.py +346 -0
src/utils/__init__.py +12 -0
src/utils/export.py +305 -0
src/utils/hash.py +60 -0
src/utils/logging.py +63 -0
src/utils/pagination.py +41 -0
src/utils/paths.py +51 -0
src/utils/progress.py +41 -0
src/utils/unsupported_resources.py +306 -0
src/web/__init__.py +5 -0
src/web/app.py +97 -0
src/web/dependencies.py +69 -0
src/web/routes/__init__.py +1 -0
src/web/routes/api/__init__.py +18 -0
src/web/routes/api/charts.py +156 -0
src/web/routes/api/cleanup.py +186 -0
src/web/routes/api/filters.py +253 -0
src/web/routes/api/groups.py +305 -0
src/web/routes/api/inventories.py +80 -0
src/web/routes/api/queries.py +202 -0
src/web/routes/api/resources.py +379 -0
src/web/routes/api/snapshots.py +314 -0
src/web/routes/api/views.py +260 -0
src/web/routes/pages.py +198 -0
src/web/services/__init__.py +1 -0
src/web/templates/base.html +949 -0
src/web/templates/components/navbar.html +31 -0
src/web/templates/components/sidebar.html +104 -0
src/web/templates/pages/audit_logs.html +86 -0
src/web/templates/pages/cleanup.html +279 -0
src/web/templates/pages/dashboard.html +227 -0
src/web/templates/pages/diff.html +175 -0
src/web/templates/pages/error.html +30 -0
src/web/templates/pages/groups.html +721 -0
src/web/templates/pages/queries.html +246 -0
src/web/templates/pages/resources.html +2251 -0
src/web/templates/pages/snapshot_detail.html +271 -0
src/web/templates/pages/snapshots.html +429 -0

src/snapshot/resource_collectors/s3.py ADDED Viewed

@@ -0,0 +1,105 @@
+"""S3 resource collector."""
+from typing import List
+from ...models.resource import Resource
+from ...utils.hash import compute_config_hash
+from .base import BaseResourceCollector
+class S3Collector(BaseResourceCollector):
+    """Collector for AWS S3 buckets.
+    Note: S3 is a global service but buckets are accessed via regional endpoints.
+    We only collect once (in us-east-1) to avoid duplicates.
+    """
+    @property
+    def service_name(self) -> str:
+        return "s3"
+    @property
+    def is_global_service(self) -> bool:
+        # S3 is global, so only collect once
+        return True
+    def collect(self) -> List[Resource]:
+        """Collect S3 buckets.
+        Returns:
+            List of S3 bucket resources
+        """
+        resources = []
+        client = self._create_client()
+        try:
+            # List all buckets
+            response = client.list_buckets()
+            for bucket in response.get("Buckets", []):
+                bucket_name = bucket["Name"]
+                creation_date = bucket.get("CreationDate")
+                # Get bucket location to determine region
+                try:
+                    location_response = client.get_bucket_location(Bucket=bucket_name)
+                    location = location_response.get("LocationConstraint")
+                    # None means us-east-1
+                    bucket_region = location if location else "us-east-1"
+                except Exception as e:
+                    self.logger.debug(f"Could not get location for bucket {bucket_name}: {e}")
+                    bucket_region = "unknown"
+                # Get bucket tags
+                tags = {}
+                try:
+                    tag_response = client.get_bucket_tagging(Bucket=bucket_name)
+                    tags = {tag["Key"]: tag["Value"] for tag in tag_response.get("TagSet", [])}
+                except client.exceptions.NoSuchTagSet:
+                    # Bucket has no tags
+                    pass
+                except Exception as e:
+                    self.logger.debug(f"Could not get tags for bucket {bucket_name}: {e}")
+                # Get additional bucket configuration for config hash
+                bucket_config = {
+                    "Name": bucket_name,
+                    "CreationDate": creation_date,
+                    "Region": bucket_region,
+                }
+                # Try to get versioning, encryption, etc.
+                try:
+                    versioning = client.get_bucket_versioning(Bucket=bucket_name)
+                    bucket_config["Versioning"] = versioning.get("Status", "Disabled")
+                except Exception:
+                    pass
+                try:
+                    encryption = client.get_bucket_encryption(Bucket=bucket_name)
+                    bucket_config["Encryption"] = encryption.get("ServerSideEncryptionConfiguration")
+                except Exception:
+                    # No encryption configured
+                    pass
+                # Build ARN
+                arn = f"arn:aws:s3:::{bucket_name}"
+                # Create resource
+                resource = Resource(
+                    arn=arn,
+                    resource_type="AWS::S3::Bucket",
+                    name=bucket_name,
+                    region=bucket_region,
+                    tags=tags,
+                    config_hash=compute_config_hash(bucket_config),
+                    created_at=creation_date,
+                    raw_config=bucket_config,
+                )
+                resources.append(resource)
+        except Exception as e:
+            self.logger.error(f"Error collecting S3 buckets: {e}")
+        self.logger.debug(f"Collected {len(resources)} S3 buckets")
+        return resources

src/snapshot/resource_collectors/secretsmanager.py ADDED Viewed

@@ -0,0 +1,70 @@
+"""Secrets Manager resource collector."""
+from typing import List
+from ...models.resource import Resource
+from ...utils.hash import compute_config_hash
+from .base import BaseResourceCollector
+class SecretsManagerCollector(BaseResourceCollector):
+    """Collector for AWS Secrets Manager resources."""
+    @property
+    def service_name(self) -> str:
+        return "secretsmanager"
+    def collect(self) -> List[Resource]:
+        """Collect Secrets Manager secrets.
+        Returns:
+            List of Secrets Manager secret resources
+        """
+        resources = []
+        client = self._create_client()
+        try:
+            paginator = client.get_paginator("list_secrets")
+            for page in paginator.paginate():
+                for secret in page.get("SecretList", []):
+                    secret_name = secret["Name"]
+                    secret_arn = secret["ARN"]
+                    # Get full secret details (but not the actual secret value)
+                    try:
+                        secret_details = client.describe_secret(SecretId=secret_arn)
+                        # Use detailed info for config hash
+                        config_data = secret_details
+                    except Exception as e:
+                        self.logger.debug(f"Could not get details for secret {secret_name}: {e}")
+                        config_data = secret
+                    # Extract tags
+                    tags = {}
+                    for tag in secret.get("Tags", []):
+                        tags[tag["Key"]] = tag["Value"]
+                    # Extract creation date
+                    created_at = secret.get("CreatedDate")
+                    # Create resource (without secret value for security)
+                    # Remove sensitive fields if present
+                    safe_config = {k: v for k, v in config_data.items() if k not in ["SecretString", "SecretBinary"]}
+                    resource = Resource(
+                        arn=secret_arn,
+                        resource_type="AWS::SecretsManager::Secret",
+                        name=secret_name,
+                        region=self.region,
+                        tags=tags,
+                        config_hash=compute_config_hash(safe_config),
+                        created_at=created_at,
+                        raw_config=safe_config,
+                    )
+                    resources.append(resource)
+        except Exception as e:
+            self.logger.error(f"Error collecting Secrets Manager secrets in {self.region}: {e}")
+        self.logger.debug(f"Collected {len(resources)} Secrets Manager secrets in {self.region}")
+        return resources

src/snapshot/resource_collectors/sns.py ADDED Viewed

@@ -0,0 +1,68 @@
+"""SNS resource collector."""
+from typing import List
+from ...models.resource import Resource
+from ...utils.hash import compute_config_hash
+from .base import BaseResourceCollector
+class SNSCollector(BaseResourceCollector):
+    """Collector for AWS SNS resources (topics)."""
+    @property
+    def service_name(self) -> str:
+        return "sns"
+    def collect(self) -> List[Resource]:
+        """Collect SNS resources.
+        Returns:
+            List of SNS topics
+        """
+        resources = []
+        client = self._create_client()
+        try:
+            paginator = client.get_paginator("list_topics")
+            for page in paginator.paginate():
+                for topic in page.get("Topics", []):
+                    topic_arn = topic["TopicArn"]
+                    # Get topic name from ARN
+                    topic_name = topic_arn.split(":")[-1]
+                    # Get topic attributes
+                    try:
+                        attrs_response = client.get_topic_attributes(TopicArn=topic_arn)
+                        attributes = attrs_response.get("Attributes", {})
+                        # Get tags
+                        tags = {}
+                        try:
+                            tag_response = client.list_tags_for_resource(ResourceArn=topic_arn)
+                            tags = {tag["Key"]: tag["Value"] for tag in tag_response.get("Tags", [])}
+                        except Exception as e:
+                            self.logger.debug(f"Could not get tags for SNS topic {topic_name}: {e}")
+                        # Create resource
+                        resource = Resource(
+                            arn=topic_arn,
+                            resource_type="AWS::SNS::Topic",
+                            name=topic_name,
+                            region=self.region,
+                            tags=tags,
+                            config_hash=compute_config_hash(attributes),
+                            created_at=None,  # SNS topics don't expose creation date
+                            raw_config=attributes,
+                        )
+                        resources.append(resource)
+                    except Exception as e:
+                        self.logger.debug(f"Could not get attributes for SNS topic {topic_name}: {e}")
+        except Exception as e:
+            self.logger.error(f"Error collecting SNS topics in {self.region}: {e}")
+        self.logger.debug(f"Collected {len(resources)} SNS topics in {self.region}")
+        return resources

src/snapshot/resource_collectors/sqs.py ADDED Viewed

@@ -0,0 +1,82 @@
+"""SQS resource collector."""
+from datetime import datetime, timezone
+from typing import List
+from ...models.resource import Resource
+from ...utils.hash import compute_config_hash
+from .base import BaseResourceCollector
+class SQSCollector(BaseResourceCollector):
+    """Collector for AWS SQS resources (queues)."""
+    @property
+    def service_name(self) -> str:
+        return "sqs"
+    def collect(self) -> List[Resource]:
+        """Collect SQS resources.
+        Returns:
+            List of SQS queues
+        """
+        resources = []
+        account_id = self._get_account_id()
+        client = self._create_client()
+        try:
+            # List all queue URLs
+            response = client.list_queues()
+            queue_urls = response.get("QueueUrls", [])
+            for queue_url in queue_urls:
+                try:
+                    # Get queue attributes
+                    attrs_response = client.get_queue_attributes(QueueUrl=queue_url, AttributeNames=["All"])
+                    attributes = attrs_response.get("Attributes", {})
+                    # Get queue name from URL
+                    queue_name = queue_url.split("/")[-1]
+                    # Build ARN
+                    queue_arn = attributes.get("QueueArn", f"arn:aws:sqs:{self.region}:{account_id}:{queue_name}")
+                    # Get tags
+                    tags = {}
+                    try:
+                        tag_response = client.list_queue_tags(QueueUrl=queue_url)
+                        tags = tag_response.get("Tags", {})
+                    except Exception as e:
+                        self.logger.debug(f"Could not get tags for SQS queue {queue_name}: {e}")
+                    # Convert CreatedTimestamp from epoch seconds to datetime
+                    created_at = None
+                    created_timestamp = attributes.get("CreatedTimestamp")
+                    if created_timestamp:
+                        try:
+                            created_at = datetime.fromtimestamp(int(created_timestamp), tz=timezone.utc)
+                        except (ValueError, OSError) as e:
+                            self.logger.debug(f"Could not parse CreatedTimestamp for {queue_name}: {e}")
+                    # Create resource
+                    resource = Resource(
+                        arn=queue_arn,
+                        resource_type="AWS::SQS::Queue",
+                        name=queue_name,
+                        region=self.region,
+                        tags=tags,
+                        config_hash=compute_config_hash(attributes),
+                        created_at=created_at,
+                        raw_config=attributes,
+                    )
+                    resources.append(resource)
+                except Exception as e:
+                    self.logger.debug(f"Could not get attributes for SQS queue {queue_url}: {e}")
+        except Exception as e:
+            self.logger.error(f"Error collecting SQS queues in {self.region}: {e}")
+        self.logger.debug(f"Collected {len(resources)} SQS queues in {self.region}")
+        return resources

src/snapshot/resource_collectors/ssm.py ADDED Viewed

@@ -0,0 +1,160 @@
+"""Systems Manager resource collector."""
+from typing import List
+from ...models.resource import Resource
+from ...utils.hash import compute_config_hash
+from .base import BaseResourceCollector
+class SSMCollector(BaseResourceCollector):
+    """Collector for AWS Systems Manager resources (Parameter Store, Documents)."""
+    @property
+    def service_name(self) -> str:
+        return "ssm"
+    def collect(self) -> List[Resource]:
+        """Collect Systems Manager resources.
+        Collects:
+        - Parameter Store parameters
+        - SSM Documents (custom documents only)
+        Returns:
+            List of Systems Manager resources
+        """
+        resources = []
+        # Collect Parameter Store parameters
+        resources.extend(self._collect_parameters())
+        # Collect SSM Documents
+        resources.extend(self._collect_documents())
+        self.logger.debug(f"Collected {len(resources)} Systems Manager resources in {self.region}")
+        return resources
+    def _collect_parameters(self) -> List[Resource]:
+        """Collect Parameter Store parameters.
+        Returns:
+            List of Parameter resources
+        """
+        resources = []
+        client = self._create_client()
+        try:
+            paginator = client.get_paginator("describe_parameters")
+            for page in paginator.paginate():
+                for param in page.get("Parameters", []):
+                    param_name = param["Name"]
+                    param_type = param["Type"]
+                    # Build ARN
+                    # Get account ID from session
+                    sts_client = self.session.client("sts")
+                    account_id = sts_client.get_caller_identity()["Account"]
+                    arn = f"arn:aws:ssm:{self.region}:{account_id}:parameter{param_name}"
+                    # Get tags
+                    tags = {}
+                    try:
+                        tag_response = client.list_tags_for_resource(ResourceType="Parameter", ResourceId=param_name)
+                        for tag in tag_response.get("TagList", []):
+                            tags[tag["Key"]] = tag["Value"]
+                    except Exception as e:
+                        self.logger.debug(f"Could not get tags for parameter {param_name}: {e}")
+                    # Get parameter details (metadata only, not the actual value for SecureString)
+                    try:
+                        # For SecureString, we don't want to expose the value
+                        if param_type == "SecureString":
+                            # Use describe_parameters data only
+                            config = param
+                        else:
+                            # For String and StringList, we can get the value
+                            param_details = client.get_parameter(Name=param_name, WithDecryption=False)
+                            config = {
+                                **param,
+                                "Value": param_details["Parameter"].get("Value"),
+                            }
+                    except Exception as e:
+                        self.logger.debug(f"Could not get details for parameter {param_name}: {e}")
+                        config = param
+                    # Extract last modified date as creation date proxy
+                    created_at = param.get("LastModifiedDate")
+                    # Create resource
+                    resource = Resource(
+                        arn=arn,
+                        resource_type="AWS::SSM::Parameter",
+                        name=param_name,
+                        region=self.region,
+                        tags=tags,
+                        config_hash=compute_config_hash(config),
+                        created_at=created_at,
+                        raw_config=config,
+                    )
+                    resources.append(resource)
+        except Exception as e:
+            self.logger.error(f"Error collecting SSM parameters in {self.region}: {e}")
+        return resources
+    def _collect_documents(self) -> List[Resource]:
+        """Collect SSM Documents (custom documents only).
+        Returns:
+            List of SSM Document resources
+        """
+        resources = []
+        client = self._create_client()
+        try:
+            # Only collect custom documents (not AWS-owned)
+            paginator = client.get_paginator("list_documents")
+            for page in paginator.paginate(Filters=[{"Key": "Owner", "Values": ["Self"]}]):  # Only user-owned documents
+                for doc in page.get("DocumentIdentifiers", []):
+                    doc_name = doc["Name"]
+                    # Get document details
+                    try:
+                        doc_details = client.describe_document(Name=doc_name)["Document"]
+                        # Build ARN
+                        arn = doc_details.get("DocumentArn", doc_name)
+                        # Get tags
+                        tags = {}
+                        for tag in doc_details.get("Tags", []):
+                            tags[tag["Key"]] = tag["Value"]
+                        # Extract creation date
+                        created_at = doc_details.get("CreatedDate")
+                        # Create resource (without the actual document content to keep size manageable)
+                        config = {k: v for k, v in doc_details.items() if k != "Content"}
+                        resource = Resource(
+                            arn=arn,
+                            resource_type="AWS::SSM::Document",
+                            name=doc_name,
+                            region=self.region,
+                            tags=tags,
+                            config_hash=compute_config_hash(config),
+                            created_at=created_at,
+                            raw_config=config,
+                        )
+                        resources.append(resource)
+                    except Exception as e:
+                        self.logger.debug(f"Error processing document {doc_name}: {e}")
+                        continue
+        except Exception as e:
+            self.logger.error(f"Error collecting SSM documents in {self.region}: {e}")
+        return resources

src/snapshot/resource_collectors/stepfunctions.py ADDED Viewed

@@ -0,0 +1,74 @@
+"""Step Functions resource collector."""
+from typing import List
+from ...models.resource import Resource
+from ...utils.hash import compute_config_hash
+from .base import BaseResourceCollector
+class StepFunctionsCollector(BaseResourceCollector):
+    """Collector for AWS Step Functions resources."""
+    @property
+    def service_name(self) -> str:
+        return "stepfunctions"
+    def collect(self) -> List[Resource]:
+        """Collect Step Functions state machines.
+        Returns:
+            List of Step Functions state machine resources
+        """
+        resources = []
+        client = self._create_client("stepfunctions")
+        try:
+            paginator = client.get_paginator("list_state_machines")
+            for page in paginator.paginate():
+                for state_machine in page.get("stateMachines", []):
+                    sm_arn = state_machine["stateMachineArn"]
+                    sm_name = state_machine["name"]
+                    try:
+                        # Get detailed state machine info
+                        sm_details = client.describe_state_machine(stateMachineArn=sm_arn)
+                        # Get tags
+                        tags = {}
+                        try:
+                            tag_response = client.list_tags_for_resource(resourceArn=sm_arn)
+                            for tag in tag_response.get("tags", []):
+                                tags[tag["key"]] = tag["value"]
+                        except Exception as e:
+                            self.logger.debug(f"Could not get tags for state machine {sm_name}: {e}")
+                        # Extract creation date
+                        created_at = sm_details.get("creationDate")
+                        # Remove the definition for config hash (can be large)
+                        # but keep key metadata
+                        config = {k: v for k, v in sm_details.items() if k != "definition"}
+                        # Create resource
+                        resource = Resource(
+                            arn=sm_arn,
+                            resource_type="AWS::StepFunctions::StateMachine",
+                            name=sm_name,
+                            region=self.region,
+                            tags=tags,
+                            config_hash=compute_config_hash(config),
+                            created_at=created_at,
+                            raw_config=config,
+                        )
+                        resources.append(resource)
+                    except Exception as e:
+                        self.logger.debug(f"Error processing state machine {sm_name}: {e}")
+                        continue
+        except Exception as e:
+            self.logger.error(f"Error collecting Step Functions state machines in {self.region}: {e}")
+        self.logger.debug(f"Collected {len(resources)} Step Functions state machines in {self.region}")
+        return resources

src/snapshot/resource_collectors/vpcendpoints.py ADDED Viewed

@@ -0,0 +1,79 @@
+"""VPC Endpoints resource collector."""
+from typing import List
+from ...models.resource import Resource
+from ...utils.hash import compute_config_hash
+from .base import BaseResourceCollector
+class VPCEndpointsCollector(BaseResourceCollector):
+    """Collector for VPC Endpoints (Interface and Gateway endpoints)."""
+    @property
+    def service_name(self) -> str:
+        return "vpc-endpoints"
+    def collect(self) -> List[Resource]:
+        """Collect VPC Endpoints.
+        Collects both Interface and Gateway VPC endpoints.
+        Returns:
+            List of VPC Endpoint resources
+        """
+        resources = []
+        client = self._create_client("ec2")
+        try:
+            paginator = client.get_paginator("describe_vpc_endpoints")
+            for page in paginator.paginate():
+                for endpoint in page.get("VpcEndpoints", []):
+                    endpoint_id = endpoint["VpcEndpointId"]
+                    service_name = endpoint.get("ServiceName", "unknown")
+                    endpoint_type = endpoint.get("VpcEndpointType", "Unknown")
+                    # Extract tags
+                    tags = {}
+                    for tag in endpoint.get("Tags", []):
+                        tags[tag["Key"]] = tag["Value"]
+                    # Get account ID for ARN
+                    sts_client = self.session.client("sts")
+                    account_id = sts_client.get_caller_identity()["Account"]
+                    # Build ARN
+                    arn = f"arn:aws:ec2:{self.region}:{account_id}:vpc-endpoint/{endpoint_id}"
+                    # Extract creation date
+                    created_at = endpoint.get("CreationTimestamp")
+                    # Determine resource type based on endpoint type
+                    if endpoint_type == "Interface":
+                        resource_type = "AWS::EC2::VPCEndpoint::Interface"
+                    elif endpoint_type == "Gateway":
+                        resource_type = "AWS::EC2::VPCEndpoint::Gateway"
+                    else:
+                        resource_type = f"AWS::EC2::VPCEndpoint::{endpoint_type}"
+                    # Use service name as the friendly name
+                    name = f"{endpoint_id} ({service_name.split('.')[-1]})"
+                    # Create resource
+                    resource = Resource(
+                        arn=arn,
+                        resource_type=resource_type,
+                        name=name,
+                        region=self.region,
+                        tags=tags,
+                        config_hash=compute_config_hash(endpoint),
+                        created_at=created_at,
+                        raw_config=endpoint,
+                    )
+                    resources.append(resource)
+        except Exception as e:
+            self.logger.error(f"Error collecting VPC endpoints in {self.region}: {e}")
+        self.logger.debug(f"Collected {len(resources)} VPC endpoints in {self.region}")
+        return resources