Overview

Quickstart: Discovery Scan

Run your first live AWS discovery scan with the CloudBurn SDK.

discover() scans your live AWS environment using AWS Resource Explorer. Unlike static analysis, it finds cost issues in resources that are already running — even if they were never deployed through IaC.

Prerequisites

  • Valid AWS credentials configured (see AWS Credentials)
  • AWS Resource Explorer enabled in your account

How discovery works

Full example

import { CloudBurnClient } from '@cloudburn/sdk';

const client = new CloudBurnClient();

// Initialize Resource Explorer (first time only)
const init = await client.initializeDiscovery({ region: 'us-east-1' });
console.log(`Setup: ${init.status}, coverage: ${init.coverage}`);

// Check status
const status = await client.getDiscoveryStatus();
console.log(`Coverage: ${status.coverage}, regions: ${status.indexedRegionCount}`);

// Run discovery scan
const result = await client.discover();
for (const provider of result.providers) {
  for (const finding of provider.rules) {
    console.log(`[${finding.ruleId}] ${finding.message} (${finding.findings.length} resources)`);
  }
}

Initialize once

initializeDiscovery() sets up AWS Resource Explorer with an aggregator index. You only need to call this once per AWS account. On subsequent runs, it detects the existing setup and returns status: 'EXISTING'.

After initialization, Resource Explorer takes a few minutes to index your resources before discovery scans return complete results.

Check coverage before scanning

getDiscoveryStatus() returns the current coverage level:

CoverageMeaning
fullAggregator index covers all regions
partialSome regions are indexed, some are not
local_onlyOnly the local region is indexed
noneNo regions are indexed yet

Scan specific regions

Target a single region:

const result = await client.discover({
  target: { mode: 'region', region: 'eu-west-1' },
});

Scan all indexed regions:

const result = await client.discover({
  target: { mode: 'all' },
});

Use the current region only:

const result = await client.discover({
  target: { mode: 'current' },
});

Handling diagnostics

If the SDK cannot access certain services or regions, it reports them in result.diagnostics rather than failing the entire scan:

const result = await client.discover();

if (result.diagnostics?.length) {
  for (const diag of result.diagnostics) {
    console.warn(`[${diag.status}] ${diag.service} in ${diag.region}: ${diag.message}`);
  }
}

What's next

AWS CredentialsConfigure credentials and IAM permissions
CloudBurnClient ReferenceFull discover() API reference
Types ReferenceAwsDiscoveryStatus and related types
Static IaC ScanCloudBurnClient