diff --git a/queries/1-aws_insight_lambda_function_not_cmk_encrypted.yaml b/queries/1-aws_insight_lambda_function_not_cmk_encrypted.yaml index 81f5c71e3..dec46d90c 100755 --- a/queries/1-aws_insight_lambda_function_not_cmk_encrypted.yaml +++ b/queries/1-aws_insight_lambda_function_not_cmk_encrypted.yaml @@ -1,22 +1,16 @@ +Description: List of lambda functions which are not encrypted with CMK ID: aws_insight_lambda_function_not_cmk_encrypted -Title: "Unencrypted Lambda" -Description: "List of lambda functions which are not encrypted with CMK" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - kms_key_arn, account_id, og_account_id, og_resource_id - from - aws_lambda_function - where - kms_key_arn is null; - PrimaryTable: aws_lambda_function ListOfTables: - aws_lambda_function Parameters: [] + PrimaryTable: aws_lambda_function + QueryToExecute: "select\n name,\n kms_key_arn, account_id, og_account_id, og_resource_id\n\ + from\n aws_lambda_function\nwhere\n kms_key_arn is null;" Tags: category: - Security +Title: Unencrypted Lambda diff --git a/queries/10-aws_insight_acm_certificate_transparency_logging_disabled.yaml b/queries/10-aws_insight_acm_certificate_transparency_logging_disabled.yaml index 6d7a14003..c0d7086cd 100755 --- a/queries/10-aws_insight_acm_certificate_transparency_logging_disabled.yaml +++ b/queries/10-aws_insight_acm_certificate_transparency_logging_disabled.yaml @@ -1,21 +1,19 @@ +Description: List certificates for which transparency logging is disabled ID: aws_insight_acm_certificate_transparency_logging_disabled -Title: "Certificates with no Logging" -Description: "List certificates for which transparency logging is disabled" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select certificate_arn, domain_name, status, account_id, og_account_id, og_resource_id from - aws_acm_certificate - where - certificate_transparency_logging_preference <> 'ENABLED'; - PrimaryTable: aws_acm_certificate ListOfTables: - aws_acm_certificate Parameters: [] + PrimaryTable: aws_acm_certificate + QueryToExecute: "select certificate_arn, domain_name, status, account_id, og_account_id,\ + \ og_resource_id from\n aws_acm_certificate\nwhere\n certificate_transparency_logging_preference\ + \ <> 'ENABLED';" Tags: category: - Security - Technical Debt - Resiliency +Title: Certificates with no Logging diff --git a/queries/11-aws_insight_acm_certificate_expired.yaml b/queries/11-aws_insight_acm_certificate_expired.yaml index c0de5b269..976195c25 100755 --- a/queries/11-aws_insight_acm_certificate_expired.yaml +++ b/queries/11-aws_insight_acm_certificate_expired.yaml @@ -1,22 +1,19 @@ +Description: List of expired certificates ID: aws_insight_acm_certificate_expired -Title: "Expired Certificates" -Description: "List of expired certificates" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select certificate_arn, domain_name, status, account_id, og_account_id, og_resource_id from - aws_acm_certificate - where - status = 'EXPIRED'; - PrimaryTable: aws_acm_certificate ListOfTables: - aws_acm_certificate Parameters: [] + PrimaryTable: aws_acm_certificate + QueryToExecute: "select certificate_arn, domain_name, status, account_id, og_account_id,\ + \ og_resource_id from\n aws_acm_certificate\nwhere\n status = 'EXPIRED';" Tags: category: - Security - Technical Debt - Resiliency - Cost Management +Title: Expired Certificates diff --git a/queries/12-aws_insight_ebs_snapshot_older_than_year.yaml b/queries/12-aws_insight_ebs_snapshot_older_than_year.yaml index 8fe7f3e6f..ad6b72153 100755 --- a/queries/12-aws_insight_ebs_snapshot_older_than_year.yaml +++ b/queries/12-aws_insight_ebs_snapshot_older_than_year.yaml @@ -1,17 +1,18 @@ +Description: List Snapshots older than 365 days ID: aws_insight_ebs_snapshot_older_than_year -Title: "Snapshots older than a year" -Description: "List Snapshots older than 365 days" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: SELECT snapshot_id, arn, start_time, account_id, og_account_id, og_resource_id FROM aws_ebs_snapshot WHERE start_time < now() - interval '1 year'; - PrimaryTable: aws_ebs_snapshot ListOfTables: - aws_ebs_snapshot Parameters: [] + PrimaryTable: aws_ebs_snapshot + QueryToExecute: SELECT snapshot_id, arn, start_time, account_id, og_account_id, + og_resource_id FROM aws_ebs_snapshot WHERE start_time < now() - interval '1 year'; Tags: category: - Security - Technical Debt - Cost Management +Title: Snapshots older than a year diff --git a/queries/13-aws_insight_ec2_classic_load_balancer.yaml b/queries/13-aws_insight_ec2_classic_load_balancer.yaml index a72d34a16..9654d0261 100755 --- a/queries/13-aws_insight_ec2_classic_load_balancer.yaml +++ b/queries/13-aws_insight_ec2_classic_load_balancer.yaml @@ -1,15 +1,15 @@ +Description: List all Classic Load Balancer. Link here. ID: aws_insight_ec2_classic_load_balancer -Title: "Classic Load Balancers" -Description: "List all Classic Load Balancer. Link here." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: SELECT name, arn, account_id, og_account_id, og_resource_id FROM aws_ec2_classic_load_balancer - PrimaryTable: aws_ec2_classic_load_balancer ListOfTables: - aws_ec2_classic_load_balancer Parameters: [] + PrimaryTable: aws_ec2_classic_load_balancer + QueryToExecute: SELECT name, arn, account_id, og_account_id, og_resource_id FROM + aws_ec2_classic_load_balancer Tags: category: - Security @@ -19,3 +19,4 @@ Tags: - Executive - Product - FinOps +Title: Classic Load Balancers diff --git a/queries/14-aws_insight_elb_classic_lb_use_ssl_certificate.yaml b/queries/14-aws_insight_elb_classic_lb_use_ssl_certificate.yaml index 943bda927..b4b093b69 100755 --- a/queries/14-aws_insight_elb_classic_lb_use_ssl_certificate.yaml +++ b/queries/14-aws_insight_elb_classic_lb_use_ssl_certificate.yaml @@ -1,45 +1,29 @@ +Description: List all Load Balancers with out SSL ID: aws_insight_elb_classic_lb_use_ssl_certificate -Title: "Load Balancers with no SSL" -Description: "List all Load Balancers with out SSL" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - with detailed_classic_listeners as ( - select - name - from - aws_ec2_classic_load_balancer, - jsonb_array_elements(listener_descriptions) as listener_description - where - listener_description -> 'Listener' ->> 'Protocol' in ('HTTPS', 'SSL', 'TLS') - and listener_description -> 'Listener' ->> 'SSLCertificateId' like 'arn:aws:acm%' - ) - select - -- Required Columns - 'arn:' || a.partition || ':elasticloadbalancing:' || a.region || ':' || a.account_id || ':loadbalancer/' || a.name as resource, - case - when a.listener_descriptions is null then 'skip' - when b.name is not null then 'alarm' - else 'ok' - end as status, - case - when a.listener_descriptions is null then a.title || ' has no listener.' - when b.name is not null then a.title || ' does not use certificates provided by ACM.' - else a.title || ' uses certificates provided by ACM.' - end as reason, - -- Additional Dimensions - region, - account_id, og_account_id, og_resource_id - from - aws_ec2_classic_load_balancer as a - left join detailed_classic_listeners as b on a.name = b.name; - PrimaryTable: aws_ec2_classic_load_balancer ListOfTables: - aws_ec2_classic_load_balancer Parameters: [] + PrimaryTable: aws_ec2_classic_load_balancer + QueryToExecute: "with detailed_classic_listeners as (\n select\n name\n from\n\ + \ aws_ec2_classic_load_balancer,\n jsonb_array_elements(listener_descriptions)\ + \ as listener_description\n where\n listener_description -> 'Listener' ->>\ + \ 'Protocol' in ('HTTPS', 'SSL', 'TLS')\n and listener_description -> 'Listener'\ + \ ->> 'SSLCertificateId' like 'arn:aws:acm%'\n)\nselect\n -- Required Columns\n\ + \ 'arn:' || a.partition || ':elasticloadbalancing:' || a.region || ':' || a.account_id\ + \ || ':loadbalancer/' || a.name as resource,\n case\n when a.listener_descriptions\ + \ is null then 'skip'\n when b.name is not null then 'alarm'\n else 'ok'\n\ + \ end as status,\n case\n when a.listener_descriptions is null then a.title\ + \ || ' has no listener.'\n when b.name is not null then a.title || ' does not\ + \ use certificates provided by ACM.'\n else a.title || ' uses certificates\ + \ provided by ACM.'\n end as reason,\n -- Additional Dimensions\n region,\n\ + \ account_id, og_account_id, og_resource_id\nfrom\n aws_ec2_classic_load_balancer\ + \ as a\n left join detailed_classic_listeners as b on a.name = b.name;" Tags: category: - Security - Technical Debt +Title: Load Balancers with no SSL diff --git a/queries/15-aws_insight_elb_application_lb_waf_enabled.yaml b/queries/15-aws_insight_elb_application_lb_waf_enabled.yaml index 6213d0d23..1aeef2476 100755 --- a/queries/15-aws_insight_elb_application_lb_waf_enabled.yaml +++ b/queries/15-aws_insight_elb_application_lb_waf_enabled.yaml @@ -1,31 +1,22 @@ +Description: List all ELB with no WAF. ID: aws_insight_elb_application_lb_waf_enabled -Title: "Load Balancers with no WAF" -Description: "List all ELB with no WAF." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - -- Required Columns - arn as resource, account_id, og_account_id, og_resource_id, - case - when load_balancer_attributes @> '[{"Key":"waf.fail_open.enabled","Value":"true"}]' then 'ok' - else 'alarm' - end as status, - case - when load_balancer_attributes @> '[{"Key":"waf.fail_open.enabled","Value":"true"}]' then title || ' WAF enabled.' - else title || ' WAF disabled.' - end as reason, - -- Additional Dimensions - region - from - aws_ec2_application_load_balancer; - PrimaryTable: aws_ec2_application_load_balancer ListOfTables: - aws_ec2_application_load_balancer Parameters: [] + PrimaryTable: aws_ec2_application_load_balancer + QueryToExecute: "select\n -- Required Columns\n arn as resource, account_id, og_account_id,\ + \ og_resource_id,\n case\n when load_balancer_attributes @> '[{\"Key\":\"\ + waf.fail_open.enabled\",\"Value\":\"true\"}]' then 'ok'\n else 'alarm'\n end\ + \ as status,\n case\n when load_balancer_attributes @> '[{\"Key\":\"waf.fail_open.enabled\"\ + ,\"Value\":\"true\"}]' then title || ' WAF enabled.'\n else title || ' WAF\ + \ disabled.'\n end as reason,\n -- Additional Dimensions\n region \nfrom\n\ + \ aws_ec2_application_load_balancer;" Tags: category: - Security - Technical Debt +Title: Load Balancers with no WAF diff --git a/queries/16-aws_insight_vpc_with_public_cidr.yaml b/queries/16-aws_insight_vpc_with_public_cidr.yaml index d73ff5ef9..877345468 100755 --- a/queries/16-aws_insight_vpc_with_public_cidr.yaml +++ b/queries/16-aws_insight_vpc_with_public_cidr.yaml @@ -1,29 +1,21 @@ +Description: List VPCs with public CIDR blocks ID: aws_insight_vpc_with_public_cidr -Title: "VPCs with Public IP Range" -Description: "List VPCs with public CIDR blocks" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - vpc_id, - cidr_block, - state, - region, account_id, og_account_id, og_resource_id - from - aws_vpc - where - (not cidr_block <<= '10.0.0.0/8' - and not cidr_block <<= '192.168.0.0/16' - and not cidr_block <<= '172.16.0.0/12'); - PrimaryTable: aws_vpc ListOfTables: - aws_vpc Parameters: [] + PrimaryTable: aws_vpc + QueryToExecute: "select\n vpc_id,\n cidr_block,\n state,\n region, account_id,\ + \ og_account_id, og_resource_id\nfrom\n aws_vpc\nwhere\n (not cidr_block <<=\ + \ '10.0.0.0/8'\n and not cidr_block <<= '192.168.0.0/16'\n and not cidr_block\ + \ <<= '172.16.0.0/12');" Tags: category: - Security - Technical Debt - Resiliency - Cost Management +Title: VPCs with Public IP Range diff --git a/queries/17-azure_insight_compute_disk_unattached.yaml b/queries/17-azure_insight_compute_disk_unattached.yaml index 2d4d0b34d..b962f9b50 100755 --- a/queries/17-azure_insight_compute_disk_unattached.yaml +++ b/queries/17-azure_insight_compute_disk_unattached.yaml @@ -1,23 +1,17 @@ +Description: List of unattached Disks ID: azure_insight_compute_disk_unattached -Title: "Unused Azure Disks" -Description: "List of unattached Disks" -Connector: -- azure +IntegrationTypeName: +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - disk_state, subscription_id, og_account_id, og_resource_id - from - azure_compute_disk - where - disk_state = 'Unattached'; - PrimaryTable: azure_compute_disk ListOfTables: - azure_compute_disk Parameters: [] + PrimaryTable: azure_compute_disk + QueryToExecute: "select\n name,\n disk_state, subscription_id, og_account_id,\ + \ og_resource_id\nfrom\n azure_compute_disk\nwhere\n disk_state = 'Unattached';" Tags: category: - Technical Debt - Cost Management +Title: Unused Azure Disks diff --git a/queries/18-azure_insight_compute_disk_unavailable_in_multiple_az.yaml b/queries/18-azure_insight_compute_disk_unavailable_in_multiple_az.yaml index d3319a7fe..08ca2d631 100755 --- a/queries/18-azure_insight_compute_disk_unavailable_in_multiple_az.yaml +++ b/queries/18-azure_insight_compute_disk_unavailable_in_multiple_az.yaml @@ -1,26 +1,19 @@ +Description: List of compute disks which are not available in multiple az ID: azure_insight_compute_disk_unavailable_in_multiple_az -Title: "Non-Resiliency Azure Disks" -Description: "List of compute disks which are not available in multiple az" -Connector: -- azure +IntegrationTypeName: +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - az, - region, subscription_id, og_account_id, og_resource_id - from - azure_compute_disk - cross join jsonb_array_elements(zones) az - where - zones is not null; - PrimaryTable: azure_compute_disk ListOfTables: - azure_compute_disk Parameters: [] + PrimaryTable: azure_compute_disk + QueryToExecute: "select\n name,\n az,\n region, subscription_id, og_account_id,\ + \ og_resource_id\nfrom\n azure_compute_disk\n cross join jsonb_array_elements(zones)\ + \ az\nwhere\n zones is not null;" Tags: category: - Security - Technical Debt - Resiliency +Title: Non-Resiliency Azure Disks diff --git a/queries/19-azure_insight_compute_disk_not_encrypted_with_customer_key.yaml b/queries/19-azure_insight_compute_disk_not_encrypted_with_customer_key.yaml index df7acc82d..f57a39163 100755 --- a/queries/19-azure_insight_compute_disk_not_encrypted_with_customer_key.yaml +++ b/queries/19-azure_insight_compute_disk_not_encrypted_with_customer_key.yaml @@ -1,22 +1,15 @@ +Description: List of compute disks which are not encrypted with customer key ID: azure_insight_compute_disk_not_encrypted_with_customer_key -Title: "Unecrypted Disks" -Description: "List of compute disks which are not encrypted with customer key" -Connector: -- azure +IntegrationTypeName: +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - encryption_type, subscription_id, og_account_id, og_resource_id - from - azure_compute_disk - where - encryption_type <> 'EncryptionAtRestWithCustomerKey'; - PrimaryTable: azure_compute_disk ListOfTables: - azure_compute_disk Parameters: [] + PrimaryTable: azure_compute_disk + QueryToExecute: "select\n name,\n encryption_type, subscription_id, og_account_id,\ + \ og_resource_id\nfrom\n azure_compute_disk\nwhere\n encryption_type <> 'EncryptionAtRestWithCustomerKey';" Tags: category: - Security @@ -25,3 +18,4 @@ Tags: - Security - DevOps - Product +Title: Unecrypted Disks diff --git a/queries/2-aws_insight_lambda_function_retention_period_less_than_30_days.yaml b/queries/2-aws_insight_lambda_function_retention_period_less_than_30_days.yaml index d7b64f70c..865f45fd5 100755 --- a/queries/2-aws_insight_lambda_function_retention_period_less_than_30_days.yaml +++ b/queries/2-aws_insight_lambda_function_retention_period_less_than_30_days.yaml @@ -1,29 +1,21 @@ +Description: List of lambda function whose retention period is less than 30 days ID: aws_insight_lambda_function_retention_period_less_than_30_days -Title: "" -Description: "List of lambda function whose retention period is less than 30 days" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - fn.name, - lg.name, - lg.retention_in_days, fn.account_id, fn.og_account_id, fn.og_resource_id - from - aws_lambda_function as fn - inner join aws_cloudwatch_log_group as lg on ( - lg.og_account_id = fn.og_account_id AND ((lg.name = '/aws/lambda/') - or (lg.name = fn.name)) - ) - where - lg.retention_in_days < 30 - PrimaryTable: null ListOfTables: - aws_lambda_function - aws_cloudwatch_log_group Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n fn.name,\n lg.name,\n lg.retention_in_days, fn.account_id,\ + \ fn.og_account_id, fn.og_resource_id\nfrom\n aws_lambda_function as fn\n inner\ + \ join aws_cloudwatch_log_group as lg on (\n lg.og_account_id = fn.og_account_id\ + \ AND ((lg.name = '/aws/lambda/')\n or (lg.name = fn.name))\n )\nwhere\n \ + \ lg.retention_in_days < 30" Tags: category: - Technical Debt - Resiliency +Title: '' diff --git a/queries/20-azure_insight_cosmosdb_account_with_disabled_automatic_failover.yaml b/queries/20-azure_insight_cosmosdb_account_with_disabled_automatic_failover.yaml index c8315cef8..4b1bf58d9 100755 --- a/queries/20-azure_insight_cosmosdb_account_with_disabled_automatic_failover.yaml +++ b/queries/20-azure_insight_cosmosdb_account_with_disabled_automatic_failover.yaml @@ -1,24 +1,17 @@ +Description: List of database accounts where automatic failover is not enabled ID: azure_insight_cosmosdb_account_with_disabled_automatic_failover -Title: "Database with no Auto Failover" -Description: "List of database accounts where automatic failover is not enabled" -Connector: -- azure +IntegrationTypeName: +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - region, - enable_automatic_failover, - resource_group, subscription_id, og_account_id, og_resource_id - from - azure_cosmosdb_account - where - not enable_automatic_failover; - PrimaryTable: azure_cosmosdb_account ListOfTables: - azure_cosmosdb_account Parameters: [] + PrimaryTable: azure_cosmosdb_account + QueryToExecute: "select\n name,\n region,\n enable_automatic_failover,\n resource_group,\ + \ subscription_id, og_account_id, og_resource_id\nfrom\n azure_cosmosdb_account\n\ + where\n not enable_automatic_failover;" Tags: category: - Resiliency +Title: Database with no Auto Failover diff --git a/queries/21-azure_insight_cosmosdb_account_which_allows_traffic_from_all_networks_and_internet.yaml b/queries/21-azure_insight_cosmosdb_account_which_allows_traffic_from_all_networks_and_internet.yaml index 8ffc34acc..371142aa4 100755 --- a/queries/21-azure_insight_cosmosdb_account_which_allows_traffic_from_all_networks_and_internet.yaml +++ b/queries/21-azure_insight_cosmosdb_account_which_allows_traffic_from_all_networks_and_internet.yaml @@ -1,24 +1,19 @@ +Description: List of database accounts which allows traffic from all networks, including + the public Internet. ID: azure_insight_cosmosdb_account_which_allows_traffic_from_all_networks_and_internet -Title: "Database Accounts with Public access" -Description: "List of database accounts which allows traffic from all networks, including the public Internet." -Connector: -- azure +IntegrationTypeName: +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - region, - virtual_network_rules, subscription_id, og_account_id, og_resource_id - from - azure_cosmosdb_account - where - virtual_network_rules = '[]'; - PrimaryTable: azure_cosmosdb_account ListOfTables: - azure_cosmosdb_account Parameters: [] + PrimaryTable: azure_cosmosdb_account + QueryToExecute: "select\n name,\n region,\n virtual_network_rules, subscription_id,\ + \ og_account_id, og_resource_id\nfrom\n azure_cosmosdb_account\nwhere\n virtual_network_rules\ + \ = '[]';" Tags: category: - Security - Technical Debt +Title: Database Accounts with Public access diff --git a/queries/22-azure_insight_key_vault_with_disabled_soft_delete.yaml b/queries/22-azure_insight_key_vault_with_disabled_soft_delete.yaml index 3890674f7..be504f015 100755 --- a/queries/22-azure_insight_key_vault_with_disabled_soft_delete.yaml +++ b/queries/22-azure_insight_key_vault_with_disabled_soft_delete.yaml @@ -1,26 +1,19 @@ +Description: List of key vaults where soft deletion is not enabled ID: azure_insight_key_vault_with_disabled_soft_delete -Title: "Key Vaults with no Deletion Protection" -Description: "List of key vaults where soft deletion is not enabled" -Connector: -- azure +IntegrationTypeName: +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - soft_delete_enabled, - soft_delete_retention_in_days, subscription_id, og_account_id, og_resource_id - from - azure_key_vault - where - not soft_delete_enabled; - PrimaryTable: azure_key_vault ListOfTables: - azure_key_vault Parameters: [] + PrimaryTable: azure_key_vault + QueryToExecute: "select\n name,\n id,\n soft_delete_enabled,\n soft_delete_retention_in_days,\ + \ subscription_id, og_account_id, og_resource_id\nfrom\n azure_key_vault\nwhere\n\ + \ not soft_delete_enabled;" Tags: category: - Security - Technical Debt - Resiliency +Title: Key Vaults with no Deletion Protection diff --git a/queries/23-azure_insight_kubernetes_cluster_with_rbac_disabled.yaml b/queries/23-azure_insight_kubernetes_cluster_with_rbac_disabled.yaml index 86de06908..8874a18c5 100755 --- a/queries/23-azure_insight_kubernetes_cluster_with_rbac_disabled.yaml +++ b/queries/23-azure_insight_kubernetes_cluster_with_rbac_disabled.yaml @@ -1,27 +1,17 @@ +Description: List clusters that have role-based access control (RBAC) disabled ID: azure_insight_kubernetes_cluster_with_rbac_disabled -Title: "Clusters with no RBAC" -Description: "List clusters that have role-based access control (RBAC) disabled" -Connector: -- azure +IntegrationTypeName: +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - location, - type, - identity, - enable_rbac, - sku, subscription_id, og_account_id, og_resource_id - from - azure_kubernetes_cluster - where - not enable_rbac; - PrimaryTable: azure_kubernetes_cluster ListOfTables: - azure_kubernetes_cluster Parameters: [] + PrimaryTable: azure_kubernetes_cluster + QueryToExecute: "select\n name,\n id,\n location,\n type,\n identity,\n enable_rbac,\n\ + \ sku, subscription_id, og_account_id, og_resource_id\nfrom\n azure_kubernetes_cluster\n\ + where\n not enable_rbac;" Tags: category: - Security +Title: Clusters with no RBAC diff --git a/queries/24-azure_insight_kubernetes_cluster_with_undesired_version.yaml b/queries/24-azure_insight_kubernetes_cluster_with_undesired_version.yaml index c3d4c12a7..7aecfc5a1 100755 --- a/queries/24-azure_insight_kubernetes_cluster_with_undesired_version.yaml +++ b/queries/24-azure_insight_kubernetes_cluster_with_undesired_version.yaml @@ -1,25 +1,16 @@ +Description: List clusters with an undesirable version (older than 1.20.5) ID: azure_insight_kubernetes_cluster_with_undesired_version -Title: "Legacy Kubernetes Clusters" -Description: "List clusters with an undesirable version (older than 1.20.5)" -Connector: -- azure +IntegrationTypeName: +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - location, - type, - kubernetes_version, subscription_id, og_account_id, og_resource_id - from - azure_kubernetes_cluster - where - kubernetes_version < '1.24'; - PrimaryTable: azure_kubernetes_cluster ListOfTables: - azure_kubernetes_cluster Parameters: [] + PrimaryTable: azure_kubernetes_cluster + QueryToExecute: "select\n name,\n id,\n location,\n type,\n kubernetes_version,\ + \ subscription_id, og_account_id, og_resource_id\nfrom\n azure_kubernetes_cluster\n\ + where\n kubernetes_version < '1.24';" Tags: category: - Security @@ -29,3 +20,4 @@ Tags: - Executive - Product - FinOps +Title: Legacy Kubernetes Clusters diff --git a/queries/25-azure_insight_lb_failed.yaml b/queries/25-azure_insight_lb_failed.yaml index 381d88601..3745d12bf 100755 --- a/queries/25-azure_insight_lb_failed.yaml +++ b/queries/25-azure_insight_lb_failed.yaml @@ -1,27 +1,20 @@ +Description: List failed load balancers ID: azure_insight_lb_failed -Title: "Unhealthy Load Balancers" -Description: "List failed load balancers" -Connector: -- azure +IntegrationTypeName: +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - name, - type, - provisioning_state, subscription_id, og_account_id, og_resource_id - from - azure_lb - where - provisioning_state = 'Failed'; - PrimaryTable: azure_lb ListOfTables: - azure_lb Parameters: [] + PrimaryTable: azure_lb + QueryToExecute: "select\n id,\n name,\n type,\n provisioning_state, subscription_id,\ + \ og_account_id, og_resource_id\nfrom\n azure_lb\nwhere\n provisioning_state\ + \ = 'Failed';" Tags: category: - Security - Technical Debt - Resiliency - Cost Management +Title: Unhealthy Load Balancers diff --git a/queries/26-azure_insight_compute_availability_set_without_managed_disk_configuration.yaml b/queries/26-azure_insight_compute_availability_set_without_managed_disk_configuration.yaml index 873d7f29a..6848a08df 100755 --- a/queries/26-azure_insight_compute_availability_set_without_managed_disk_configuration.yaml +++ b/queries/26-azure_insight_compute_availability_set_without_managed_disk_configuration.yaml @@ -1,25 +1,19 @@ +Description: List of availability sets which does not use managed disks configuration ID: azure_insight_compute_availability_set_without_managed_disk_configuration -Title: "AV Sets with Legacy Disks" -Description: "List of availability sets which does not use managed disks configuration" -Connector: -- azure +IntegrationTypeName: +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - sku_name, subscription_id, og_account_id, og_resource_id - from - azure_compute_availability_set - where - sku_name = 'Classic'; - PrimaryTable: azure_compute_availability_set ListOfTables: - azure_compute_availability_set Parameters: [] + PrimaryTable: azure_compute_availability_set + QueryToExecute: "select\n name,\n sku_name, subscription_id, og_account_id, og_resource_id\n\ + from\n azure_compute_availability_set\nwhere\n sku_name = 'Classic';" Tags: category: - Security - Technical Debt - Resiliency - Cost Management +Title: AV Sets with Legacy Disks diff --git a/queries/27-azure_insight_mysql_server_with_minimum_ssl_older_than_1_point_2.yaml b/queries/27-azure_insight_mysql_server_with_minimum_ssl_older_than_1_point_2.yaml index 20b632bb0..ae8559dc9 100755 --- a/queries/27-azure_insight_mysql_server_with_minimum_ssl_older_than_1_point_2.yaml +++ b/queries/27-azure_insight_mysql_server_with_minimum_ssl_older_than_1_point_2.yaml @@ -1,26 +1,19 @@ +Description: List servers with minimum TLS version lower than 1.2 ID: azure_insight_mysql_server_with_minimum_ssl_older_than_1_point_2 -Title: "Servers with Vulnerable TLSA" -Description: "List servers with minimum TLS version lower than 1.2" -Connector: -- azure +IntegrationTypeName: +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - minimal_tls_version, subscription_id, og_account_id, og_resource_id - from - azure_mysql_server - where - (minimal_tls_version = 'TLS1_0' - or minimal_tls_version = 'TLS1_1'); - PrimaryTable: azure_mysql_server ListOfTables: - azure_mysql_server Parameters: [] + PrimaryTable: azure_mysql_server + QueryToExecute: "select\n name,\n id,\n minimal_tls_version, subscription_id,\ + \ og_account_id, og_resource_id\nfrom\n azure_mysql_server\nwhere\n (minimal_tls_version\ + \ = 'TLS1_0'\n or minimal_tls_version = 'TLS1_1');" Tags: category: - Security - Technical Debt - Cost Management +Title: Servers with Vulnerable TLSA diff --git a/queries/28-azure_insight_virtual_network_with_public_cidr.yaml b/queries/28-azure_insight_virtual_network_with_public_cidr.yaml index 2eb7bdf47..09df291cf 100755 --- a/queries/28-azure_insight_virtual_network_with_public_cidr.yaml +++ b/queries/28-azure_insight_virtual_network_with_public_cidr.yaml @@ -1,30 +1,21 @@ +Description: List Virtual Networks with public CIDR blocks ID: azure_insight_virtual_network_with_public_cidr -Title: "vNets with Public IP Range" -Description: "List Virtual Networks with public CIDR blocks" -Connector: -- azure +IntegrationTypeName: +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - cidr_block, - region, - resource_group, subscription_id, og_account_id, og_resource_id - from - azure_virtual_network - cross join jsonb_array_elements_text(address_prefixes) as cidr_block - where - (not cidr_block :: cidr <<= '10.0.0.0/16' - and not cidr_block :: cidr <<= '192.168.0.0/16' - and not cidr_block :: cidr <<= '172.16.0.0/12'); - PrimaryTable: azure_virtual_network ListOfTables: - azure_virtual_network Parameters: [] + PrimaryTable: azure_virtual_network + QueryToExecute: "select\n name,\n cidr_block,\n region,\n resource_group, subscription_id,\ + \ og_account_id, og_resource_id\nfrom\n azure_virtual_network\n cross join jsonb_array_elements_text(address_prefixes)\ + \ as cidr_block\nwhere\n (not cidr_block :: cidr <<= '10.0.0.0/16'\n and not\ + \ cidr_block :: cidr <<= '192.168.0.0/16'\n and not cidr_block :: cidr <<= '172.16.0.0/12');" Tags: category: - Security - Technical Debt - Resiliency - Resiliency +Title: vNets with Public IP Range diff --git a/queries/29-azure_insight_storage_account_with_public_blob_access.yaml b/queries/29-azure_insight_storage_account_with_public_blob_access.yaml index 811bf72a0..f802ce460 100755 --- a/queries/29-azure_insight_storage_account_with_public_blob_access.yaml +++ b/queries/29-azure_insight_storage_account_with_public_blob_access.yaml @@ -1,24 +1,18 @@ +Description: List storage accounts that allow blob public access ID: azure_insight_storage_account_with_public_blob_access -Title: "Storage Accounts with Public Internet" -Description: "List storage accounts that allow blob public access" -Connector: -- azure +IntegrationTypeName: +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - allow_blob_public_access, subscription_id, og_account_id, og_resource_id - from - azure_storage_account - where - allow_blob_public_access; - PrimaryTable: azure_storage_account ListOfTables: - azure_storage_account Parameters: [] + PrimaryTable: azure_storage_account + QueryToExecute: "select\n name,\n allow_blob_public_access, subscription_id, og_account_id,\ + \ og_resource_id\nfrom\n azure_storage_account\nwhere\n allow_blob_public_access;" Tags: category: - Security - Technical Debt - Resiliency +Title: Storage Accounts with Public Internet diff --git a/queries/3-aws_insight_lambda_function_with_unsupported_engine.yaml b/queries/3-aws_insight_lambda_function_with_unsupported_engine.yaml index 4c4153636..6cc4ea362 100755 --- a/queries/3-aws_insight_lambda_function_with_unsupported_engine.yaml +++ b/queries/3-aws_insight_lambda_function_with_unsupported_engine.yaml @@ -1,15 +1,21 @@ +Description: List Lambda Functions which are using unsupported engines ID: aws_insight_lambda_function_with_unsupported_engine -Title: "List Lambda Functions with unsupported engines" -Description: "List Lambda Functions which are using unsupported engines" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: select name, runtime, handler, arn, account_id, og_account_id, og_resource_id from aws_lambda_function WHERE (runtime != 'nodejs18.x' AND runtime != 'nodejs16.x' AND runtime != 'nodejs14.x' AND runtime != 'python3.11' AND runtime != 'python3.10' AND runtime != 'python3.9' AND runtime != 'python3.8' AND runtime != 'python3.7' AND runtime != 'java17' AND runtime != 'java11' AND runtime != 'java8.al2' AND runtime != 'java8' AND runtime != 'dotnet7' AND runtime != 'dotnet6' AND runtime != 'go1.x' AND runtime != 'ruby3.2' AND runtime != 'ruby2.7' AND runtime != 'provided.al2' AND runtime != 'provided'); - PrimaryTable: aws_lambda_function ListOfTables: - aws_lambda_function Parameters: [] + PrimaryTable: aws_lambda_function + QueryToExecute: select name, runtime, handler, arn, account_id, og_account_id, og_resource_id + from aws_lambda_function WHERE (runtime != 'nodejs18.x' AND runtime != 'nodejs16.x' + AND runtime != 'nodejs14.x' AND runtime != 'python3.11' AND runtime != 'python3.10' + AND runtime != 'python3.9' AND runtime != 'python3.8' AND runtime != 'python3.7' + AND runtime != 'java17' AND runtime != 'java11' AND runtime != 'java8.al2' AND + runtime != 'java8' AND runtime != 'dotnet7' AND runtime != 'dotnet6' AND runtime + != 'go1.x' AND runtime != 'ruby3.2' AND runtime != 'ruby2.7' AND runtime != 'provided.al2' + AND runtime != 'provided'); Tags: category: - Technical Debt @@ -18,3 +24,4 @@ Tags: - Executive - Product - FinOps +Title: List Lambda Functions with unsupported engines diff --git a/queries/30-azure_insight_storage_account_with_disabled_encryption_in_transit.yaml b/queries/30-azure_insight_storage_account_with_disabled_encryption_in_transit.yaml index 7ff999b60..333d120f6 100755 --- a/queries/30-azure_insight_storage_account_with_disabled_encryption_in_transit.yaml +++ b/queries/30-azure_insight_storage_account_with_disabled_encryption_in_transit.yaml @@ -1,24 +1,18 @@ +Description: List storage accounts with encryption in transit disabled ID: azure_insight_storage_account_with_disabled_encryption_in_transit -Title: "Storage Accounts No Unecrypted Transit" -Description: "List storage accounts with encryption in transit disabled" -Connector: -- azure +IntegrationTypeName: +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - enable_https_traffic_only, subscription_id, og_account_id, og_resource_id - from - azure_storage_account - where - not enable_https_traffic_only; - PrimaryTable: azure_storage_account ListOfTables: - azure_storage_account Parameters: [] + PrimaryTable: azure_storage_account + QueryToExecute: "select\n name,\n enable_https_traffic_only, subscription_id,\ + \ og_account_id, og_resource_id\nfrom\n azure_storage_account\nwhere\n not enable_https_traffic_only;" Tags: category: - Security - Technical Debt - Resiliency +Title: Storage Accounts No Unecrypted Transit diff --git a/queries/31-azure_compute_vm_remote_access_restricted_all_ports.yaml b/queries/31-azure_compute_vm_remote_access_restricted_all_ports.yaml index f9b21e1bc..641a096a7 100755 --- a/queries/31-azure_compute_vm_remote_access_restricted_all_ports.yaml +++ b/queries/31-azure_compute_vm_remote_access_restricted_all_ports.yaml @@ -1,48 +1,31 @@ +Description: VMs with restricts remote access from internet ID: azure_insight_compute_vm_remote_access_restricted_all_ports -Title: "VMs with restricts remote access from internet" -Description: "VMs with restricts remote access from internet" -Connector: -- azure +IntegrationTypeName: +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - with network_sg as ( - select - distinct name as sg_name, - network_interfaces - from - azure_network_security_group as nsg, - jsonb_array_elements(security_rules) as sg, - jsonb_array_elements_text(sg -> 'properties' -> 'destinationPortRanges' || (sg -> 'properties' -> 'destinationPortRange') :: jsonb) as dport, - jsonb_array_elements_text(sg -> 'properties' -> 'sourceAddressPrefixes' || (sg -> 'properties' -> 'sourceAddressPrefix') :: jsonb) as sip - where - sg -> 'properties' ->> 'access' = 'Allow' - and sg -> 'properties' ->> 'direction' = 'Inbound' - and sg -> 'properties' ->> 'protocol' in ('TCP','*') - and sip in ('*', '0.0.0.0', '0.0.0.0/0', 'Internet', '/0', '/0') - ) - select - vm.vm_id as resource, - vm.subscription_id, vm.og_account_id, vm.og_resource_id, - case - when sg.sg_name is null then 'ok' - else 'alarm' - end as status, - case - when sg.sg_name is null then vm.title || ' restricts remote access from internet.' - else vm.title || ' allows remote access from internet.' - end as reason - - , vm.resource_group as resource_group - , sub.display_name as subscription - from - azure_compute_virtual_machine as vm - left join network_sg as sg on sg.network_interfaces @> vm.network_interfaces - join azure_subscription as sub on sub.subscription_id = vm.subscription_id; - PrimaryTable: azure_compute_disk ListOfTables: - azure_compute_disk Parameters: [] + PrimaryTable: azure_compute_disk + QueryToExecute: "with network_sg as (\n select\n distinct name as sg_name,\n\ + \ network_interfaces\n from\n azure_network_security_group as nsg,\n \ + \ jsonb_array_elements(security_rules) as sg,\n jsonb_array_elements_text(sg\ + \ -> 'properties' -> 'destinationPortRanges' || (sg -> 'properties' -> 'destinationPortRange')\ + \ :: jsonb) as dport,\n jsonb_array_elements_text(sg -> 'properties' -> 'sourceAddressPrefixes'\ + \ || (sg -> 'properties' -> 'sourceAddressPrefix') :: jsonb) as sip\n where\n\ + \ sg -> 'properties' ->> 'access' = 'Allow'\n and sg -> 'properties' ->>\ + \ 'direction' = 'Inbound'\n and sg -> 'properties' ->> 'protocol' in ('TCP','*')\n\ + \ and sip in ('*', '0.0.0.0', '0.0.0.0/0', 'Internet', '/0', '/0')\n)\n\ + select\n vm.vm_id as resource,\n vm.subscription_id, vm.og_account_id, vm.og_resource_id,\n\ + \ case\n when sg.sg_name is null then 'ok'\n else 'alarm'\n end as status,\n\ + \ case\n when sg.sg_name is null then vm.title || ' restricts remote access\ + \ from internet.'\n else vm.title || ' allows remote access from internet.'\n\ + \ end as reason\n \n , vm.resource_group as resource_group\n , sub.display_name\ + \ as subscription\nfrom\n azure_compute_virtual_machine as vm\n left join network_sg\ + \ as sg on sg.network_interfaces @> vm.network_interfaces\n join azure_subscription\ + \ as sub on sub.subscription_id = vm.subscription_id;" Tags: category: - Security +Title: VMs with restricts remote access from internet diff --git a/queries/32-aws_insight_loadbalancer_classic_no_logging.yaml b/queries/32-aws_insight_loadbalancer_classic_no_logging.yaml index 0f142397e..1bea8aad8 100755 --- a/queries/32-aws_insight_loadbalancer_classic_no_logging.yaml +++ b/queries/32-aws_insight_loadbalancer_classic_no_logging.yaml @@ -1,25 +1,20 @@ +Description: List classic Load Balancers without logging ID: aws_insight_loadbalancer_classic_no_logging -Title: "Classic Load Balancers without logging" -Description: "List classic Load Balancers without logging" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - access_log_enabled, account_id, og_account_id, og_resource_id - from - aws_ec2_classic_load_balancer - where - access_log_enabled = 'false'; - PrimaryTable: aws_ec2_classic_load_balancer ListOfTables: - aws_ec2_classic_load_balancer Parameters: [] + PrimaryTable: aws_ec2_classic_load_balancer + QueryToExecute: "select\n name,\n access_log_enabled, account_id, og_account_id,\ + \ og_resource_id\nfrom\n aws_ec2_classic_load_balancer\nwhere\n access_log_enabled\ + \ = 'false';" Tags: category: - Technical Debt persona: - Security - DevOps +Title: Classic Load Balancers without logging diff --git a/queries/33-aws_insight_loadbalancer_application_no_logging.yaml b/queries/33-aws_insight_loadbalancer_application_no_logging.yaml index aa495c324..ec54ec6c0 100755 --- a/queries/33-aws_insight_loadbalancer_application_no_logging.yaml +++ b/queries/33-aws_insight_loadbalancer_application_no_logging.yaml @@ -1,28 +1,21 @@ +Description: List application Load Balancers without logging ID: aws_insight_loadbalancer_application_no_logging -Title: "Application Load Balancers without logging" -Description: "List application Load Balancers without logging" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - lb ->> 'Key' as logging_key, - lb ->> 'Value' as logging_value, account_id, og_account_id, og_resource_id - from - aws_ec2_application_load_balancer - cross join jsonb_array_elements(load_balancer_attributes) as lb - where - lb ->> 'Key' = 'access_logs.s3.enabled' - and lb ->> 'Value' = 'false'; - PrimaryTable: aws_ec2_application_load_balancer ListOfTables: - aws_ec2_application_load_balancer Parameters: [] + PrimaryTable: aws_ec2_application_load_balancer + QueryToExecute: "select\n name,\n lb ->> 'Key' as logging_key,\n lb ->> 'Value'\ + \ as logging_value, account_id, og_account_id, og_resource_id \nfrom\n aws_ec2_application_load_balancer\n\ + \ cross join jsonb_array_elements(load_balancer_attributes) as lb\nwhere\n lb\ + \ ->> 'Key' = 'access_logs.s3.enabled'\n and lb ->> 'Value' = 'false';" Tags: category: - Technical Debt persona: - Security - DevOps +Title: Application Load Balancers without logging diff --git a/queries/34-aws_insight_loadbalancer_network_no_logging.yaml b/queries/34-aws_insight_loadbalancer_network_no_logging.yaml index 2f0614a28..6aeadd53f 100755 --- a/queries/34-aws_insight_loadbalancer_network_no_logging.yaml +++ b/queries/34-aws_insight_loadbalancer_network_no_logging.yaml @@ -1,28 +1,21 @@ +Description: List network Load Balancers without logging ID: aws_insight_loadbalancer_network_no_logging -Title: "Network Load Balancers without logging" -Description: "List network Load Balancers without logging" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - lb ->> 'Key' as logging_key, - lb ->> 'Value' as logging_value, account_id, og_account_id, og_resource_id - from - aws_ec2_network_load_balancer - cross join jsonb_array_elements(load_balancer_attributes) as lb - where - lb ->> 'Key' = 'access_logs.s3.enabled' - and lb ->> 'Value' = 'false'; - PrimaryTable: aws_ec2_network_load_balancer ListOfTables: - aws_ec2_network_load_balancer Parameters: [] + PrimaryTable: aws_ec2_network_load_balancer + QueryToExecute: "select\n name,\n lb ->> 'Key' as logging_key,\n lb ->> 'Value'\ + \ as logging_value, account_id, og_account_id, og_resource_id\nfrom\n aws_ec2_network_load_balancer\n\ + \ cross join jsonb_array_elements(load_balancer_attributes) as lb\nwhere\n lb\ + \ ->> 'Key' = 'access_logs.s3.enabled'\n and lb ->> 'Value' = 'false';" Tags: category: - Technical Debt persona: - Security - DevOps +Title: Network Load Balancers without logging diff --git a/queries/35-azure_insight_functionapp_with_unsupported_runtime.yaml b/queries/35-azure_insight_functionapp_with_unsupported_runtime.yaml index aa7038cf1..9f721a60f 100755 --- a/queries/35-azure_insight_functionapp_with_unsupported_runtime.yaml +++ b/queries/35-azure_insight_functionapp_with_unsupported_runtime.yaml @@ -1,63 +1,33 @@ +Description: List Function Apps with unsupported runtime ID: azure_insight_functionapp_with_unsupported_runtime -Title: "Function Apps with unsupported runtime" -Description: "List Function Apps with unsupported runtime" -Connector: -- azure +IntegrationTypeName: +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - SELECT - id, language_runtime_type, language_runtime_version, subscription_id, og_account_id, og_resource_id - FROM azure_app_service_function_app - WHERE ( - ( - language_runtime_type = 'dotnet' AND ( - language_runtime_version != '6' AND - language_runtime_version != '7' - ) - ) OR ( - language_runtime_type = 'dotnetcore' AND ( - language_runtime_version != 'v4.0' AND - language_runtime_version != 'v6.0' AND - language_runtime_version != 'v7.0' AND - language_runtime_version != '6' AND - language_runtime_version != '7' AND - language_runtime_version != '4' AND - language_runtime_version != '4.8' - ) - ) OR ( - language_runtime_type = 'python' AND ( - language_runtime_version != '3.7' AND - language_runtime_version != '3.8' AND - language_runtime_version != '3.9' AND - language_runtime_version != '3.10' AND - language_runtime_version != '3.11' - ) - ) OR ( - language_runtime_type = 'java' AND ( - language_runtime_version != '8' AND - language_runtime_version != '11' AND - language_runtime_version != '17' - ) - ) OR ( - language_runtime_type = 'powershell' AND ( - language_runtime_version != '7.2' - ) - ) OR ( - language_runtime_type = 'node' AND ( - language_runtime_version != '14' AND - language_runtime_version != '16' AND - language_runtime_version != '18' AND - language_runtime_version != '~14' AND - language_runtime_version != '~16' AND - language_runtime_version != '~18' - ) - ) - ); - PrimaryTable: azure_app_service_function_app ListOfTables: - azure_app_service_function_app Parameters: [] + PrimaryTable: azure_app_service_function_app + QueryToExecute: "SELECT \n id, language_runtime_type, language_runtime_version,\ + \ subscription_id, og_account_id, og_resource_id\nFROM azure_app_service_function_app\n\ + WHERE ( \n (\n language_runtime_type = 'dotnet' AND (\n language_runtime_version\ + \ != '6' AND\n language_runtime_version != '7'\n )\n ) OR (\n language_runtime_type\ + \ = 'dotnetcore' AND (\n language_runtime_version != 'v4.0' AND\n language_runtime_version\ + \ != 'v6.0' AND\n language_runtime_version != 'v7.0' AND\n language_runtime_version\ + \ != '6' AND\n language_runtime_version != '7' AND\n language_runtime_version\ + \ != '4' AND\n language_runtime_version != '4.8'\n )\n ) OR (\n language_runtime_type\ + \ = 'python' AND (\n language_runtime_version != '3.7' AND\n language_runtime_version\ + \ != '3.8' AND\n language_runtime_version != '3.9' AND\n language_runtime_version\ + \ != '3.10' AND\n language_runtime_version != '3.11'\n )\n ) OR (\n \ + \ language_runtime_type = 'java' AND (\n language_runtime_version != '8'\ + \ AND\n language_runtime_version != '11' AND\n language_runtime_version\ + \ != '17'\n )\n ) OR (\n language_runtime_type = 'powershell' AND (\n \ + \ language_runtime_version != '7.2'\n )\n ) OR (\n language_runtime_type\ + \ = 'node' AND (\n language_runtime_version != '14' AND\n language_runtime_version\ + \ != '16' AND\n language_runtime_version != '18' AND\n language_runtime_version\ + \ != '~14' AND\n language_runtime_version != '~16' AND\n language_runtime_version\ + \ != '~18'\n )\n )\n);" Tags: category: - Technical Debt +Title: Function Apps with unsupported runtime diff --git a/queries/36-aws_insight_deprecated_eks.yaml b/queries/36-aws_insight_deprecated_eks.yaml index 7c7d5dba4..15eaf51b3 100755 --- a/queries/36-aws_insight_deprecated_eks.yaml +++ b/queries/36-aws_insight_deprecated_eks.yaml @@ -1,15 +1,16 @@ +Description: EKS clusters running anything other than 1.27, 1.26, 1.25, 1.24, 1.23 ID: aws_insight_deprecated_eks -Title: "Deprecated EKS clusters" -Description: "EKS clusters running anything other than 1.27, 1.26, 1.25, 1.24, 1.23" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: SELECT name, arn, version, account_id, og_account_id, og_resource_id FROM aws_eks_cluster WHERE version != '1.27' AND version != '1.26' AND version != '1.25' AND version != '1.24' AND version != '1.23' - PrimaryTable: aws_eks_cluster ListOfTables: - aws_eks_cluster Parameters: [] + PrimaryTable: aws_eks_cluster + QueryToExecute: SELECT name, arn, version, account_id, og_account_id, og_resource_id + FROM aws_eks_cluster WHERE version != '1.27' AND version != '1.26' AND version + != '1.25' AND version != '1.24' AND version != '1.23' Tags: category: - Technical Debt @@ -17,3 +18,4 @@ Tags: - Executive - Product - FinOps +Title: Deprecated EKS clusters diff --git a/queries/37-azure_insight_legacy_application_gateway.yaml b/queries/37-azure_insight_legacy_application_gateway.yaml index 9526f0ce0..2e3707248 100755 --- a/queries/37-azure_insight_legacy_application_gateway.yaml +++ b/queries/37-azure_insight_legacy_application_gateway.yaml @@ -1,15 +1,16 @@ +Description: This insight returns all legacy application gateways. ID: azure_insight_legacy_application_gateway -Title: "Legacy Application Gateways" -Description: "This insight returns all legacy application gateways." -Connector: -- azure +IntegrationTypeName: +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: SELECT name, id, sku->'tier' AS tier, subscription_id, og_account_id, og_resource_id FROM azure_application_gateway WHERE NOT sku IS NULL AND sku->>'tier' = 'Standard_v2'; - PrimaryTable: azure_application_gateway ListOfTables: - azure_application_gateway Parameters: [] + PrimaryTable: azure_application_gateway + QueryToExecute: SELECT name, id, sku->'tier' AS tier, subscription_id, og_account_id, + og_resource_id FROM azure_application_gateway WHERE NOT sku IS NULL AND sku->>'tier' + = 'Standard_v2'; Tags: category: - Technical Debt @@ -17,3 +18,4 @@ Tags: - Executive - Product - FinOps +Title: Legacy Application Gateways diff --git a/queries/38-azure_insight_legacy_virtual_machine.yaml b/queries/38-azure_insight_legacy_virtual_machine.yaml index 9ca6d22b5..a2e9fc231 100755 --- a/queries/38-azure_insight_legacy_virtual_machine.yaml +++ b/queries/38-azure_insight_legacy_virtual_machine.yaml @@ -1,17 +1,41 @@ +Description: This insight identifies virtual machines that are running on legacy hardware. ID: azure_insight_legacy_virtual_machine -Title: "Legacy Virtual Machine" -Description: "This insight identifies virtual machines that are running on legacy hardware." -Connector: -- azure +IntegrationTypeName: +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - SELECT name, power_state, id, subscription_id, og_account_id, og_resource_id FROM azure_compute_virtual_machine WHERE (size = 'Standard_F1' OR size = 'Standard_F2' OR size = 'Standard_F4' OR size = 'Standard_F8' OR size = 'Standard_F16' OR size = 'Standard_F1s' OR size = 'Standard_F2s' OR size = 'Standard_F4s' OR size = 'Standard_F8s' OR size = 'Standard_F16s' OR size = 'Standard_NV6s_v2' OR size = 'Standard_NV12s_v2' OR size = 'Standard_NV24s_v2' OR size = 'A0\Basic_A0' OR size = 'A1\Basic_A1' OR size = 'A2\Basic_A2' OR size = 'A3\Basic_A3' OR size = 'A4\Basic_A4' OR size = 'Standard_A0' OR size = 'Standard_A1' OR size = 'Standard_A2' OR size = 'Standard_A3' OR size = 'Standard_A4' OR size = 'Standard_A5' OR size = 'Standard_A6' OR size = 'Standard_A7' OR size = 'Standard_A8' OR size = 'Standard_A9' OR size = 'Standard_A10' OR size = 'Standard_A11' OR size = 'Standard_D1' OR size = 'Standard_D2' OR size = 'Standard_D3' OR size = 'Standard_D4' OR size = 'Standard_D11' OR size = 'Standard_D12' OR size = 'Standard_D13' OR size = 'Standard_D14' OR size = 'Standard_DC2s' OR size = 'Standard_DC4s' OR size = 'Standard_DS1' OR size = 'Standard_DS2' OR size = 'Standard_DS3' OR size = 'Standard_DS4' OR size = 'Standard_DS11' OR size = 'Standard_DS12' OR size = 'Standard_DS13' OR size = 'Standard_DS14' OR size = 'Standard_L4s' OR size = 'Standard_L8s' OR size = 'Standard_L16s' OR size = 'Standard_L32s' OR size = 'Standard_GS1' OR size = 'Standard_GS2' OR size = 'Standard_GS3' OR size = 'Standard_GS4' OR size = 'Standard_GS5' OR size = 'Standard_G1' OR size = 'Standard_G2' OR size = 'Standard_G3' OR size = 'Standard_G4' OR size = 'Standard_G5' OR size = 'Standard_NC6' OR size = 'Standard_NC12' OR size = 'Standard_NC24' OR size = 'Standard_NC24r' OR size = 'Standard_NC6s_v2' OR size = 'Standard_NC12s_v2' OR size = 'Standard_NC24s_v2' OR size = 'Standard_NC24rs_v2' OR size = 'Standard_ND6s' OR size = 'Standard_ND12s' OR size = 'Standard_ND24s' OR size = 'Standard_ND24rs') - ; - PrimaryTable: azure_application_gateway ListOfTables: - azure_application_gateway Parameters: [] + PrimaryTable: azure_application_gateway + QueryToExecute: 'SELECT name, power_state, id, subscription_id, og_account_id, og_resource_id + FROM azure_compute_virtual_machine WHERE (size = ''Standard_F1'' OR size = ''Standard_F2'' + OR size = ''Standard_F4'' OR size = ''Standard_F8'' OR size = ''Standard_F16'' + OR size = ''Standard_F1s'' OR size = ''Standard_F2s'' OR size = ''Standard_F4s'' + OR size = ''Standard_F8s'' OR size = ''Standard_F16s'' OR size = ''Standard_NV6s_v2'' + OR size = ''Standard_NV12s_v2'' OR size = ''Standard_NV24s_v2'' OR size = ''A0\Basic_A0'' + OR size = ''A1\Basic_A1'' OR size = ''A2\Basic_A2'' OR size = ''A3\Basic_A3'' + OR size = ''A4\Basic_A4'' OR size = ''Standard_A0'' OR size = ''Standard_A1'' + OR size = ''Standard_A2'' OR size = ''Standard_A3'' OR size = ''Standard_A4'' + OR size = ''Standard_A5'' OR size = ''Standard_A6'' OR size = ''Standard_A7'' + OR size = ''Standard_A8'' OR size = ''Standard_A9'' OR size = ''Standard_A10'' + OR size = ''Standard_A11'' OR size = ''Standard_D1'' OR size = ''Standard_D2'' + OR size = ''Standard_D3'' OR size = ''Standard_D4'' OR size = ''Standard_D11'' + OR size = ''Standard_D12'' OR size = ''Standard_D13'' OR size = ''Standard_D14'' + OR size = ''Standard_DC2s'' OR size = ''Standard_DC4s'' OR size = ''Standard_DS1'' + OR size = ''Standard_DS2'' OR size = ''Standard_DS3'' OR size = ''Standard_DS4'' + OR size = ''Standard_DS11'' OR size = ''Standard_DS12'' OR size = ''Standard_DS13'' + OR size = ''Standard_DS14'' OR size = ''Standard_L4s'' OR size = ''Standard_L8s'' + OR size = ''Standard_L16s'' OR size = ''Standard_L32s'' OR size = ''Standard_GS1'' + OR size = ''Standard_GS2'' OR size = ''Standard_GS3'' OR size = ''Standard_GS4'' + OR size = ''Standard_GS5'' OR size = ''Standard_G1'' OR size = ''Standard_G2'' + OR size = ''Standard_G3'' OR size = ''Standard_G4'' OR size = ''Standard_G5'' + OR size = ''Standard_NC6'' OR size = ''Standard_NC12'' OR size = ''Standard_NC24'' + OR size = ''Standard_NC24r'' OR size = ''Standard_NC6s_v2'' OR size = ''Standard_NC12s_v2'' + OR size = ''Standard_NC24s_v2'' OR size = ''Standard_NC24rs_v2'' OR size = ''Standard_ND6s'' + OR size = ''Standard_ND12s'' OR size = ''Standard_ND24s'' OR size = ''Standard_ND24rs'') + + ;' Tags: category: - Technical Debt @@ -19,3 +43,4 @@ Tags: - Executive - Product - FinOps +Title: Legacy Virtual Machine diff --git a/queries/39-aws_insight_legacy_rds_instances.yaml b/queries/39-aws_insight_legacy_rds_instances.yaml index 6a726a790..c691d9fc0 100755 --- a/queries/39-aws_insight_legacy_rds_instances.yaml +++ b/queries/39-aws_insight_legacy_rds_instances.yaml @@ -1,15 +1,15 @@ +Description: RDS instances that are not using the supported instance types ID: aws_insight_legacy_rds_instances -Title: "Legacy RDS Instances" -Description: "RDS instances that are not using the supported instance types" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: SELECT db_instance_identifier, arn, status, class, account_id, og_account_id, og_resource_id FROM aws_rds_db_instance WHERE (class LIKE ANY(ARRAY['db.m1.%','db.m2.%','db.r3.%'])) - PrimaryTable: aws_rds_db_instance ListOfTables: - aws_rds_db_instance Parameters: [] + PrimaryTable: aws_rds_db_instance + QueryToExecute: SELECT db_instance_identifier, arn, status, class, account_id, og_account_id, + og_resource_id FROM aws_rds_db_instance WHERE (class LIKE ANY(ARRAY['db.m1.%','db.m2.%','db.r3.%'])) Tags: category: - Technical Debt @@ -17,3 +17,4 @@ Tags: - Executive - Product - FinOps +Title: Legacy RDS Instances diff --git a/queries/4-aws_insight_ebs_volume_unencrypted.yaml b/queries/4-aws_insight_ebs_volume_unencrypted.yaml index eb724041f..1548d5a18 100755 --- a/queries/4-aws_insight_ebs_volume_unencrypted.yaml +++ b/queries/4-aws_insight_ebs_volume_unencrypted.yaml @@ -1,19 +1,15 @@ +Description: List of unencrypted EBS volumes ID: aws_insight_ebs_volume_unencrypted -Title: "Unencrypted EBS Disks" -Description: "List of unencrypted EBS volumes" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select volume_id, encrypted, account_id, og_account_id, og_resource_id from - aws_ebs_volume - where - not encrypted; - PrimaryTable: aws_ebs_volume ListOfTables: - aws_ebs_volume Parameters: [] + PrimaryTable: aws_ebs_volume + QueryToExecute: "select volume_id, encrypted, account_id, og_account_id, og_resource_id\ + \ from\n aws_ebs_volume\nwhere\n not encrypted;" Tags: category: - Security @@ -22,3 +18,4 @@ Tags: - Security - DevOps - Product +Title: Unencrypted EBS Disks diff --git a/queries/40-aws_insight_accounts_without_cloudtrail.yaml b/queries/40-aws_insight_accounts_without_cloudtrail.yaml index e059298a5..fd209b279 100755 --- a/queries/40-aws_insight_accounts_without_cloudtrail.yaml +++ b/queries/40-aws_insight_accounts_without_cloudtrail.yaml @@ -1,16 +1,17 @@ +Description: AWS Accounts with CloudTrail disabled ID: aws_insight_accounts_without_cloudtrail -Title: "AWS Accounts without CloudTrail" -Description: "AWS Accounts with CloudTrail disabled" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: select id AS account_id, og_id AS og_account_id from og_connections where (connector = 'AWS' AND lifecycle_state = 'onboard' AND id NOT IN (select distinct account_id from aws_cloudtrail_trail)) - PrimaryTable: null ListOfTables: - og_connections - aws_cloudtrail_trail Parameters: [] + PrimaryTable: null + QueryToExecute: select id AS account_id, og_id AS og_account_id from og_connections + where (connector = 'AWS' AND lifecycle_state = 'onboard' AND id NOT IN (select + distinct account_id from aws_cloudtrail_trail)) Tags: category: - Security @@ -19,3 +20,4 @@ Tags: - Security - Executive - Product +Title: AWS Accounts without CloudTrail diff --git a/queries/41-aws_insight_root_login_last_90_days.yaml b/queries/41-aws_insight_root_login_last_90_days.yaml index c775d8f8a..e9fb49814 100755 --- a/queries/41-aws_insight_root_login_last_90_days.yaml +++ b/queries/41-aws_insight_root_login_last_90_days.yaml @@ -1,15 +1,16 @@ +Description: AWS accounts whose root user has logged in within the last 90 days ID: aws_insight_root_login_last_90_days -Title: "AWS accounts with root login in the last 90 days" -Description: "AWS accounts whose root user has logged in within the last 90 days" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: select user_arn, password_last_used, account_id, og_account_id, og_resource_id from aws_iam_credential_report where (user_name = '' AND (current_date - DATE(password_last_used)) > 90) - PrimaryTable: aws_iam_credential_report ListOfTables: - aws_iam_credential_report Parameters: [] + PrimaryTable: aws_iam_credential_report + QueryToExecute: select user_arn, password_last_used, account_id, og_account_id, + og_resource_id from aws_iam_credential_report where (user_name = '' + AND (current_date - DATE(password_last_used)) > 90) Tags: category: - Security @@ -18,3 +19,4 @@ Tags: - Security - Executive - Product +Title: AWS accounts with root login in the last 90 days diff --git a/queries/42-aws_insight_account_with_root_access_key.yaml b/queries/42-aws_insight_account_with_root_access_key.yaml index b00887f35..4249620db 100755 --- a/queries/42-aws_insight_account_with_root_access_key.yaml +++ b/queries/42-aws_insight_account_with_root_access_key.yaml @@ -1,15 +1,16 @@ +Description: AWS Account whose root user has an access key enabled. ID: aws_insight_account_with_root_access_key -Title: "AWS Account with Root Access Key Enabled" -Description: "AWS Account whose root user has an access key enabled." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: select user_arn, account_id, og_account_id, og_resource_id from aws_iam_credential_report where (user_name = '' AND (access_key_1_active = true OR access_key_2_active = true)) - PrimaryTable: aws_iam_credential_report ListOfTables: - aws_iam_credential_report Parameters: [] + PrimaryTable: aws_iam_credential_report + QueryToExecute: select user_arn, account_id, og_account_id, og_resource_id from + aws_iam_credential_report where (user_name = '' AND (access_key_1_active + = true OR access_key_2_active = true)) Tags: category: - Security @@ -18,3 +19,4 @@ Tags: - Security - Executive - Product +Title: AWS Account with Root Access Key Enabled diff --git a/queries/43-aws_insight_account_without_root_mfa.yaml b/queries/43-aws_insight_account_without_root_mfa.yaml index 556fff266..ee7f92d61 100755 --- a/queries/43-aws_insight_account_without_root_mfa.yaml +++ b/queries/43-aws_insight_account_without_root_mfa.yaml @@ -1,15 +1,16 @@ +Description: AWS account whose root user does not have MFA enabled. ID: aws_insight_account_without_root_mfa -Title: "AWS Account without Root MFA" -Description: "AWS account whose root user does not have MFA enabled." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: select user_arn, account_id, og_account_id, og_resource_id from aws_iam_credential_report where (user_name = '' AND mfa_active = false) - PrimaryTable: aws_iam_credential_report ListOfTables: - aws_iam_credential_report Parameters: [] + PrimaryTable: aws_iam_credential_report + QueryToExecute: select user_arn, account_id, og_account_id, og_resource_id from + aws_iam_credential_report where (user_name = '' AND mfa_active = + false) Tags: category: - Security @@ -18,3 +19,4 @@ Tags: - Security - Executive - Product +Title: AWS Account without Root MFA diff --git a/queries/44-aws_insight_account_with_many_saml_providers.yaml b/queries/44-aws_insight_account_with_many_saml_providers.yaml index 940308764..67f2e1fa4 100755 --- a/queries/44-aws_insight_account_with_many_saml_providers.yaml +++ b/queries/44-aws_insight_account_with_many_saml_providers.yaml @@ -1,20 +1,19 @@ +Description: AWS Account with more than 1 SAML provider ID: aws_insight_account_with_many_saml_providers -Title: "AWS Account with many SAML providers" -Description: "AWS Account with more than 1 SAML provider" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - SELECT account_id, og_account_id, CAST(SUM(saml_provider_count) AS INTEGER) AS saml_provider_count FROM ( - SELECT account_id, og_account_id, COUNT(*) as saml_provider_count FROM aws_iam_saml_provider GROUP BY account_id, og_account_id - UNION - SELECT account_id, og_account_id, COUNT(*) as saml_provider_count FROM aws_iam_open_id_connect_provider GROUP BY account_id, og_account_id - ) AS final WHERE saml_provider_count > 1 GROUP BY account_id, og_account_id - PrimaryTable: aws_iam_credential_report ListOfTables: - aws_iam_credential_report Parameters: [] + PrimaryTable: aws_iam_credential_report + QueryToExecute: "SELECT account_id, og_account_id, CAST(SUM(saml_provider_count)\ + \ AS INTEGER) AS saml_provider_count FROM (\n SELECT account_id, og_account_id,\ + \ COUNT(*) as saml_provider_count FROM aws_iam_saml_provider GROUP BY account_id,\ + \ og_account_id\n UNION\n SELECT account_id, og_account_id, COUNT(*) as saml_provider_count\ + \ FROM aws_iam_open_id_connect_provider GROUP BY account_id, og_account_id\n)\ + \ AS final WHERE saml_provider_count > 1 GROUP BY account_id, og_account_id" Tags: category: - Security @@ -23,3 +22,4 @@ Tags: - Security - Executive - Product +Title: AWS Account with many SAML providers diff --git a/queries/45-aws_insight_account_without_mfa.yaml b/queries/45-aws_insight_account_without_mfa.yaml index 6f70c5b4a..239cd60d9 100755 --- a/queries/45-aws_insight_account_without_mfa.yaml +++ b/queries/45-aws_insight_account_without_mfa.yaml @@ -1,15 +1,15 @@ +Description: AWS accounts without MFA enabled ID: aws_insight_account_without_mfa -Title: "AWS Account without MFA" -Description: "AWS accounts without MFA enabled" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: select account_id, og_account_id from aws_iam_account_summary where account_mfa_enabled = false - PrimaryTable: aws_iam_credential_report ListOfTables: - aws_iam_credential_report Parameters: [] + PrimaryTable: aws_iam_credential_report + QueryToExecute: select account_id, og_account_id from aws_iam_account_summary where + account_mfa_enabled = false Tags: category: - Security @@ -17,3 +17,4 @@ Tags: - DevOps - Security - Executive +Title: AWS Account without MFA diff --git a/queries/46-aws_insight_account_with_key_and_password.yaml b/queries/46-aws_insight_account_with_key_and_password.yaml index 7867ad73e..46eabeaeb 100755 --- a/queries/46-aws_insight_account_with_key_and_password.yaml +++ b/queries/46-aws_insight_account_with_key_and_password.yaml @@ -1,15 +1,16 @@ +Description: AWS accounts with access key and console password both enabled ID: aws_insight_account_with_key_and_password -Title: "AWS Account with Access Key and Console Password" -Description: "AWS accounts with access key and console password both enabled" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: select user_arn, account_id, og_account_id, og_resource_id from aws_iam_credential_report where (password_enabled = true AND (access_key_1_active = true OR access_key_2_active = true)) - PrimaryTable: aws_iam_credential_report ListOfTables: - aws_iam_credential_report Parameters: [] + PrimaryTable: aws_iam_credential_report + QueryToExecute: select user_arn, account_id, og_account_id, og_resource_id from + aws_iam_credential_report where (password_enabled = true AND (access_key_1_active + = true OR access_key_2_active = true)) Tags: category: - Security @@ -17,3 +18,4 @@ Tags: - DevOps - Security - Executive +Title: AWS Account with Access Key and Console Password diff --git a/queries/47-aws_insight_account_with_unused_key.yaml b/queries/47-aws_insight_account_with_unused_key.yaml index 7d73f8b02..47907a126 100755 --- a/queries/47-aws_insight_account_with_unused_key.yaml +++ b/queries/47-aws_insight_account_with_unused_key.yaml @@ -1,15 +1,19 @@ +Description: This insight returns a list of AWS accounts with unused access keys. ID: aws_insight_account_with_unused_key -Title: "AWS Accounts with Unused Access Keys" -Description: "This insight returns a list of AWS accounts with unused access keys." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: select access_key_1_active, access_key_1_last_used_date, access_key_2_active, access_key_2_last_used_date, user_arn, account_id, og_account_id, og_resource_id from aws_iam_credential_report where ((access_key_1_active = true AND (access_key_1_last_used_date IS NULL OR (current_date - DATE(access_key_1_last_used_date)) > 90)) OR (access_key_2_active = true AND (access_key_2_last_used_date IS NULL OR (current_date - DATE(access_key_2_last_used_date)) > 90))) - PrimaryTable: aws_iam_credential_report ListOfTables: - aws_iam_credential_report Parameters: [] + PrimaryTable: aws_iam_credential_report + QueryToExecute: select access_key_1_active, access_key_1_last_used_date, access_key_2_active, + access_key_2_last_used_date, user_arn, account_id, og_account_id, og_resource_id + from aws_iam_credential_report where ((access_key_1_active = true AND (access_key_1_last_used_date + IS NULL OR (current_date - DATE(access_key_1_last_used_date)) > 90)) OR (access_key_2_active + = true AND (access_key_2_last_used_date IS NULL OR (current_date - DATE(access_key_2_last_used_date)) + > 90))) Tags: category: - Security @@ -17,3 +21,4 @@ Tags: - DevOps - Security - Executive +Title: AWS Accounts with Unused Access Keys diff --git a/queries/48-aws_insight_iam_user_with_old_keys.yaml b/queries/48-aws_insight_iam_user_with_old_keys.yaml index af2dc9b38..14cc00acb 100755 --- a/queries/48-aws_insight_iam_user_with_old_keys.yaml +++ b/queries/48-aws_insight_iam_user_with_old_keys.yaml @@ -1,15 +1,19 @@ +Description: IAM users with access keys older than 90 days ID: aws_insight_iam_user_with_old_keys -Title: "IAM Users with old access keys" -Description: "IAM users with access keys older than 90 days" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: select access_key_1_active, access_key_1_last_rotated, access_key_2_active, access_key_2_last_rotated, user_arn, account_id, og_account_id, og_resource_id from aws_iam_credential_report where ((access_key_1_active = true AND (access_key_1_last_rotated IS NULL OR (current_date - DATE(access_key_1_last_rotated)) > 90)) OR (access_key_2_active = true AND (access_key_2_last_rotated IS NULL OR (current_date - DATE(access_key_2_last_rotated)) > 90))) - PrimaryTable: aws_iam_credential_report ListOfTables: - aws_iam_credential_report Parameters: [] + PrimaryTable: aws_iam_credential_report + QueryToExecute: select access_key_1_active, access_key_1_last_rotated, access_key_2_active, + access_key_2_last_rotated, user_arn, account_id, og_account_id, og_resource_id + from aws_iam_credential_report where ((access_key_1_active = true AND (access_key_1_last_rotated + IS NULL OR (current_date - DATE(access_key_1_last_rotated)) > 90)) OR (access_key_2_active + = true AND (access_key_2_last_rotated IS NULL OR (current_date - DATE(access_key_2_last_rotated)) + > 90))) Tags: category: - Security @@ -17,3 +21,4 @@ Tags: - DevOps - Security - Executive +Title: IAM Users with old access keys diff --git a/queries/49-aws_insight_iam_user_with_old_password.yaml b/queries/49-aws_insight_iam_user_with_old_password.yaml index dea1fb62f..e5d7e7dad 100755 --- a/queries/49-aws_insight_iam_user_with_old_password.yaml +++ b/queries/49-aws_insight_iam_user_with_old_password.yaml @@ -1,15 +1,17 @@ +Description: IAM users with password older than 90 days ID: aws_insight_iam_user_with_old_password -Title: "IAM Users with old access password" -Description: "IAM users with password older than 90 days" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: select password_enabled, password_last_changed, user_arn, account_id, og_account_id, og_resource_id from aws_iam_credential_report where (password_enabled = true AND (password_last_changed IS NULL OR (current_date - DATE(password_last_changed)) > 90)) - PrimaryTable: aws_iam_credential_report ListOfTables: - aws_iam_credential_report Parameters: [] + PrimaryTable: aws_iam_credential_report + QueryToExecute: select password_enabled, password_last_changed, user_arn, account_id, + og_account_id, og_resource_id from aws_iam_credential_report where (password_enabled + = true AND (password_last_changed IS NULL OR (current_date - DATE(password_last_changed)) + > 90)) Tags: category: - Security @@ -17,3 +19,4 @@ Tags: - DevOps - Security - Executive +Title: IAM Users with old access password diff --git a/queries/5-aws_insight_ebs_volume_unattached.yaml b/queries/5-aws_insight_ebs_volume_unattached.yaml index 28da3fd24..6022aebc4 100755 --- a/queries/5-aws_insight_ebs_volume_unattached.yaml +++ b/queries/5-aws_insight_ebs_volume_unattached.yaml @@ -1,21 +1,17 @@ +Description: List of unattached EBS Volumes ID: aws_insight_ebs_volume_unattached -Title: "Unused EBS Disks" -Description: "List of unattached EBS Volumes" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select volume_id, volume_type, account_id, og_account_id, og_resource_id - from - aws_ebs_volume - where - jsonb_array_length(attachments) = 0; - PrimaryTable: aws_ebs_volume ListOfTables: - aws_ebs_volume Parameters: [] + PrimaryTable: aws_ebs_volume + QueryToExecute: "select volume_id, volume_type, account_id, og_account_id, og_resource_id\n\ + from\n aws_ebs_volume\nwhere\n jsonb_array_length(attachments) = 0;" Tags: category: - Technical Debt - Cost Management +Title: Unused EBS Disks diff --git a/queries/6-aws_insight_ec2_instance_of_undesired_type.yaml b/queries/6-aws_insight_ec2_instance_of_undesired_type.yaml index 6d822d392..45e61e473 100755 --- a/queries/6-aws_insight_ec2_instance_of_undesired_type.yaml +++ b/queries/6-aws_insight_ec2_instance_of_undesired_type.yaml @@ -1,15 +1,16 @@ +Description: List of Instances which are not of the desired type. ID: aws_insight_ec2_instance_of_undesired_type -Title: "Legacy Instance Types" -Description: "List of Instances which are not of the desired type." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: SELECT instance_id, arn, instance_type, instance_state, account_id, og_account_id, og_resource_id FROM aws_ec2_instance WHERE instance_type LIKE ANY(array['m1.%', 'm2.%', 'm3.%', 'c1.%', 'c3.%', 'g2.%', 'cr1.%', 'r3.%', 'i2.%', 'hs1.%', 't1.%']); - PrimaryTable: aws_ec2_instance ListOfTables: - aws_ec2_instance Parameters: [] + PrimaryTable: aws_ec2_instance + QueryToExecute: SELECT instance_id, arn, instance_type, instance_state, account_id, + og_account_id, og_resource_id FROM aws_ec2_instance WHERE instance_type LIKE ANY(array['m1.%', + 'm2.%', 'm3.%', 'c1.%', 'c3.%', 'g2.%', 'cr1.%', 'r3.%', 'i2.%', 'hs1.%', 't1.%']); Tags: category: - Technical Debt @@ -17,3 +18,4 @@ Tags: - Executive - Product - FinOps +Title: Legacy Instance Types diff --git a/queries/7-aws_insight_iam_user_with_admin_access.yaml b/queries/7-aws_insight_iam_user_with_admin_access.yaml index 656432d15..c05b33aa4 100755 --- a/queries/7-aws_insight_iam_user_with_admin_access.yaml +++ b/queries/7-aws_insight_iam_user_with_admin_access.yaml @@ -1,21 +1,18 @@ +Description: List all the users having Administrator access ID: aws_insight_iam_user_with_admin_access -Title: "Admin Users" -Description: "List all the users having Administrator access" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select name as user_name, split_part(attachments, '/', 2) as attached_policies, aws_iam_user.account_id, aws_iam_user.og_account_id, aws_iam_user.og_resource_id - from - aws_iam_user - cross join jsonb_array_elements_text(attached_policy_arns) as attachments - where - split_part(attachments, '/', 2) = 'AdministratorAccess'; - PrimaryTable: aws_iam_user ListOfTables: - aws_iam_user Parameters: [] + PrimaryTable: aws_iam_user + QueryToExecute: "select name as user_name, split_part(attachments, '/', 2) as attached_policies,\ + \ aws_iam_user.account_id, aws_iam_user.og_account_id, aws_iam_user.og_resource_id\n\ + from\n aws_iam_user\n cross join jsonb_array_elements_text(attached_policy_arns)\ + \ as attachments\nwhere\n split_part(attachments, '/', 2) = 'AdministratorAccess';" Tags: category: - Security +Title: Admin Users diff --git a/queries/8-aws_insight_iam_user_with_mfa_disabled.yaml b/queries/8-aws_insight_iam_user_with_mfa_disabled.yaml index c581e2cb7..2490468f5 100755 --- a/queries/8-aws_insight_iam_user_with_mfa_disabled.yaml +++ b/queries/8-aws_insight_iam_user_with_mfa_disabled.yaml @@ -1,24 +1,17 @@ +Description: List all the users for whom MFA is not enabled ID: aws_insight_iam_user_with_mfa_disabled -Title: "Users with no MFA" -Description: "List all the users for whom MFA is not enabled" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - user_id, - mfa_enabled, account_id, og_account_id, og_resource_id - from - aws_iam_user - where - not mfa_enabled; - PrimaryTable: aws_iam_user ListOfTables: - aws_iam_user Parameters: [] + PrimaryTable: aws_iam_user + QueryToExecute: "select\n name,\n user_id,\n mfa_enabled, account_id, og_account_id,\ + \ og_resource_id\nfrom\n aws_iam_user\nwhere\n not mfa_enabled;" Tags: category: - Security - Technical Debt +Title: Users with no MFA diff --git a/queries/9-aws_insight_iam_user_with_inline_policies.yaml b/queries/9-aws_insight_iam_user_with_inline_policies.yaml index 897faae40..3a01356f1 100755 --- a/queries/9-aws_insight_iam_user_with_inline_policies.yaml +++ b/queries/9-aws_insight_iam_user_with_inline_policies.yaml @@ -1,23 +1,17 @@ +Description: List users that have inline policies ID: aws_insight_iam_user_with_inline_policies -Title: "Users with Inline Policies" -Description: "List users that have inline policies" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name as user_name, - inline_policies, account_id, og_account_id, og_resource_id - from - aws_iam_user - where - inline_policies is not null; - PrimaryTable: aws_iam_user ListOfTables: - aws_iam_user Parameters: [] + PrimaryTable: aws_iam_user + QueryToExecute: "select\n name as user_name,\n inline_policies, account_id, og_account_id,\ + \ og_resource_id\nfrom\n aws_iam_user\nwhere\n inline_policies is not null;" Tags: category: - Security - Technical Debt +Title: Users with Inline Policies diff --git a/queries/ai_workload.yaml b/queries/ai_workload.yaml index 2d9e73451..bfd3fc85a 100755 --- a/queries/ai_workload.yaml +++ b/queries/ai_workload.yaml @@ -1,41 +1,30 @@ +Description: AI Workload ID: ai_workload -Title: "AI Workload" -Description: "AI Workload" -Connector: -- aws -- azure +IntegrationTypeName: +- aws_cloud +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - case - when resource_type like 'aws::%' then 'AWS' - else 'Azure' - end as provider, - c.name as cloud_account_name, - c.id as _discovered_provider_id, - r.name as name, - r.region as location, - r.connection_id as _og_connection_id, - r.resource_id as _resource_id, - r.resource_type as _resource_type, - r.created_at as _last_discovered - from - og_resources r inner join og_connections c on r.connection_id = c.og_id - where - resource_type IN ('microsoft.cognitiveservices/accounts') - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n case\n when resource_type like 'aws::%' then 'AWS'\n\ + \ else 'Azure'\n end as provider, \n c.name as cloud_account_name, \n c.id\ + \ as _discovered_provider_id,\n r.name as name, \n r.region as location, \n\ + \ r.connection_id as _og_connection_id,\n r.resource_id as _resource_id,\n \ + \ r.resource_type as _resource_type,\n r.created_at as _last_discovered\nfrom\ + \ \n og_resources r inner join og_connections c on r.connection_id = c.og_id\n\ + where \n resource_type IN ('microsoft.cognitiveservices/accounts')" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws - azure cloud_service: - Cognitive Services platform_queries_bookmark: - - "true" + - 'true' +Title: AI Workload diff --git a/queries/autoscaling_workload.yaml b/queries/autoscaling_workload.yaml index 966537563..59c1a1200 100755 --- a/queries/autoscaling_workload.yaml +++ b/queries/autoscaling_workload.yaml @@ -1,39 +1,29 @@ +Description: List All Autoscaling Groups and VM Scale Sets ID: autoscaling_workload -Title: "List All Autoscaling Groups and VM Scale Sets" -Description: "List All Autoscaling Groups and VM Scale Sets" -Connector: -- aws -- azure +IntegrationTypeName: +- aws_cloud +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - case - when resource_type like 'aws::%' then 'AWS' - else 'Azure' - end as provider, - c.name as cloud_account_name, - c.id as _discovered_provider_id, - r.name as name, - r.region as location, - r.connection_id as _og_connection_id, - r.resource_id as _resource_id, - r.resource_type as _resource_type, - r.created_at as _last_discovered - from - og_resources r inner join og_connections c on r.connection_id = c.og_id - where - resource_type IN ('aws::autoscaling::autoscalinggroup', 'microsoft.compute/virtualmachinescalesets') - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n case\n when resource_type like 'aws::%' then 'AWS'\n\ + \ else 'Azure'\n end as provider, \n c.name as cloud_account_name, \n c.id\ + \ as _discovered_provider_id,\n r.name as name, \n r.region as location, \n\ + \ r.connection_id as _og_connection_id,\n r.resource_id as _resource_id,\n \ + \ r.resource_type as _resource_type,\n r.created_at as _last_discovered\nfrom\ + \ \n og_resources r inner join og_connections c on r.connection_id = c.og_id\n\ + where \n resource_type IN ('aws::autoscaling::autoscalinggroup', 'microsoft.compute/virtualmachinescalesets')\ + \ " Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws - azure cloud_service: - Auto Scaling and VM Scale Set +Title: List All Autoscaling Groups and VM Scale Sets diff --git a/queries/aws_accessanalyzer_analyzer_1.yaml b/queries/aws_accessanalyzer_analyzer_1.yaml index fad345240..c8ded3b38 100755 --- a/queries/aws_accessanalyzer_analyzer_1.yaml +++ b/queries/aws_accessanalyzer_analyzer_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query Access Analyzer Analyzer in AWS IAM to retrieve + information about analyzers. ID: aws_accessanalyzer_analyzer_1 -Title: "List all AWS Access Analyzer Information" -Description: "Allows users to query Access Analyzer Analyzer in AWS IAM to retrieve information about analyzers." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - last_resource_analyzed, - last_resource_analyzed_at, - status, - type - from - aws_accessanalyzer_analyzer; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n last_resource_analyzed,\n last_resource_analyzed_at,\n\ + \ status,\n type\nfrom\n aws_accessanalyzer_analyzer;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Access Analyzer +Title: List all AWS Access Analyzer Information diff --git a/queries/aws_accessanalyzer_analyzer_2.yaml b/queries/aws_accessanalyzer_analyzer_2.yaml index 778a1a874..106858aa8 100755 --- a/queries/aws_accessanalyzer_analyzer_2.yaml +++ b/queries/aws_accessanalyzer_analyzer_2.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query Access Analyzer Analyzer in AWS IAM to retrieve + information about analyzers. ID: aws_accessanalyzer_analyzer_2 -Title: "Find AWS IAM Access Analyzer Analyzers Information" -Description: "Allows users to query Access Analyzer Analyzer in AWS IAM to retrieve information about analyzers." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - status - last_resource_analyzed, - last_resource_analyzed_at, - tags - from - aws_accessanalyzer_analyzer - where - status = 'ACTIVE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n status\n last_resource_analyzed,\n last_resource_analyzed_at,\n\ + \ tags\nfrom\n aws_accessanalyzer_analyzer\nwhere\n status = 'ACTIVE';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM Access Analyzer +Title: Find AWS IAM Access Analyzer Analyzers Information diff --git a/queries/aws_accessanalyzer_analyzer_3.yaml b/queries/aws_accessanalyzer_analyzer_3.yaml index 20614a683..41a021fa5 100755 --- a/queries/aws_accessanalyzer_analyzer_3.yaml +++ b/queries/aws_accessanalyzer_analyzer_3.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query Access Analyzer Analyzer in AWS IAM to retrieve + information about analyzers. ID: aws_accessanalyzer_analyzer_3 -Title: "Find AWS IAM Access Analyzer Details" -Description: "Allows users to query Access Analyzer Analyzer in AWS IAM to retrieve information about analyzers." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - status, - type, - last_resource_analyzed - from - aws_accessanalyzer_analyzer - where - status = 'ACTIVE' - and findings is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n status,\n type,\n last_resource_analyzed\n\ + from\n aws_accessanalyzer_analyzer\nwhere\n status = 'ACTIVE'\n and findings\ + \ is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Access Analyzer +Title: Find AWS IAM Access Analyzer Details diff --git a/queries/aws_accessanalyzer_finding_1.yaml b/queries/aws_accessanalyzer_finding_1.yaml index a56dae711..b7d086c89 100755 --- a/queries/aws_accessanalyzer_finding_1.yaml +++ b/queries/aws_accessanalyzer_finding_1.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query Access Analyzer findings in AWS IAM to retrieve + detailed information about potential security risks. ID: aws_accessanalyzer_finding_1 -Title: "Find AWS IAM Access Analyzer Findings for Security Risks" -Description: "Allows users to query Access Analyzer findings in AWS IAM to retrieve detailed information about potential security risks." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - access_analyzer_arn, - analyzed_at, - resource_type, - status, - is_public - from - aws_accessanalyzer_finding; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n access_analyzer_arn,\n analyzed_at,\n resource_type,\n\ + \ status,\n is_public\nfrom\n aws_accessanalyzer_finding;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Access Analyzer +Title: Find AWS IAM Access Analyzer Findings for Security Risks diff --git a/queries/aws_accessanalyzer_finding_2.yaml b/queries/aws_accessanalyzer_finding_2.yaml index f75c5a9c1..be611ceee 100755 --- a/queries/aws_accessanalyzer_finding_2.yaml +++ b/queries/aws_accessanalyzer_finding_2.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query Access Analyzer findings in AWS IAM to retrieve + detailed information about potential security risks. ID: aws_accessanalyzer_finding_2 -Title: "Find all AWS IAM Access Analyzer public findings" -Description: "Allows users to query Access Analyzer findings in AWS IAM to retrieve detailed information about potential security risks." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - resource_type, - access_analyzer_arn, - status, - is_public - from - aws_accessanalyzer_finding - where - is_public = true; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n resource_type,\n access_analyzer_arn,\n status,\n\ + \ is_public\nfrom\n aws_accessanalyzer_finding\nwhere\n is_public = true;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Access Analyzer +Title: Find all AWS IAM Access Analyzer public findings diff --git a/queries/aws_accessanalyzer_finding_3.yaml b/queries/aws_accessanalyzer_finding_3.yaml index 87321cd41..b2277f463 100755 --- a/queries/aws_accessanalyzer_finding_3.yaml +++ b/queries/aws_accessanalyzer_finding_3.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query Access Analyzer findings in AWS IAM to retrieve + detailed information about potential security risks. ID: aws_accessanalyzer_finding_3 -Title: "List AWS Access Analyzer Findings Security Risks" -Description: "Allows users to query Access Analyzer findings in AWS IAM to retrieve detailed information about potential security risks." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - resource_type, - count(*) as findings_count - from - aws_accessanalyzer_finding - group by - resource_type; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n resource_type,\n count(*) as findings_count\nfrom\n\ + \ aws_accessanalyzer_finding\ngroup by\n resource_type;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Access Analyzer +Title: List AWS Access Analyzer Findings Security Risks diff --git a/queries/aws_accessanalyzer_finding_4.yaml b/queries/aws_accessanalyzer_finding_4.yaml index 232575b4d..76612fed9 100755 --- a/queries/aws_accessanalyzer_finding_4.yaml +++ b/queries/aws_accessanalyzer_finding_4.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query Access Analyzer findings in AWS IAM to retrieve + detailed information about potential security risks. ID: aws_accessanalyzer_finding_4 -Title: "Find AWS Access Analyzer Findings in Last 30 Days" -Description: "Allows users to query Access Analyzer findings in AWS IAM to retrieve detailed information about potential security risks." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - resource, - status, - analyzed_at - from - aws_accessanalyzer_finding - where - analyzed_at > current_date - interval '30 days'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n resource,\n status,\n analyzed_at\nfrom\n aws_accessanalyzer_finding\n\ + where\n analyzed_at > current_date - interval '30 days';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Access Analyzer +Title: Find AWS Access Analyzer Findings in Last 30 Days diff --git a/queries/aws_account_1.yaml b/queries/aws_account_1.yaml index abd5ca57f..932e7bc74 100755 --- a/queries/aws_account_1.yaml +++ b/queries/aws_account_1.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS Account information, including details about + the account''s status, owner, and associated resources. ID: aws_account_1 -Title: "List all AWS Account Details with Status and Owner" -Description: "Allows users to query AWS Account information, including details about the account''s status, owner, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - alias, - arn, - organization_id, - organization_master_account_email, - organization_master_account_id - from - aws_account - cross join jsonb_array_elements(account_aliases) as alias; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n alias,\n arn,\n organization_id,\n organization_master_account_email,\n\ + \ organization_master_account_id\nfrom\n aws_account\n cross join jsonb_array_elements(account_aliases)\ + \ as alias;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Account +Title: List all AWS Account Details with Status and Owner diff --git a/queries/aws_account_2.yaml b/queries/aws_account_2.yaml index 31f2b71c4..6a6b71625 100755 --- a/queries/aws_account_2.yaml +++ b/queries/aws_account_2.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS Account information, including details about + the account''s status, owner, and associated resources. ID: aws_account_2 -Title: "Find AWS Account Information and Associated Resources" -Description: "Allows users to query AWS Account information, including details about the account''s status, owner, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - organization_id, - policy ->> 'Type' as policy_type, - policy ->> 'Status' as policy_status - from - aws_account - cross join jsonb_array_elements(organization_available_policy_types) as policy; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n organization_id,\n policy ->> 'Type' as policy_type,\n\ + \ policy ->> 'Status' as policy_status\nfrom\n aws_account\n cross join jsonb_array_elements(organization_available_policy_types)\ + \ as policy;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Account +Title: Find AWS Account Information and Associated Resources diff --git a/queries/aws_account_alternate_contact_1.yaml b/queries/aws_account_alternate_contact_1.yaml index 97a3148c9..8fee40b66 100755 --- a/queries/aws_account_alternate_contact_1.yaml +++ b/queries/aws_account_alternate_contact_1.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Account Alternate Contact to fetch details + about the alternate contacts associated with an AWS account. ID: aws_account_alternate_contact_1 -Title: "Find AWS Account Alternate Contact Details" -Description: "Allows users to query AWS Account Alternate Contact to fetch details about the alternate contacts associated with an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - linked_account_id, - contact_type, - email_address, - phone_number, - contact_title - from - aws_account_alternate_contact; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n linked_account_id,\n contact_type,\n email_address,\n\ + \ phone_number,\n contact_title\nfrom\n aws_account_alternate_contact;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Account +Title: Find AWS Account Alternate Contact Details diff --git a/queries/aws_account_alternate_contact_2.yaml b/queries/aws_account_alternate_contact_2.yaml index 76b6e41ba..8560c6a2a 100755 --- a/queries/aws_account_alternate_contact_2.yaml +++ b/queries/aws_account_alternate_contact_2.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS Account Alternate Contact to fetch details + about the alternate contacts associated with an AWS account. ID: aws_account_alternate_contact_2 -Title: "Find AWS Account Alternate Contact Details" -Description: "Allows users to query AWS Account Alternate Contact to fetch details about the alternate contacts associated with an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - linked_account_id, - contact_type, - email_address, - phone_number, - contact_title - from - aws_account_alternate_contact - where - contact_type = 'BILLING'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n linked_account_id,\n contact_type,\n email_address,\n\ + \ phone_number,\n contact_title\nfrom\n aws_account_alternate_contact\nwhere\n\ + \ contact_type = 'BILLING';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Account +Title: Find AWS Account Alternate Contact Details diff --git a/queries/aws_account_alternate_contact_3.yaml b/queries/aws_account_alternate_contact_3.yaml index 946a1260f..da75fec51 100755 --- a/queries/aws_account_alternate_contact_3.yaml +++ b/queries/aws_account_alternate_contact_3.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS Account Alternate Contact to fetch details + about the alternate contacts associated with an AWS account. ID: aws_account_alternate_contact_3 -Title: "Find AWS Account Alternate Contact Details" -Description: "Allows users to query AWS Account Alternate Contact to fetch details about the alternate contacts associated with an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - linked_account_id, - contact_type, - email_address, - phone_number, - contact_title - from - aws_account_alternate_contact - where - linked_account_id = '123456789012'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n linked_account_id,\n contact_type,\n email_address,\n\ + \ phone_number,\n contact_title\nfrom\n aws_account_alternate_contact\nwhere\n\ + \ linked_account_id = '123456789012';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Account Management +Title: Find AWS Account Alternate Contact Details diff --git a/queries/aws_account_alternate_contact_4.yaml b/queries/aws_account_alternate_contact_4.yaml index 7e298d3cc..ba9c59893 100755 --- a/queries/aws_account_alternate_contact_4.yaml +++ b/queries/aws_account_alternate_contact_4.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS Account Alternate Contact to fetch details + about the alternate contacts associated with an AWS account. ID: aws_account_alternate_contact_4 -Title: "Find all AWS Account Alternate Contacts using SQL" -Description: "Allows users to query AWS Account Alternate Contact to fetch details about the alternate contacts associated with an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - linked_account_id, - contact_type, - email_address, - phone_number, - contact_title - from - aws_account_alternate_contact - where - linked_account_id = '123456789012' - and contact_type = 'SECURITY'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n linked_account_id,\n contact_type,\n email_address,\n\ + \ phone_number,\n contact_title\nfrom\n aws_account_alternate_contact\nwhere\n\ + \ linked_account_id = '123456789012'\n and contact_type = 'SECURITY';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Account Management +Title: Find all AWS Account Alternate Contacts using SQL diff --git a/queries/aws_account_contact_1.yaml b/queries/aws_account_contact_1.yaml index fc3bfa683..90459d6c6 100755 --- a/queries/aws_account_contact_1.yaml +++ b/queries/aws_account_contact_1.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS Account Contact details, including email, mobile, + and address information associated with an AWS account. ID: aws_account_contact_1 -Title: "List AWS Account Contact Details using SQL" -Description: "Allows users to query AWS Account Contact details, including email, mobile, and address information associated with an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - full_name, - company_name, - city, - phone_number, - postal_code, - state_or_region, - website_url - from - aws_account_contact; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n full_name,\n company_name,\n city,\n phone_number,\n\ + \ postal_code,\n state_or_region,\n website_url\nfrom\n aws_account_contact;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Account Contact +Title: List AWS Account Contact Details using SQL diff --git a/queries/aws_account_contact_2.yaml b/queries/aws_account_contact_2.yaml index ee9a0619c..b8c121abe 100755 --- a/queries/aws_account_contact_2.yaml +++ b/queries/aws_account_contact_2.yaml @@ -1,30 +1,21 @@ +Description: Allows users to query AWS Account Contact details, including email, mobile, + and address information associated with an AWS account. ID: aws_account_contact_2 -Title: "Find AWS Account Contact details using SQL" -Description: "Allows users to query AWS Account Contact details, including email, mobile, and address information associated with an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - full_name, - company_name, - city, - phone_number, - postal_code, - state_or_region, - website_url - from - aws_account_contact - where - linked_account_id = '123456789012'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n full_name,\n company_name,\n city,\n phone_number,\n\ + \ postal_code,\n state_or_region,\n website_url\nfrom\n aws_account_contact\n\ + where\n linked_account_id = '123456789012';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Account Contact +Title: Find AWS Account Contact details using SQL diff --git a/queries/aws_acm_certificate_1.yaml b/queries/aws_acm_certificate_1.yaml index 4852a8892..5a8890546 100755 --- a/queries/aws_acm_certificate_1.yaml +++ b/queries/aws_acm_certificate_1.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS Certificate Manager certificates. This table + provides information about each certificate, including the domain name, status, + issuer, and more. It can be used to monitor certificate details, validity, and expiration + data. ID: aws_acm_certificate_1 -Title: "Find AWS ACM Certificates and Their Details" -Description: "Allows users to query AWS Certificate Manager certificates. This table provides information about each certificate, including the domain name, status, issuer, and more. It can be used to monitor certificate details, validity, and expiration data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - certificate_arn, - domain_name, - failure_reason, - in_use_by, - status, - key_algorithm - from - aws_acm_certificate; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n certificate_arn,\n domain_name,\n failure_reason,\n\ + \ in_use_by,\n status,\n key_algorithm\nfrom\n aws_acm_certificate;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Certificate Manager +Title: Find AWS ACM Certificates and Their Details diff --git a/queries/aws_acm_certificate_2.yaml b/queries/aws_acm_certificate_2.yaml index 94de12ba4..1ce593144 100755 --- a/queries/aws_acm_certificate_2.yaml +++ b/queries/aws_acm_certificate_2.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query AWS Certificate Manager certificates. This table + provides information about each certificate, including the domain name, status, + issuer, and more. It can be used to monitor certificate details, validity, and expiration + data. ID: aws_acm_certificate_2 -Title: "List all AWS Certificate Manager certificates status" -Description: "Allows users to query AWS Certificate Manager certificates. This table provides information about each certificate, including the domain name, status, issuer, and more. It can be used to monitor certificate details, validity, and expiration data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - certificate_arn, - domain_name, - status - from - aws_acm_certificate - where - status = 'EXPIRED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n certificate_arn,\n domain_name,\n status\nfrom\n aws_acm_certificate\n\ + where\n status = 'EXPIRED';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Certificate Manager +Title: List all AWS Certificate Manager certificates status diff --git a/queries/aws_acm_certificate_3.yaml b/queries/aws_acm_certificate_3.yaml index 4ca472f1e..a7ffc36d9 100755 --- a/queries/aws_acm_certificate_3.yaml +++ b/queries/aws_acm_certificate_3.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query AWS Certificate Manager certificates. This table + provides information about each certificate, including the domain name, status, + issuer, and more. It can be used to monitor certificate details, validity, and expiration + data. ID: aws_acm_certificate_3 -Title: "Find all AWS Certificate Manager certificates details" -Description: "Allows users to query AWS Certificate Manager certificates. This table provides information about each certificate, including the domain name, status, issuer, and more. It can be used to monitor certificate details, validity, and expiration data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - certificate_arn, - domain_name, - status - from - aws_acm_certificate - where - certificate_transparency_logging_preference <> 'ENABLED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n certificate_arn,\n domain_name,\n status\nfrom\n aws_acm_certificate\n\ + where\n certificate_transparency_logging_preference <> 'ENABLED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Certificate Manager +Title: Find all AWS Certificate Manager certificates details diff --git a/queries/aws_acm_certificate_4.yaml b/queries/aws_acm_certificate_4.yaml index 3621ef82c..4377336c4 100755 --- a/queries/aws_acm_certificate_4.yaml +++ b/queries/aws_acm_certificate_4.yaml @@ -1,27 +1,24 @@ +Description: Allows users to query AWS Certificate Manager certificates. This table + provides information about each certificate, including the domain name, status, + issuer, and more. It can be used to monitor certificate details, validity, and expiration + data. ID: aws_acm_certificate_4 -Title: "List all AWS Certificate Manager certificates with SQL" -Description: "Allows users to query AWS Certificate Manager certificates. This table provides information about each certificate, including the domain name, status, issuer, and more. It can be used to monitor certificate details, validity, and expiration data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - certificate_arn, - tags - from - aws_acm_certificate - where - not tags :: JSONB ? 'application'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n certificate_arn,\n tags\nfrom\n aws_acm_certificate\n\ + where\n not tags :: JSONB ? 'application';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Certificate Manager +Title: List all AWS Certificate Manager certificates with SQL diff --git a/queries/aws_acmpca_certificate_authority_1.yaml b/queries/aws_acmpca_certificate_authority_1.yaml index dd9ba523f..07785d995 100755 --- a/queries/aws_acmpca_certificate_authority_1.yaml +++ b/queries/aws_acmpca_certificate_authority_1.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS ACM PCA Certificate Authorities. It can be + used to monitor certificate authorities details, validity, usage mode and expiration + data. ID: aws_acmpca_certificate_authority_1 -Title: "List all AWS ACM PCA Certificate Authorities details" -Description: "Allows users to query AWS ACM PCA Certificate Authorities. It can be used to monitor certificate authorities details, validity, usage mode and expiration data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - status, - created_at, - not_before, - not_after, - key_storage_security_standard, - failure_reason - from - aws_acmpca_certificate_authority; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n status,\n created_at,\n not_before,\n not_after,\n\ + \ key_storage_security_standard,\n failure_reason\nfrom\n aws_acmpca_certificate_authority;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ACM PCA +Title: List all AWS ACM PCA Certificate Authorities details diff --git a/queries/aws_acmpca_certificate_authority_2.yaml b/queries/aws_acmpca_certificate_authority_2.yaml index 93f6f740e..1b7d6c767 100755 --- a/queries/aws_acmpca_certificate_authority_2.yaml +++ b/queries/aws_acmpca_certificate_authority_2.yaml @@ -1,36 +1,32 @@ +Description: Allows users to query AWS ACM PCA Certificate Authorities. It can be + used to monitor certificate authorities details, validity, usage mode and expiration + data. ID: aws_acmpca_certificate_authority_2 -Title: "List all AWS ACM PCA Certificate Authority Details" -Description: "Allows users to query AWS ACM PCA Certificate Authorities. It can be used to monitor certificate authorities details, validity, usage mode and expiration data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - status, - key_storage_security_standard - from - aws_acmpca_certificate_authority - where - key_storage_security_standard = 'FIPS_140_2_LEVEL_3_OR_HIGHER'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n status,\n key_storage_security_standard\nfrom\n\ + \ aws_acmpca_certificate_authority\nwhere\n key_storage_security_standard =\ + \ 'FIPS_140_2_LEVEL_3_OR_HIGHER';" Tags: cloud_asset_management: - - "false" + - 'false' cloud_data_security: - - "false" + - 'false' cloud_finops: - - "false" + - 'false' cloud_identity_security: - - "true" + - 'true' cloud_network_security: - - "false" + - 'false' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ACM PCA +Title: List all AWS ACM PCA Certificate Authority Details diff --git a/queries/aws_acmpca_certificate_authority_3.yaml b/queries/aws_acmpca_certificate_authority_3.yaml index c73ae790b..1901f150c 100755 --- a/queries/aws_acmpca_certificate_authority_3.yaml +++ b/queries/aws_acmpca_certificate_authority_3.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS ACM PCA Certificate Authorities. It can be + used to monitor certificate authorities details, validity, usage mode and expiration + data. ID: aws_acmpca_certificate_authority_3 -Title: "List all AWS ACM PCA Certificate Authorities details and status" -Description: "Allows users to query AWS ACM PCA Certificate Authorities. It can be used to monitor certificate authorities details, validity, usage mode and expiration data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - status, - created_at, - last_state_change_at - from - aws_acmpca_certificate_authority - where - status = 'ACTIVE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n status,\n created_at,\n last_state_change_at\n\ + from\n aws_acmpca_certificate_authority\nwhere\n status = 'ACTIVE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ACM PCA +Title: List all AWS ACM PCA Certificate Authorities details and status diff --git a/queries/aws_acmpca_certificate_authority_4.yaml b/queries/aws_acmpca_certificate_authority_4.yaml index bff793e58..11d3f9c46 100755 --- a/queries/aws_acmpca_certificate_authority_4.yaml +++ b/queries/aws_acmpca_certificate_authority_4.yaml @@ -1,29 +1,25 @@ +Description: Allows users to query AWS ACM PCA Certificate Authorities. It can be + used to monitor certificate authorities details, validity, usage mode and expiration + data. ID: aws_acmpca_certificate_authority_4 -Title: "List all AWS ACM PCA Certificate Authorities details" -Description: "Allows users to query AWS ACM PCA Certificate Authorities. It can be used to monitor certificate authorities details, validity, usage mode and expiration data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - tags - from - aws_acmpca_certificate_authority - where - (tags ->> 'Project') = 'MyProject'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n tags\nfrom\n aws_acmpca_certificate_authority\n\ + where\n (tags ->> 'Project') = 'MyProject';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ACM PCA +Title: List all AWS ACM PCA Certificate Authorities details diff --git a/queries/aws_amplify_app_1.yaml b/queries/aws_amplify_app_1.yaml index 0239266f1..5c16ef6ac 100755 --- a/queries/aws_amplify_app_1.yaml +++ b/queries/aws_amplify_app_1.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS Amplify Apps to retrieve detailed information + about each application, including its name, ARN, creation date, default domain, + and more. ID: aws_amplify_app_1 -Title: "Find all detailed information about AWS Amplify Apps" -Description: "Allows users to query AWS Amplify Apps to retrieve detailed information about each application, including its name, ARN, creation date, default domain, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - app_id, - name, - description, - arn, - platform, - create_time, - build_spec - from - aws_amplify_app; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n app_id,\n name,\n description,\n arn,\n platform,\n\ + \ create_time,\n build_spec\nfrom\n aws_amplify_app;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Amplify +Title: Find all detailed information about AWS Amplify Apps diff --git a/queries/aws_amplify_app_2.yaml b/queries/aws_amplify_app_2.yaml index f65dc1dc4..274bb65de 100755 --- a/queries/aws_amplify_app_2.yaml +++ b/queries/aws_amplify_app_2.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS Amplify Apps to retrieve detailed information + about each application, including its name, ARN, creation date, default domain, + and more. ID: aws_amplify_app_2 -Title: "List AWS Amplify Apps with Details Including Creation Date" -Description: "Allows users to query AWS Amplify Apps to retrieve detailed information about each application, including its name, ARN, creation date, default domain, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - app_id, - create_time - from - aws_amplify_app - where - create_time >= (now() - interval '90' day) - order by - create_time; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n app_id,\n create_time\nfrom\n aws_amplify_app\n\ + where\n create_time >= (now() - interval '90' day)\norder by\n create_time;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Amplify +Title: List AWS Amplify Apps with Details Including Creation Date diff --git a/queries/aws_amplify_app_3.yaml b/queries/aws_amplify_app_3.yaml index c75410d43..bc65cd00c 100755 --- a/queries/aws_amplify_app_3.yaml +++ b/queries/aws_amplify_app_3.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS Amplify Apps to retrieve detailed information + about each application, including its name, ARN, creation date, default domain, + and more. ID: aws_amplify_app_3 -Title: "List all AWS Amplify Apps with Recent Update Time" -Description: "Allows users to query AWS Amplify Apps to retrieve detailed information about each application, including its name, ARN, creation date, default domain, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - app_id, - update_time - from - aws_amplify_app - where - update_time >= (now() - interval '1' hour) - order by - update_time; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n app_id,\n update_time\nfrom\n aws_amplify_app\n\ + where\n update_time >= (now() - interval '1' hour)\norder by\n update_time;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amplify +Title: List all AWS Amplify Apps with Recent Update Time diff --git a/queries/aws_amplify_app_4.yaml b/queries/aws_amplify_app_4.yaml index ba4feaa55..5b29d506d 100755 --- a/queries/aws_amplify_app_4.yaml +++ b/queries/aws_amplify_app_4.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query AWS Amplify Apps to retrieve detailed information + about each application, including its name, ARN, creation date, default domain, + and more. ID: aws_amplify_app_4 -Title: "Find AWS Amplify Apps with Branch Details" -Description: "Allows users to query AWS Amplify Apps to retrieve detailed information about each application, including its name, ARN, creation date, default domain, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - production_branch ->> 'BranchName' as branch_name, - production_branch ->> 'LastDeployTime' as last_deploy_time, - production_branch ->> 'Status' as status - from - aws_amplify_app - where - name = 'amplify_app_name'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n production_branch ->> 'BranchName' as branch_name,\n\ + \ production_branch ->> 'LastDeployTime' as last_deploy_time,\n production_branch\ + \ ->> 'Status' as status\nfrom\n aws_amplify_app\nwhere\n name = 'amplify_app_name';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amplify +Title: Find AWS Amplify Apps with Branch Details diff --git a/queries/aws_amplify_app_5.yaml b/queries/aws_amplify_app_5.yaml index 570f6b83c..d8833c212 100755 --- a/queries/aws_amplify_app_5.yaml +++ b/queries/aws_amplify_app_5.yaml @@ -1,31 +1,25 @@ +Description: Allows users to query AWS Amplify Apps to retrieve detailed information + about each application, including its name, ARN, creation date, default domain, + and more. ID: aws_amplify_app_5 -Title: "List all AWS Amplify Apps with Detailed Information" -Description: "Allows users to query AWS Amplify Apps to retrieve detailed information about each application, including its name, ARN, creation date, default domain, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - app_id, - build_spec ->> 'backend' as build_backend_spec, - build_spec ->> 'frontend' as build_frontend_spec, - build_spec ->> 'test' as build_test_spec, - build_spec ->> 'env' as build_env_settings - from - aws_amplify_app - where - name = 'amplify_app_name'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n app_id,\n build_spec ->> 'backend' as build_backend_spec,\n\ + \ build_spec ->> 'frontend' as build_frontend_spec,\n build_spec ->> 'test'\ + \ as build_test_spec,\n build_spec ->> 'env' as build_env_settings\nfrom\n aws_amplify_app\n\ + where\n name = 'amplify_app_name';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amplify +Title: List all AWS Amplify Apps with Detailed Information diff --git a/queries/aws_amplify_app_6.yaml b/queries/aws_amplify_app_6.yaml index 97de266e3..a8da230b4 100755 --- a/queries/aws_amplify_app_6.yaml +++ b/queries/aws_amplify_app_6.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS Amplify Apps to retrieve detailed information + about each application, including its name, ARN, creation date, default domain, + and more. ID: aws_amplify_app_6 -Title: "Find AWS Amplify Apps with Detailed Information" -Description: "Allows users to query AWS Amplify Apps to retrieve detailed information about each application, including its name, ARN, creation date, default domain, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - redirects_array ->> 'Condition' as country_code, - redirects_array ->> 'Source' as source_address, - redirects_array ->> 'Status' as redirect_type, - redirects_array ->> 'Target' as destination_address - from - aws_amplify_app, - jsonb_array_elements(custom_rules) as redirects_array - where - redirects_array ->> 'Status' = '200' - and name = 'amplify_app_name'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n redirects_array ->> 'Condition' as country_code,\n\ + \ redirects_array ->> 'Source' as source_address,\n redirects_array ->> 'Status'\ + \ as redirect_type,\n redirects_array ->> 'Target' as destination_address\nfrom\n\ + \ aws_amplify_app,\n jsonb_array_elements(custom_rules) as redirects_array\n\ + where\n redirects_array ->> 'Status' = '200'\n and name = 'amplify_app_name';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amplify +Title: Find AWS Amplify Apps with Detailed Information diff --git a/queries/aws_amplify_app_7.yaml b/queries/aws_amplify_app_7.yaml index 0eb01fa92..262ebdbbb 100755 --- a/queries/aws_amplify_app_7.yaml +++ b/queries/aws_amplify_app_7.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Amplify Apps to retrieve detailed information + about each application, including its name, ARN, creation date, default domain, + and more. ID: aws_amplify_app_7 -Title: "List all AWS Amplify Apps with Auto Build enabled" -Description: "Allows users to query AWS Amplify Apps to retrieve detailed information about each application, including its name, ARN, creation date, default domain, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - app_id, - name, - description, - arn - from - aws_amplify_app - where - enable_branch_auto_build = true; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n app_id,\n name,\n description,\n arn\nfrom\n aws_amplify_app\n\ + where\n enable_branch_auto_build = true;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amplify +Title: List all AWS Amplify Apps with Auto Build enabled diff --git a/queries/aws_api_gateway_api_key_1.yaml b/queries/aws_api_gateway_api_key_1.yaml index 0a9ba4d4e..95eb43699 100755 --- a/queries/aws_api_gateway_api_key_1.yaml +++ b/queries/aws_api_gateway_api_key_1.yaml @@ -1,30 +1,27 @@ +Description: Allows users to query API Keys in AWS API Gateway. The `aws_api_gateway_api_key` + table in Steampipe provides information about API Keys within AWS API Gateway. This + table allows DevOps engineers to query API Key-specific details, including its ID, + value, enabled status, and associated metadata. Users can utilize this table to + gather insights on API Keys, such as keys that are enabled, keys associated with + specific stages, and more. The schema outlines the various attributes of the API + Key, including the key ID, creation date, enabled status, and associated tags. ID: aws_api_gateway_api_key_1 -Title: "List All API Keys Details in AWS API Gateway" -Description: "Allows users to query API Keys in AWS API Gateway. The `aws_api_gateway_api_key` table in Steampipe provides information about API Keys within AWS API Gateway. This table allows DevOps engineers to query API Key-specific details, including its ID, value, enabled status, and associated metadata. Users can utilize this table to gather insights on API Keys, such as keys that are enabled, keys associated with specific stages, and more. The schema outlines the various attributes of the API Key, including the key ID, creation date, enabled status, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - enabled, - created_date, - last_updated_date, - customer_id, - stage_keys - from - aws_api_gateway_api_key; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n enabled,\n created_date,\n last_updated_date,\n\ + \ customer_id,\n stage_keys\nfrom\n aws_api_gateway_api_key;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: List All API Keys Details in AWS API Gateway diff --git a/queries/aws_api_gateway_api_key_2.yaml b/queries/aws_api_gateway_api_key_2.yaml index ef4280083..0fbc1b30f 100755 --- a/queries/aws_api_gateway_api_key_2.yaml +++ b/queries/aws_api_gateway_api_key_2.yaml @@ -1,28 +1,27 @@ +Description: Allows users to query API Keys in AWS API Gateway. The `aws_api_gateway_api_key` + table in Steampipe provides information about API Keys within AWS API Gateway. This + table allows DevOps engineers to query API Key-specific details, including its ID, + value, enabled status, and associated metadata. Users can utilize this table to + gather insights on API Keys, such as keys that are enabled, keys associated with + specific stages, and more. The schema outlines the various attributes of the API + Key, including the key ID, creation date, enabled status, and associated tags. ID: aws_api_gateway_api_key_2 -Title: "Find AWS API Gateway API Keys That Are Disabled" -Description: "Allows users to query API Keys in AWS API Gateway. The `aws_api_gateway_api_key` table in Steampipe provides information about API Keys within AWS API Gateway. This table allows DevOps engineers to query API Key-specific details, including its ID, value, enabled status, and associated metadata. Users can utilize this table to gather insights on API Keys, such as keys that are enabled, keys associated with specific stages, and more. The schema outlines the various attributes of the API Key, including the key ID, creation date, enabled status, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - customer_id - from - aws_api_gateway_api_key - where - not enabled; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n customer_id\nfrom\n aws_api_gateway_api_key\n\ + where\n not enabled;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: Find AWS API Gateway API Keys That Are Disabled diff --git a/queries/aws_api_gateway_authorizer_1.yaml b/queries/aws_api_gateway_authorizer_1.yaml index 1b4d6ac29..6df487be4 100755 --- a/queries/aws_api_gateway_authorizer_1.yaml +++ b/queries/aws_api_gateway_authorizer_1.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS API Gateway Authorizer and access data about + API Gateway Authorizers in an AWS account. This data includes the authorizer''s + ID, name, type, provider ARNs, and other configuration details. ID: aws_api_gateway_authorizer_1 -Title: "Find AWS API Gateway Authorizer Configuration Details" -Description: "Allows users to query AWS API Gateway Authorizer and access data about API Gateway Authorizers in an AWS account. This data includes the authorizer''s ID, name, type, provider ARNs, and other configuration details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - name, - rest_api_id, - auth_type, - authorizer_credentials, - identity_validation_expression, - identity_source - from - aws_api_gateway_authorizer; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n name,\n rest_api_id,\n auth_type,\n authorizer_credentials,\n\ + \ identity_validation_expression,\n identity_source\nfrom\n aws_api_gateway_authorizer;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: Find AWS API Gateway Authorizer Configuration Details diff --git a/queries/aws_api_gateway_authorizer_2.yaml b/queries/aws_api_gateway_authorizer_2.yaml index e9cd2f378..4a88adca9 100755 --- a/queries/aws_api_gateway_authorizer_2.yaml +++ b/queries/aws_api_gateway_authorizer_2.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS API Gateway Authorizer and access data about + API Gateway Authorizers in an AWS account. This data includes the authorizer''s + ID, name, type, provider ARNs, and other configuration details. ID: aws_api_gateway_authorizer_2 -Title: "List all AWS API Gateway Authorizers with Cognito User Pools" -Description: "Allows users to query AWS API Gateway Authorizer and access data about API Gateway Authorizers in an AWS account. This data includes the authorizer''s ID, name, type, provider ARNs, and other configuration details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - name, - rest_api_id, - auth_type - from - aws_api_gateway_authorizer - where - auth_type = 'cognito_user_pools'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n name,\n rest_api_id,\n auth_type\nfrom\n aws_api_gateway_authorizer\n\ + where\n auth_type = 'cognito_user_pools';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: List all AWS API Gateway Authorizers with Cognito User Pools diff --git a/queries/aws_api_gateway_domain_name_1.yaml b/queries/aws_api_gateway_domain_name_1.yaml index 31433ee15..b744641d2 100755 --- a/queries/aws_api_gateway_domain_name_1.yaml +++ b/queries/aws_api_gateway_domain_name_1.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS API Gateway Domain Names and retrieve details + about each domain''s configuration, certificate, and associated API. ID: aws_api_gateway_domain_name_1 -Title: "List all AWS API Gateway Domain Names with Configuration" -Description: "Allows users to query AWS API Gateway Domain Names and retrieve details about each domain''s configuration, certificate, and associated API." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - certificate_arn, - distribution_domain_name, - distribution_hosted_zone_id, - domain_name_status, - ownership_verification_certificate_arn - from - aws_api_gateway_domain_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n certificate_arn,\n distribution_domain_name,\n\ + \ distribution_hosted_zone_id,\n domain_name_status,\n ownership_verification_certificate_arn\n\ + from\n aws_api_gateway_domain_name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: List all AWS API Gateway Domain Names with Configuration diff --git a/queries/aws_api_gateway_domain_name_2.yaml b/queries/aws_api_gateway_domain_name_2.yaml index 2a4720fce..2ff133f37 100755 --- a/queries/aws_api_gateway_domain_name_2.yaml +++ b/queries/aws_api_gateway_domain_name_2.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS API Gateway Domain Names and retrieve details + about each domain''s configuration, certificate, and associated API. ID: aws_api_gateway_domain_name_2 -Title: "Find AWS API Gateway Domain Names and Configurations" -Description: "Allows users to query AWS API Gateway Domain Names and retrieve details about each domain''s configuration, certificate, and associated API." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - certificate_arn, - certificate_upload_date, - regional_certificate_arn, - domain_name_status - from - aws_api_gateway_domain_name - where - domain_name_status = 'AVAILABLE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n certificate_arn,\n certificate_upload_date,\n\ + \ regional_certificate_arn,\n domain_name_status\nfrom\n aws_api_gateway_domain_name\n\ + where\n domain_name_status = 'AVAILABLE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: Find AWS API Gateway Domain Names and Configurations diff --git a/queries/aws_api_gateway_domain_name_3.yaml b/queries/aws_api_gateway_domain_name_3.yaml index e025de6b5..6b8b65118 100755 --- a/queries/aws_api_gateway_domain_name_3.yaml +++ b/queries/aws_api_gateway_domain_name_3.yaml @@ -1,33 +1,22 @@ +Description: Allows users to query AWS API Gateway Domain Names and retrieve details + about each domain''s configuration, certificate, and associated API. ID: aws_api_gateway_domain_name_3 -Title: "Find AWS API Gateway Domain Names and Certificates" -Description: "Allows users to query AWS API Gateway Domain Names and retrieve details about each domain''s configuration, certificate, and associated API." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - d.domain_name, - d.regional_certificate_arn, - c.certificate, - c.certificate_transparency_logging_preference, - c.created_at, - c.imported_at, - c.issuer, - c.issued_at, - c.key_algorithm - from - aws_api_gateway_domain_name as d, - aws_acm_certificate as c - where - c.certificate_arn = d.regional_certificate_arn; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n d.domain_name,\n d.regional_certificate_arn,\n c.certificate,\n\ + \ c.certificate_transparency_logging_preference,\n c.created_at,\n c.imported_at,\n\ + \ c.issuer,\n c.issued_at,\n c.key_algorithm\nfrom\n aws_api_gateway_domain_name\ + \ as d,\n aws_acm_certificate as c\nwhere\n c.certificate_arn = d.regional_certificate_arn;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: Find AWS API Gateway Domain Names and Certificates diff --git a/queries/aws_api_gateway_domain_name_4.yaml b/queries/aws_api_gateway_domain_name_4.yaml index 302bff709..634d0edc6 100755 --- a/queries/aws_api_gateway_domain_name_4.yaml +++ b/queries/aws_api_gateway_domain_name_4.yaml @@ -1,24 +1,21 @@ +Description: Allows users to query AWS API Gateway Domain Names and retrieve details + about each domain''s configuration, certificate, and associated API. ID: aws_api_gateway_domain_name_4 -Title: "Find AWS API Gateway Domain Names Configuration Certificates" -Description: "Allows users to query AWS API Gateway Domain Names and retrieve details about each domain''s configuration, certificate, and associated API." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - endpoint_configuration -> 'Types' as endpoint_types, - endpoint_configuration -> 'VpcEndpointIds' as vpc_endpoint_ids - from - aws_api_gateway_domain_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n endpoint_configuration -> 'Types' as\ + \ endpoint_types,\n endpoint_configuration -> 'VpcEndpointIds' as vpc_endpoint_ids\n\ + from\n aws_api_gateway_domain_name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: Find AWS API Gateway Domain Names Configuration Certificates diff --git a/queries/aws_api_gateway_domain_name_5.yaml b/queries/aws_api_gateway_domain_name_5.yaml index 96be1a5b3..85ae5a46c 100755 --- a/queries/aws_api_gateway_domain_name_5.yaml +++ b/queries/aws_api_gateway_domain_name_5.yaml @@ -1,27 +1,24 @@ +Description: Allows users to query AWS API Gateway Domain Names and retrieve details + about each domain''s configuration, certificate, and associated API. ID: aws_api_gateway_domain_name_5 -Title: "Find AWS API Gateway Domain Configuration and Certificates" -Description: "Allows users to query AWS API Gateway Domain Names and retrieve details about each domain''s configuration, certificate, and associated API." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - mutual_tls_authentication ->> 'TruststoreUri' as truststore_uri, - mutual_tls_authentication ->> 'TruststoreVersion' as truststore_version, - mutual_tls_authentication ->> 'TruststoreWarnings' as truststore_warnings - from - aws_api_gateway_domain_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n mutual_tls_authentication ->> 'TruststoreUri'\ + \ as truststore_uri,\n mutual_tls_authentication ->> 'TruststoreVersion' as truststore_version,\n\ + \ mutual_tls_authentication ->> 'TruststoreWarnings' as truststore_warnings\n\ + from\n aws_api_gateway_domain_name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: Find AWS API Gateway Domain Configuration and Certificates diff --git a/queries/aws_api_gateway_method_1.yaml b/queries/aws_api_gateway_method_1.yaml index 0e7a5448d..aa60e72e9 100755 --- a/queries/aws_api_gateway_method_1.yaml +++ b/queries/aws_api_gateway_method_1.yaml @@ -1,28 +1,29 @@ +Description: Represents a client-facing interface by which the client calls the API + to access back-end resources. A Method resource is integrated with an Integration + resource. Both consist of a request and one or more responses. The method request + takes the client input that is passed to the back end through the integration request. + A method response returns the output from the back end to the client through an + integration response. A method request is embodied in a Method resource, whereas + an integration request is embodied in an Integration resource. On the other hand, + a method response is represented by a MethodResponse resource, whereas an integration + response is represented by an IntegrationResponse resource. ID: aws_api_gateway_method_1 -Title: "List all AWS API Gateway Methods" -Description: "Represents a client-facing interface by which the client calls the API to access back-end resources. A Method resource is integrated with an Integration resource. Both consist of a request and one or more responses. The method request takes the client input that is passed to the back end through the integration request. A method response returns the output from the back end to the client through an integration response. A method request is embodied in a Method resource, whereas an integration request is embodied in an Integration resource. On the other hand, a method response is represented by a MethodResponse resource, whereas an integration response is represented by an IntegrationResponse resource." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - rest_api_id, - resource_id, - http_method, - path, - api_key_required - from - aws_api_gateway_method; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n rest_api_id,\n resource_id,\n http_method,\n path,\n\ + \ api_key_required\nfrom\n aws_api_gateway_method;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: List all AWS API Gateway Methods diff --git a/queries/aws_api_gateway_method_2.yaml b/queries/aws_api_gateway_method_2.yaml index 6f9837ef9..96c5e80a6 100755 --- a/queries/aws_api_gateway_method_2.yaml +++ b/queries/aws_api_gateway_method_2.yaml @@ -1,27 +1,27 @@ +Description: Represents a client-facing interface by which the client calls the API + to access back-end resources. A Method resource is integrated with an Integration + resource. Both consist of a request and one or more responses. The method request + takes the client input that is passed to the back end through the integration request. + A method response returns the output from the back end to the client through an + integration response. A method request is embodied in a Method resource, whereas + an integration request is embodied in an Integration resource. On the other hand, + a method response is represented by a MethodResponse resource, whereas an integration + response is represented by an IntegrationResponse resource. ID: aws_api_gateway_method_2 -Title: "Find AWS API Gateway Methods with SQL Queries" -Description: "Represents a client-facing interface by which the client calls the API to access back-end resources. A Method resource is integrated with an Integration resource. Both consist of a request and one or more responses. The method request takes the client input that is passed to the back end through the integration request. A method response returns the output from the back end to the client through an integration response. A method request is embodied in a Method resource, whereas an integration request is embodied in an Integration resource. On the other hand, a method response is represented by a MethodResponse resource, whereas an integration response is represented by an IntegrationResponse resource." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - rest_api_id, - resource_id, - http_method, - operation_name - from - aws_api_gateway_method - where - http_method = 'GET'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n rest_api_id,\n resource_id,\n http_method,\n operation_name\n\ + from\n aws_api_gateway_method\nwhere\n http_method = 'GET';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: Find AWS API Gateway Methods with SQL Queries diff --git a/queries/aws_api_gateway_method_3.yaml b/queries/aws_api_gateway_method_3.yaml index 0db8ff704..bbc97bca8 100755 --- a/queries/aws_api_gateway_method_3.yaml +++ b/queries/aws_api_gateway_method_3.yaml @@ -1,31 +1,30 @@ +Description: Represents a client-facing interface by which the client calls the API + to access back-end resources. A Method resource is integrated with an Integration + resource. Both consist of a request and one or more responses. The method request + takes the client input that is passed to the back end through the integration request. + A method response returns the output from the back end to the client through an + integration response. A method request is embodied in a Method resource, whereas + an integration request is embodied in an Integration resource. On the other hand, + a method response is represented by a MethodResponse resource, whereas an integration + response is represented by an IntegrationResponse resource. ID: aws_api_gateway_method_3 -Title: "List AWS API Gateway Methods Using SQL" -Description: "Represents a client-facing interface by which the client calls the API to access back-end resources. A Method resource is integrated with an Integration resource. Both consist of a request and one or more responses. The method request takes the client input that is passed to the back end through the integration request. A method response returns the output from the back end to the client through an integration response. A method request is embodied in a Method resource, whereas an integration request is embodied in an Integration resource. On the other hand, a method response is represented by a MethodResponse resource, whereas an integration response is represented by an IntegrationResponse resource." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - rest_api_id, - resource_id, - http_method, - path, - authorization_type, - authorizer_id - from - aws_api_gateway_method - where - authorization_type = 'none'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n rest_api_id,\n resource_id,\n http_method,\n path,\n\ + \ authorization_type,\n authorizer_id\nfrom\n aws_api_gateway_method\nwhere\n\ + \ authorization_type = 'none';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: List AWS API Gateway Methods Using SQL diff --git a/queries/aws_api_gateway_method_4.yaml b/queries/aws_api_gateway_method_4.yaml index 5aee9995a..a54bd73fc 100755 --- a/queries/aws_api_gateway_method_4.yaml +++ b/queries/aws_api_gateway_method_4.yaml @@ -1,41 +1,39 @@ +Description: Represents a client-facing interface by which the client calls the API + to access back-end resources. A Method resource is integrated with an Integration + resource. Both consist of a request and one or more responses. The method request + takes the client input that is passed to the back end through the integration request. + A method response returns the output from the back end to the client through an + integration response. A method request is embodied in a Method resource, whereas + an integration request is embodied in an Integration resource. On the other hand, + a method response is represented by a MethodResponse resource, whereas an integration + response is represented by an IntegrationResponse resource. ID: aws_api_gateway_method_4 -Title: "List all AWS API Gateway Methods using SQL" -Description: "Represents a client-facing interface by which the client calls the API to access back-end resources. A Method resource is integrated with an Integration resource. Both consist of a request and one or more responses. The method request takes the client input that is passed to the back end through the integration request. A method response returns the output from the back end to the client through an integration response. A method request is embodied in a Method resource, whereas an integration request is embodied in an Integration resource. On the other hand, a method response is represented by a MethodResponse resource, whereas an integration response is represented by an IntegrationResponse resource." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - rest_api_id, - resource_id, - http_method, - method_integration -> 'CacheKeyParameters' as cache_key_parameters, - method_integration ->> 'CacheNamespace' as cache_namespace, - method_integration ->> 'ConnectionId' as connection_id, - method_integration ->> 'ConnectionType' as connection_type, - method_integration ->> 'ContentHandling' as content_handling, - method_integration ->> 'Credentials' as credentials, - method_integration ->> 'HttpMethod' as http_method, - method_integration ->> 'PassthroughBehavior' as passthrough_behavior, - method_integration ->> 'RequestParameters' as request_parameters, - method_integration -> 'RequestTemplates' as request_templates, - method_integration ->> 'TimeoutInMillis' as timeout_in_millis, - method_integration ->> 'tls_config' as tls_config, - method_integration ->> 'Type' as type, - method_integration ->> 'Uri' as uri, - method_integration -> 'IntegrationResponses' as integration_responses - from - aws_api_gateway_method; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n rest_api_id,\n resource_id,\n http_method,\n method_integration\ + \ -> 'CacheKeyParameters' as cache_key_parameters,\n method_integration ->> 'CacheNamespace'\ + \ as cache_namespace,\n method_integration ->> 'ConnectionId' as connection_id,\n\ + \ method_integration ->> 'ConnectionType' as connection_type,\n method_integration\ + \ ->> 'ContentHandling' as content_handling,\n method_integration ->> 'Credentials'\ + \ as credentials,\n method_integration ->> 'HttpMethod' as http_method,\n method_integration\ + \ ->> 'PassthroughBehavior' as passthrough_behavior,\n method_integration ->>\ + \ 'RequestParameters' as request_parameters,\n method_integration -> 'RequestTemplates'\ + \ as request_templates,\n method_integration ->> 'TimeoutInMillis' as timeout_in_millis,\n\ + \ method_integration ->> 'tls_config' as tls_config,\n method_integration ->>\ + \ 'Type' as type,\n method_integration ->> 'Uri' as uri,\n method_integration\ + \ -> 'IntegrationResponses' as integration_responses\nfrom\n aws_api_gateway_method;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: List all AWS API Gateway Methods using SQL diff --git a/queries/aws_api_gateway_rest_api_1.yaml b/queries/aws_api_gateway_rest_api_1.yaml index 43e042377..8c65ece7a 100755 --- a/queries/aws_api_gateway_rest_api_1.yaml +++ b/queries/aws_api_gateway_rest_api_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS API Gateway Rest APIs to retrieve information + about API Gateway REST APIs in an AWS account. ID: aws_api_gateway_rest_api_1 -Title: "List all AWS API Gateway REST APIs with details" -Description: "Allows users to query AWS API Gateway Rest APIs to retrieve information about API Gateway REST APIs in an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - api_id, - api_key_source, - minimum_compression_size, - binary_media_types - from - aws_api_gateway_rest_api; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n api_id,\n api_key_source,\n minimum_compression_size,\n\ + \ binary_media_types\nfrom\n aws_api_gateway_rest_api;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: List all AWS API Gateway REST APIs with details diff --git a/queries/aws_api_gateway_rest_api_2.yaml b/queries/aws_api_gateway_rest_api_2.yaml index eb86f2263..5d9b35c64 100755 --- a/queries/aws_api_gateway_rest_api_2.yaml +++ b/queries/aws_api_gateway_rest_api_2.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS API Gateway Rest APIs to retrieve information + about API Gateway REST APIs in an AWS account. ID: aws_api_gateway_rest_api_2 -Title: "List all AWS API Gateway REST APIs with SQL" -Description: "Allows users to query AWS API Gateway Rest APIs to retrieve information about API Gateway REST APIs in an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - api_id, - api_key_source, - minimum_compression_size - from - aws_api_gateway_rest_api - where - minimum_compression_size is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n api_id,\n api_key_source,\n minimum_compression_size\n\ + from\n aws_api_gateway_rest_api\nwhere\n minimum_compression_size is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: List all AWS API Gateway REST APIs with SQL diff --git a/queries/aws_api_gateway_rest_api_3.yaml b/queries/aws_api_gateway_rest_api_3.yaml index a255d3982..5252140d6 100755 --- a/queries/aws_api_gateway_rest_api_3.yaml +++ b/queries/aws_api_gateway_rest_api_3.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS API Gateway Rest APIs to retrieve information + about API Gateway REST APIs in an AWS account. ID: aws_api_gateway_rest_api_3 -Title: "List AWS API Gateway REST APIs Information" -Description: "Allows users to query AWS API Gateway Rest APIs to retrieve information about API Gateway REST APIs in an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - api_id, - api_key_source, - endpoint_configuration_types, - endpoint_configuration_vpc_endpoint_ids - from - aws_api_gateway_rest_api - where - not endpoint_configuration_types ? 'PRIVATE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n api_id,\n api_key_source,\n endpoint_configuration_types,\n\ + \ endpoint_configuration_vpc_endpoint_ids\nfrom\n aws_api_gateway_rest_api\n\ + where\n not endpoint_configuration_types ? 'PRIVATE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: List AWS API Gateway REST APIs Information diff --git a/queries/aws_api_gateway_rest_api_4.yaml b/queries/aws_api_gateway_rest_api_4.yaml index 6e5bf3b8f..5a332a562 100755 --- a/queries/aws_api_gateway_rest_api_4.yaml +++ b/queries/aws_api_gateway_rest_api_4.yaml @@ -1,36 +1,24 @@ +Description: Allows users to query AWS API Gateway Rest APIs to retrieve information + about API Gateway REST APIs in an AWS account. ID: aws_api_gateway_rest_api_4 -Title: "Find AWS API Gateway REST APIs Information" -Description: "Allows users to query AWS API Gateway Rest APIs to retrieve information about API Gateway REST APIs in an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - p as principal, - a as action, - s ->> 'Effect' as effect, - s -> 'Condition' as conditions - from - aws_api_gateway_rest_api, - jsonb_array_elements(policy_std -> 'Statement') as s, - jsonb_array_elements_text(s -> 'Principal' -> 'AWS') as p, - string_to_array(p, ':') as pa, - jsonb_array_elements_text(s -> 'Action') as a - where - s ->> 'Effect' = 'Allow' - and ( - pa [5] != account_id - or p = '*' - ); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n p as principal,\n a as action,\n s ->> 'Effect'\ + \ as effect,\n s -> 'Condition' as conditions\nfrom\n aws_api_gateway_rest_api,\n\ + \ jsonb_array_elements(policy_std -> 'Statement') as s,\n jsonb_array_elements_text(s\ + \ -> 'Principal' -> 'AWS') as p,\n string_to_array(p, ':') as pa,\n jsonb_array_elements_text(s\ + \ -> 'Action') as a\nwhere\n s ->> 'Effect' = 'Allow'\n and (\n pa [5] !=\ + \ account_id\n or p = '*'\n );" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: Find AWS API Gateway REST APIs Information diff --git a/queries/aws_api_gateway_rest_api_5.yaml b/queries/aws_api_gateway_rest_api_5.yaml index 0a85864fe..8b40ed5ff 100755 --- a/queries/aws_api_gateway_rest_api_5.yaml +++ b/queries/aws_api_gateway_rest_api_5.yaml @@ -1,34 +1,25 @@ +Description: Allows users to query AWS API Gateway Rest APIs to retrieve information + about API Gateway REST APIs in an AWS account. ID: aws_api_gateway_rest_api_5 -Title: "List all AWS API Gateway REST APIs and Their Policies" -Description: "Allows users to query AWS API Gateway Rest APIs to retrieve information about API Gateway REST APIs in an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - p as principal, - a as action, - s ->> 'Effect' as effect, - s -> 'Condition' as conditions - from - aws_api_gateway_rest_api, - jsonb_array_elements(policy_std -> 'Statement') as s, - jsonb_array_elements_text(s -> 'Principal' -> 'AWS') as p, - jsonb_array_elements_text(s -> 'Action') as a - where - p = '*' - and s ->> 'Effect' = 'Allow'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n p as principal,\n a as action,\n s ->> 'Effect'\ + \ as effect,\n s -> 'Condition' as conditions\nfrom\n aws_api_gateway_rest_api,\n\ + \ jsonb_array_elements(policy_std -> 'Statement') as s,\n jsonb_array_elements_text(s\ + \ -> 'Principal' -> 'AWS') as p,\n jsonb_array_elements_text(s -> 'Action') as\ + \ a\nwhere\n p = '*'\n and s ->> 'Effect' = 'Allow';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: List all AWS API Gateway REST APIs and Their Policies diff --git a/queries/aws_api_gateway_stage_1.yaml b/queries/aws_api_gateway_stage_1.yaml index 297ab7190..8acfaa3da 100755 --- a/queries/aws_api_gateway_stage_1.yaml +++ b/queries/aws_api_gateway_stage_1.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS API Gateway Stages for information related + to deployment, API, and stage details. ID: aws_api_gateway_stage_1 -Title: "Find AWS API Gateway Stages and Deployment Details" -Description: "Allows users to query AWS API Gateway Stages for information related to deployment, API, and stage details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - rest_api_id, - count(name) stage_count - from - aws_api_gateway_stage - group by - rest_api_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n rest_api_id,\n count(name) stage_count\nfrom\n aws_api_gateway_stage\n\ + group by\n rest_api_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: Find AWS API Gateway Stages and Deployment Details diff --git a/queries/aws_api_gateway_stage_2.yaml b/queries/aws_api_gateway_stage_2.yaml index 8ee323067..aaabde16f 100755 --- a/queries/aws_api_gateway_stage_2.yaml +++ b/queries/aws_api_gateway_stage_2.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS API Gateway Stages for information related + to deployment, API, and stage details. ID: aws_api_gateway_stage_2 -Title: "List all AWS API Gateway stages with cache enabled" -Description: "Allows users to query AWS API Gateway Stages for information related to deployment, API, and stage details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - rest_api_id, - cache_cluster_enabled, - cache_cluster_size - from - aws_api_gateway_stage - where - cache_cluster_enabled; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n rest_api_id,\n cache_cluster_enabled,\n cache_cluster_size\n\ + from\n aws_api_gateway_stage\nwhere\n cache_cluster_enabled;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: List all AWS API Gateway stages with cache enabled diff --git a/queries/aws_api_gateway_stage_3.yaml b/queries/aws_api_gateway_stage_3.yaml index ee613ba7c..1a7cbb6d0 100755 --- a/queries/aws_api_gateway_stage_3.yaml +++ b/queries/aws_api_gateway_stage_3.yaml @@ -1,25 +1,22 @@ +Description: Allows users to query AWS API Gateway Stages for information related + to deployment, API, and stage details. ID: aws_api_gateway_stage_3 -Title: "Find AWS API Gateway Stages for deployments and APIs" -Description: "Allows users to query AWS API Gateway Stages for information related to deployment, API, and stage details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - split_part(web_acl_arn, '/', 3) as web_acl_name - from - aws_api_gateway_stage; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n split_part(web_acl_arn, '/', 3) as web_acl_name\n\ + from\n aws_api_gateway_stage;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: Find AWS API Gateway Stages for deployments and APIs diff --git a/queries/aws_api_gateway_stage_4.yaml b/queries/aws_api_gateway_stage_4.yaml index 464cace95..66fd268d8 100755 --- a/queries/aws_api_gateway_stage_4.yaml +++ b/queries/aws_api_gateway_stage_4.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS API Gateway Stages for information related + to deployment, API, and stage details. ID: aws_api_gateway_stage_4 -Title: "Find AWS API Gateway Stages for Deployment and API Details" -Description: "Allows users to query AWS API Gateway Stages for information related to deployment, API, and stage details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - deployment_id, - name, - tracing_enabled, - method_settings -> '*/*' ->> 'LoggingLevel' as cloudwatch_log_level - from - aws_api_gateway_stage - where - method_settings -> '*/*' ->> 'LoggingLevel' = 'OFF'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n deployment_id,\n name,\n tracing_enabled,\n method_settings\ + \ -> '*/*' ->> 'LoggingLevel' as cloudwatch_log_level\nfrom\n aws_api_gateway_stage\n\ + where\n method_settings -> '*/*' ->> 'LoggingLevel' = 'OFF';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: Find AWS API Gateway Stages for Deployment and API Details diff --git a/queries/aws_api_gateway_usage_plan_1.yaml b/queries/aws_api_gateway_usage_plan_1.yaml index 11f3731ec..11f32115b 100755 --- a/queries/aws_api_gateway_usage_plan_1.yaml +++ b/queries/aws_api_gateway_usage_plan_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS API Gateway Usage Plans in order to retrieve + information about the usage plans configured in the AWS API Gateway service. ID: aws_api_gateway_usage_plan_1 -Title: "Find AWS API Gateway Usage Plans Information" -Description: "Allows users to query AWS API Gateway Usage Plans in order to retrieve information about the usage plans configured in the AWS API Gateway service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - product_code, - description, - api_stages - from - aws_api_gateway_usage_plan; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n product_code,\n description,\n api_stages\n\ + from\n aws_api_gateway_usage_plan;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: Find AWS API Gateway Usage Plans Information diff --git a/queries/aws_api_gateway_usage_plan_2.yaml b/queries/aws_api_gateway_usage_plan_2.yaml index ea50097ad..fc1b4c48b 100755 --- a/queries/aws_api_gateway_usage_plan_2.yaml +++ b/queries/aws_api_gateway_usage_plan_2.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS API Gateway Usage Plans in order to retrieve + information about the usage plans configured in the AWS API Gateway service. ID: aws_api_gateway_usage_plan_2 -Title: "List all AWS API Gateway Usage Plans Information" -Description: "Allows users to query AWS API Gateway Usage Plans in order to retrieve information about the usage plans configured in the AWS API Gateway service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - quota - from - aws_api_gateway_usage_plan - where - quota is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n quota\nfrom\n aws_api_gateway_usage_plan\n\ + where\n quota is null;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: List all AWS API Gateway Usage Plans Information diff --git a/queries/aws_api_gateway_usage_plan_3.yaml b/queries/aws_api_gateway_usage_plan_3.yaml index 826f0a03a..61577e354 100755 --- a/queries/aws_api_gateway_usage_plan_3.yaml +++ b/queries/aws_api_gateway_usage_plan_3.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS API Gateway Usage Plans in order to retrieve + information about the usage plans configured in the AWS API Gateway service. ID: aws_api_gateway_usage_plan_3 -Title: "Find AWS API Gateway Usage Plans Details via SQL" -Description: "Allows users to query AWS API Gateway Usage Plans in order to retrieve information about the usage plans configured in the AWS API Gateway service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - throttle - from - aws_api_gateway_usage_plan - where - throttle is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n throttle\nfrom\n aws_api_gateway_usage_plan\n\ + where\n throttle is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: Find AWS API Gateway Usage Plans Details via SQL diff --git a/queries/aws_api_gatewayv2_api_1.yaml b/queries/aws_api_gatewayv2_api_1.yaml index eac84f6db..1b928f21f 100755 --- a/queries/aws_api_gatewayv2_api_1.yaml +++ b/queries/aws_api_gatewayv2_api_1.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query API Gateway APIs and retrieve detailed information + about each API, including its ID, name, protocol type, and more. ID: aws_api_gatewayv2_api_1 -Title: "List all Details of AWS API Gateway APIs" -Description: "Allows users to query API Gateway APIs and retrieve detailed information about each API, including its ID, name, protocol type, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - api_id, - api_endpoint, - protocol_type, - api_key_selection_expression, - route_selection_expression - from - aws_api_gatewayv2_api; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n api_id,\n api_endpoint,\n protocol_type,\n\ + \ api_key_selection_expression,\n route_selection_expression\nfrom\n aws_api_gatewayv2_api;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: List all Details of AWS API Gateway APIs diff --git a/queries/aws_api_gatewayv2_api_2.yaml b/queries/aws_api_gatewayv2_api_2.yaml index aa2a5d81a..a35a3ad1e 100755 --- a/queries/aws_api_gatewayv2_api_2.yaml +++ b/queries/aws_api_gatewayv2_api_2.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query API Gateway APIs and retrieve detailed information + about each API, including its ID, name, protocol type, and more. ID: aws_api_gatewayv2_api_2 -Title: "List all API Gateway APIs with name, ID, and protocol" -Description: "Allows users to query API Gateway APIs and retrieve detailed information about each API, including its ID, name, protocol type, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - api_id, - protocol_type - from - aws_api_gatewayv2_api - where - protocol_type = 'WEBSOCKET'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n api_id,\n protocol_type\nfrom\n aws_api_gatewayv2_api\n\ + where\n protocol_type = 'WEBSOCKET';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: List all API Gateway APIs with name, ID, and protocol diff --git a/queries/aws_api_gatewayv2_api_3.yaml b/queries/aws_api_gatewayv2_api_3.yaml index 344d400be..07bdc04c0 100755 --- a/queries/aws_api_gatewayv2_api_3.yaml +++ b/queries/aws_api_gatewayv2_api_3.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query API Gateway APIs and retrieve detailed information + about each API, including its ID, name, protocol type, and more. ID: aws_api_gatewayv2_api_3 -Title: "List All AWS API Gateway APIs and Retrieve Details" -Description: "Allows users to query API Gateway APIs and retrieve detailed information about each API, including its ID, name, protocol type, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - api_id, - api_endpoint - from - aws_api_gatewayv2_api - where - not disable_execute_api_endpoint; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n api_id,\n api_endpoint\nfrom\n aws_api_gatewayv2_api\n\ + where\n not disable_execute_api_endpoint;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: List All AWS API Gateway APIs and Retrieve Details diff --git a/queries/aws_api_gatewayv2_domain_name_1.yaml b/queries/aws_api_gatewayv2_domain_name_1.yaml index 34ba670ae..e81a55c87 100755 --- a/queries/aws_api_gatewayv2_domain_name_1.yaml +++ b/queries/aws_api_gatewayv2_domain_name_1.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query AWS API Gateway Domain Names and provides information + about each domain name within the AWS API Gateway Service. This table can be used + to query domain name details, including associated API mappings, security policy, + and associated tags. ID: aws_api_gatewayv2_domain_name_1 -Title: "Find all AWS API Gateway Domain Names Details using SQL" -Description: "Allows users to query AWS API Gateway Domain Names and provides information about each domain name within the AWS API Gateway Service. This table can be used to query domain name details, including associated API mappings, security policy, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - mutual_tls_authentication, - tags, - title, - akas - from - aws_api_gatewayv2_domain_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n mutual_tls_authentication,\n tags,\n\ + \ title,\n akas\nfrom\n aws_api_gatewayv2_domain_name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: Find all AWS API Gateway Domain Names Details using SQL diff --git a/queries/aws_api_gatewayv2_domain_name_2.yaml b/queries/aws_api_gatewayv2_domain_name_2.yaml index 14e4a3c9c..de4784e07 100755 --- a/queries/aws_api_gatewayv2_domain_name_2.yaml +++ b/queries/aws_api_gatewayv2_domain_name_2.yaml @@ -1,28 +1,25 @@ +Description: Allows users to query AWS API Gateway Domain Names and provides information + about each domain name within the AWS API Gateway Service. This table can be used + to query domain name details, including associated API mappings, security policy, + and associated tags. ID: aws_api_gatewayv2_domain_name_2 -Title: "List all AWS API Gateway Domain Names with Details" -Description: "Allows users to query AWS API Gateway Domain Names and provides information about each domain name within the AWS API Gateway Service. This table can be used to query domain name details, including associated API mappings, security policy, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - config ->> 'EndpointType' as endpoint_type - from - aws_api_gatewayv2_domain_name - cross join jsonb_array_elements(domain_name_configurations) as config - where - config ->> 'EndpointType' = 'EDGE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n config ->> 'EndpointType' as endpoint_type\n\ + from\n aws_api_gatewayv2_domain_name\n cross join jsonb_array_elements(domain_name_configurations)\ + \ as config\nwhere\n config ->> 'EndpointType' = 'EDGE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: List all AWS API Gateway Domain Names with Details diff --git a/queries/aws_api_gatewayv2_domain_name_3.yaml b/queries/aws_api_gatewayv2_domain_name_3.yaml index f8545a09e..5d1ab7bf0 100755 --- a/queries/aws_api_gatewayv2_domain_name_3.yaml +++ b/queries/aws_api_gatewayv2_domain_name_3.yaml @@ -1,37 +1,33 @@ +Description: Allows users to query AWS API Gateway Domain Names and provides information + about each domain name within the AWS API Gateway Service. This table can be used + to query domain name details, including associated API mappings, security policy, + and associated tags. ID: aws_api_gatewayv2_domain_name_3 -Title: "List all AWS API Gateway Domain Names and Details" -Description: "Allows users to query AWS API Gateway Domain Names and provides information about each domain name within the AWS API Gateway Service. This table can be used to query domain name details, including associated API mappings, security policy, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - config ->> 'EndpointType' as endpoint_type, - config ->> 'CertificateName' as certificate_name, - config ->> 'CertificateArn' as certificate_arn, - config ->> 'CertificateUploadDate' as certificate_upload_date, - config ->> 'DomainNameStatus' as domain_name_status, - config ->> 'DomainNameStatusMessage' as domain_name_status_message, - config ->> 'ApiGatewayDomainName' as api_gateway_domain_name, - config ->> 'HostedZoneId' as hosted_zone_id, - config ->> 'OwnershipVerificationCertificateArn' as ownership_verification_certificate_arn, - config -> 'SecurityPolicy' as security_policy - from - aws_api_gatewayv2_domain_name - cross join jsonb_array_elements(domain_name_configurations) as config; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n config ->> 'EndpointType' as endpoint_type,\n\ + \ config ->> 'CertificateName' as certificate_name,\n config ->> 'CertificateArn'\ + \ as certificate_arn,\n config ->> 'CertificateUploadDate' as certificate_upload_date,\n\ + \ config ->> 'DomainNameStatus' as domain_name_status,\n config ->> 'DomainNameStatusMessage'\ + \ as domain_name_status_message,\n config ->> 'ApiGatewayDomainName' as api_gateway_domain_name,\n\ + \ config ->> 'HostedZoneId' as hosted_zone_id,\n config ->> 'OwnershipVerificationCertificateArn'\ + \ as ownership_verification_certificate_arn,\n config -> 'SecurityPolicy' as\ + \ security_policy\nfrom\n aws_api_gatewayv2_domain_name\n cross join jsonb_array_elements(domain_name_configurations)\ + \ as config;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: List all AWS API Gateway Domain Names and Details diff --git a/queries/aws_api_gatewayv2_domain_name_4.yaml b/queries/aws_api_gatewayv2_domain_name_4.yaml index 802ecaf6e..07b73ce75 100755 --- a/queries/aws_api_gatewayv2_domain_name_4.yaml +++ b/queries/aws_api_gatewayv2_domain_name_4.yaml @@ -1,27 +1,26 @@ +Description: Allows users to query AWS API Gateway Domain Names and provides information + about each domain name within the AWS API Gateway Service. This table can be used + to query domain name details, including associated API mappings, security policy, + and associated tags. ID: aws_api_gatewayv2_domain_name_4 -Title: "Find all AWS API Gateway Domain Names and Their Details" -Description: "Allows users to query AWS API Gateway Domain Names and provides information about each domain name within the AWS API Gateway Service. This table can be used to query domain name details, including associated API mappings, security policy, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - mutual_tls_authentication ->> 'TruststoreUri' as truststore_uri, - mutual_tls_authentication ->> 'TruststoreVersion' as truststore_version, - mutual_tls_authentication ->> 'TruststoreWarnings' as truststore_warnings - from - aws_api_gatewayv2_domain_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n mutual_tls_authentication ->> 'TruststoreUri'\ + \ as truststore_uri,\n mutual_tls_authentication ->> 'TruststoreVersion' as truststore_version,\n\ + \ mutual_tls_authentication ->> 'TruststoreWarnings' as truststore_warnings\n\ + from\n aws_api_gatewayv2_domain_name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: Find all AWS API Gateway Domain Names and Their Details diff --git a/queries/aws_api_gatewayv2_domain_name_5.yaml b/queries/aws_api_gatewayv2_domain_name_5.yaml index 4585a9685..5755e7fc6 100755 --- a/queries/aws_api_gatewayv2_domain_name_5.yaml +++ b/queries/aws_api_gatewayv2_domain_name_5.yaml @@ -1,32 +1,25 @@ +Description: Allows users to query AWS API Gateway Domain Names and provides information + about each domain name within the AWS API Gateway Service. This table can be used + to query domain name details, including associated API mappings, security policy, + and associated tags. ID: aws_api_gatewayv2_domain_name_5 -Title: "List AWS API Gateway Domain Name Details with Certificate Info" -Description: "Allows users to query AWS API Gateway Domain Names and provides information about each domain name within the AWS API Gateway Service. This table can be used to query domain name details, including associated API mappings, security policy, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - d.domain_name, - config ->> 'CertificateArn' as certificate_arn, - c.certificate, - c.certificate_transparency_logging_preference, - c.created_at, - c.imported_at, - c.issuer, - c.issued_at, - c.key_algorithm - from - aws_api_gatewayv2_domain_name AS d - cross join jsonb_array_elements(d.domain_name_configurations) AS config - left join aws_acm_certificate AS c ON c.certificate_arn = config ->> 'CertificateArn'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n d.domain_name,\n config ->> 'CertificateArn' as certificate_arn,\n\ + \ c.certificate,\n c.certificate_transparency_logging_preference,\n c.created_at,\n\ + \ c.imported_at,\n c.issuer,\n c.issued_at,\n c.key_algorithm\nfrom\n aws_api_gatewayv2_domain_name\ + \ AS d\n cross join jsonb_array_elements(d.domain_name_configurations) AS config\n\ + \ left join aws_acm_certificate AS c ON c.certificate_arn = config ->> 'CertificateArn';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: List AWS API Gateway Domain Name Details with Certificate Info diff --git a/queries/aws_api_gatewayv2_integration_1.yaml b/queries/aws_api_gatewayv2_integration_1.yaml index 23fbd126b..7ffd1514b 100755 --- a/queries/aws_api_gatewayv2_integration_1.yaml +++ b/queries/aws_api_gatewayv2_integration_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS API Gateway Integrations to retrieve detailed + information about each integration within the API Gateway. ID: aws_api_gatewayv2_integration_1 -Title: "Find AWS API Gateway Integrations with SQL" -Description: "Allows users to query AWS API Gateway Integrations to retrieve detailed information about each integration within the API Gateway." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - integration_id, - api_id, - integration_type, - integration_uri, - description - from - aws_api_gatewayv2_integration; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n integration_id,\n api_id,\n integration_type,\n integration_uri,\n\ + \ description\nfrom\n aws_api_gatewayv2_integration;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: Find AWS API Gateway Integrations with SQL diff --git a/queries/aws_api_gatewayv2_integration_2.yaml b/queries/aws_api_gatewayv2_integration_2.yaml index 21a4c40d6..b2737ee77 100755 --- a/queries/aws_api_gatewayv2_integration_2.yaml +++ b/queries/aws_api_gatewayv2_integration_2.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS API Gateway Integrations to retrieve detailed + information about each integration within the API Gateway. ID: aws_api_gatewayv2_integration_2 -Title: "Find all AWS API Gateway Integrations Details" -Description: "Allows users to query AWS API Gateway Integrations to retrieve detailed information about each integration within the API Gateway." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - api_id, - count(integration_id) as integration_count - from - aws_api_gatewayv2_integration - group by - api_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n api_id,\n count(integration_id) as integration_count\n\ + from \n aws_api_gatewayv2_integration\ngroup by\n api_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: Find all AWS API Gateway Integrations Details diff --git a/queries/aws_api_gatewayv2_route_1.yaml b/queries/aws_api_gatewayv2_route_1.yaml index cb3b669f9..550cc4ed6 100755 --- a/queries/aws_api_gatewayv2_route_1.yaml +++ b/queries/aws_api_gatewayv2_route_1.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS API Gateway V2 Routes and obtain detailed information + about each route, including the route key, route response selection expression, + and target. ID: aws_api_gatewayv2_route_1 -Title: "Find AWS API Gateway V2 Route Details" -Description: "Allows users to query AWS API Gateway V2 Routes and obtain detailed information about each route, including the route key, route response selection expression, and target." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - route_key, - api_id, - route_id, - api_gateway_managed, - api_key_required - from - aws_api_gatewayv2_route; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n route_key,\n api_id,\n route_id,\n api_gateway_managed,\n\ + \ api_key_required\nfrom\n aws_api_gatewayv2_route;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway V2 +Title: Find AWS API Gateway V2 Route Details diff --git a/queries/aws_api_gatewayv2_route_2.yaml b/queries/aws_api_gatewayv2_route_2.yaml index aa1ca060f..60f52f28b 100755 --- a/queries/aws_api_gatewayv2_route_2.yaml +++ b/queries/aws_api_gatewayv2_route_2.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS API Gateway V2 Routes and obtain detailed information + about each route, including the route key, route response selection expression, + and target. ID: aws_api_gatewayv2_route_2 -Title: "List all AWS API Gateway V2 Routes including details" -Description: "Allows users to query AWS API Gateway V2 Routes and obtain detailed information about each route, including the route key, route response selection expression, and target." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - route_key, - api_id, - route_id - from - aws_api_gatewayv2_route - where - api_id = 'w5n71b2m85'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n route_key,\n api_id,\n route_id\nfrom\n aws_api_gatewayv2_route\n\ + where\n api_id = 'w5n71b2m85';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway V2 +Title: List all AWS API Gateway V2 Routes including details diff --git a/queries/aws_api_gatewayv2_route_3.yaml b/queries/aws_api_gatewayv2_route_3.yaml index 694c81ccc..f208f4907 100755 --- a/queries/aws_api_gatewayv2_route_3.yaml +++ b/queries/aws_api_gatewayv2_route_3.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS API Gateway V2 Routes and obtain detailed information + about each route, including the route key, route response selection expression, + and target. ID: aws_api_gatewayv2_route_3 -Title: "Find all AWS API Gateway V2 Routes with Details" -Description: "Allows users to query AWS API Gateway V2 Routes and obtain detailed information about each route, including the route key, route response selection expression, and target." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.route_id, - a.name, - a.api_id, - a.api_endpoint - from - aws_api_gatewayv2_route as r, - aws_api_gatewayv2_api as a - where - not a.disable_execute_api_endpoint; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n r.route_id,\n a.name,\n a.api_id,\n a.api_endpoint\n\ + from\n aws_api_gatewayv2_route as r,\n aws_api_gatewayv2_api as a\nwhere\n \ + \ not a.disable_execute_api_endpoint;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway V2 +Title: Find all AWS API Gateway V2 Routes with Details diff --git a/queries/aws_api_gatewayv2_stage_1.yaml b/queries/aws_api_gatewayv2_stage_1.yaml index b4108abf7..2ef52b97f 100755 --- a/queries/aws_api_gatewayv2_stage_1.yaml +++ b/queries/aws_api_gatewayv2_stage_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS API Gateway Stages, providing detailed information + about each stage of the API Gateway. ID: aws_api_gatewayv2_stage_1 -Title: "List all AWS API Gateway Stages with Trace Data Disabled" -Description: "Allows users to query AWS API Gateway Stages, providing detailed information about each stage of the API Gateway." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - stage_name, - api_id, - default_route_data_trace_enabled - from - aws_api_gatewayv2_stage - where - not default_route_data_trace_enabled; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n stage_name,\n api_id,\n default_route_data_trace_enabled\n\ + from\n aws_api_gatewayv2_stage\nwhere\n not default_route_data_trace_enabled;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: List all AWS API Gateway Stages with Trace Data Disabled diff --git a/queries/aws_api_gatewayv2_stage_2.yaml b/queries/aws_api_gatewayv2_stage_2.yaml index 2bf068e2c..03447826b 100755 --- a/queries/aws_api_gatewayv2_stage_2.yaml +++ b/queries/aws_api_gatewayv2_stage_2.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS API Gateway Stages, providing detailed information + about each stage of the API Gateway. ID: aws_api_gatewayv2_stage_2 -Title: "Find AWS API Gateway Stages and Details" -Description: "Allows users to query AWS API Gateway Stages, providing detailed information about each stage of the API Gateway." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - stage_name, - api_id, - default_route_data_trace_enabled, - default_route_detailed_metrics_enabled, - default_route_throttling_burst_limit, - default_route_throttling_rate_limit - from - aws_api_gatewayv2_stage; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n stage_name,\n api_id,\n default_route_data_trace_enabled,\n\ + \ default_route_detailed_metrics_enabled,\n default_route_throttling_burst_limit,\n\ + \ default_route_throttling_rate_limit\nfrom\n aws_api_gatewayv2_stage;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: Find AWS API Gateway Stages and Details diff --git a/queries/aws_api_gatewayv2_stage_3.yaml b/queries/aws_api_gatewayv2_stage_3.yaml index ccac682bc..141fab2ce 100755 --- a/queries/aws_api_gatewayv2_stage_3.yaml +++ b/queries/aws_api_gatewayv2_stage_3.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS API Gateway Stages, providing detailed information + about each stage of the API Gateway. ID: aws_api_gatewayv2_stage_3 -Title: "List all AWS API Gateway Stages and Details" -Description: "Allows users to query AWS API Gateway Stages, providing detailed information about each stage of the API Gateway." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - api_id, - count(stage_name) stage_count - from - aws_api_gatewayv2_stage - group by - api_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n api_id,\n count(stage_name) stage_count\nfrom\n aws_api_gatewayv2_stage\n\ + group by\n api_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: List all AWS API Gateway Stages and Details diff --git a/queries/aws_api_gatewayv2_stage_4.yaml b/queries/aws_api_gatewayv2_stage_4.yaml index 6a1304c13..1fa552129 100755 --- a/queries/aws_api_gatewayv2_stage_4.yaml +++ b/queries/aws_api_gatewayv2_stage_4.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS API Gateway Stages, providing detailed information + about each stage of the API Gateway. ID: aws_api_gatewayv2_stage_4 -Title: "Find AWS API Gateway Stages and Details using SQL" -Description: "Allows users to query AWS API Gateway Stages, providing detailed information about each stage of the API Gateway." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - stage_name, - api_id, - default_route_data_trace_enabled, - jsonb_pretty(access_log_settings) as access_log_settings - from - aws_api_gatewayv2_stage; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n stage_name,\n api_id,\n default_route_data_trace_enabled,\n\ + \ jsonb_pretty(access_log_settings) as access_log_settings\nfrom\n aws_api_gatewayv2_stage;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - API Gateway +Title: Find AWS API Gateway Stages and Details using SQL diff --git a/queries/aws_app_runner_service_1.yaml b/queries/aws_app_runner_service_1.yaml index ee84309a1..9c6e02147 100755 --- a/queries/aws_app_runner_service_1.yaml +++ b/queries/aws_app_runner_service_1.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS App Runner services, providing detailed information + on service configurations, scaling, and network settings. ID: aws_app_runner_service_1 -Title: "Find all AWS App Runner Services with configurations" -Description: "Allows users to query AWS App Runner services, providing detailed information on service configurations, scaling, and network settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service_name, - arn, - region, - created_at, - updated_at - from - aws_app_runner_service; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service_name,\n arn,\n region,\n created_at,\n updated_at\n\ + from\n aws_app_runner_service;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - App Runner +Title: Find all AWS App Runner Services with configurations diff --git a/queries/aws_app_runner_service_2.yaml b/queries/aws_app_runner_service_2.yaml index 1736430aa..88ca45218 100755 --- a/queries/aws_app_runner_service_2.yaml +++ b/queries/aws_app_runner_service_2.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS App Runner services, providing detailed information + on service configurations, scaling, and network settings. ID: aws_app_runner_service_2 -Title: "List all AWS App Runner Services with Network Configurations" -Description: "Allows users to query AWS App Runner services, providing detailed information on service configurations, scaling, and network settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service_name, - arn, - network_configuration - from - aws_app_runner_service - where - (network_configuration -> 'EgressConfiguration' ->> 'VpcConnectorArn') is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service_name,\n arn,\n network_configuration\nfrom\n\ + \ aws_app_runner_service\nwhere\n (network_configuration -> 'EgressConfiguration'\ + \ ->> 'VpcConnectorArn') is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - App Runner +Title: List all AWS App Runner Services with Network Configurations diff --git a/queries/aws_app_runner_service_3.yaml b/queries/aws_app_runner_service_3.yaml index 5c57679a0..d50473717 100755 --- a/queries/aws_app_runner_service_3.yaml +++ b/queries/aws_app_runner_service_3.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS App Runner services, providing detailed information + on service configurations, scaling, and network settings. ID: aws_app_runner_service_3 -Title: "List all AWS App Runner Services with Auto Scaling Info" -Description: "Allows users to query AWS App Runner services, providing detailed information on service configurations, scaling, and network settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service_name, - arn, - auto_scaling_configuration_summary - from - aws_app_runner_service - where - jsonb_path_exists(auto_scaling_configuration_summary, '$.AutoScalingConfigurationArn'); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service_name,\n arn,\n auto_scaling_configuration_summary\n\ + from\n aws_app_runner_service\nwhere\n jsonb_path_exists(auto_scaling_configuration_summary,\ + \ '$.AutoScalingConfigurationArn');" Tags: cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - App Runner +Title: List all AWS App Runner Services with Auto Scaling Info diff --git a/queries/aws_app_runner_service_4.yaml b/queries/aws_app_runner_service_4.yaml index 79492e2ad..9c40a8014 100755 --- a/queries/aws_app_runner_service_4.yaml +++ b/queries/aws_app_runner_service_4.yaml @@ -1,30 +1,25 @@ +Description: Allows users to query AWS App Runner services, providing detailed information + on service configurations, scaling, and network settings. ID: aws_app_runner_service_4 -Title: "Find all AWS App Runner services and configurations" -Description: "Allows users to query AWS App Runner services, providing detailed information on service configurations, scaling, and network settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service_name, - arn, - observability_configuration - from - aws_app_runner_service - where - (observability_configuration ->> 'ObservabilityConfigurationArn') is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service_name,\n arn,\n observability_configuration\n\ + from\n aws_app_runner_service\nwhere\n (observability_configuration ->> 'ObservabilityConfigurationArn')\ + \ is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - App Runner +Title: Find all AWS App Runner services and configurations diff --git a/queries/aws_app_runner_service_5.yaml b/queries/aws_app_runner_service_5.yaml index 69bc84be1..d5a36128d 100755 --- a/queries/aws_app_runner_service_5.yaml +++ b/queries/aws_app_runner_service_5.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS App Runner services, providing detailed information + on service configurations, scaling, and network settings. ID: aws_app_runner_service_5 -Title: "List All AWS App Runner Services with Configs and Networking" -Description: "Allows users to query AWS App Runner services, providing detailed information on service configurations, scaling, and network settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service_name, - arn, - created_at - from - aws_app_runner_service - where - created_at >= '2023-01-01T00:00:00Z' and created_at <= '2023-12-31T23:59:59Z'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service_name,\n arn,\n created_at\nfrom\n aws_app_runner_service\n\ + where\n created_at >= '2023-01-01T00:00:00Z' and created_at <= '2023-12-31T23:59:59Z';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - App Runner +Title: List All AWS App Runner Services with Configs and Networking diff --git a/queries/aws_app_runner_service_6.yaml b/queries/aws_app_runner_service_6.yaml index a1a5cd222..59703b53d 100755 --- a/queries/aws_app_runner_service_6.yaml +++ b/queries/aws_app_runner_service_6.yaml @@ -1,24 +1,19 @@ +Description: Allows users to query AWS App Runner services, providing detailed information + on service configurations, scaling, and network settings. ID: aws_app_runner_service_6 -Title: "Find AWS App Runner Service Details and Configurations" -Description: "Allows users to query AWS App Runner services, providing detailed information on service configurations, scaling, and network settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service_name, - arn, - service_url - from - aws_app_runner_service; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service_name,\n arn,\n service_url\nfrom\n aws_app_runner_service;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - App Runner +Title: Find AWS App Runner Service Details and Configurations diff --git a/queries/aws_appautoscaling_policy_1.yaml b/queries/aws_appautoscaling_policy_1.yaml index 51de04612..fcb3fafd5 100755 --- a/queries/aws_appautoscaling_policy_1.yaml +++ b/queries/aws_appautoscaling_policy_1.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS Application Auto Scaling Policies to obtain + information about their configuration, attached resources, and other metadata. ID: aws_appautoscaling_policy_1 -Title: "List AWS Application Auto Scaling Policies Configuration" -Description: "Allows users to query AWS Application Auto Scaling Policies to obtain information about their configuration, attached resources, and other metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service_namespace, - scalable_dimension, - policy_type, - resource_id, - creation_time - from - aws_appautoscaling_policy - where - service_namespace = 'ecs'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service_namespace,\n scalable_dimension,\n policy_type,\n\ + \ resource_id,\n creation_time\nfrom\n aws_appautoscaling_policy\nwhere\n \ + \ service_namespace = 'ecs';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Application Auto Scaling +Title: List AWS Application Auto Scaling Policies Configuration diff --git a/queries/aws_appautoscaling_policy_2.yaml b/queries/aws_appautoscaling_policy_2.yaml index 851a684bc..dfa3a74e0 100755 --- a/queries/aws_appautoscaling_policy_2.yaml +++ b/queries/aws_appautoscaling_policy_2.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Application Auto Scaling Policies to obtain + information about their configuration, attached resources, and other metadata. ID: aws_appautoscaling_policy_2 -Title: "Find AWS Application Auto Scaling Policies Configuration" -Description: "Allows users to query AWS Application Auto Scaling Policies to obtain information about their configuration, attached resources, and other metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - resource_id, - policy_type - from - aws_appautoscaling_policy - where - service_namespace = 'ecs' - and policy_type = 'StepScaling'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n resource_id,\n policy_type\nfrom\n aws_appautoscaling_policy\n\ + where\n service_namespace = 'ecs'\n and policy_type = 'StepScaling';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Application Auto Scaling +Title: Find AWS Application Auto Scaling Policies Configuration diff --git a/queries/aws_appautoscaling_policy_3.yaml b/queries/aws_appautoscaling_policy_3.yaml index 8aa2297f4..aa0b46d34 100755 --- a/queries/aws_appautoscaling_policy_3.yaml +++ b/queries/aws_appautoscaling_policy_3.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS Application Auto Scaling Policies to obtain + information about their configuration, attached resources, and other metadata. ID: aws_appautoscaling_policy_3 -Title: "Find AWS Auto Scaling Policies for ECS Resources" -Description: "Allows users to query AWS Application Auto Scaling Policies to obtain information about their configuration, attached resources, and other metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - resource_id, - policy_type - from - aws_appautoscaling_policy - where - service_namespace = 'ecs' - and creation_time > now() - interval '30 days'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n resource_id,\n policy_type\nfrom\n aws_appautoscaling_policy\n\ + where\n service_namespace = 'ecs'\n and creation_time > now() - interval '30\ + \ days';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Application Auto Scaling +Title: Find AWS Auto Scaling Policies for ECS Resources diff --git a/queries/aws_appautoscaling_policy_4.yaml b/queries/aws_appautoscaling_policy_4.yaml index 9e48d4911..191460be2 100755 --- a/queries/aws_appautoscaling_policy_4.yaml +++ b/queries/aws_appautoscaling_policy_4.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS Application Auto Scaling Policies to obtain + information about their configuration, attached resources, and other metadata. ID: aws_appautoscaling_policy_4 -Title: "Find all AWS Auto Scaling Policies and Configurations" -Description: "Allows users to query AWS Application Auto Scaling Policies to obtain information about their configuration, attached resources, and other metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - resource_id, - policy_type, - jsonb_array_elements(alarms) -> 'AlarmName' as alarm_name - from - aws_appautoscaling_policy - where - service_namespace = 'ecs'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n resource_id,\n policy_type,\n jsonb_array_elements(alarms)\ + \ -> 'AlarmName' as alarm_name\nfrom\n aws_appautoscaling_policy\nwhere\n service_namespace\ + \ = 'ecs';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Application Auto Scaling +Title: Find all AWS Auto Scaling Policies and Configurations diff --git a/queries/aws_appautoscaling_policy_5.yaml b/queries/aws_appautoscaling_policy_5.yaml index b702434b1..d8165b25b 100755 --- a/queries/aws_appautoscaling_policy_5.yaml +++ b/queries/aws_appautoscaling_policy_5.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Application Auto Scaling Policies to obtain + information about their configuration, attached resources, and other metadata. ID: aws_appautoscaling_policy_5 -Title: "List AWS App Auto Scaling Policies and Configurations" -Description: "Allows users to query AWS Application Auto Scaling Policies to obtain information about their configuration, attached resources, and other metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - resource_id, - policy_type, - step_scaling_policy_configuration - from - aws_appautoscaling_policy - where - service_namespace = 'ecs' - and policy_type = 'StepScaling'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n resource_id,\n policy_type,\n step_scaling_policy_configuration\n\ + from\n aws_appautoscaling_policy\nwhere\n service_namespace = 'ecs'\n and policy_type\ + \ = 'StepScaling';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Application Auto Scaling +Title: List AWS App Auto Scaling Policies and Configurations diff --git a/queries/aws_appautoscaling_target_1.yaml b/queries/aws_appautoscaling_target_1.yaml index b972af859..d266ae9cf 100755 --- a/queries/aws_appautoscaling_target_1.yaml +++ b/queries/aws_appautoscaling_target_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Application Auto Scaling Targets. This table + provides information about each target, including the service namespace, scalable + dimension, resource ID, and the associated scaling policies. ID: aws_appautoscaling_target_1 -Title: "Find AWS Application Auto Scaling Targets using SQL" -Description: "Allows users to query AWS Application Auto Scaling Targets. This table provides information about each target, including the service namespace, scalable dimension, resource ID, and the associated scaling policies." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service_namespace, - scalable_dimension, - resource_id, - creation_time - from - aws_appautoscaling_target - where - service_namespace = 'dynamodb'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service_namespace,\n scalable_dimension,\n resource_id,\n\ + \ creation_time\nfrom\n aws_appautoscaling_target\nwhere\n service_namespace\ + \ = 'dynamodb';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Application Auto Scaling +Title: Find AWS Application Auto Scaling Targets using SQL diff --git a/queries/aws_appautoscaling_target_2.yaml b/queries/aws_appautoscaling_target_2.yaml index 70e033d75..cd99a4f8f 100755 --- a/queries/aws_appautoscaling_target_2.yaml +++ b/queries/aws_appautoscaling_target_2.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS Application Auto Scaling Targets. This table + provides information about each target, including the service namespace, scalable + dimension, resource ID, and the associated scaling policies. ID: aws_appautoscaling_target_2 -Title: "Find AWS Application Auto Scaling Targets Details" -Description: "Allows users to query AWS Application Auto Scaling Targets. This table provides information about each target, including the service namespace, scalable dimension, resource ID, and the associated scaling policies." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - resource_id, - scalable_dimension - from - aws_appautoscaling_target - where - service_namespace = 'dynamodb' - and scalable_dimension = 'dynamodb:table:ReadCapacityUnits' - or scalable_dimension = 'dynamodb:table:WriteCapacityUnits'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n resource_id,\n scalable_dimension\nfrom\n aws_appautoscaling_target\n\ + where\n service_namespace = 'dynamodb'\n and scalable_dimension = 'dynamodb:table:ReadCapacityUnits'\n\ + \ or scalable_dimension = 'dynamodb:table:WriteCapacityUnits';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Application Auto Scaling +Title: Find AWS Application Auto Scaling Targets Details diff --git a/queries/aws_appconfig_application_1.yaml b/queries/aws_appconfig_application_1.yaml index 897a88f04..db4bfdb75 100755 --- a/queries/aws_appconfig_application_1.yaml +++ b/queries/aws_appconfig_application_1.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS AppConfig Applications to gather detailed information + about each application, including its name, description, associated environments, + and more. ID: aws_appconfig_application_1 -Title: "Find AWS AppConfig Application Details" -Description: "Allows users to query AWS AppConfig Applications to gather detailed information about each application, including its name, description, associated environments, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - id, - name, - description, - tags - from - aws_appconfig_application; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n id,\n name,\n description,\n tags\nfrom\n\ + \ aws_appconfig_application;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AppConfig +Title: Find AWS AppConfig Application Details diff --git a/queries/aws_appstream_fleet_1.yaml b/queries/aws_appstream_fleet_1.yaml index 166a84602..dd42dc89d 100755 --- a/queries/aws_appstream_fleet_1.yaml +++ b/queries/aws_appstream_fleet_1.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS AppStream Fleets for detailed information about + each fleet, including its state, instance type, and associated stack details. ID: aws_appstream_fleet_1 -Title: "List all AWS AppStream Fleets with detailed information" -Description: "Allows users to query AWS AppStream Fleets for detailed information about each fleet, including its state, instance type, and associated stack details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - instance_type, - description, - created_time, - display_name, - state, - directory_name, - enable_default_internet_access - from - aws_appstream_fleet; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n instance_type,\n description,\n created_time,\n\ + \ display_name,\n state,\n directory_name,\n enable_default_internet_access\n\ + from\n aws_appstream_fleet;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AppStream +Title: List all AWS AppStream Fleets with detailed information diff --git a/queries/aws_appstream_fleet_10.yaml b/queries/aws_appstream_fleet_10.yaml index caf01f5e6..d22d96ef7 100755 --- a/queries/aws_appstream_fleet_10.yaml +++ b/queries/aws_appstream_fleet_10.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS AppStream Fleets for detailed information about + each fleet, including its state, instance type, and associated stack details. ID: aws_appstream_fleet_10 -Title: "List all AWS AppStream Fleets with State and Details" -Description: "Allows users to query AWS AppStream Fleets for detailed information about each fleet, including its state, instance type, and associated stack details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - state, - created_time, - description - from - aws_appstream_fleet - where - state = 'RUNNING'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n state,\n created_time,\n description\n\ + from\n aws_appstream_fleet\nwhere\n state = 'RUNNING';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AppStream +Title: List all AWS AppStream Fleets with State and Details diff --git a/queries/aws_appstream_fleet_2.yaml b/queries/aws_appstream_fleet_2.yaml index 5afc94ddb..f0bb11f73 100755 --- a/queries/aws_appstream_fleet_2.yaml +++ b/queries/aws_appstream_fleet_2.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS AppStream Fleets for detailed information about + each fleet, including its state, instance type, and associated stack details. ID: aws_appstream_fleet_2 -Title: "List all AWS AppStream Fleets with Detailed Information" -Description: "Allows users to query AWS AppStream Fleets for detailed information about each fleet, including its state, instance type, and associated stack details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - instance_type, - description, - created_time, - display_name, - state, - enable_default_internet_access - from - aws_appstream_fleet - where enable_default_internet_access; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n instance_type,\n description,\n created_time,\n\ + \ display_name,\n state,\n enable_default_internet_access\nfrom\n aws_appstream_fleet\n\ + where enable_default_internet_access;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AppStream +Title: List all AWS AppStream Fleets with Detailed Information diff --git a/queries/aws_appstream_fleet_3.yaml b/queries/aws_appstream_fleet_3.yaml index d7ab5acdf..7815e8633 100755 --- a/queries/aws_appstream_fleet_3.yaml +++ b/queries/aws_appstream_fleet_3.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS AppStream Fleets for detailed information about + each fleet, including its state, instance type, and associated stack details. ID: aws_appstream_fleet_3 -Title: "List all AWS AppStream Fleets with Details" -Description: "Allows users to query AWS AppStream Fleets for detailed information about each fleet, including its state, instance type, and associated stack details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - created_time, - fleet_type, - instance_type, - display_name, - image_arn, - image_name - from - aws_appstream_fleet - where - fleet_type = 'ON_DEMAND'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n created_time,\n fleet_type,\n instance_type,\n\ + \ display_name,\n image_arn,\n image_name\nfrom\n aws_appstream_fleet\nwhere\n\ + \ fleet_type = 'ON_DEMAND';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AppStream +Title: List all AWS AppStream Fleets with Details diff --git a/queries/aws_appstream_fleet_4.yaml b/queries/aws_appstream_fleet_4.yaml index 4bcfcf0ca..757ed7103 100755 --- a/queries/aws_appstream_fleet_4.yaml +++ b/queries/aws_appstream_fleet_4.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS AppStream Fleets for detailed information about + each fleet, including its state, instance type, and associated stack details. ID: aws_appstream_fleet_4 -Title: "List all AWS AppStream Fleets and their details" -Description: "Allows users to query AWS AppStream Fleets for detailed information about each fleet, including its state, instance type, and associated stack details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - created_time, - display_name, - enable_default_internet_access, - max_concurrent_sessions, - max_user_duration_in_seconds - from - aws_appstream_fleet - where - created_time >= now() - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n created_time,\n display_name,\n enable_default_internet_access,\n\ + \ max_concurrent_sessions,\n max_user_duration_in_seconds\nfrom\n aws_appstream_fleet\n\ + where\n created_time >= now() - interval '30' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AppStream +Title: List all AWS AppStream Fleets and their details diff --git a/queries/aws_appstream_fleet_5.yaml b/queries/aws_appstream_fleet_5.yaml index dc4787519..0f97cfad5 100755 --- a/queries/aws_appstream_fleet_5.yaml +++ b/queries/aws_appstream_fleet_5.yaml @@ -1,35 +1,24 @@ +Description: Allows users to query AWS AppStream Fleets for detailed information about + each fleet, including its state, instance type, and associated stack details. ID: aws_appstream_fleet_5 -Title: "Find AWS AppStream Fleets and Detailed Stack Info" -Description: "Allows users to query AWS AppStream Fleets for detailed information about each fleet, including its state, instance type, and associated stack details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - f.name, - f.created_time, - f.display_name, - f.image_arn, - i.base_image_arn, - i.image_builder_name, - i.visibility - from - aws_appstream_fleet as f, - aws_appstream_image as i - where - i.arn = f.image_arn - and - i.visibility = 'PRIVATE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n f.name,\n f.created_time,\n f.display_name,\n f.image_arn,\n\ + \ i.base_image_arn,\n i.image_builder_name,\n i.visibility\nfrom\n aws_appstream_fleet\ + \ as f,\n aws_appstream_image as i\nwhere\n i.arn = f.image_arn\nand\n i.visibility\ + \ = 'PRIVATE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AppStream +Title: Find AWS AppStream Fleets and Detailed Stack Info diff --git a/queries/aws_appstream_fleet_6.yaml b/queries/aws_appstream_fleet_6.yaml index e379743d5..c6adb2922 100755 --- a/queries/aws_appstream_fleet_6.yaml +++ b/queries/aws_appstream_fleet_6.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS AppStream Fleets for detailed information about + each fleet, including its state, instance type, and associated stack details. ID: aws_appstream_fleet_6 -Title: "List AWS AppStream Fleet details including state and type" -Description: "Allows users to query AWS AppStream Fleets for detailed information about each fleet, including its state, instance type, and associated stack details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - compute_capacity_status ->> 'Available' as available, - compute_capacity_status ->> 'Desired' as desired, - compute_capacity_status ->> 'InUse' as in_use, - compute_capacity_status ->> 'Running' as running - from - aws_appstream_fleet; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n compute_capacity_status ->> 'Available'\ + \ as available,\n compute_capacity_status ->> 'Desired' as desired,\n compute_capacity_status\ + \ ->> 'InUse' as in_use,\n compute_capacity_status ->> 'Running' as running\n\ + from\n aws_appstream_fleet;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS AppStream +Title: List AWS AppStream Fleet details including state and type diff --git a/queries/aws_appstream_fleet_7.yaml b/queries/aws_appstream_fleet_7.yaml index 7d59d2b69..2dd32c768 100755 --- a/queries/aws_appstream_fleet_7.yaml +++ b/queries/aws_appstream_fleet_7.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS AppStream Fleets for detailed information about + each fleet, including its state, instance type, and associated stack details. ID: aws_appstream_fleet_7 -Title: "Find AWS AppStream Fleet Details Including State and Instance Type" -Description: "Allows users to query AWS AppStream Fleets for detailed information about each fleet, including its state, instance type, and associated stack details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - e ->> 'ErrorCode' as error_code, - e ->> 'ErrorMessage' as error_message - from - aws_appstream_fleet, - jsonb_array_elements(fleet_errors) as e; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n e ->> 'ErrorCode' as error_code,\n \ + \ e ->> 'ErrorMessage' as error_message\nfrom\n aws_appstream_fleet,\n jsonb_array_elements(fleet_errors)\ + \ as e;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AppStream +Title: Find AWS AppStream Fleet Details Including State and Instance Type diff --git a/queries/aws_appstream_fleet_8.yaml b/queries/aws_appstream_fleet_8.yaml index 4ba094296..5b90f62b5 100755 --- a/queries/aws_appstream_fleet_8.yaml +++ b/queries/aws_appstream_fleet_8.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS AppStream Fleets for detailed information about + each fleet, including its state, instance type, and associated stack details. ID: aws_appstream_fleet_8 -Title: "Find All AWS AppStream Fleet Details and States" -Description: "Allows users to query AWS AppStream Fleets for detailed information about each fleet, including its state, instance type, and associated stack details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - vpc_config -> 'SecurityGroupIds' as security_group_ids, - vpc_config -> 'SubnetIds' as subnet_ids - from - aws_appstream_fleet; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n vpc_config -> 'SecurityGroupIds' as\ + \ security_group_ids,\n vpc_config -> 'SubnetIds' as subnet_ids\nfrom\n aws_appstream_fleet;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS AppStream Fleet +Title: Find All AWS AppStream Fleet Details and States diff --git a/queries/aws_appstream_fleet_9.yaml b/queries/aws_appstream_fleet_9.yaml index 6eecb5e5e..34e2e1792 100755 --- a/queries/aws_appstream_fleet_9.yaml +++ b/queries/aws_appstream_fleet_9.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS AppStream Fleets for detailed information about + each fleet, including its state, instance type, and associated stack details. ID: aws_appstream_fleet_9 -Title: "List AWS AppStream Fleet Details by Instance Type" -Description: "Allows users to query AWS AppStream Fleets for detailed information about each fleet, including its state, instance type, and associated stack details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - instance_type, - Count(instance_type) as number_of_fleets - from - aws_appstream_fleet - group by - instance_type, - name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n instance_type,\n Count(instance_type) as number_of_fleets\n\ + from\n aws_appstream_fleet\ngroup by\n instance_type,\n name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AppStream +Title: List AWS AppStream Fleet Details by Instance Type diff --git a/queries/aws_appstream_image_1.yaml b/queries/aws_appstream_image_1.yaml index f1b12f6ee..564bb76d9 100755 --- a/queries/aws_appstream_image_1.yaml +++ b/queries/aws_appstream_image_1.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query AWS AppStream Images to gain insights into their + properties, states, and associated metadata. ID: aws_appstream_image_1 -Title: "List AWS AppStream Images and Metadata" -Description: "Allows users to query AWS AppStream Images to gain insights into their properties, states, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - base_image_arn, - description, - created_time, - display_name, - image_builder_name, - tags - from - aws_appstream_image; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n base_image_arn,\n description,\n created_time,\n\ + \ display_name,\n image_builder_name,\n tags\nfrom\n aws_appstream_image;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AppStream +Title: List AWS AppStream Images and Metadata diff --git a/queries/aws_appstream_image_2.yaml b/queries/aws_appstream_image_2.yaml index 39e642fa6..f2da96eee 100755 --- a/queries/aws_appstream_image_2.yaml +++ b/queries/aws_appstream_image_2.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query AWS AppStream Images to gain insights into their + properties, states, and associated metadata. ID: aws_appstream_image_2 -Title: "Find AWS AppStream Images and Their Properties" -Description: "Allows users to query AWS AppStream Images to gain insights into their properties, states, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - display_name, - platform, - state - from - aws_appstream_image - where - state = 'AVAILABLE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n display_name,\n platform,\n state\n\ + from\n aws_appstream_image\nwhere\n state = 'AVAILABLE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AppStream +Title: Find AWS AppStream Images and Their Properties diff --git a/queries/aws_appstream_image_3.yaml b/queries/aws_appstream_image_3.yaml index 88148c725..b23ff5c34 100755 --- a/queries/aws_appstream_image_3.yaml +++ b/queries/aws_appstream_image_3.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS AppStream Images to gain insights into their + properties, states, and associated metadata. ID: aws_appstream_image_3 -Title: "Find all AWS AppStream Image Details and Metadata" -Description: "Allows users to query AWS AppStream Images to gain insights into their properties, states, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - created_time, - base_image_arn, - display_name, - image_builder_supported, - image_builder_name - from - aws_appstream_image - where - platform = 'WINDOWS'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n created_time,\n base_image_arn,\n display_name,\n\ + \ image_builder_supported,\n image_builder_name\nfrom\n aws_appstream_image\n\ + where\n platform = 'WINDOWS';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AppStream +Title: Find all AWS AppStream Image Details and Metadata diff --git a/queries/aws_appstream_image_4.yaml b/queries/aws_appstream_image_4.yaml index fc8855023..a45e655d2 100755 --- a/queries/aws_appstream_image_4.yaml +++ b/queries/aws_appstream_image_4.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS AppStream Images to gain insights into their + properties, states, and associated metadata. ID: aws_appstream_image_4 -Title: "List all AWS AppStream Image properties and states" -Description: "Allows users to query AWS AppStream Images to gain insights into their properties, states, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - created_time, - base_image_arn, - display_name, - image_builder_supported, - image_builder_name - from - aws_appstream_image - where - image_builder_supported; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n created_time,\n base_image_arn,\n display_name,\n\ + \ image_builder_supported,\n image_builder_name\nfrom\n aws_appstream_image\n\ + where\n image_builder_supported;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AppStream +Title: List all AWS AppStream Image properties and states diff --git a/queries/aws_appstream_image_5.yaml b/queries/aws_appstream_image_5.yaml index bbb1d915d..3652b2e81 100755 --- a/queries/aws_appstream_image_5.yaml +++ b/queries/aws_appstream_image_5.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query AWS AppStream Images to gain insights into their + properties, states, and associated metadata. ID: aws_appstream_image_5 -Title: "Find AWS AppStream Images and Their States" -Description: "Allows users to query AWS AppStream Images to gain insights into their properties, states, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - created_time, - base_image_arn, - display_name, - image_builder_name, - visibility - from - aws_appstream_image - where - visibility = 'PRIVATE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n created_time,\n base_image_arn,\n display_name,\n\ + \ image_builder_name,\n visibility\nfrom\n aws_appstream_image\nwhere\n visibility\ + \ = 'PRIVATE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AppStream +Title: Find AWS AppStream Images and Their States diff --git a/queries/aws_appstream_image_6.yaml b/queries/aws_appstream_image_6.yaml index ede2c6419..8cdc778d4 100755 --- a/queries/aws_appstream_image_6.yaml +++ b/queries/aws_appstream_image_6.yaml @@ -1,40 +1,29 @@ +Description: Allows users to query AWS AppStream Images to gain insights into their + properties, states, and associated metadata. ID: aws_appstream_image_6 -Title: "List AWS AppStream Images and Metadata" -Description: "Allows users to query AWS AppStream Images to gain insights into their properties, states, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - a ->> 'AppBlockArn' as app_block_arn, - a ->> 'Arn' as app_arn, - a ->> 'CreatedTime' as app_created_time, - a ->> 'Description' as app_description, - a ->> 'DisplayName' as app_display_name, - a ->> 'Enabled' as app_enabled, - a ->> 'IconS3Location' as app_icon_s3_location, - a ->> 'IconURL' as app_icon_url, - a ->> 'InstanceFamilies' as app_instance_families, - a ->> 'LaunchParameters' as app_launch_parameters, - a ->> 'LaunchPath' as app_launch_path, - a ->> 'Name' as app_name, - a ->> 'Platforms' as app_platforms, - a ->> 'WorkingDirectory' as app_WorkingDirectory - from - aws_appstream_image, - jsonb_array_elements(applications) as a; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n a ->> 'AppBlockArn' as app_block_arn,\n\ + \ a ->> 'Arn' as app_arn,\n a ->> 'CreatedTime' as app_created_time,\n a ->>\ + \ 'Description' as app_description,\n a ->> 'DisplayName' as app_display_name,\n\ + \ a ->> 'Enabled' as app_enabled,\n a ->> 'IconS3Location' as app_icon_s3_location,\n\ + \ a ->> 'IconURL' as app_icon_url,\n a ->> 'InstanceFamilies' as app_instance_families,\n\ + \ a ->> 'LaunchParameters' as app_launch_parameters,\n a ->> 'LaunchPath' as\ + \ app_launch_path,\n a ->> 'Name' as app_name,\n a ->> 'Platforms' as app_platforms,\n\ + \ a ->> 'WorkingDirectory' as app_WorkingDirectory\nfrom\n aws_appstream_image,\n\ + \ jsonb_array_elements(applications) as a;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AppStream +Title: List AWS AppStream Images and Metadata diff --git a/queries/aws_appstream_image_7.yaml b/queries/aws_appstream_image_7.yaml index 0ccc9dd7c..6beb4ce8c 100755 --- a/queries/aws_appstream_image_7.yaml +++ b/queries/aws_appstream_image_7.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS AppStream Images to gain insights into their + properties, states, and associated metadata. ID: aws_appstream_image_7 -Title: "Find AWS AppStream Images Properties and States" -Description: "Allows users to query AWS AppStream Images to gain insights into their properties, states, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - image_permissions ->> 'AllowFleet' as allow_fleet, - image_permissions ->> 'AllowImageBuilder' as allow_image_builder - from - aws_appstream_image; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n image_permissions ->> 'AllowFleet' as\ + \ allow_fleet,\n image_permissions ->> 'AllowImageBuilder' as allow_image_builder\n\ + from\n aws_appstream_image;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AppStream +Title: Find AWS AppStream Images Properties and States diff --git a/queries/aws_appstream_image_8.yaml b/queries/aws_appstream_image_8.yaml index 5891cd861..24489c8b7 100755 --- a/queries/aws_appstream_image_8.yaml +++ b/queries/aws_appstream_image_8.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS AppStream Images to gain insights into their + properties, states, and associated metadata. ID: aws_appstream_image_8 -Title: "List AWS AppStream Images and Their Error Details" -Description: "Allows users to query AWS AppStream Images to gain insights into their properties, states, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - e ->> 'ErrorCode' as error_code, - e ->> 'ErrorMessage' as error_message, - e ->> 'ErrorTimestamp' as error_timestamp - from - aws_appstream_image, - jsonb_array_elements(image_errors) as e; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n e ->> 'ErrorCode' as error_code,\n \ + \ e ->> 'ErrorMessage' as error_message,\n e ->> 'ErrorTimestamp' as error_timestamp\n\ + from\n aws_appstream_image,\n jsonb_array_elements(image_errors) as e;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AppStream +Title: List AWS AppStream Images and Their Error Details diff --git a/queries/aws_appsync_graphql_api_1.yaml b/queries/aws_appsync_graphql_api_1.yaml index d6cde68ea..2bd01e9aa 100755 --- a/queries/aws_appsync_graphql_api_1.yaml +++ b/queries/aws_appsync_graphql_api_1.yaml @@ -1,30 +1,21 @@ +Description: Allows users to query AppSync GraphQL APIs to retrieve detailed information + about each individual GraphQL API. ID: aws_appsync_graphql_api_1 -Title: "Find details of AWS AppSync GraphQL APIs using SQL" -Description: "Allows users to query AppSync GraphQL APIs to retrieve detailed information about each individual GraphQL API." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - api_id, - arn, - api_type, - authentication_type, - owner, - owner_contact - from - aws_appsync_graphql_api - where - api_type = 'MERGED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n api_id,\n arn,\n api_type,\n authentication_type,\n\ + \ owner,\n owner_contact\nfrom\n aws_appsync_graphql_api\nwhere\n api_type\ + \ = 'MERGED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AppSync +Title: Find details of AWS AppSync GraphQL APIs using SQL diff --git a/queries/aws_appsync_graphql_api_2.yaml b/queries/aws_appsync_graphql_api_2.yaml index c83fbabad..53bb1a657 100755 --- a/queries/aws_appsync_graphql_api_2.yaml +++ b/queries/aws_appsync_graphql_api_2.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query AppSync GraphQL APIs to retrieve detailed information + about each individual GraphQL API. ID: aws_appsync_graphql_api_2 -Title: "List all AWS AppSync GraphQL API details" -Description: "Allows users to query AppSync GraphQL APIs to retrieve detailed information about each individual GraphQL API." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - api_id, - api_type, - visibility - from - aws_appsync_graphql_api - where - visibility = 'GLOBAL' - and owner = account_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n api_id,\n api_type,\n visibility\nfrom\n \ + \ aws_appsync_graphql_api\nwhere\n visibility = 'GLOBAL'\n and owner = account_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AppSync +Title: List all AWS AppSync GraphQL API details diff --git a/queries/aws_appsync_graphql_api_3.yaml b/queries/aws_appsync_graphql_api_3.yaml index eff716851..be79c4011 100755 --- a/queries/aws_appsync_graphql_api_3.yaml +++ b/queries/aws_appsync_graphql_api_3.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AppSync GraphQL APIs to retrieve detailed information + about each individual GraphQL API. ID: aws_appsync_graphql_api_3 -Title: "Find AWS AppSync GraphQL API Details" -Description: "Allows users to query AppSync GraphQL APIs to retrieve detailed information about each individual GraphQL API." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - api_id, - owner, - log_config ->> 'CloudWatchLogsRoleArn' as cloud_watch_logs_role_arn, - log_config ->> 'FieldLogLevel' as field_log_level, - log_config ->> 'ExcludeVerboseContent' as exclude_verbose_content - from - aws_appsync_graphql_api; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n api_id,\n owner,\n log_config ->> 'CloudWatchLogsRoleArn'\ + \ as cloud_watch_logs_role_arn,\n log_config ->> 'FieldLogLevel' as field_log_level,\n\ + \ log_config ->> 'ExcludeVerboseContent' as exclude_verbose_content\nfrom\n \ + \ aws_appsync_graphql_api;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AppSync +Title: Find AWS AppSync GraphQL API Details diff --git a/queries/aws_athena_query_execution_1.yaml b/queries/aws_athena_query_execution_1.yaml index 994555ebe..e5328abf6 100755 --- a/queries/aws_athena_query_execution_1.yaml +++ b/queries/aws_athena_query_execution_1.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS Athena Query Executions to retrieve detailed + information about each individual query execution. ID: aws_athena_query_execution_1 -Title: "List AWS Athena Queries with Errors" -Description: "Allows users to query AWS Athena Query Executions to retrieve detailed information about each individual query execution." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - query, - error_message, - error_type - from - aws_athena_query_execution - where - error_message is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n query,\n error_message,\n error_type\nfrom\n\ + \ aws_athena_query_execution\nwhere\n error_message is not null;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Athena +Title: List AWS Athena Queries with Errors diff --git a/queries/aws_athena_query_execution_2.yaml b/queries/aws_athena_query_execution_2.yaml index a73fb4dbe..255c32cac 100755 --- a/queries/aws_athena_query_execution_2.yaml +++ b/queries/aws_athena_query_execution_2.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Athena Query Executions to retrieve detailed + information about each individual query execution. ID: aws_athena_query_execution_2 -Title: "Find AWS Athena Query Executions Detailed Information" -Description: "Allows users to query AWS Athena Query Executions to retrieve detailed information about each individual query execution." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workgroup, - sum(data_scanned_in_bytes) - from - aws_athena_query_execution - group by - workgroup; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n workgroup, \n sum(data_scanned_in_bytes) \nfrom \n\ + \ aws_athena_query_execution\ngroup by \n workgroup;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Athena +Title: Find AWS Athena Query Executions Detailed Information diff --git a/queries/aws_athena_query_execution_3.yaml b/queries/aws_athena_query_execution_3.yaml index 91f31dd45..ee592db87 100755 --- a/queries/aws_athena_query_execution_3.yaml +++ b/queries/aws_athena_query_execution_3.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Athena Query Executions to retrieve detailed + information about each individual query execution. ID: aws_athena_query_execution_3 -Title: "Find AWS Athena Query Executions with Execution Time" -Description: "Allows users to query AWS Athena Query Executions to retrieve detailed information about each individual query execution." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - query, - workgroup, - engine_execution_time_in_millis - from - aws_athena_query_execution - order by - engine_execution_time_in_millis limit 5; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n query,\n workgroup,\n engine_execution_time_in_millis\ + \ \nfrom\n aws_athena_query_execution \norder by\n engine_execution_time_in_millis\ + \ limit 5;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Athena +Title: Find AWS Athena Query Executions with Execution Time diff --git a/queries/aws_athena_query_execution_4.yaml b/queries/aws_athena_query_execution_4.yaml index c120b00bf..f8e36147d 100755 --- a/queries/aws_athena_query_execution_4.yaml +++ b/queries/aws_athena_query_execution_4.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS Athena Query Executions to retrieve detailed + information about each individual query execution. ID: aws_athena_query_execution_4 -Title: "Find top AWS Athena query executions" -Description: "Allows users to query AWS Athena Query Executions to retrieve detailed information about each individual query execution." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - database, - count(id) as nb_query - from - aws_athena_query_execution - group by - database - order by - nb_query limit 5; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n database,\n count(id) as nb_query \nfrom\n aws_athena_query_execution\ + \ \ngroup by\n database \norder by\n nb_query limit 5;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Athena +Title: Find top AWS Athena query executions diff --git a/queries/aws_athena_workgroup_1.yaml b/queries/aws_athena_workgroup_1.yaml index 0f93970da..5859edb7b 100755 --- a/queries/aws_athena_workgroup_1.yaml +++ b/queries/aws_athena_workgroup_1.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS Athena Workgroup details such as workgroup + name, state, description, creation time, and more. ID: aws_athena_workgroup_1 -Title: "List all AWS Athena Workgroup details and creation time" -Description: "Allows users to query AWS Athena Workgroup details such as workgroup name, state, description, creation time, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - description, - effective_engine_version, - output_location, - creation_time - from - aws_athena_workgroup - order by - creation_time; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n name, \n description, \n effective_engine_version,\ + \ \n output_location, \n creation_time \nfrom \n aws_athena_workgroup \norder\ + \ by \n creation_time;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Athena +Title: List all AWS Athena Workgroup details and creation time diff --git a/queries/aws_athena_workgroup_2.yaml b/queries/aws_athena_workgroup_2.yaml index 7da9d8849..0048e0ea8 100755 --- a/queries/aws_athena_workgroup_2.yaml +++ b/queries/aws_athena_workgroup_2.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Athena Workgroup details such as workgroup + name, state, description, creation time, and more. ID: aws_athena_workgroup_2 -Title: "Find AWS Athena Workgroup Details Including Name and State" -Description: "Allows users to query AWS Athena Workgroup details such as workgroup name, state, description, creation time, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - description - from - aws_athena_workgroup - where - effective_engine_version = 'Athena engine version 3'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n name, \n description \nfrom \n aws_athena_workgroup\ + \ \nwhere \n effective_engine_version = 'Athena engine version 3';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Athena Workgroup +Title: Find AWS Athena Workgroup Details Including Name and State diff --git a/queries/aws_athena_workgroup_3.yaml b/queries/aws_athena_workgroup_3.yaml index f2d8540a7..5a00e4835 100755 --- a/queries/aws_athena_workgroup_3.yaml +++ b/queries/aws_athena_workgroup_3.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Athena Workgroup details such as workgroup + name, state, description, creation time, and more. ID: aws_athena_workgroup_3 -Title: "List AWS Athena Workgroup details including state" -Description: "Allows users to query AWS Athena Workgroup details such as workgroup name, state, description, creation time, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - region, - count(*) - from - aws_athena_workgroup - group by - region; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n region, \n count(*) \nfrom \n aws_athena_workgroup\ + \ \ngroup by \n region;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Athena +Title: List AWS Athena Workgroup details including state diff --git a/queries/aws_athena_workgroup_4.yaml b/queries/aws_athena_workgroup_4.yaml index 161dcf9f4..9da376dab 100755 --- a/queries/aws_athena_workgroup_4.yaml +++ b/queries/aws_athena_workgroup_4.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Athena Workgroup details such as workgroup + name, state, description, creation time, and more. ID: aws_athena_workgroup_4 -Title: "List all AWS Athena Workgroup details using SQL" -Description: "Allows users to query AWS Athena Workgroup details such as workgroup name, state, description, creation time, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - description, - creation_time - from - aws_athena_workgroup - where - state = 'DISABLED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n name, \n description, \n creation_time\nfrom \n aws_athena_workgroup\ + \ \nwhere\n state = 'DISABLED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Athena +Title: List all AWS Athena Workgroup details using SQL diff --git a/queries/aws_auditmanager_assessment_1.yaml b/queries/aws_auditmanager_assessment_1.yaml index 1d2d3eda9..1082267d1 100755 --- a/queries/aws_auditmanager_assessment_1.yaml +++ b/queries/aws_auditmanager_assessment_1.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Audit Manager Assessments to retrieve detailed + information about each assessment. ID: aws_auditmanager_assessment_1 -Title: "List all AWS Audit Manager Assessments" -Description: "Allows users to query AWS Audit Manager Assessments to retrieve detailed information about each assessment." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - status, - compliance_type - from - aws_auditmanager_assessment; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n status,\n compliance_type\nfrom\n \ + \ aws_auditmanager_assessment;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Audit Manager +Title: List all AWS Audit Manager Assessments diff --git a/queries/aws_auditmanager_assessment_2.yaml b/queries/aws_auditmanager_assessment_2.yaml index bdf4325b9..02bd7f492 100755 --- a/queries/aws_auditmanager_assessment_2.yaml +++ b/queries/aws_auditmanager_assessment_2.yaml @@ -1,31 +1,26 @@ +Description: Allows users to query AWS Audit Manager Assessments to retrieve detailed + information about each assessment. ID: aws_auditmanager_assessment_2 -Title: "Find all AWS Audit Manager Assessment details" -Description: "Allows users to query AWS Audit Manager Assessments to retrieve detailed information about each assessment." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - a.name, - a.arn, - a.assessment_report_destination, - a.assessment_report_destination_type, - b.bucket_policy_is_public as is_public_bucket - from - aws_auditmanager_assessment as a - join aws_s3_bucket as b on a.assessment_report_destination = 's3://' || b.Name and b.bucket_policy_is_public; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n a.name,\n a.arn,\n a.assessment_report_destination,\n\ + \ a.assessment_report_destination_type,\n b.bucket_policy_is_public as is_public_bucket\n\ + from\n aws_auditmanager_assessment as a\njoin aws_s3_bucket as b on a.assessment_report_destination\ + \ = 's3://' || b.Name and b.bucket_policy_is_public;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Audit Manager +Title: Find all AWS Audit Manager Assessment details diff --git a/queries/aws_auditmanager_assessment_3.yaml b/queries/aws_auditmanager_assessment_3.yaml index c1c580012..615b0d679 100755 --- a/queries/aws_auditmanager_assessment_3.yaml +++ b/queries/aws_auditmanager_assessment_3.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Audit Manager Assessments to retrieve detailed + information about each assessment. ID: aws_auditmanager_assessment_3 -Title: "List all AWS Audit Manager assessments information" -Description: "Allows users to query AWS Audit Manager Assessments to retrieve detailed information about each assessment." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - status - from - aws_auditmanager_assessment - where - status <> 'ACTIVE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n status\nfrom\n aws_auditmanager_assessment\n\ + where\n status <> 'ACTIVE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Audit Manager +Title: List all AWS Audit Manager assessments information diff --git a/queries/aws_auditmanager_control_1.yaml b/queries/aws_auditmanager_control_1.yaml index 33f741ca5..bf2d8a37c 100755 --- a/queries/aws_auditmanager_control_1.yaml +++ b/queries/aws_auditmanager_control_1.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS Audit Manager Control data, providing information + about controls within AWS Audit Manager. This table enables users to access detailed + information about controls, such as control source, control type, description, and + associated metadata. ID: aws_auditmanager_control_1 -Title: "List all AWS Audit Manager Controls with Details" -Description: "Allows users to query AWS Audit Manager Control data, providing information about controls within AWS Audit Manager. This table enables users to access detailed information about controls, such as control source, control type, description, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - description, - type - from - aws_auditmanager_control; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n description,\n type\nfrom\n aws_auditmanager_control;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Audit Manager +Title: List all AWS Audit Manager Controls with Details diff --git a/queries/aws_auditmanager_control_2.yaml b/queries/aws_auditmanager_control_2.yaml index a2bec18d0..d91e6fd4d 100755 --- a/queries/aws_auditmanager_control_2.yaml +++ b/queries/aws_auditmanager_control_2.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query AWS Audit Manager Control data, providing information + about controls within AWS Audit Manager. This table enables users to access detailed + information about controls, such as control source, control type, description, and + associated metadata. ID: aws_auditmanager_control_2 -Title: "List AWS Audit Manager Control Data" -Description: "Allows users to query AWS Audit Manager Control data, providing information about controls within AWS Audit Manager. This table enables users to access detailed information about controls, such as control source, control type, description, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - type - from - aws_auditmanager_control - where - type = 'Custom'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n type\nfrom\n aws_auditmanager_control\n\ + where\n type = 'Custom';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Audit Manager +Title: List AWS Audit Manager Control Data diff --git a/queries/aws_auditmanager_evidence_1.yaml b/queries/aws_auditmanager_evidence_1.yaml index 514cf3f0c..65d1adafc 100755 --- a/queries/aws_auditmanager_evidence_1.yaml +++ b/queries/aws_auditmanager_evidence_1.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS Audit Manager Evidence, providing detailed + information about evidence resources associated with assessments in AWS Audit Manager. ID: aws_auditmanager_evidence_1 -Title: "Find AWS Audit Manager Evidence with Detailed Info" -Description: "Allows users to query AWS Audit Manager Evidence, providing detailed information about evidence resources associated with assessments in AWS Audit Manager." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - arn, - evidence_folder_id, - evidence_by_type, - iam_id, - control_set_id - from - aws_auditmanager_evidence; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n arn,\n evidence_folder_id,\n evidence_by_type,\n\ + \ iam_id,\n control_set_id\nfrom\n aws_auditmanager_evidence;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Audit Manager +Title: Find AWS Audit Manager Evidence with Detailed Info diff --git a/queries/aws_auditmanager_evidence_2.yaml b/queries/aws_auditmanager_evidence_2.yaml index 220160a70..bd48c135f 100755 --- a/queries/aws_auditmanager_evidence_2.yaml +++ b/queries/aws_auditmanager_evidence_2.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS Audit Manager Evidence, providing detailed + information about evidence resources associated with assessments in AWS Audit Manager. ID: aws_auditmanager_evidence_2 -Title: "List all evidence resources in AWS Audit Manager" -Description: "Allows users to query AWS Audit Manager Evidence, providing detailed information about evidence resources associated with assessments in AWS Audit Manager." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - evidence_folder_id, - count(id) as evidence_count - from - aws_auditmanager_evidence - group by - evidence_folder_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n evidence_folder_id,\n count(id) as evidence_count\n\ + from\n aws_auditmanager_evidence\ngroup by\n evidence_folder_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Audit Manager +Title: List all evidence resources in AWS Audit Manager diff --git a/queries/aws_auditmanager_evidence_folder_1.yaml b/queries/aws_auditmanager_evidence_folder_1.yaml index 7c2723fcf..115d9e915 100755 --- a/queries/aws_auditmanager_evidence_folder_1.yaml +++ b/queries/aws_auditmanager_evidence_folder_1.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query AWS Audit Manager Evidence Folders to get comprehensive + details about the evidence folders in the AWS Audit Manager service. ID: aws_auditmanager_evidence_folder_1 -Title: "List all AWS Audit Manager Evidence Folders" -Description: "Allows users to query AWS Audit Manager Evidence Folders to get comprehensive details about the evidence folders in the AWS Audit Manager service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - arn, - assessment_id, - control_set_id, - control_id, - total_evidence - from - aws_auditmanager_evidence_folder; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n arn,\n assessment_id,\n control_set_id,\n\ + \ control_id,\n total_evidence\nfrom\n aws_auditmanager_evidence_folder;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Audit Manager +Title: List all AWS Audit Manager Evidence Folders diff --git a/queries/aws_auditmanager_evidence_folder_2.yaml b/queries/aws_auditmanager_evidence_folder_2.yaml index 6ef19366d..68f446c00 100755 --- a/queries/aws_auditmanager_evidence_folder_2.yaml +++ b/queries/aws_auditmanager_evidence_folder_2.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Audit Manager Evidence Folders to get comprehensive + details about the evidence folders in the AWS Audit Manager service. ID: aws_auditmanager_evidence_folder_2 -Title: "List all Evidence Folders in AWS Audit Manager" -Description: "Allows users to query AWS Audit Manager Evidence Folders to get comprehensive details about the evidence folders in the AWS Audit Manager service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - assessment_id, - count(id) as evidence_folder_count - from - aws_auditmanager_evidence_folder - group by - assessment_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n assessment_id,\n count(id) as evidence_folder_count\n\ + from\n aws_auditmanager_evidence_folder\ngroup by\n assessment_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Audit Manager +Title: List all Evidence Folders in AWS Audit Manager diff --git a/queries/aws_auditmanager_framework_1.yaml b/queries/aws_auditmanager_framework_1.yaml index 86dba5926..1ef90c9d5 100755 --- a/queries/aws_auditmanager_framework_1.yaml +++ b/queries/aws_auditmanager_framework_1.yaml @@ -1,25 +1,18 @@ +Description: Allows users to query AWS Audit Manager Frameworks ID: aws_auditmanager_framework_1 -Title: "Find all AWS Audit Manager Frameworks" -Description: "Allows users to query AWS Audit Manager Frameworks" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - id, - type - from - aws_auditmanager_framework; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n id,\n type\nfrom\n aws_auditmanager_framework;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Audit Manager +Title: Find all AWS Audit Manager Frameworks diff --git a/queries/aws_auditmanager_framework_2.yaml b/queries/aws_auditmanager_framework_2.yaml index 0e2aeef58..730ac02fe 100755 --- a/queries/aws_auditmanager_framework_2.yaml +++ b/queries/aws_auditmanager_framework_2.yaml @@ -1,27 +1,19 @@ +Description: Allows users to query AWS Audit Manager Frameworks ID: aws_auditmanager_framework_2 -Title: "Find AWS Audit Manager Frameworks with SQL" -Description: "Allows users to query AWS Audit Manager Frameworks" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - id, - type - from - aws_auditmanager_framework - where - type = 'Custom'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n id,\n type\nfrom\n aws_auditmanager_framework\n\ + where\n type = 'Custom';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Audit Manager +Title: Find AWS Audit Manager Frameworks with SQL diff --git a/queries/aws_availability_zone_1.yaml b/queries/aws_availability_zone_1.yaml index 854e7a9a0..f903e5ac9 100755 --- a/queries/aws_availability_zone_1.yaml +++ b/queries/aws_availability_zone_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query EC2 Availability Zones in AWS, providing details + such as zone ID, name, region, and state. ID: aws_availability_zone_1 -Title: "List all EC2 Availability Zones with Details" -Description: "Allows users to query EC2 Availability Zones in AWS, providing details such as zone ID, name, region, and state." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - zone_id, - zone_type, - group_name, - region_name - from - aws_availability_zone; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n zone_id,\n zone_type,\n group_name,\n region_name\n\ + from\n aws_availability_zone;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all EC2 Availability Zones with Details diff --git a/queries/aws_availability_zone_2.yaml b/queries/aws_availability_zone_2.yaml index c48a89428..838b4a923 100755 --- a/queries/aws_availability_zone_2.yaml +++ b/queries/aws_availability_zone_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query EC2 Availability Zones in AWS, providing details + such as zone ID, name, region, and state. ID: aws_availability_zone_2 -Title: "List all EC2 Availability Zones details in AWS" -Description: "Allows users to query EC2 Availability Zones in AWS, providing details such as zone ID, name, region, and state." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - region_name, - count(name) as zone_count - from - aws_availability_zone - group by - region_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n region_name,\n count(name) as zone_count\nfrom\n aws_availability_zone\n\ + group by\n region_name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all EC2 Availability Zones details in AWS diff --git a/queries/aws_availability_zone_3.yaml b/queries/aws_availability_zone_3.yaml index c0a7de13a..0e1c41cb6 100755 --- a/queries/aws_availability_zone_3.yaml +++ b/queries/aws_availability_zone_3.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query EC2 Availability Zones in AWS, providing details + such as zone ID, name, region, and state. ID: aws_availability_zone_3 -Title: "List all EC2 Availability Zones with details in AWS" -Description: "Allows users to query EC2 Availability Zones in AWS, providing details such as zone ID, name, region, and state." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - zone_id, - region_name, - opt_in_status - from - aws_availability_zone - where - opt_in_status = 'not-opted-in'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n zone_id,\n region_name,\n opt_in_status\n\ + from\n aws_availability_zone\nwhere\n opt_in_status = 'not-opted-in';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all EC2 Availability Zones with details in AWS diff --git a/queries/aws_backup_framework_1.yaml b/queries/aws_backup_framework_1.yaml index 9cdebf56b..ea2c56374 100755 --- a/queries/aws_backup_framework_1.yaml +++ b/queries/aws_backup_framework_1.yaml @@ -1,33 +1,24 @@ +Description: Allows users to query AWS Backup Frameworks and retrieve comprehensive + data about each backup plan, including its unique ARN, version, creation and deletion + dates, and more. ID: aws_backup_framework_1 -Title: "List AWS Backup Frameworks with Comprehensive Details" -Description: "Allows users to query AWS Backup Frameworks and retrieve comprehensive data about each backup plan, including its unique ARN, version, creation and deletion dates, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - account_id, - arn, - creation_time, - deployment_status, - framework_controls, - framework_description,framework_name, - framework_status, - number_of_controls, - region, - tags - from - aws_backup_framework; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n account_id,\n arn,\n creation_time,\n deployment_status,\n\ + \ framework_controls,\n framework_description,framework_name,\n framework_status,\n\ + \ number_of_controls,\n region,\n tags\nfrom\n aws_backup_framework;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Backup +Title: List AWS Backup Frameworks with Comprehensive Details diff --git a/queries/aws_backup_framework_2.yaml b/queries/aws_backup_framework_2.yaml index cfa209e21..0477b4679 100755 --- a/queries/aws_backup_framework_2.yaml +++ b/queries/aws_backup_framework_2.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Backup Frameworks and retrieve comprehensive + data about each backup plan, including its unique ARN, version, creation and deletion + dates, and more. ID: aws_backup_framework_2 -Title: "List all AWS Backup Frameworks and Detailed Information" -Description: "Allows users to query AWS Backup Frameworks and retrieve comprehensive data about each backup plan, including its unique ARN, version, creation and deletion dates, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - framework_name, - arn, - creation_time, - number_of_controls - from - aws_backup_framework - where - creation_time >= (current_date - interval '90' day) - order by - creation_time; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n framework_name,\n arn,\n creation_time,\n number_of_controls\n\ + from\n aws_backup_framework\nwhere\n creation_time >= (current_date - interval\ + \ '90' day)\norder by\n creation_time;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Backup +Title: List all AWS Backup Frameworks and Detailed Information diff --git a/queries/aws_backup_framework_3.yaml b/queries/aws_backup_framework_3.yaml index 9aedfbede..93054bae3 100755 --- a/queries/aws_backup_framework_3.yaml +++ b/queries/aws_backup_framework_3.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS Backup Frameworks and retrieve comprehensive + data about each backup plan, including its unique ARN, version, creation and deletion + dates, and more. ID: aws_backup_framework_3 -Title: "List AWS Backup Frameworks and Detailed Plans" -Description: "Allows users to query AWS Backup Frameworks and retrieve comprehensive data about each backup plan, including its unique ARN, version, creation and deletion dates, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - framework_name - from - aws_backup_framework, - jsonb_array_elements(framework_controls) as controls - where - controls ->> 'ControlName' = 'BACKUP_RESOURCES_PROTECTED_BY_BACKUP_VAULT_LOCK'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n framework_name\nfrom\n aws_backup_framework,\n jsonb_array_elements(framework_controls)\ + \ as controls\nwhere\n controls ->> 'ControlName' = 'BACKUP_RESOURCES_PROTECTED_BY_BACKUP_VAULT_LOCK';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Backup +Title: List AWS Backup Frameworks and Detailed Plans diff --git a/queries/aws_backup_framework_4.yaml b/queries/aws_backup_framework_4.yaml index d70e97b98..1d844f9eb 100755 --- a/queries/aws_backup_framework_4.yaml +++ b/queries/aws_backup_framework_4.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query AWS Backup Frameworks and retrieve comprehensive + data about each backup plan, including its unique ARN, version, creation and deletion + dates, and more. ID: aws_backup_framework_4 -Title: "Find AWS Backup Frameworks and Retrieve Comprehensive Data" -Description: "Allows users to query AWS Backup Frameworks and retrieve comprehensive data about each backup plan, including its unique ARN, version, creation and deletion dates, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - framework_name, - controls ->> 'ControlName' as control_name, - control_scope - from - aws_backup_framework, - jsonb_array_elements(framework_controls) as controls, - json_array_elements_text(coalesce(controls -> 'ControlScope' ->> 'ComplianceResourceTypes', '[""]')::json) as control_scope - where - framework_name = 'framework_name'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n framework_name,\n controls ->> 'ControlName' as control_name,\n\ + \ control_scope\nfrom\n aws_backup_framework,\n jsonb_array_elements(framework_controls)\ + \ as controls,\n json_array_elements_text(coalesce(controls -> 'ControlScope'\ + \ ->> 'ComplianceResourceTypes', '[\"\"]')::json) as control_scope\nwhere\n framework_name\ + \ = 'framework_name';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Backup +Title: Find AWS Backup Frameworks and Retrieve Comprehensive Data diff --git a/queries/aws_backup_framework_5.yaml b/queries/aws_backup_framework_5.yaml index 78b21f858..19fc54777 100755 --- a/queries/aws_backup_framework_5.yaml +++ b/queries/aws_backup_framework_5.yaml @@ -1,49 +1,35 @@ +Description: Allows users to query AWS Backup Frameworks and retrieve comprehensive + data about each backup plan, including its unique ARN, version, creation and deletion + dates, and more. ID: aws_backup_framework_5 -Title: "Find AWS Backup Frameworks and Compliance Types" -Description: "Allows users to query AWS Backup Frameworks and retrieve comprehensive data about each backup plan, including its unique ARN, version, creation and deletion dates, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - rule_name, - compliance_result -> 'Compliance' ->> 'ComplianceType' as compliance_type, - compliance_result -> 'Compliance' -> 'ComplianceContributorCount' ->> 'CappedCount' as count_of_noncompliant_resources - from - aws_config_rule - inner join - ( - -- The sub-query will create the AWS Config rule name from information stored in the AWS Backup framework table. - select - case when framework_information.control_scope = '' then concat(framework_information.control_name, '-', framework_information.framework_uuid) - else concat(upper(framework_information.control_scope), '-', framework_information.control_name, '-', framework_information.framework_uuid) - end as rule_name - from - ( - select - framework_name, - controls ->> 'ControlName' as control_name, - control_scope, - right(arn, 36) as framework_uuid - from - aws_backup_framework, - jsonb_array_elements(framework_controls) as controls, - json_array_elements_text(coalesce(controls -> 'ControlScope' ->> 'ComplianceResourceTypes', '[""]')::json) as control_scope - ) as framework_information - ) as backup_framework - on - aws_config_rule.name = backup_framework.rule_name, - jsonb_array_elements(compliance_by_config_rule) as compliance_result - where - compliance_result -> 'Compliance' ->> 'ComplianceType' = 'NON_COMPLIANT'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n rule_name,\n compliance_result -> 'Compliance' ->> 'ComplianceType'\ + \ as compliance_type,\n compliance_result -> 'Compliance' -> 'ComplianceContributorCount'\ + \ ->> 'CappedCount' as count_of_noncompliant_resources\nfrom\n aws_config_rule\n\ + inner join\n(\n -- The sub-query will create the AWS Config rule name from information\ + \ stored in the AWS Backup framework table.\n select\n case when framework_information.control_scope\ + \ = '' then concat(framework_information.control_name, '-', framework_information.framework_uuid)\n\ + \ else concat(upper(framework_information.control_scope), '-', framework_information.control_name,\ + \ '-', framework_information.framework_uuid)\n end as rule_name\n from\n \ + \ (\n select\n framework_name,\n controls ->> 'ControlName' as control_name,\n\ + \ control_scope,\n right(arn, 36) as framework_uuid\n from\n \ + \ aws_backup_framework,\n jsonb_array_elements(framework_controls) as controls,\n\ + \ json_array_elements_text(coalesce(controls -> 'ControlScope' ->> 'ComplianceResourceTypes',\ + \ '[\"\"]')::json) as control_scope\n ) as framework_information\n) as backup_framework\n\ + on\n aws_config_rule.name = backup_framework.rule_name,\n jsonb_array_elements(compliance_by_config_rule)\ + \ as compliance_result\nwhere\n compliance_result -> 'Compliance' ->> 'ComplianceType'\ + \ = 'NON_COMPLIANT';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Backup +Title: Find AWS Backup Frameworks and Compliance Types diff --git a/queries/aws_backup_framework_6.yaml b/queries/aws_backup_framework_6.yaml index 6c368ee6d..39aef9427 100755 --- a/queries/aws_backup_framework_6.yaml +++ b/queries/aws_backup_framework_6.yaml @@ -1,50 +1,36 @@ +Description: Allows users to query AWS Backup Frameworks and retrieve comprehensive + data about each backup plan, including its unique ARN, version, creation and deletion + dates, and more. ID: aws_backup_framework_6 -Title: "Find AWS Backup Frameworks with Compliance Status" -Description: "Allows users to query AWS Backup Frameworks and retrieve comprehensive data about each backup plan, including its unique ARN, version, creation and deletion dates, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - rule_name, - compliance_result -> 'Compliance' ->> 'ComplianceType' as compliance_type - from - aws_config_rule - inner join - ( - -- The sub-query will create the AWS Config rule name from information stored in the AWS Backup framework table. - select - case when framework_information.control_scope = '' then concat(framework_information.control_name, '-', framework_information.framework_uuid) - else concat(upper(framework_information.control_scope), '-', framework_information.control_name, '-', framework_information.framework_uuid) - end as rule_name - from - ( - select - framework_name, - controls ->> 'ControlName' as control_name, - control_scope, - right(arn, 36) as framework_uuid - from - aws_backup_framework, - jsonb_array_elements(framework_controls) as controls, - json_array_elements_text(coalesce(controls -> 'ControlScope' ->> 'ComplianceResourceTypes', '[""]')::json) as control_scope - ) as framework_information - ) as backup_framework - on - aws_config_rule.name = backup_framework.rule_name, - jsonb_array_elements(compliance_by_config_rule) as compliance_result - where - compliance_result -> 'Compliance' ->> 'ComplianceType' = 'COMPLIANT'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n rule_name,\n compliance_result -> 'Compliance' ->> 'ComplianceType'\ + \ as compliance_type\nfrom\n aws_config_rule\ninner join\n(\n -- The sub-query\ + \ will create the AWS Config rule name from information stored in the AWS Backup\ + \ framework table.\n select\n case when framework_information.control_scope\ + \ = '' then concat(framework_information.control_name, '-', framework_information.framework_uuid)\n\ + \ else concat(upper(framework_information.control_scope), '-', framework_information.control_name,\ + \ '-', framework_information.framework_uuid)\n end as rule_name\n from\n \ + \ (\n select\n framework_name,\n controls ->> 'ControlName' as control_name,\n\ + \ control_scope,\n right(arn, 36) as framework_uuid\n from\n \ + \ aws_backup_framework,\n jsonb_array_elements(framework_controls) as controls,\n\ + \ json_array_elements_text(coalesce(controls -> 'ControlScope' ->> 'ComplianceResourceTypes',\ + \ '[\"\"]')::json) as control_scope\n ) as framework_information\n) as backup_framework\n\ + on\n aws_config_rule.name = backup_framework.rule_name,\n jsonb_array_elements(compliance_by_config_rule)\ + \ as compliance_result\nwhere\n compliance_result -> 'Compliance' ->> 'ComplianceType'\ + \ = 'COMPLIANT';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Backup +Title: Find AWS Backup Frameworks with Compliance Status diff --git a/queries/aws_backup_job_1.yaml b/queries/aws_backup_job_1.yaml index e09bd6af1..8d97e143f 100755 --- a/queries/aws_backup_job_1.yaml +++ b/queries/aws_backup_job_1.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Backup Jobs, providing detailed information + about the status of backups jobs. ID: aws_backup_job_1 -Title: "Find all AWS Backup Job details including status" -Description: "Allows users to query AWS Backup Jobs, providing detailed information about the status of backups jobs." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - job_id, - recovery_point_arn, - backup_vault_arn, - status - from - aws_backup_job - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n job_id,\n recovery_point_arn,\n backup_vault_arn,\n\ + \ status\nfrom\n aws_backup_job" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Backup +Title: Find all AWS Backup Job details including status diff --git a/queries/aws_backup_job_2.yaml b/queries/aws_backup_job_2.yaml index 19c6e0528..edb5f1aa0 100755 --- a/queries/aws_backup_job_2.yaml +++ b/queries/aws_backup_job_2.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS Backup Jobs, providing detailed information + about the status of backups jobs. ID: aws_backup_job_2 -Title: "List All Incomplete AWS Backup Jobs" -Description: "Allows users to query AWS Backup Jobs, providing detailed information about the status of backups jobs." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - job_id, - recovery_point_arn, - backup_vault_arn, - status, - current_date - from - aws_backup_job - where - status != 'COMPLETED' - and creation_date > current_date - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n job_id,\n recovery_point_arn,\n backup_vault_arn,\n\ + \ status,\n current_date\nfrom\n aws_backup_job\nwhere\n status != 'COMPLETED'\n\ + \ and creation_date > current_date" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Backup +Title: List All Incomplete AWS Backup Jobs diff --git a/queries/aws_backup_job_3.yaml b/queries/aws_backup_job_3.yaml index 7f05d4e2e..23c020e44 100755 --- a/queries/aws_backup_job_3.yaml +++ b/queries/aws_backup_job_3.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Backup Jobs, providing detailed information + about the status of backups jobs. ID: aws_backup_job_3 -Title: "List all AWS Backup Jobs with Status Details" -Description: "Allows users to query AWS Backup Jobs, providing detailed information about the status of backups jobs." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - resource_type, - count(*) - from - aws_backup_job - group by - resource_type - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n resource_type,\n count(*)\nfrom\n aws_backup_job\n\ + group by\n resource_type" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Backup +Title: List all AWS Backup Jobs with Status Details diff --git a/queries/aws_backup_legal_hold_1.yaml b/queries/aws_backup_legal_hold_1.yaml index 9f0211b78..207b63541 100755 --- a/queries/aws_backup_legal_hold_1.yaml +++ b/queries/aws_backup_legal_hold_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Backup Legal Hold to obtain information about + the legal hold settings of AWS backup resources. ID: aws_backup_legal_hold_1 -Title: "List AWS Backup Legal Hold Settings" -Description: "Allows users to query AWS Backup Legal Hold to obtain information about the legal hold settings of AWS backup resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - legal_hold_id, - arn, - creation_date, - cancellation_date - from - aws_backup_legal_hold; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n legal_hold_id,\n arn,\n creation_date,\n cancellation_date\n\ + from\n aws_backup_legal_hold;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Backup +Title: List AWS Backup Legal Hold Settings diff --git a/queries/aws_backup_legal_hold_2.yaml b/queries/aws_backup_legal_hold_2.yaml index 74670c1fc..c10077ef3 100755 --- a/queries/aws_backup_legal_hold_2.yaml +++ b/queries/aws_backup_legal_hold_2.yaml @@ -1,34 +1,25 @@ +Description: Allows users to query AWS Backup Legal Hold to obtain information about + the legal hold settings of AWS backup resources. ID: aws_backup_legal_hold_2 -Title: "Find AWS Backup Legal Hold Settings" -Description: "Allows users to query AWS Backup Legal Hold to obtain information about the legal hold settings of AWS backup resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - legal_hold_id, - arn, - creation_date, - creation_date, - retain_record_until - from - aws_backup_legal_hold - where - creation_date <= current_date - interval '10' day - order by - creation_date; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n legal_hold_id,\n arn,\n creation_date,\n creation_date,\n\ + \ retain_record_until\nfrom\n aws_backup_legal_hold\nwhere\n creation_date\ + \ <= current_date - interval '10' day\norder by\n creation_date;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Backup +Title: Find AWS Backup Legal Hold Settings diff --git a/queries/aws_backup_legal_hold_3.yaml b/queries/aws_backup_legal_hold_3.yaml index 20bc9ad47..79ff32591 100755 --- a/queries/aws_backup_legal_hold_3.yaml +++ b/queries/aws_backup_legal_hold_3.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS Backup Legal Hold to obtain information about + the legal hold settings of AWS backup resources. ID: aws_backup_legal_hold_3 -Title: "List all AWS Backup Legal Hold settings" -Description: "Allows users to query AWS Backup Legal Hold to obtain information about the legal hold settings of AWS backup resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - legal_hold_id, - recovery_point_selection -> 'DateRange' ->> 'ToDate' as to_date, - recovery_point_selection -> 'DateRange' ->> 'FromDate' as from_date, - recovery_point_selection -> 'VaultNames' as vault_names, - recovery_point_selection ->> 'ResourceIdentifiers' as resource_identifiers - from - aws_backup_legal_hold; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n legal_hold_id,\n recovery_point_selection\ + \ -> 'DateRange' ->> 'ToDate' as to_date,\n recovery_point_selection -> 'DateRange'\ + \ ->> 'FromDate' as from_date,\n recovery_point_selection -> 'VaultNames' as\ + \ vault_names,\n recovery_point_selection ->> 'ResourceIdentifiers' as resource_identifiers\n\ + from\n aws_backup_legal_hold;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Backup +Title: List all AWS Backup Legal Hold settings diff --git a/queries/aws_backup_plan_1.yaml b/queries/aws_backup_plan_1.yaml index 3fc844db0..dc2616ced 100755 --- a/queries/aws_backup_plan_1.yaml +++ b/queries/aws_backup_plan_1.yaml @@ -1,30 +1,26 @@ +Description: Allows users to query AWS Backup Plan data, providing detailed information + about each backup plan created within an AWS account. Useful for DevOps engineers + to monitor and manage backup strategies and ensure data recovery processes are in + place. ID: aws_backup_plan_1 -Title: "Find AWS Backup Plans Information for Data Recovery" -Description: "Allows users to query AWS Backup Plan data, providing detailed information about each backup plan created within an AWS account. Useful for DevOps engineers to monitor and manage backup strategies and ensure data recovery processes are in place." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - backup_plan_id, - arn, - creation_date, - last_execution_date - from - aws_backup_plan; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n backup_plan_id,\n arn,\n creation_date,\n\ + \ last_execution_date\nfrom\n aws_backup_plan;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Backup +Title: Find AWS Backup Plans Information for Data Recovery diff --git a/queries/aws_backup_plan_2.yaml b/queries/aws_backup_plan_2.yaml index 42bc21027..e7452e11f 100755 --- a/queries/aws_backup_plan_2.yaml +++ b/queries/aws_backup_plan_2.yaml @@ -1,32 +1,25 @@ +Description: Allows users to query AWS Backup Plan data, providing detailed information + about each backup plan created within an AWS account. Useful for DevOps engineers + to monitor and manage backup strategies and ensure data recovery processes are in + place. ID: aws_backup_plan_2 -Title: "List all AWS Backup Plans and details within 90 days" -Description: "Allows users to query AWS Backup Plan data, providing detailed information about each backup plan created within an AWS account. Useful for DevOps engineers to monitor and manage backup strategies and ensure data recovery processes are in place." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - backup_plan_id, - arn, - creation_date, - last_execution_date - from - aws_backup_plan - where - creation_date <= (current_date - interval '90' day) - order by - creation_date; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n backup_plan_id,\n arn,\n creation_date,\n\ + \ last_execution_date\nfrom\n aws_backup_plan\nwhere\n creation_date <= (current_date\ + \ - interval '90' day)\norder by\n creation_date;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Backup Plan +Title: List all AWS Backup Plans and details within 90 days diff --git a/queries/aws_backup_plan_3.yaml b/queries/aws_backup_plan_3.yaml index d3c9951a8..e2d740e05 100755 --- a/queries/aws_backup_plan_3.yaml +++ b/queries/aws_backup_plan_3.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS Backup Plan data, providing detailed information + about each backup plan created within an AWS account. Useful for DevOps engineers + to monitor and manage backup strategies and ensure data recovery processes are in + place. ID: aws_backup_plan_3 -Title: "List all AWS Backup Plans with Details" -Description: "Allows users to query AWS Backup Plan data, providing detailed information about each backup plan created within an AWS account. Useful for DevOps engineers to monitor and manage backup strategies and ensure data recovery processes are in place." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - creation_date, - deletion_date - from - aws_backup_plan - where - deletion_date > current_date - 7 - order by - deletion_date; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n creation_date,\n deletion_date\nfrom\n\ + \ aws_backup_plan\nwhere\n deletion_date > current_date - 7\norder by\n deletion_date;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Backup +Title: List all AWS Backup Plans with Details diff --git a/queries/aws_backup_protected_resource_1.yaml b/queries/aws_backup_protected_resource_1.yaml index 025358912..098927b80 100755 --- a/queries/aws_backup_protected_resource_1.yaml +++ b/queries/aws_backup_protected_resource_1.yaml @@ -1,24 +1,20 @@ +Description: Allows users to query AWS Backup Protected Resources to retrieve detailed + information about the resources that are backed up by AWS Backup service. ID: aws_backup_protected_resource_1 -Title: "List all AWS Backup Protected Resource details" -Description: "Allows users to query AWS Backup Protected Resources to retrieve detailed information about the resources that are backed up by AWS Backup service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - resource_arn, - resource_type, - last_backup_time - from - aws_backup_protected_resource; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n resource_arn,\n resource_type,\n last_backup_time\n\ + from\n aws_backup_protected_resource;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Backup +Title: List all AWS Backup Protected Resource details diff --git a/queries/aws_backup_protected_resource_2.yaml b/queries/aws_backup_protected_resource_2.yaml index acf4968cd..bed45eaa2 100755 --- a/queries/aws_backup_protected_resource_2.yaml +++ b/queries/aws_backup_protected_resource_2.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Backup Protected Resources to retrieve detailed + information about the resources that are backed up by AWS Backup service. ID: aws_backup_protected_resource_2 -Title: "Find AWS Backup Protected Resources Information" -Description: "Allows users to query AWS Backup Protected Resources to retrieve detailed information about the resources that are backed up by AWS Backup service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - resource_arn, - resource_type, - last_backup_time - from - aws_backup_protected_resource - where - resource_type = 'EBS'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n resource_arn,\n resource_type,\n last_backup_time\n\ + from\n aws_backup_protected_resource\nwhere\n resource_type = 'EBS';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Backup +Title: Find AWS Backup Protected Resources Information diff --git a/queries/aws_backup_recovery_point_1.yaml b/queries/aws_backup_recovery_point_1.yaml index cb48429be..f0474e76f 100755 --- a/queries/aws_backup_recovery_point_1.yaml +++ b/queries/aws_backup_recovery_point_1.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Backup Recovery Points to gather comprehensive + information about each recovery point within an AWS Backup vault. ID: aws_backup_recovery_point_1 -Title: "List all AWS Backup Recovery Points in a Backup Vault" -Description: "Allows users to query AWS Backup Recovery Points to gather comprehensive information about each recovery point within an AWS Backup vault." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - backup_vault_name, - recovery_point_arn, - resource_type, - status - from - aws_backup_recovery_point; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n backup_vault_name,\n recovery_point_arn,\n resource_type,\n\ + \ status\nfrom\n aws_backup_recovery_point;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Backup +Title: List all AWS Backup Recovery Points in a Backup Vault diff --git a/queries/aws_backup_recovery_point_2.yaml b/queries/aws_backup_recovery_point_2.yaml index aa35a33f9..49f714371 100755 --- a/queries/aws_backup_recovery_point_2.yaml +++ b/queries/aws_backup_recovery_point_2.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS Backup Recovery Points to gather comprehensive + information about each recovery point within an AWS Backup vault. ID: aws_backup_recovery_point_2 -Title: "List all AWS Backup Recovery Points in Vault" -Description: "Allows users to query AWS Backup Recovery Points to gather comprehensive information about each recovery point within an AWS Backup vault." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - backup_vault_name, - recovery_point_arn, - resource_type, - status, - is_encrypted - from - aws_backup_recovery_point - where - is_encrypted; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n backup_vault_name,\n recovery_point_arn,\n resource_type,\n\ + \ status,\n is_encrypted\nfrom\n aws_backup_recovery_point\nwhere\n is_encrypted;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Backup +Title: List all AWS Backup Recovery Points in Vault diff --git a/queries/aws_backup_recovery_point_3.yaml b/queries/aws_backup_recovery_point_3.yaml index 66d8dd836..63230e7e9 100755 --- a/queries/aws_backup_recovery_point_3.yaml +++ b/queries/aws_backup_recovery_point_3.yaml @@ -1,41 +1,28 @@ +Description: Allows users to query AWS Backup Recovery Points to gather comprehensive + information about each recovery point within an AWS Backup vault. ID: aws_backup_recovery_point_3 -Title: "List all AWS Backup Recovery Points in a Vault" -Description: "Allows users to query AWS Backup Recovery Points to gather comprehensive information about each recovery point within an AWS Backup vault." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.backup_vault_name as backup_vault_name, - r.recovery_point_arn as recovery_point_arn, - r.resource_type as resource_type, - case - when r.resource_type = 'EBS' then ( - select tags from aws_ebs_snapshot where arn = concat( - (string_to_array(r.recovery_point_arn, '::'))[1], - ':', - r.account_id, - ':', - (string_to_array(r.recovery_point_arn, '::'))[2] - ) - ) - when r.resource_type = 'EC2' then ( - select tags from aws_ec2_ami where image_id = (string_to_array(r.recovery_point_arn, '::image/'))[2] - ) - when r.resource_type in ('S3', 'EFS') then r.tags - end as tags, - r.region, - r.account_id - from - aws_backup_recovery_point as r; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n r.backup_vault_name as backup_vault_name,\n r.recovery_point_arn\ + \ as recovery_point_arn,\n r.resource_type as resource_type,\ncase\n when\ + \ r.resource_type = 'EBS' then (\n select tags from aws_ebs_snapshot where\ + \ arn = concat(\n (string_to_array(r.recovery_point_arn, '::'))[1],\n \ + \ ':',\n r.account_id,\n ':',\n (string_to_array(r.recovery_point_arn,\ + \ '::'))[2]\n )\n )\n when r.resource_type = 'EC2' then (\n select\ + \ tags from aws_ec2_ami where image_id = (string_to_array(r.recovery_point_arn,\ + \ '::image/'))[2]\n )\n when r.resource_type in ('S3', 'EFS') then r.tags\n\ + end as tags,\n r.region,\n r.account_id\nfrom\n aws_backup_recovery_point as\ + \ r;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Backup +Title: List all AWS Backup Recovery Points in a Vault diff --git a/queries/aws_backup_report_plan_1.yaml b/queries/aws_backup_report_plan_1.yaml index b0de35c92..f0a16b912 100755 --- a/queries/aws_backup_report_plan_1.yaml +++ b/queries/aws_backup_report_plan_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Backup Report Plan data, including details + about backup jobs, recovery points, and backup vaults. ID: aws_backup_report_plan_1 -Title: "List all AWS Backup Report Plan details" -Description: "Allows users to query AWS Backup Report Plan data, including details about backup jobs, recovery points, and backup vaults." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - description, - creation_time, - last_attempted_execution_time, - deployment_status - from - aws_backup_report_plan; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n description,\n creation_time,\n last_attempted_execution_time,\n\ + \ deployment_status\nfrom\n aws_backup_report_plan;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Backup +Title: List all AWS Backup Report Plan details diff --git a/queries/aws_backup_report_plan_2.yaml b/queries/aws_backup_report_plan_2.yaml index 76751422c..44f3a7e57 100755 --- a/queries/aws_backup_report_plan_2.yaml +++ b/queries/aws_backup_report_plan_2.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS Backup Report Plan data, including details + about backup jobs, recovery points, and backup vaults. ID: aws_backup_report_plan_2 -Title: "List all AWS Backup Report Plan data details" -Description: "Allows users to query AWS Backup Report Plan data, including details about backup jobs, recovery points, and backup vaults." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - description, - creation_time, - last_attempted_execution_time, - deployment_status - from - aws_backup_report_plan - where - creation_time <= (current_date - interval '90' day) - order by - creation_time; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n description,\n creation_time,\n last_attempted_execution_time,\n\ + \ deployment_status\nfrom\n aws_backup_report_plan\nwhere\n creation_time <=\ + \ (current_date - interval '90' day)\norder by\n creation_time;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Backup +Title: List all AWS Backup Report Plan data details diff --git a/queries/aws_backup_report_plan_3.yaml b/queries/aws_backup_report_plan_3.yaml index 6d480bce2..96bce92e1 100755 --- a/queries/aws_backup_report_plan_3.yaml +++ b/queries/aws_backup_report_plan_3.yaml @@ -1,30 +1,21 @@ +Description: Allows users to query AWS Backup Report Plan data, including details + about backup jobs, recovery points, and backup vaults. ID: aws_backup_report_plan_3 -Title: "List AWS Backup Report Plan Data with Details" -Description: "Allows users to query AWS Backup Report Plan data, including details about backup jobs, recovery points, and backup vaults." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - description, - creation_time, - last_attempted_execution_time, - deployment_status - from - aws_backup_report_plan - where - last_successful_execution_time > current_date - 7 - order by - last_successful_execution_time; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n description,\n creation_time,\n last_attempted_execution_time,\n\ + \ deployment_status\nfrom\n aws_backup_report_plan\nwhere\n last_successful_execution_time\ + \ > current_date - 7\norder by\n last_successful_execution_time;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Backup +Title: List AWS Backup Report Plan Data with Details diff --git a/queries/aws_backup_report_plan_4.yaml b/queries/aws_backup_report_plan_4.yaml index c64756aed..729b2f135 100755 --- a/queries/aws_backup_report_plan_4.yaml +++ b/queries/aws_backup_report_plan_4.yaml @@ -1,34 +1,26 @@ +Description: Allows users to query AWS Backup Report Plan data, including details + about backup jobs, recovery points, and backup vaults. ID: aws_backup_report_plan_4 -Title: "List AWS Backup Report Plan Data Details" -Description: "Allows users to query AWS Backup Report Plan data, including details about backup jobs, recovery points, and backup vaults." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - description, - creation_time, - report_setting ->> 'ReportTemplate' as report_template, - report_setting ->> 'Accounts' as accounts, - report_setting ->> 'FrameworkArns' as framework_arns, - report_setting ->> 'NumberOfFrameworks' as number_of_frameworks, - report_setting ->> 'OrganizationUnits' as organization_units, - report_setting ->> 'Regions' as regions - from - aws_backup_report_plan - where - title = 'backup_jobs_report_12_07_2023'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n description,\n creation_time,\n report_setting\ + \ ->> 'ReportTemplate' as report_template,\n report_setting ->> 'Accounts' as\ + \ accounts,\n report_setting ->> 'FrameworkArns' as framework_arns,\n report_setting\ + \ ->> 'NumberOfFrameworks' as number_of_frameworks,\n report_setting ->> 'OrganizationUnits'\ + \ as organization_units,\n report_setting ->> 'Regions' as regions\nfrom\n aws_backup_report_plan\n\ + where\n title = 'backup_jobs_report_12_07_2023';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Backup +Title: List AWS Backup Report Plan Data Details diff --git a/queries/aws_backup_report_plan_5.yaml b/queries/aws_backup_report_plan_5.yaml index 2957b9040..35724745a 100755 --- a/queries/aws_backup_report_plan_5.yaml +++ b/queries/aws_backup_report_plan_5.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS Backup Report Plan data, including details + about backup jobs, recovery points, and backup vaults. ID: aws_backup_report_plan_5 -Title: "Query AWS Backup Report Plan Details" -Description: "Allows users to query AWS Backup Report Plan data, including details about backup jobs, recovery points, and backup vaults." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - description, - creation_time, - last_attempted_execution_time, - deployment_status - from - aws_backup_report_plan - where - deployment_status = 'COMPLETED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n description,\n creation_time,\n last_attempted_execution_time,\n\ + \ deployment_status\nfrom\n aws_backup_report_plan\nwhere\n deployment_status\ + \ = 'COMPLETED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Backup Report Plan +Title: Query AWS Backup Report Plan Details diff --git a/queries/aws_backup_report_plan_6.yaml b/queries/aws_backup_report_plan_6.yaml index 9683ed2e6..a9c0bc445 100755 --- a/queries/aws_backup_report_plan_6.yaml +++ b/queries/aws_backup_report_plan_6.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS Backup Report Plan data, including details + about backup jobs, recovery points, and backup vaults. ID: aws_backup_report_plan_6 -Title: "Query AWS Backup Report Plan data with details" -Description: "Allows users to query AWS Backup Report Plan data, including details about backup jobs, recovery points, and backup vaults." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - description, - creation_time, - report_delivery_channel ->> 'Formats' as formats, - report_delivery_channel ->> 'S3BucketName' as s3_bucket_name, - report_delivery_channel ->> 'S3KeyPrefix' as s3_key_prefix - from - aws_backup_report_plan - where - title = 'backup_jobs_report_12_07_2023'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n description,\n creation_time,\n report_delivery_channel\ + \ ->> 'Formats' as formats,\n report_delivery_channel ->> 'S3BucketName' as s3_bucket_name,\n\ + \ report_delivery_channel ->> 'S3KeyPrefix' as s3_key_prefix\nfrom\n aws_backup_report_plan\n\ + where\n title = 'backup_jobs_report_12_07_2023';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Backup Report Plan +Title: Query AWS Backup Report Plan data with details diff --git a/queries/aws_backup_selection_1.yaml b/queries/aws_backup_selection_1.yaml index b5f3e010b..c5380f5f4 100755 --- a/queries/aws_backup_selection_1.yaml +++ b/queries/aws_backup_selection_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Backup Selections to obtain detailed information + about the backup selection resources within AWS Backup service. ID: aws_backup_selection_1 -Title: "Find AWS Backup Selections Information" -Description: "Allows users to query AWS Backup Selections to obtain detailed information about the backup selection resources within AWS Backup service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - selection_name, - backup_plan_id, - iam_role_arn, - region, - account_id - from - aws_backup_selection; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n selection_name,\n backup_plan_id,\n iam_role_arn,\n\ + \ region,\n account_id\nfrom\n aws_backup_selection;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Backup +Title: Find AWS Backup Selections Information diff --git a/queries/aws_backup_selection_2.yaml b/queries/aws_backup_selection_2.yaml index 19d65c4a2..4f38420e9 100755 --- a/queries/aws_backup_selection_2.yaml +++ b/queries/aws_backup_selection_2.yaml @@ -1,34 +1,23 @@ +Description: Allows users to query AWS Backup Selections to obtain detailed information + about the backup selection resources within AWS Backup service. ID: aws_backup_selection_2 -Title: "List all AWS Backup Selection Details" -Description: "Allows users to query AWS Backup Selections to obtain detailed information about the backup selection resources within AWS Backup service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - with filtered_data as ( - select - backup_plan_id, - jsonb_agg(r) as assigned_resource - from - aws_backup_selection, - jsonb_array_elements(resources) as r - group by backup_plan_id - ) - select - v.volume_id, - v.region, - v.account_id - from - aws_ebs_volume as v - join filtered_data t on t.assigned_resource ?| array[v.arn]; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "with filtered_data as (\n select\n backup_plan_id,\n jsonb_agg(r)\ + \ as assigned_resource\n from\n aws_backup_selection,\n jsonb_array_elements(resources)\ + \ as r\n group by backup_plan_id\n)\nselect\n v.volume_id,\n v.region,\n v.account_id\n\ + from\n aws_ebs_volume as v\n join filtered_data t on t.assigned_resource ?|\ + \ array[v.arn];" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Backup +Title: List all AWS Backup Selection Details diff --git a/queries/aws_backup_vault_1.yaml b/queries/aws_backup_vault_1.yaml index 248b24bf3..f894f922f 100755 --- a/queries/aws_backup_vault_1.yaml +++ b/queries/aws_backup_vault_1.yaml @@ -1,24 +1,19 @@ +Description: Allows users to query AWS Backup Vaults, providing detailed information + about each backup vault, including its name, ARN, recovery points, and more. ID: aws_backup_vault_1 -Title: "Query AWS Backup Vaults for Detailed Information" -Description: "Allows users to query AWS Backup Vaults, providing detailed information about each backup vault, including its name, ARN, recovery points, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - creation_date - from - aws_backup_vault; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n creation_date\nfrom\n aws_backup_vault;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Backup +Title: Query AWS Backup Vaults for Detailed Information diff --git a/queries/aws_backup_vault_2.yaml b/queries/aws_backup_vault_2.yaml index 4350b642b..b635921ad 100755 --- a/queries/aws_backup_vault_2.yaml +++ b/queries/aws_backup_vault_2.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS Backup Vaults, providing detailed information + about each backup vault, including its name, ARN, recovery points, and more. ID: aws_backup_vault_2 -Title: "List all AWS Backup Vaults with Detailed Information" -Description: "Allows users to query AWS Backup Vaults, providing detailed information about each backup vault, including its name, ARN, recovery points, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - creation_date - from - aws_backup_vault - where - creation_date <= (current_date - interval '90' day) - order by - creation_date; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n creation_date\nfrom\n aws_backup_vault\n\ + where\n creation_date <= (current_date - interval '90' day)\norder by\n creation_date;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Backup +Title: List all AWS Backup Vaults with Detailed Information diff --git a/queries/aws_backup_vault_3.yaml b/queries/aws_backup_vault_3.yaml index 6083cbdd8..02003e9dc 100755 --- a/queries/aws_backup_vault_3.yaml +++ b/queries/aws_backup_vault_3.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Backup Vaults, providing detailed information + about each backup vault, including its name, ARN, recovery points, and more. ID: aws_backup_vault_3 -Title: "Find AWS Backup Vaults with Specific Policy Details" -Description: "Allows users to query AWS Backup Vaults, providing detailed information about each backup vault, including its name, ARN, recovery points, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name - from - aws_backup_vault, - jsonb_array_elements(policy -> 'Statement') as s - where - s ->> 'Principal' = '*' - and s ->> 'Effect' != 'Deny' - and s ->> 'Action' like '%DeleteBackupVault%'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name\nfrom\n aws_backup_vault,\n jsonb_array_elements(policy\ + \ -> 'Statement') as s\nwhere\n s ->> 'Principal' = '*'\n and s ->> 'Effect'\ + \ != 'Deny'\n and s ->> 'Action' like '%DeleteBackupVault%';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Backup Vault +Title: Find AWS Backup Vaults with Specific Policy Details diff --git a/queries/aws_backup_vault_4.yaml b/queries/aws_backup_vault_4.yaml index e82af78d7..045e7add2 100755 --- a/queries/aws_backup_vault_4.yaml +++ b/queries/aws_backup_vault_4.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query AWS Backup Vaults, providing detailed information + about each backup vault, including its name, ARN, recovery points, and more. ID: aws_backup_vault_4 -Title: "Find all AWS Backup Vaults with Details" -Description: "Allows users to query AWS Backup Vaults, providing detailed information about each backup vault, including its name, ARN, recovery points, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - jsonb_pretty(policy) as policy, - jsonb_pretty(policy_std) as policy_std - from - aws_backup_vault; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n jsonb_pretty(policy) as policy,\n jsonb_pretty(policy_std)\ + \ as policy_std\nfrom\n aws_backup_vault;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Backup +Title: Find all AWS Backup Vaults with Details diff --git a/queries/aws_cloudcontrol_resource_1.yaml b/queries/aws_cloudcontrol_resource_1.yaml index 1c4512c31..53111e3c5 100755 --- a/queries/aws_cloudcontrol_resource_1.yaml +++ b/queries/aws_cloudcontrol_resource_1.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS Cloud Control API Resource data, providing + detailed insights into resource properties, types, and statuses. ID: aws_cloudcontrol_resource_1 -Title: "Find AWS Cloud Control API Resource Data for AWS Lambda" -Description: "Allows users to query AWS Cloud Control API Resource data, providing detailed insights into resource properties, types, and statuses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - identifier, - properties ->> 'Arn' as arn, - properties ->> 'MemorySize' as memory_size, - properties ->> 'Runtime' as runtime, - region - from - aws_cloudcontrol_resource - where - type_name = 'AWS::Lambda::Function'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n identifier,\n properties ->> 'Arn' as arn,\n properties\ + \ ->> 'MemorySize' as memory_size,\n properties ->> 'Runtime' as runtime,\n \ + \ region\nfrom\n aws_cloudcontrol_resource\nwhere\n type_name = 'AWS::Lambda::Function';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Cloud Control API +Title: Find AWS Cloud Control API Resource Data for AWS Lambda diff --git a/queries/aws_cloudcontrol_resource_2.yaml b/queries/aws_cloudcontrol_resource_2.yaml index a6bf858c6..7e8e68098 100755 --- a/queries/aws_cloudcontrol_resource_2.yaml +++ b/queries/aws_cloudcontrol_resource_2.yaml @@ -1,32 +1,24 @@ +Description: Allows users to query AWS Cloud Control API Resource data, providing + detailed insights into resource properties, types, and statuses. ID: aws_cloudcontrol_resource_2 -Title: "Find AWS Cloud Control API Resource Data" -Description: "Allows users to query AWS Cloud Control API Resource data, providing detailed insights into resource properties, types, and statuses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - identifier, - properties ->> 'AlpnPolicy' as alpn_policy, - properties ->> 'Certificates' as certificates, - properties ->> 'Port' as port, - properties ->> 'Protocol' as protocol, - region, - account_id - from - aws_cloudcontrol_resource - where - type_name = 'AWS::ElasticLoadBalancingV2::Listener' - and resource_model = '{"LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/test-lb/4e695b8755d7003c"}' - and region = 'us-east-1'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n identifier,\n properties ->> 'AlpnPolicy' as alpn_policy,\n\ + \ properties ->> 'Certificates' as certificates,\n properties ->> 'Port' as\ + \ port,\n properties ->> 'Protocol' as protocol,\n region,\n account_id\nfrom\n\ + \ aws_cloudcontrol_resource\nwhere\n type_name = 'AWS::ElasticLoadBalancingV2::Listener'\n\ + \ and resource_model = '{\"LoadBalancerArn\": \"arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/test-lb/4e695b8755d7003c\"\ + }'\n and region = 'us-east-1';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cloud Control +Title: Find AWS Cloud Control API Resource Data diff --git a/queries/aws_cloudcontrol_resource_3.yaml b/queries/aws_cloudcontrol_resource_3.yaml index 94e205480..bbe2e1703 100755 --- a/queries/aws_cloudcontrol_resource_3.yaml +++ b/queries/aws_cloudcontrol_resource_3.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Cloud Control API Resource data, providing + detailed insights into resource properties, types, and statuses. ID: aws_cloudcontrol_resource_3 -Title: "Find AWS Cloud Control API Resource using SQL" -Description: "Allows users to query AWS Cloud Control API Resource data, providing detailed insights into resource properties, types, and statuses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - identifier, - properties ->> 'IncludeGlobalServiceEvents' as include_global_service_events, - properties ->> 'IsLogging' as is_logging, - properties ->> 'IsMultiRegionTrail' as is_multi_region_trail, - region - from - aws_cloudcontrol_resource - where - type_name = 'AWS::CloudTrail::Trail' - and identifier = 'my-trail'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n identifier,\n properties ->> 'IncludeGlobalServiceEvents'\ + \ as include_global_service_events,\n properties ->> 'IsLogging' as is_logging,\n\ + \ properties ->> 'IsMultiRegionTrail' as is_multi_region_trail,\n region\nfrom\n\ + \ aws_cloudcontrol_resource\nwhere\n type_name = 'AWS::CloudTrail::Trail'\n\ + \ and identifier = 'my-trail';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cloud Control API Resource +Title: Find AWS Cloud Control API Resource using SQL diff --git a/queries/aws_cloudcontrol_resource_4.yaml b/queries/aws_cloudcontrol_resource_4.yaml index 460b40227..8a7813b35 100755 --- a/queries/aws_cloudcontrol_resource_4.yaml +++ b/queries/aws_cloudcontrol_resource_4.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Cloud Control API Resource data, providing + detailed insights into resource properties, types, and statuses. ID: aws_cloudcontrol_resource_4 -Title: "List all AWS IAM Roles in us-east-1 using SQL" -Description: "Allows users to query AWS Cloud Control API Resource data, providing detailed insights into resource properties, types, and statuses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - properties ->> 'RoleName' as name - from - aws_cloudcontrol_resource - where - type_name = 'AWS::IAM::Role' - and region = 'us-east-1' - order by - name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n properties ->> 'RoleName' as name\nfrom\n aws_cloudcontrol_resource\n\ + where\n type_name = 'AWS::IAM::Role'\n and region = 'us-east-1'\norder by\n\ + \ name;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cloud Control API +Title: List all AWS IAM Roles in us-east-1 using SQL diff --git a/queries/aws_cloudformation_stack_1.yaml b/queries/aws_cloudformation_stack_1.yaml index 3144213c4..e0a94b935 100755 --- a/queries/aws_cloudformation_stack_1.yaml +++ b/queries/aws_cloudformation_stack_1.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS CloudFormation Stack data, including stack + name, status, creation time, and associated tags. ID: aws_cloudformation_stack_1 -Title: "List all AWS CloudFormation Stacks with Details" -Description: "Allows users to query AWS CloudFormation Stack data, including stack name, status, creation time, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - status - from - aws_cloudformation_stack; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n status\nfrom\n aws_cloudformation_stack;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFormation Stack +Title: List all AWS CloudFormation Stacks with Details diff --git a/queries/aws_cloudformation_stack_2.yaml b/queries/aws_cloudformation_stack_2.yaml index 7e1bec9a2..13be9f8ca 100755 --- a/queries/aws_cloudformation_stack_2.yaml +++ b/queries/aws_cloudformation_stack_2.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS CloudFormation Stack data, including stack + name, status, creation time, and associated tags. ID: aws_cloudformation_stack_2 -Title: "List AWS CloudFormation Stack data and status" -Description: "Allows users to query AWS CloudFormation Stack data, including stack name, status, creation time, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - disable_rollback - from - aws_cloudformation_stack - where - disable_rollback; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n disable_rollback\nfrom\n aws_cloudformation_stack\n\ + where\n disable_rollback;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFormation +Title: List AWS CloudFormation Stack data and status diff --git a/queries/aws_cloudformation_stack_3.yaml b/queries/aws_cloudformation_stack_3.yaml index b01464fca..cc2669961 100755 --- a/queries/aws_cloudformation_stack_3.yaml +++ b/queries/aws_cloudformation_stack_3.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS CloudFormation Stack data, including stack + name, status, creation time, and associated tags. ID: aws_cloudformation_stack_3 -Title: "List AWS CloudFormation Stack Data with SQL" -Description: "Allows users to query AWS CloudFormation Stack data, including stack name, status, creation time, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - enable_termination_protection - from - aws_cloudformation_stack - where - not enable_termination_protection; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n enable_termination_protection\nfrom\n aws_cloudformation_stack\n\ + where\n not enable_termination_protection;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFormation +Title: List AWS CloudFormation Stack Data with SQL diff --git a/queries/aws_cloudformation_stack_4.yaml b/queries/aws_cloudformation_stack_4.yaml index 38bc53905..85cc0f1d9 100755 --- a/queries/aws_cloudformation_stack_4.yaml +++ b/queries/aws_cloudformation_stack_4.yaml @@ -1,26 +1,23 @@ +Description: Allows users to query AWS CloudFormation Stack data, including stack + name, status, creation time, and associated tags. ID: aws_cloudformation_stack_4 -Title: "Find AWS CloudFormation Stack Data, Status, and Tags" -Description: "Allows users to query AWS CloudFormation Stack data, including stack name, status, creation time, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - rollback_configuration ->> 'MonitoringTimeInMinutes' as monitoring_time_in_min, - rollback_configuration ->> 'RollbackTriggers' as rollback_triggers - from - aws_cloudformation_stack; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n rollback_configuration ->> 'MonitoringTimeInMinutes'\ + \ as monitoring_time_in_min,\n rollback_configuration ->> 'RollbackTriggers'\ + \ as rollback_triggers\nfrom\n aws_cloudformation_stack;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFormation +Title: Find AWS CloudFormation Stack Data, Status, and Tags diff --git a/queries/aws_cloudformation_stack_5.yaml b/queries/aws_cloudformation_stack_5.yaml index 07527aaad..4fcce2c4c 100755 --- a/queries/aws_cloudformation_stack_5.yaml +++ b/queries/aws_cloudformation_stack_5.yaml @@ -1,25 +1,22 @@ +Description: Allows users to query AWS CloudFormation Stack data, including stack + name, status, creation time, and associated tags. ID: aws_cloudformation_stack_5 -Title: "List all AWS CloudFormation Stacks and Resource ARNs" -Description: "Allows users to query AWS CloudFormation Stack data, including stack name, status, creation time, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - jsonb_array_elements_text(notification_arns) as resource_arns - from - aws_cloudformation_stack; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n jsonb_array_elements_text(notification_arns)\ + \ as resource_arns\nfrom\n aws_cloudformation_stack;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFormation +Title: List all AWS CloudFormation Stacks and Resource ARNs diff --git a/queries/aws_cloudformation_stack_resource_1.yaml b/queries/aws_cloudformation_stack_resource_1.yaml index 1339c60aa..113fe75b5 100755 --- a/queries/aws_cloudformation_stack_resource_1.yaml +++ b/queries/aws_cloudformation_stack_resource_1.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS CloudFormation Stack Resources, providing details + about each resource within the stack, including its status, type, and associated + metadata. This table is useful for managing and analyzing AWS CloudFormation resources. ID: aws_cloudformation_stack_resource_1 -Title: "Find AWS CloudFormation Stack Resource Information" -Description: "Allows users to query AWS CloudFormation Stack Resources, providing details about each resource within the stack, including its status, type, and associated metadata. This table is useful for managing and analyzing AWS CloudFormation resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - stack_name, - stack_id, - logical_resource_id, - resource_type, - resource_status - from - aws_cloudformation_stack_resource; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n stack_name,\n stack_id,\n logical_resource_id,\n resource_type,\n\ + \ resource_status\nfrom\n aws_cloudformation_stack_resource;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFormation +Title: Find AWS CloudFormation Stack Resource Information diff --git a/queries/aws_cloudformation_stack_resource_2.yaml b/queries/aws_cloudformation_stack_resource_2.yaml index 4e2642cd6..f27939752 100755 --- a/queries/aws_cloudformation_stack_resource_2.yaml +++ b/queries/aws_cloudformation_stack_resource_2.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS CloudFormation Stack Resources, providing details + about each resource within the stack, including its status, type, and associated + metadata. This table is useful for managing and analyzing AWS CloudFormation resources. ID: aws_cloudformation_stack_resource_2 -Title: "Find AWS CloudFormation Stack Resource Details and Status" -Description: "Allows users to query AWS CloudFormation Stack Resources, providing details about each resource within the stack, including its status, type, and associated metadata. This table is useful for managing and analyzing AWS CloudFormation resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - s.name, - s.disable_rollback, - r.logical_resource_id, - r.resource_status - from - aws_cloudformation_stack_resource as r, - aws_cloudformation_stack as s - where - r.stack_id = s.id - and s.disable_rollback; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n s.name,\n s.disable_rollback,\n r.logical_resource_id,\n\ + \ r.resource_status\nfrom\n aws_cloudformation_stack_resource as r,\n aws_cloudformation_stack\ + \ as s\nwhere\n r.stack_id = s.id\n and s.disable_rollback;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFormation +Title: Find AWS CloudFormation Stack Resource Details and Status diff --git a/queries/aws_cloudformation_stack_resource_3.yaml b/queries/aws_cloudformation_stack_resource_3.yaml index ab6022207..2c8d87a5b 100755 --- a/queries/aws_cloudformation_stack_resource_3.yaml +++ b/queries/aws_cloudformation_stack_resource_3.yaml @@ -1,32 +1,25 @@ +Description: Allows users to query AWS CloudFormation Stack Resources, providing details + about each resource within the stack, including its status, type, and associated + metadata. This table is useful for managing and analyzing AWS CloudFormation resources. ID: aws_cloudformation_stack_resource_3 -Title: "List all AWS CloudFormation Stack Resources with Details" -Description: "Allows users to query AWS CloudFormation Stack Resources, providing details about each resource within the stack, including its status, type, and associated metadata. This table is useful for managing and analyzing AWS CloudFormation resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - s.name, - s.enable_termination_protection, - s.disable_rollback, - r.logical_resource_id, - r.resource_status - from - aws_cloudformation_stack_resource as r, - aws_cloudformation_stack as s - where - r.stack_id = s.id - and not enable_termination_protection; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n s.name,\n s.enable_termination_protection,\n s.disable_rollback,\n\ + \ r.logical_resource_id,\n r.resource_status\nfrom\n aws_cloudformation_stack_resource\ + \ as r,\n aws_cloudformation_stack as s\nwhere\n r.stack_id = s.id\n and not\ + \ enable_termination_protection;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFormation +Title: List all AWS CloudFormation Stack Resources with Details diff --git a/queries/aws_cloudformation_stack_resource_4.yaml b/queries/aws_cloudformation_stack_resource_4.yaml index a5b6e4d70..4be18d9f8 100755 --- a/queries/aws_cloudformation_stack_resource_4.yaml +++ b/queries/aws_cloudformation_stack_resource_4.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS CloudFormation Stack Resources, providing details + about each resource within the stack, including its status, type, and associated + metadata. This table is useful for managing and analyzing AWS CloudFormation resources. ID: aws_cloudformation_stack_resource_4 -Title: "Find AWS CloudFormation Stack Resource Details" -Description: "Allows users to query AWS CloudFormation Stack Resources, providing details about each resource within the stack, including its status, type, and associated metadata. This table is useful for managing and analyzing AWS CloudFormation resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - stack_name, - stack_id, - logical_resource_id, - resource_status, - resource_type - from - aws_cloudformation_stack_resource - where - resource_type = 'AWS::EC2::VPC'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n stack_name,\n stack_id,\n logical_resource_id,\n resource_status,\n\ + \ resource_type\nfrom\n aws_cloudformation_stack_resource\nwhere\n resource_type\ + \ = 'AWS::EC2::VPC';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFormation +Title: Find AWS CloudFormation Stack Resource Details diff --git a/queries/aws_cloudformation_stack_resource_5.yaml b/queries/aws_cloudformation_stack_resource_5.yaml index fc21225df..5a60be29e 100755 --- a/queries/aws_cloudformation_stack_resource_5.yaml +++ b/queries/aws_cloudformation_stack_resource_5.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS CloudFormation Stack Resources, providing details + about each resource within the stack, including its status, type, and associated + metadata. This table is useful for managing and analyzing AWS CloudFormation resources. ID: aws_cloudformation_stack_resource_5 -Title: "List all AWS CloudFormation Stack Resources’ Details" -Description: "Allows users to query AWS CloudFormation Stack Resources, providing details about each resource within the stack, including its status, type, and associated metadata. This table is useful for managing and analyzing AWS CloudFormation resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - stack_name, - logical_resource_id, - resource_status, - resource_type - from - aws_cloudformation_stack_resource - where - resource_status = 'UPDATE_FAILED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n stack_name,\n logical_resource_id,\n resource_status,\n\ + \ resource_type\nfrom\n aws_cloudformation_stack_resource\nwhere\n resource_status\ + \ = 'UPDATE_FAILED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFormation +Title: "List all AWS CloudFormation Stack Resources\u2019 Details" diff --git a/queries/aws_cloudformation_stack_set_1.yaml b/queries/aws_cloudformation_stack_set_1.yaml index 09e2c8f49..8159d21eb 100755 --- a/queries/aws_cloudformation_stack_set_1.yaml +++ b/queries/aws_cloudformation_stack_set_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS CloudFormation StackSets, providing detailed + information about each StackSet''s configuration, status, and associated AWS resources. ID: aws_cloudformation_stack_set_1 -Title: "List all AWS CloudFormation StackSets configurations" -Description: "Allows users to query AWS CloudFormation StackSets, providing detailed information about each StackSet''s configuration, status, and associated AWS resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - stack_set_id, - stack_set_name, - status, - arn, - description - from - aws_cloudformation_stack_set; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n stack_set_id,\n stack_set_name,\n status,\n arn,\n\ + \ description\nfrom\n aws_cloudformation_stack_set;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFormation +Title: List all AWS CloudFormation StackSets configurations diff --git a/queries/aws_cloudformation_stack_set_2.yaml b/queries/aws_cloudformation_stack_set_2.yaml index 9f3220e32..b0fc4aa6d 100755 --- a/queries/aws_cloudformation_stack_set_2.yaml +++ b/queries/aws_cloudformation_stack_set_2.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS CloudFormation StackSets, providing detailed + information about each StackSet''s configuration, status, and associated AWS resources. ID: aws_cloudformation_stack_set_2 -Title: "List all AWS CloudFormation StackSets and Associated Resources" -Description: "Allows users to query AWS CloudFormation StackSets, providing detailed information about each StackSet''s configuration, status, and associated AWS resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - stack_set_id, - stack_set_name, - status, - permission_model, - auto_deployment - from - aws_cloudformation_stack_set - where - status = 'ACTIVE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n stack_set_id,\n stack_set_name,\n status,\n permission_model,\n\ + \ auto_deployment\nfrom\n aws_cloudformation_stack_set\nwhere\n status = 'ACTIVE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFormation +Title: List all AWS CloudFormation StackSets and Associated Resources diff --git a/queries/aws_cloudformation_stack_set_3.yaml b/queries/aws_cloudformation_stack_set_3.yaml index fb88df3dd..8d945b8e3 100755 --- a/queries/aws_cloudformation_stack_set_3.yaml +++ b/queries/aws_cloudformation_stack_set_3.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS CloudFormation StackSets, providing detailed + information about each StackSet''s configuration, status, and associated AWS resources. ID: aws_cloudformation_stack_set_3 -Title: "List all AWS CloudFormation StackSets with Parameters" -Description: "Allows users to query AWS CloudFormation StackSets, providing detailed information about each StackSet''s configuration, status, and associated AWS resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - stack_set_name, - stack_set_id, - p ->> 'ParameterKey' as parameter_key, - p ->> 'ParameterValue' as parameter_value, - p ->> 'ResolvedValue' as resolved_value, - p ->> 'UsePreviousValue' as use_previous_value - from - aws_cloudformation_stack_set, - jsonb_array_elements(parameters) as p; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n stack_set_name,\n stack_set_id,\n p ->> 'ParameterKey'\ + \ as parameter_key,\n p ->> 'ParameterValue' as parameter_value,\n p ->> 'ResolvedValue'\ + \ as resolved_value,\n p ->> 'UsePreviousValue' as use_previous_value\nfrom\n\ + \ aws_cloudformation_stack_set,\n jsonb_array_elements(parameters) as p;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFormation +Title: List all AWS CloudFormation StackSets with Parameters diff --git a/queries/aws_cloudformation_stack_set_4.yaml b/queries/aws_cloudformation_stack_set_4.yaml index 4fabbe9ce..a23d42a00 100755 --- a/queries/aws_cloudformation_stack_set_4.yaml +++ b/queries/aws_cloudformation_stack_set_4.yaml @@ -1,31 +1,28 @@ +Description: Allows users to query AWS CloudFormation StackSets, providing detailed + information about each StackSet''s configuration, status, and associated AWS resources. ID: aws_cloudformation_stack_set_4 -Title: "List all detailed AWS CloudFormation StackSets status" -Description: "Allows users to query AWS CloudFormation StackSets, providing detailed information about each StackSet''s configuration, status, and associated AWS resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - stack_set_name, - stack_set_id, - stack_set_drift_detection_details ->> 'DriftDetectionStatus' as drift_detection_status, - stack_set_drift_detection_details ->> 'DriftStatus' as drift_status, - stack_set_drift_detection_details ->> 'DriftedStackInstancesCount' as drifted_stack_instances_count, - stack_set_drift_detection_details ->> 'FailedStackInstancesCount' as failed_stack_instances_count, - stack_set_drift_detection_details ->> 'InProgressStackInstancesCount' as in_progress_stack_instances_count, - stack_set_drift_detection_details ->> 'InSyncStackInstancesCount' as in_sync_stack_instances_count, - stack_set_drift_detection_details ->> 'LastDriftCheckTimestamp' as last_drift_check_timestamp, - stack_set_drift_detection_details ->> 'TotalStackInstancesCount' as total_stack_instances_count - from - aws_cloudformation_stack_set; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n stack_set_name,\n stack_set_id,\n stack_set_drift_detection_details\ + \ ->> 'DriftDetectionStatus' as drift_detection_status,\n stack_set_drift_detection_details\ + \ ->> 'DriftStatus' as drift_status,\n stack_set_drift_detection_details ->>\ + \ 'DriftedStackInstancesCount' as drifted_stack_instances_count,\n stack_set_drift_detection_details\ + \ ->> 'FailedStackInstancesCount' as failed_stack_instances_count,\n stack_set_drift_detection_details\ + \ ->> 'InProgressStackInstancesCount' as in_progress_stack_instances_count,\n\ + \ stack_set_drift_detection_details ->> 'InSyncStackInstancesCount' as in_sync_stack_instances_count,\n\ + \ stack_set_drift_detection_details ->> 'LastDriftCheckTimestamp' as last_drift_check_timestamp,\n\ + \ stack_set_drift_detection_details ->> 'TotalStackInstancesCount' as total_stack_instances_count\n\ + from\n aws_cloudformation_stack_set;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFormation +Title: List all detailed AWS CloudFormation StackSets status diff --git a/queries/aws_cloudfront_cache_policy_1.yaml b/queries/aws_cloudfront_cache_policy_1.yaml index e70a60167..dae000895 100755 --- a/queries/aws_cloudfront_cache_policy_1.yaml +++ b/queries/aws_cloudfront_cache_policy_1.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS CloudFront Cache Policies for details about + their configuration, status, and associated metadata. ID: aws_cloudfront_cache_policy_1 -Title: "List AWS CloudFront Cache Policies Details" -Description: "Allows users to query AWS CloudFront Cache Policies for details about their configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - name, - comment, - min_ttl, - etag, - last_modified_time - from - aws_cloudfront_cache_policy; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n name,\n comment,\n min_ttl,\n etag,\n last_modified_time\n\ + from\n aws_cloudfront_cache_policy;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFront +Title: List AWS CloudFront Cache Policies Details diff --git a/queries/aws_cloudfront_cache_policy_2.yaml b/queries/aws_cloudfront_cache_policy_2.yaml index 4ed572093..392a92714 100755 --- a/queries/aws_cloudfront_cache_policy_2.yaml +++ b/queries/aws_cloudfront_cache_policy_2.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query AWS CloudFront Cache Policies for details about + their configuration, status, and associated metadata. ID: aws_cloudfront_cache_policy_2 -Title: "Find AWS CloudFront Cache Policies and Details" -Description: "Allows users to query AWS CloudFront Cache Policies for details about their configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - name, - parameters_in_cache_key_and_forwarded_to_origin ->> 'EnableAcceptEncodingGzip' as enable_gzip - from - aws_cloudfront_cache_policy - where - parameters_in_cache_key_and_forwarded_to_origin ->> 'EnableAcceptEncodingGzip' <> 'true'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n name,\n parameters_in_cache_key_and_forwarded_to_origin\ + \ ->> 'EnableAcceptEncodingGzip' as enable_gzip\nfrom\n aws_cloudfront_cache_policy\n\ + where\n parameters_in_cache_key_and_forwarded_to_origin ->> 'EnableAcceptEncodingGzip'\ + \ <> 'true';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFront +Title: Find AWS CloudFront Cache Policies and Details diff --git a/queries/aws_cloudfront_cache_policy_3.yaml b/queries/aws_cloudfront_cache_policy_3.yaml index f6a1e605d..5a782749c 100755 --- a/queries/aws_cloudfront_cache_policy_3.yaml +++ b/queries/aws_cloudfront_cache_policy_3.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query AWS CloudFront Cache Policies for details about + their configuration, status, and associated metadata. ID: aws_cloudfront_cache_policy_3 -Title: "List AWS CloudFront Cache Policies and Their States" -Description: "Allows users to query AWS CloudFront Cache Policies for details about their configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - name, - parameters_in_cache_key_and_forwarded_to_origin ->> 'EnableAcceptEncodingBrotli' as enable_brotli - from - aws_cloudfront_cache_policy - where - parameters_in_cache_key_and_forwarded_to_origin ->> 'EnableAcceptEncodingBrotli' <> 'true'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n name,\n parameters_in_cache_key_and_forwarded_to_origin\ + \ ->> 'EnableAcceptEncodingBrotli' as enable_brotli\nfrom\n aws_cloudfront_cache_policy\n\ + where\n parameters_in_cache_key_and_forwarded_to_origin ->> 'EnableAcceptEncodingBrotli'\ + \ <> 'true';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFront +Title: List AWS CloudFront Cache Policies and Their States diff --git a/queries/aws_cloudfront_distribution_1.yaml b/queries/aws_cloudfront_distribution_1.yaml index 47648e756..908e6c921 100755 --- a/queries/aws_cloudfront_distribution_1.yaml +++ b/queries/aws_cloudfront_distribution_1.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query AWS CloudFront Distributions to gain insights into + their configuration, status, and associated metadata. ID: aws_cloudfront_distribution_1 -Title: "List all AWS CloudFront Distributions and Metadata" -Description: "Allows users to query AWS CloudFront Distributions to gain insights into their configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - arn, - status, - domain_name, - enabled, - e_tag, - http_version, - is_ipv6_enabled - from - aws_cloudfront_distribution; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n arn,\n status,\n domain_name,\n enabled,\n\ + \ e_tag,\n http_version,\n is_ipv6_enabled\nfrom\n aws_cloudfront_distribution;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFront +Title: List all AWS CloudFront Distributions and Metadata diff --git a/queries/aws_cloudfront_distribution_2.yaml b/queries/aws_cloudfront_distribution_2.yaml index 482ac5867..1392a2ada 100755 --- a/queries/aws_cloudfront_distribution_2.yaml +++ b/queries/aws_cloudfront_distribution_2.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS CloudFront Distributions to gain insights into + their configuration, status, and associated metadata. ID: aws_cloudfront_distribution_2 -Title: "Find Disabled AWS CloudFront Distribution Logging" -Description: "Allows users to query AWS CloudFront Distributions to gain insights into their configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - logging ->> 'Bucket' as bucket, - logging ->> 'Enabled' as logging_enabled, - logging ->> 'IncludeCookies' as include_cookies - from - aws_cloudfront_distribution - where - logging ->> 'Enabled' = 'false'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n logging ->> 'Bucket' as bucket,\n logging ->>\ + \ 'Enabled' as logging_enabled,\n logging ->> 'IncludeCookies' as include_cookies\n\ + from\n aws_cloudfront_distribution\nwhere\n logging ->> 'Enabled' = 'false';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFront +Title: Find Disabled AWS CloudFront Distribution Logging diff --git a/queries/aws_cloudfront_distribution_3.yaml b/queries/aws_cloudfront_distribution_3.yaml index de0b7f33d..1544652df 100755 --- a/queries/aws_cloudfront_distribution_3.yaml +++ b/queries/aws_cloudfront_distribution_3.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS CloudFront Distributions to gain insights into + their configuration, status, and associated metadata. ID: aws_cloudfront_distribution_3 -Title: "List all AWS CloudFront Distributions and Their Configurations" -Description: "Allows users to query AWS CloudFront Distributions to gain insights into their configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - arn, - status, - is_ipv6_enabled - from - aws_cloudfront_distribution - where - is_ipv6_enabled = 'false'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n arn,\n status,\n is_ipv6_enabled\nfrom\n aws_cloudfront_distribution\n\ + where\n is_ipv6_enabled = 'false';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFront +Title: List all AWS CloudFront Distributions and Their Configurations diff --git a/queries/aws_cloudfront_distribution_4.yaml b/queries/aws_cloudfront_distribution_4.yaml index 2058cae87..4ea302176 100755 --- a/queries/aws_cloudfront_distribution_4.yaml +++ b/queries/aws_cloudfront_distribution_4.yaml @@ -1,31 +1,26 @@ +Description: Allows users to query AWS CloudFront Distributions to gain insights into + their configuration, status, and associated metadata. ID: aws_cloudfront_distribution_4 -Title: "Find details of AWS CloudFront Distributions with SQL" -Description: "Allows users to query AWS CloudFront Distributions to gain insights into their configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - arn, - default_cache_behavior ->> 'FieldLevelEncryptionId' as field_level_encryption_id, - default_cache_behavior ->> 'DefaultTTL' as default_ttl - from - aws_cloudfront_distribution - where - default_cache_behavior ->> 'FieldLevelEncryptionId' <> ''; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n arn,\n default_cache_behavior ->> 'FieldLevelEncryptionId'\ + \ as field_level_encryption_id,\n default_cache_behavior ->> 'DefaultTTL' as\ + \ default_ttl\nfrom\n aws_cloudfront_distribution\nwhere\n default_cache_behavior\ + \ ->> 'FieldLevelEncryptionId' <> '';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFront +Title: Find details of AWS CloudFront Distributions with SQL diff --git a/queries/aws_cloudfront_distribution_5.yaml b/queries/aws_cloudfront_distribution_5.yaml index a95d3ad46..316ead2b0 100755 --- a/queries/aws_cloudfront_distribution_5.yaml +++ b/queries/aws_cloudfront_distribution_5.yaml @@ -1,32 +1,26 @@ +Description: Allows users to query AWS CloudFront Distributions to gain insights into + their configuration, status, and associated metadata. ID: aws_cloudfront_distribution_5 -Title: "Query AWS CloudFront Distributions and Insights" -Description: "Allows users to query AWS CloudFront Distributions to gain insights into their configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - arn, - p -> 'CustomOriginConfig' -> 'HTTPPort' as http_port, - p -> 'CustomOriginConfig' -> 'HTTPSPort' as https_port, - p -> 'CustomOriginConfig' -> 'OriginKeepaliveTimeout' as origin_keepalive_timeout, - p -> 'CustomOriginConfig' -> 'OriginProtocolPolicy' as origin_protocol_policy - from - aws_cloudfront_distribution, - jsonb_array_elements(origins) as p - where - p -> 'CustomOriginConfig' ->> 'OriginProtocolPolicy' = 'https-only'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n arn,\n p -> 'CustomOriginConfig' -> 'HTTPPort'\ + \ as http_port,\n p -> 'CustomOriginConfig' -> 'HTTPSPort' as https_port,\n \ + \ p -> 'CustomOriginConfig' -> 'OriginKeepaliveTimeout' as origin_keepalive_timeout,\n\ + \ p -> 'CustomOriginConfig' -> 'OriginProtocolPolicy' as origin_protocol_policy\n\ + from\n aws_cloudfront_distribution,\n jsonb_array_elements(origins) as p\nwhere\n\ + \ p -> 'CustomOriginConfig' ->> 'OriginProtocolPolicy' = 'https-only';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFront +Title: Query AWS CloudFront Distributions and Insights diff --git a/queries/aws_cloudfront_distribution_6.yaml b/queries/aws_cloudfront_distribution_6.yaml index d5e0dcc9a..44f0ad276 100755 --- a/queries/aws_cloudfront_distribution_6.yaml +++ b/queries/aws_cloudfront_distribution_6.yaml @@ -1,30 +1,25 @@ +Description: Allows users to query AWS CloudFront Distributions to gain insights into + their configuration, status, and associated metadata. ID: aws_cloudfront_distribution_6 -Title: "Find AWS CloudFront Distributions Configuration & Status" -Description: "Allows users to query AWS CloudFront Distributions to gain insights into their configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - arn, - p -> 'CustomOriginConfig' -> 'OriginSslProtocols' -> 'Items' as items, - p -> 'CustomOriginConfig' -> 'OriginSslProtocols' -> 'Quantity' as quantity - from - aws_cloudfront_distribution, - jsonb_array_elements(origins) as p - where - p -> 'CustomOriginConfig' -> 'OriginSslProtocols' -> 'Items' ?& array['SSLv3']; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n arn,\n p -> 'CustomOriginConfig' -> 'OriginSslProtocols'\ + \ -> 'Items' as items,\n p -> 'CustomOriginConfig' -> 'OriginSslProtocols' ->\ + \ 'Quantity' as quantity\nfrom\n aws_cloudfront_distribution,\n jsonb_array_elements(origins)\ + \ as p\nwhere\n p -> 'CustomOriginConfig' -> 'OriginSslProtocols' -> 'Items'\ + \ ?& array['SSLv3'];" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFront +Title: Find AWS CloudFront Distributions Configuration & Status diff --git a/queries/aws_cloudfront_function_1.yaml b/queries/aws_cloudfront_function_1.yaml index 0ca0362b9..39436be1f 100755 --- a/queries/aws_cloudfront_function_1.yaml +++ b/queries/aws_cloudfront_function_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS CloudFront Functions to retrieve detailed information + about each function, including its ARN, stage, status, and more. ID: aws_cloudfront_function_1 -Title: "List all AWS CloudFront Functions with details" -Description: "Allows users to query AWS CloudFront Functions to retrieve detailed information about each function, including its ARN, stage, status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - status, - arn, - e_tag, - function_config - from - aws_cloudfront_function; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n status,\n arn,\n e_tag,\n function_config\n\ + from\n aws_cloudfront_function;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFront +Title: List all AWS CloudFront Functions with details diff --git a/queries/aws_cloudfront_function_2.yaml b/queries/aws_cloudfront_function_2.yaml index 9be64516f..c2b0efd6a 100755 --- a/queries/aws_cloudfront_function_2.yaml +++ b/queries/aws_cloudfront_function_2.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS CloudFront Functions to retrieve detailed information + about each function, including its ARN, stage, status, and more. ID: aws_cloudfront_function_2 -Title: "List All AWS CloudFront Functions with Detailed Info" -Description: "Allows users to query AWS CloudFront Functions to retrieve detailed information about each function, including its ARN, stage, status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - function_config ->> 'Comment' as comment, - arn, - status, - e_tag - from - aws_cloudfront_function - where - function_metadata ->> 'Stage' = 'LIVE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n function_config ->> 'Comment' as comment,\n\ + \ arn,\n status,\n e_tag\nfrom\n aws_cloudfront_function\nwhere\n function_metadata\ + \ ->> 'Stage' = 'LIVE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFront +Title: List All AWS CloudFront Functions with Detailed Info diff --git a/queries/aws_cloudfront_function_3.yaml b/queries/aws_cloudfront_function_3.yaml index d14a6c618..e7d5dc287 100755 --- a/queries/aws_cloudfront_function_3.yaml +++ b/queries/aws_cloudfront_function_3.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS CloudFront Functions to retrieve detailed information + about each function, including its ARN, stage, status, and more. ID: aws_cloudfront_function_3 -Title: "List AWS CloudFront Functions by ARN, Stage, and Status" -Description: "Allows users to query AWS CloudFront Functions to retrieve detailed information about each function, including its ARN, stage, status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - function_metadata ->> 'Stage' as stage, - status, - function_metadata ->> 'CreatedTime' as created_time, - function_metadata ->> 'LastModifiedTime' as last_modified_time - from - aws_cloudfront_function - order by - function_metadata ->> 'CreatedTime' DESC; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n function_metadata ->> 'Stage' as stage,\n\ + \ status,\n function_metadata ->> 'CreatedTime' as created_time,\n function_metadata\ + \ ->> 'LastModifiedTime' as last_modified_time\n from\n aws_cloudfront_function\n\ + order by\n function_metadata ->> 'CreatedTime' DESC;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFront +Title: List AWS CloudFront Functions by ARN, Stage, and Status diff --git a/queries/aws_cloudfront_function_4.yaml b/queries/aws_cloudfront_function_4.yaml index f725dc286..5cd231360 100755 --- a/queries/aws_cloudfront_function_4.yaml +++ b/queries/aws_cloudfront_function_4.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS CloudFront Functions to retrieve detailed information + about each function, including its ARN, stage, status, and more. ID: aws_cloudfront_function_4 -Title: "List of AWS CloudFront Functions with Detailed Information" -Description: "Allows users to query AWS CloudFront Functions to retrieve detailed information about each function, including its ARN, stage, status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - function_metadata ->> 'Stage' as stage, - status, - function_metadata ->> 'LastModifiedTime' as last_modified_time - from - aws_cloudfront_function - where - (function_metadata ->> 'LastModifiedTime')::timestamp >= (now() - interval '1' hour) - order by - function_metadata ->> 'LastModifiedTime' DESC; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n function_metadata ->> 'Stage' as stage,\n\ + \ status,\n function_metadata ->> 'LastModifiedTime' as last_modified_time\n\ + from\n aws_cloudfront_function\nwhere\n (function_metadata ->> 'LastModifiedTime')::timestamp\ + \ >= (now() - interval '1' hour)\norder by\n function_metadata ->> 'LastModifiedTime'\ + \ DESC;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFront +Title: List of AWS CloudFront Functions with Detailed Information diff --git a/queries/aws_cloudfront_origin_access_identity_1.yaml b/queries/aws_cloudfront_origin_access_identity_1.yaml index b496f852b..79a004948 100755 --- a/queries/aws_cloudfront_origin_access_identity_1.yaml +++ b/queries/aws_cloudfront_origin_access_identity_1.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS CloudFront Origin Access Identity to fetch + detailed information about each identity, including its ID, S3 canonical user ID, + caller reference, and associated comment. ID: aws_cloudfront_origin_access_identity_1 -Title: "Find AWS CloudFront Origin Access Identities and Details" -Description: "Allows users to query AWS CloudFront Origin Access Identity to fetch detailed information about each identity, including its ID, S3 canonical user ID, caller reference, and associated comment." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - arn, - comment, - s3_canonical_user_id, - etag - from - aws_cloudfront_origin_access_identity; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n arn,\n comment,\n s3_canonical_user_id,\n etag\n\ + from\n aws_cloudfront_origin_access_identity;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFront +Title: Find AWS CloudFront Origin Access Identities and Details diff --git a/queries/aws_cloudfront_origin_access_identity_2.yaml b/queries/aws_cloudfront_origin_access_identity_2.yaml index 40537a949..821c42d9b 100755 --- a/queries/aws_cloudfront_origin_access_identity_2.yaml +++ b/queries/aws_cloudfront_origin_access_identity_2.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS CloudFront Origin Access Identity to fetch + detailed information about each identity, including its ID, S3 canonical user ID, + caller reference, and associated comment. ID: aws_cloudfront_origin_access_identity_2 -Title: "Find all AWS CloudFront Origin Access Identity details" -Description: "Allows users to query AWS CloudFront Origin Access Identity to fetch detailed information about each identity, including its ID, S3 canonical user ID, caller reference, and associated comment." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - arn, - comment, - caller_reference - from - aws_cloudfront_origin_access_identity - where - comment <> ''; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n arn,\n comment,\n caller_reference\nfrom\n \ + \ aws_cloudfront_origin_access_identity\nwhere\n comment <> '';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFront +Title: Find all AWS CloudFront Origin Access Identity details diff --git a/queries/aws_cloudfront_origin_request_policy_1.yaml b/queries/aws_cloudfront_origin_request_policy_1.yaml index ee2e25547..055929eb0 100755 --- a/queries/aws_cloudfront_origin_request_policy_1.yaml +++ b/queries/aws_cloudfront_origin_request_policy_1.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS CloudFront Origin Request Policies, providing + details about each policy such as ID, name, comment, cookies configuration, headers + configuration, query strings configuration, and more. ID: aws_cloudfront_origin_request_policy_1 -Title: "List all AWS CloudFront Origin Request Policies" -Description: "Allows users to query AWS CloudFront Origin Request Policies, providing details about each policy such as ID, name, comment, cookies configuration, headers configuration, query strings configuration, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - comment, - etag, - last_modified_time - from - aws_cloudfront_origin_request_policy; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n comment,\n etag,\n last_modified_time\n\ + from\n aws_cloudfront_origin_request_policy;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFront +Title: List all AWS CloudFront Origin Request Policies diff --git a/queries/aws_cloudfront_origin_request_policy_2.yaml b/queries/aws_cloudfront_origin_request_policy_2.yaml index 232c1e5bb..05c1c2ca0 100755 --- a/queries/aws_cloudfront_origin_request_policy_2.yaml +++ b/queries/aws_cloudfront_origin_request_policy_2.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS CloudFront Origin Request Policies, providing + details about each policy such as ID, name, comment, cookies configuration, headers + configuration, query strings configuration, and more. ID: aws_cloudfront_origin_request_policy_2 -Title: "List all AWS CloudFront Origin Request Policies" -Description: "Allows users to query AWS CloudFront Origin Request Policies, providing details about each policy such as ID, name, comment, cookies configuration, headers configuration, query strings configuration, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - headers_config ->> 'HeaderBehavior' as header_behavior, - headers_config ->> 'Headers' as headers - from - aws_cloudfront_origin_request_policy; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n headers_config ->> 'HeaderBehavior' as\ + \ header_behavior,\n headers_config ->> 'Headers' as headers\nfrom\n aws_cloudfront_origin_request_policy;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFront +Title: List all AWS CloudFront Origin Request Policies diff --git a/queries/aws_cloudfront_response_headers_policy_1.yaml b/queries/aws_cloudfront_response_headers_policy_1.yaml index 32661080a..087f7b2c6 100755 --- a/queries/aws_cloudfront_response_headers_policy_1.yaml +++ b/queries/aws_cloudfront_response_headers_policy_1.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS CloudFront Response Headers Policies, providing + information about the policy configurations that determine the headers CloudFront + includes in HTTP responses. ID: aws_cloudfront_response_headers_policy_1 -Title: "List all AWS CloudFront Response Headers Policies" -Description: "Allows users to query AWS CloudFront Response Headers Policies, providing information about the policy configurations that determine the headers CloudFront includes in HTTP responses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - response_headers_policy_config ->> 'Comment' as description, - type, - last_modified_time - from - aws_cloudfront_response_headers_policy; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n response_headers_policy_config ->> 'Comment'\ + \ as description,\n type,\n last_modified_time\nfrom\n aws_cloudfront_response_headers_policy;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFront +Title: List all AWS CloudFront Response Headers Policies diff --git a/queries/aws_cloudfront_response_headers_policy_2.yaml b/queries/aws_cloudfront_response_headers_policy_2.yaml index e26e11058..45f5649d9 100755 --- a/queries/aws_cloudfront_response_headers_policy_2.yaml +++ b/queries/aws_cloudfront_response_headers_policy_2.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS CloudFront Response Headers Policies, providing + information about the policy configurations that determine the headers CloudFront + includes in HTTP responses. ID: aws_cloudfront_response_headers_policy_2 -Title: "Find AWS CloudFront Response Headers Policies" -Description: "Allows users to query AWS CloudFront Response Headers Policies, providing information about the policy configurations that determine the headers CloudFront includes in HTTP responses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - response_headers_policy_config ->> 'Comment' as description, - type, - last_modified_time - from - aws_cloudfront_response_headers_policy - where - type = 'custom'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n response_headers_policy_config ->> 'Comment'\ + \ as description,\n type,\n last_modified_time\nfrom\n aws_cloudfront_response_headers_policy\n\ + where\n type = 'custom';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFront +Title: Find AWS CloudFront Response Headers Policies diff --git a/queries/aws_cloudfront_response_headers_policy_3.yaml b/queries/aws_cloudfront_response_headers_policy_3.yaml index 421521e24..a59fb69c8 100755 --- a/queries/aws_cloudfront_response_headers_policy_3.yaml +++ b/queries/aws_cloudfront_response_headers_policy_3.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS CloudFront Response Headers Policies, providing + information about the policy configurations that determine the headers CloudFront + includes in HTTP responses. ID: aws_cloudfront_response_headers_policy_3 -Title: "Find AWS CloudFront Response Headers Policies Info" -Description: "Allows users to query AWS CloudFront Response Headers Policies, providing information about the policy configurations that determine the headers CloudFront includes in HTTP responses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - last_modified_time - from - aws_cloudfront_response_headers_policy - where - last_modified_time >= (now() - interval '1' hour) - order by - last_modified_time DESC; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n last_modified_time\nfrom\n aws_cloudfront_response_headers_policy\n\ + where\n last_modified_time >= (now() - interval '1' hour)\norder by\n last_modified_time\ + \ DESC;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudFront +Title: Find AWS CloudFront Response Headers Policies Info diff --git a/queries/aws_cloudsearch_domain_1.yaml b/queries/aws_cloudsearch_domain_1.yaml index d26a3026b..b0d6cec03 100755 --- a/queries/aws_cloudsearch_domain_1.yaml +++ b/queries/aws_cloudsearch_domain_1.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS CloudSearch Domain to retrieve detailed information + about each search domain configured within an AWS account. ID: aws_cloudsearch_domain_1 -Title: "List all AWS CloudSearch Domain Details" -Description: "Allows users to query AWS CloudSearch Domain to retrieve detailed information about each search domain configured within an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - domain_id, - arn, - created, - search_instance_type, - search_instance_count - from - aws_cloudsearch_domain; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n domain_id,\n arn,\n created,\n search_instance_type,\n\ + \ search_instance_count\nfrom\n aws_cloudsearch_domain;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudSearch +Title: List all AWS CloudSearch Domain Details diff --git a/queries/aws_cloudsearch_domain_2.yaml b/queries/aws_cloudsearch_domain_2.yaml index fd7b9a33c..574f3d274 100755 --- a/queries/aws_cloudsearch_domain_2.yaml +++ b/queries/aws_cloudsearch_domain_2.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query AWS CloudSearch Domain to retrieve detailed information + about each search domain configured within an AWS account. ID: aws_cloudsearch_domain_2 -Title: "List AWS CloudSearch Domains and Their Details" -Description: "Allows users to query AWS CloudSearch Domain to retrieve detailed information about each search domain configured within an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - domain_id, - arn, - created, - search_instance_type - from - aws_cloudsearch_domain - where - search_instance_type = 'search.small'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n domain_id,\n arn,\n created,\n search_instance_type\n\ + from\n aws_cloudsearch_domain\nwhere\n search_instance_type = 'search.small';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudSearch +Title: List AWS CloudSearch Domains and Their Details diff --git a/queries/aws_cloudsearch_domain_3.yaml b/queries/aws_cloudsearch_domain_3.yaml index 7d641bc25..29781676d 100755 --- a/queries/aws_cloudsearch_domain_3.yaml +++ b/queries/aws_cloudsearch_domain_3.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query AWS CloudSearch Domain to retrieve detailed information + about each search domain configured within an AWS account. ID: aws_cloudsearch_domain_3 -Title: "List All AWS CloudSearch Domains with Detailed Info" -Description: "Allows users to query AWS CloudSearch Domain to retrieve detailed information about each search domain configured within an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - domain_id, - search_service ->> 'Endpoint' as search_service_endpoint, - limits ->> 'MaximumPartitionCount' as maximum_partition_count, - limits ->> 'MaximumReplicationCount' as maximum_replication_count - from - aws_cloudsearch_domain; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n domain_id,\n search_service ->> 'Endpoint'\ + \ as search_service_endpoint,\n limits ->> 'MaximumPartitionCount' as maximum_partition_count,\n\ + \ limits ->> 'MaximumReplicationCount' as maximum_replication_count\nfrom\n \ + \ aws_cloudsearch_domain;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudSearch +Title: List All AWS CloudSearch Domains with Detailed Info diff --git a/queries/aws_cloudtrail_channel_1.yaml b/queries/aws_cloudtrail_channel_1.yaml index 3baeeb48a..5602ff64a 100755 --- a/queries/aws_cloudtrail_channel_1.yaml +++ b/queries/aws_cloudtrail_channel_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS CloudTrail Channel data, including trail configurations, + status, and associated metadata. ID: aws_cloudtrail_channel_1 -Title: "Find AWS CloudTrail Channel Configurations with SQL" -Description: "Allows users to query AWS CloudTrail Channel data, including trail configurations, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - source, - apply_to_all_regions - from - aws_cloudtrail_channel; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n source,\n apply_to_all_regions\nfrom\n\ + \ aws_cloudtrail_channel;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: Find AWS CloudTrail Channel Configurations with SQL diff --git a/queries/aws_cloudtrail_channel_2.yaml b/queries/aws_cloudtrail_channel_2.yaml index 652886899..742d988b7 100755 --- a/queries/aws_cloudtrail_channel_2.yaml +++ b/queries/aws_cloudtrail_channel_2.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS CloudTrail Channel data, including trail configurations, + status, and associated metadata. ID: aws_cloudtrail_channel_2 -Title: "List all AWS CloudTrail Channel data and configurations" -Description: "Allows users to query AWS CloudTrail Channel data, including trail configurations, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - source, - apply_to_all_regions, - advanced_event_selectors - from - aws_cloudtrail_channel - where - not apply_to_all_regions; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n source,\n apply_to_all_regions,\n \ + \ advanced_event_selectors\nfrom\n aws_cloudtrail_channel\nwhere\n not apply_to_all_regions;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: List all AWS CloudTrail Channel data and configurations diff --git a/queries/aws_cloudtrail_channel_3.yaml b/queries/aws_cloudtrail_channel_3.yaml index 488aaa644..19c87e5d3 100755 --- a/queries/aws_cloudtrail_channel_3.yaml +++ b/queries/aws_cloudtrail_channel_3.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS CloudTrail Channel data, including trail configurations, + status, and associated metadata. ID: aws_cloudtrail_channel_3 -Title: "List all AWS CloudTrail Channel Data and Metadata" -Description: "Allows users to query AWS CloudTrail Channel data, including trail configurations, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - a ->> 'Name' as advanced_event_selector_name, - a ->> 'FieldSelectors' as field_selectors - from - aws_cloudtrail_channel, - jsonb_array_elements(advanced_event_selectors) as a; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n a ->> 'Name' as advanced_event_selector_name,\n\ + \ a ->> 'FieldSelectors' as field_selectors\nfrom\n aws_cloudtrail_channel,\n\ + \ jsonb_array_elements(advanced_event_selectors) as a;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: List all AWS CloudTrail Channel Data and Metadata diff --git a/queries/aws_cloudtrail_event_data_store_1.yaml b/queries/aws_cloudtrail_event_data_store_1.yaml index e47f688df..04a817684 100755 --- a/queries/aws_cloudtrail_event_data_store_1.yaml +++ b/queries/aws_cloudtrail_event_data_store_1.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS CloudTrail Event Data, providing information + about API activity in AWS accounts. This includes details about API calls, logins, + and other events captured by AWS CloudTrail. ID: aws_cloudtrail_event_data_store_1 -Title: "List all AWS CloudTrail Event Data" -Description: "Allows users to query AWS CloudTrail Event Data, providing information about API activity in AWS accounts. This includes details about API calls, logins, and other events captured by AWS CloudTrail." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - status, - created_timestamp, - multi_region_enabled, - organization_enabled, - termination_protection_enabled - from - aws_cloudtrail_event_data_store; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n status,\n created_timestamp,\n multi_region_enabled,\n\ + \ organization_enabled,\n termination_protection_enabled\nfrom\n aws_cloudtrail_event_data_store;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: List all AWS CloudTrail Event Data diff --git a/queries/aws_cloudtrail_event_data_store_2.yaml b/queries/aws_cloudtrail_event_data_store_2.yaml index f3fb5f1bc..4f29e1ea8 100755 --- a/queries/aws_cloudtrail_event_data_store_2.yaml +++ b/queries/aws_cloudtrail_event_data_store_2.yaml @@ -1,34 +1,26 @@ +Description: Allows users to query AWS CloudTrail Event Data, providing information + about API activity in AWS accounts. This includes details about API calls, logins, + and other events captured by AWS CloudTrail. ID: aws_cloudtrail_event_data_store_2 -Title: "List API Activity in AWS Accounts with CloudTrail Data" -Description: "Allows users to query AWS CloudTrail Event Data, providing information about API activity in AWS accounts. This includes details about API calls, logins, and other events captured by AWS CloudTrail." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - status, - created_timestamp, - multi_region_enabled, - organization_enabled, - termination_protection_enabled - from - aws_cloudtrail_event_data_store - where - status <> 'ENABLED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n status,\n created_timestamp,\n multi_region_enabled,\n\ + \ organization_enabled,\n termination_protection_enabled\nfrom\n aws_cloudtrail_event_data_store\n\ + where\n status <> 'ENABLED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: List API Activity in AWS Accounts with CloudTrail Data diff --git a/queries/aws_cloudtrail_event_data_store_3.yaml b/queries/aws_cloudtrail_event_data_store_3.yaml index 4e302009f..9add7b0c7 100755 --- a/queries/aws_cloudtrail_event_data_store_3.yaml +++ b/queries/aws_cloudtrail_event_data_store_3.yaml @@ -1,34 +1,26 @@ +Description: Allows users to query AWS CloudTrail Event Data, providing information + about API activity in AWS accounts. This includes details about API calls, logins, + and other events captured by AWS CloudTrail. ID: aws_cloudtrail_event_data_store_3 -Title: "List all AWS CloudTrail Event Data and API Activity" -Description: "Allows users to query AWS CloudTrail Event Data, providing information about API activity in AWS accounts. This includes details about API calls, logins, and other events captured by AWS CloudTrail." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - status, - created_timestamp, - multi_region_enabled, - organization_enabled, - termination_protection_enabled - from - aws_cloudtrail_event_data_store - where - not termination_protection_enabled; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n status,\n created_timestamp,\n multi_region_enabled,\n\ + \ organization_enabled,\n termination_protection_enabled\nfrom\n aws_cloudtrail_event_data_store\n\ + where\n not termination_protection_enabled;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: List all AWS CloudTrail Event Data and API Activity diff --git a/queries/aws_cloudtrail_import_1.yaml b/queries/aws_cloudtrail_import_1.yaml index 78a6cbaa2..4c4e4d624 100755 --- a/queries/aws_cloudtrail_import_1.yaml +++ b/queries/aws_cloudtrail_import_1.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS CloudTrail imports to extract data about imported + trail files such as the file name, import time, hash value, and more. ID: aws_cloudtrail_import_1 -Title: "Find all imported trail files from AWS CloudTrail" -Description: "Allows users to query AWS CloudTrail imports to extract data about imported trail files such as the file name, import time, hash value, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - import_id, - created_timestamp, - import_status, - destinations - from - aws_cloudtrail_import; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n import_id,\n created_timestamp,\n import_status,\n\ + \ destinations\nfrom\n aws_cloudtrail_import;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: Find all imported trail files from AWS CloudTrail diff --git a/queries/aws_cloudtrail_import_2.yaml b/queries/aws_cloudtrail_import_2.yaml index 6b6c86bfd..44ccb9420 100755 --- a/queries/aws_cloudtrail_import_2.yaml +++ b/queries/aws_cloudtrail_import_2.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS CloudTrail imports to extract data about imported + trail files such as the file name, import time, hash value, and more. ID: aws_cloudtrail_import_2 -Title: "List AWS CloudTrail Imports and Their Details" -Description: "Allows users to query AWS CloudTrail imports to extract data about imported trail files such as the file name, import time, hash value, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - import_id, - created_timestamp, - import_source - from - aws_cloudtrail_import - where - import_status <> 'COMPLETED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n import_id,\n created_timestamp,\n import_source\nfrom\n\ + \ aws_cloudtrail_import\nwhere\n import_status <> 'COMPLETED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: List AWS CloudTrail Imports and Their Details diff --git a/queries/aws_cloudtrail_import_3.yaml b/queries/aws_cloudtrail_import_3.yaml index a94dd2f28..a2483ce62 100755 --- a/queries/aws_cloudtrail_import_3.yaml +++ b/queries/aws_cloudtrail_import_3.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS CloudTrail imports to extract data about imported + trail files such as the file name, import time, hash value, and more. ID: aws_cloudtrail_import_3 -Title: "List all AWS CloudTrail Import Details" -Description: "Allows users to query AWS CloudTrail imports to extract data about imported trail files such as the file name, import time, hash value, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - import_id, - created_timestamp, - import_status, - start_event_time, - end_event_time - from - aws_cloudtrail_import - where - created_timestamp >= now() - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n import_id,\n created_timestamp,\n import_status,\n\ + \ start_event_time,\n end_event_time\nfrom\n aws_cloudtrail_import\nwhere\n\ + \ created_timestamp >= now() - interval '30' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: List all AWS CloudTrail Import Details diff --git a/queries/aws_cloudtrail_import_4.yaml b/queries/aws_cloudtrail_import_4.yaml index 0da403c99..a09fb475a 100755 --- a/queries/aws_cloudtrail_import_4.yaml +++ b/queries/aws_cloudtrail_import_4.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS CloudTrail imports to extract data about imported + trail files such as the file name, import time, hash value, and more. ID: aws_cloudtrail_import_4 -Title: "Find all AWS CloudTrail import details using SQL" -Description: "Allows users to query AWS CloudTrail imports to extract data about imported trail files such as the file name, import time, hash value, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - import_id, - import_status, - import_source ->> 'S3BucketAccessRoleArn' as s3_bucket_access_role_arn, - import_source ->> 'S3BucketRegion' as s3_bucket_region, - import_source ->> 'S3LocationUri' as s3_location_uri - from - aws_cloudtrail_import; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n import_id,\n import_status,\n import_source ->> 'S3BucketAccessRoleArn'\ + \ as s3_bucket_access_role_arn,\n import_source ->> 'S3BucketRegion' as s3_bucket_region,\n\ + \ import_source ->> 'S3LocationUri' as s3_location_uri\nfrom\n aws_cloudtrail_import;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: Find all AWS CloudTrail import details using SQL diff --git a/queries/aws_cloudtrail_import_5.yaml b/queries/aws_cloudtrail_import_5.yaml index 2b31f8b96..8f92ce6ef 100755 --- a/queries/aws_cloudtrail_import_5.yaml +++ b/queries/aws_cloudtrail_import_5.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS CloudTrail imports to extract data about imported + trail files such as the file name, import time, hash value, and more. ID: aws_cloudtrail_import_5 -Title: "List all AWS CloudTrail import details" -Description: "Allows users to query AWS CloudTrail imports to extract data about imported trail files such as the file name, import time, hash value, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - import_id, - import_status, - import_statistics -> 'EventsCompleted' as events_completed, - import_statistics -> 'FailedEntries' as failed_entries, - import_statistics -> 'FilesCompleted' as files_completed, - import_statistics -> 'FilesCompleted' as prefixes_completed, - import_statistics -> 'PrefixesFound' as PrefixesFound - from - aws_cloudtrail_import; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n import_id,\n import_status,\n import_statistics ->\ + \ 'EventsCompleted' as events_completed,\n import_statistics -> 'FailedEntries'\ + \ as failed_entries,\n import_statistics -> 'FilesCompleted' as files_completed,\n\ + \ import_statistics -> 'FilesCompleted' as prefixes_completed,\n import_statistics\ + \ -> 'PrefixesFound' as PrefixesFound\nfrom\n aws_cloudtrail_import;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: List all AWS CloudTrail import details diff --git a/queries/aws_cloudtrail_lookup_event_1.yaml b/queries/aws_cloudtrail_lookup_event_1.yaml index 8a1c9e553..57032ccf2 100755 --- a/queries/aws_cloudtrail_lookup_event_1.yaml +++ b/queries/aws_cloudtrail_lookup_event_1.yaml @@ -1,33 +1,26 @@ +Description: Allows users to query AWS CloudTrail Lookup Events, providing information + about each trail event within AWS CloudTrail. The table can be used to retrieve + details such as the event time, event name, resources involved, and much more. ID: aws_cloudtrail_lookup_event_1 -Title: "Find AWS CloudTrail Lookup Events with SQL" -Description: "Allows users to query AWS CloudTrail Lookup Events, providing information about each trail event within AWS CloudTrail. The table can be used to retrieve details such as the event time, event name, resources involved, and much more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - event_name, - event_source, - event_time, - username, - jsonb_pretty(cloud_trail_event) as cloud_trail_event - from - aws_cloudtrail_lookup_event - where - start_time = now() - interval '5 minutes' - and end_time = now(); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n event_name,\n event_source,\n event_time,\n username,\n\ + \ jsonb_pretty(cloud_trail_event) as cloud_trail_event\nfrom\n aws_cloudtrail_lookup_event\n\ + where\n start_time = now() - interval '5 minutes'\n and end_time = now();" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: Find AWS CloudTrail Lookup Events with SQL diff --git a/queries/aws_cloudtrail_lookup_event_2.yaml b/queries/aws_cloudtrail_lookup_event_2.yaml index 7fc6df876..aec936300 100755 --- a/queries/aws_cloudtrail_lookup_event_2.yaml +++ b/queries/aws_cloudtrail_lookup_event_2.yaml @@ -1,34 +1,25 @@ +Description: Allows users to query AWS CloudTrail Lookup Events, providing information + about each trail event within AWS CloudTrail. The table can be used to retrieve + details such as the event time, event name, resources involved, and much more. ID: aws_cloudtrail_lookup_event_2 -Title: "Find AWS CloudTrail Lookup Events for Specific Trail Events" -Description: "Allows users to query AWS CloudTrail Lookup Events, providing information about each trail event within AWS CloudTrail. The table can be used to retrieve details such as the event time, event name, resources involved, and much more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - event_name, - event_source, - event_time, - username, - jsonb_pretty(cloud_trail_event) as cloud_trail_event - from - aws_cloudtrail_lookup_event - where - start_time = now() - and end_time = now() - interval '1 hour' - and read_only = 'true' - order by - event_time asc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n event_name,\n event_source,\n event_time,\n username,\n\ + \ jsonb_pretty(cloud_trail_event) as cloud_trail_event\nfrom\n aws_cloudtrail_lookup_event\n\ + where\n start_time = now()\n and end_time = now() - interval '1 hour'\n and\ + \ read_only = 'true'\norder by\n event_time asc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: Find AWS CloudTrail Lookup Events for Specific Trail Events diff --git a/queries/aws_cloudtrail_lookup_event_3.yaml b/queries/aws_cloudtrail_lookup_event_3.yaml index 9f7d2a689..8e22e288a 100755 --- a/queries/aws_cloudtrail_lookup_event_3.yaml +++ b/queries/aws_cloudtrail_lookup_event_3.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS CloudTrail Lookup Events, providing information + about each trail event within AWS CloudTrail. The table can be used to retrieve + details such as the event time, event name, resources involved, and much more. ID: aws_cloudtrail_lookup_event_3 -Title: "Find AWS CloudTrail Events with IAM Source" -Description: "Allows users to query AWS CloudTrail Lookup Events, providing information about each trail event within AWS CloudTrail. The table can be used to retrieve details such as the event time, event name, resources involved, and much more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - event_name, - event_source, - event_time, - jsonb_pretty(cloud_trail_event) as cloud_trail_event - from - aws_cloudtrail_lookup_event - where - and event_source = 'iam.amazonaws.com' - and event_time >= now() - interval '1 hour'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n event_name,\n event_source,\n event_time,\n jsonb_pretty(cloud_trail_event)\ + \ as cloud_trail_event\nfrom\n aws_cloudtrail_lookup_event\nwhere\n and event_source\ + \ = 'iam.amazonaws.com'\n and event_time >= now() - interval '1 hour';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: Find AWS CloudTrail Events with IAM Source diff --git a/queries/aws_cloudtrail_query_1.yaml b/queries/aws_cloudtrail_query_1.yaml index ef140bb52..d9213c373 100755 --- a/queries/aws_cloudtrail_query_1.yaml +++ b/queries/aws_cloudtrail_query_1.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS CloudTrail events for a detailed view of account + activity, including actions taken through the AWS Management Console, AWS SDKs, + command line tools, and other AWS services. ID: aws_cloudtrail_query_1 -Title: "Find AWS CloudTrail events for account activity" -Description: "Allows users to query AWS CloudTrail events for a detailed view of account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - query_id, - event_data_store_arn, - query_status, - query_status, - creation_time, - events_matched, - events_scanned - from - aws_cloudtrail_query; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n query_id,\n event_data_store_arn,\n query_status,\n\ + \ query_status,\n creation_time,\n events_matched,\n events_scanned\nfrom\n\ + \ aws_cloudtrail_query;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: Find AWS CloudTrail events for account activity diff --git a/queries/aws_cloudtrail_query_2.yaml b/queries/aws_cloudtrail_query_2.yaml index 9829bbb78..9735ead80 100755 --- a/queries/aws_cloudtrail_query_2.yaml +++ b/queries/aws_cloudtrail_query_2.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS CloudTrail events for a detailed view of account + activity, including actions taken through the AWS Management Console, AWS SDKs, + command line tools, and other AWS services. ID: aws_cloudtrail_query_2 -Title: "Find failed AWS CloudTrail queries using SQL" -Description: "Allows users to query AWS CloudTrail events for a detailed view of account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - query_id, - event_data_store_arn, - query_status, - creation_time, - query_string, - execution_time_in_millis - from - aws_cloudtrail_query - where - query_status = 'FAILED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n query_id,\n event_data_store_arn,\n query_status,\n\ + \ creation_time,\n query_string,\n execution_time_in_millis\nfrom\n aws_cloudtrail_query\n\ + where\n query_status = 'FAILED';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: Find failed AWS CloudTrail queries using SQL diff --git a/queries/aws_cloudtrail_query_3.yaml b/queries/aws_cloudtrail_query_3.yaml index 099942b68..e1ad93668 100755 --- a/queries/aws_cloudtrail_query_3.yaml +++ b/queries/aws_cloudtrail_query_3.yaml @@ -1,35 +1,29 @@ +Description: Allows users to query AWS CloudTrail events for a detailed view of account + activity, including actions taken through the AWS Management Console, AWS SDKs, + command line tools, and other AWS services. ID: aws_cloudtrail_query_3 -Title: "Find all AWS CloudTrail events account activity" -Description: "Allows users to query AWS CloudTrail events for a detailed view of account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - q.query_id as query_id, - q.event_data_store_arn as event_data_store_arn, - s.name as event_data_store_name, - s.status as event_data_store_status, - s.multi_region_enabled as multi_region_enabled, - s.termination_protection_enabled as termination_protection_enabled, - s.updated_timestamp as event_data_store_updated_timestamp - from - aws_cloudtrail_query as q, - aws_cloudtrail_event_data_store as s - where - s.arn = q.event_data_store_arn; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n q.query_id as query_id,\n q.event_data_store_arn as\ + \ event_data_store_arn,\n s.name as event_data_store_name,\n s.status as event_data_store_status,\n\ + \ s.multi_region_enabled as multi_region_enabled,\n s.termination_protection_enabled\ + \ as termination_protection_enabled,\n s.updated_timestamp as event_data_store_updated_timestamp\n\ + from\n aws_cloudtrail_query as q,\n aws_cloudtrail_event_data_store as s\nwhere\n\ + \ s.arn = q.event_data_store_arn;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: Find all AWS CloudTrail events account activity diff --git a/queries/aws_cloudtrail_query_4.yaml b/queries/aws_cloudtrail_query_4.yaml index c346b1b8a..ea7a731a7 100755 --- a/queries/aws_cloudtrail_query_4.yaml +++ b/queries/aws_cloudtrail_query_4.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS CloudTrail events for a detailed view of account + activity, including actions taken through the AWS Management Console, AWS SDKs, + command line tools, and other AWS services. ID: aws_cloudtrail_query_4 -Title: "Find all AWS CloudTrail events for account activities" -Description: "Allows users to query AWS CloudTrail events for a detailed view of account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - query_id, - event_data_store_arn, - query_status, - creation_time, - query_string, - execution_time_in_millis - from - aws_cloudtrail_query - where - creation_time <= now() - interval '3' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n query_id,\n event_data_store_arn,\n query_status,\n\ + \ creation_time,\n query_string,\n execution_time_in_millis\nfrom\n aws_cloudtrail_query\n\ + where\n creation_time <= now() - interval '3' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: Find all AWS CloudTrail events for account activities diff --git a/queries/aws_cloudtrail_trail_1.yaml b/queries/aws_cloudtrail_trail_1.yaml index a52827a14..e660498f9 100755 --- a/queries/aws_cloudtrail_trail_1.yaml +++ b/queries/aws_cloudtrail_trail_1.yaml @@ -1,26 +1,23 @@ +Description: Allows users to query AWS CloudTrail Trails for information about the + AWS CloudTrail service''s trail records. This includes trail configuration details, + status, and associated metadata. ID: aws_cloudtrail_trail_1 -Title: "List all AWS CloudTrail Trail Records" -Description: "Allows users to query AWS CloudTrail Trails for information about the AWS CloudTrail service''s trail records. This includes trail configuration details, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - home_region, - is_multi_region_trail - from - aws_cloudtrail_trail - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n home_region,\n is_multi_region_trail\nfrom\n\ + \ aws_cloudtrail_trail" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: List all AWS CloudTrail Trail Records diff --git a/queries/aws_cloudtrail_trail_2.yaml b/queries/aws_cloudtrail_trail_2.yaml index 519f32843..73a451859 100755 --- a/queries/aws_cloudtrail_trail_2.yaml +++ b/queries/aws_cloudtrail_trail_2.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS CloudTrail Trails for information about the + AWS CloudTrail service''s trail records. This includes trail configuration details, + status, and associated metadata. ID: aws_cloudtrail_trail_2 -Title: "List all AWS CloudTrail Trails with Trail Records" -Description: "Allows users to query AWS CloudTrail Trails for information about the AWS CloudTrail service''s trail records. This includes trail configuration details, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - kms_key_id - from - aws_cloudtrail_trail - where - kms_key_id is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n kms_key_id\nfrom\n aws_cloudtrail_trail\nwhere\n\ + \ kms_key_id is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: List all AWS CloudTrail Trails with Trail Records diff --git a/queries/aws_cloudtrail_trail_3.yaml b/queries/aws_cloudtrail_trail_3.yaml index c1480a1c4..35966ed27 100755 --- a/queries/aws_cloudtrail_trail_3.yaml +++ b/queries/aws_cloudtrail_trail_3.yaml @@ -1,29 +1,25 @@ +Description: Allows users to query AWS CloudTrail Trails for information about the + AWS CloudTrail service''s trail records. This includes trail configuration details, + status, and associated metadata. ID: aws_cloudtrail_trail_3 -Title: "Find AWS CloudTrail Trail and Public S3 Bucket Info" -Description: "Allows users to query AWS CloudTrail Trails for information about the AWS CloudTrail service''s trail records. This includes trail configuration details, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - trail.name as trail_name, - bucket.name as bucket_name, - bucket.bucket_policy_is_public as is_publicly_accessible - from - aws_cloudtrail_trail as trail - join aws_s3_bucket as bucket on trail.s3_bucket_name = bucket.name - where - bucket.bucket_policy_is_public; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n trail.name as trail_name,\n bucket.name as bucket_name,\n\ + \ bucket.bucket_policy_is_public as is_publicly_accessible\nfrom\n aws_cloudtrail_trail\ + \ as trail\n join aws_s3_bucket as bucket on trail.s3_bucket_name = bucket.name\n\ + where\n bucket.bucket_policy_is_public;" Tags: cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: Find AWS CloudTrail Trail and Public S3 Bucket Info diff --git a/queries/aws_cloudtrail_trail_4.yaml b/queries/aws_cloudtrail_trail_4.yaml index 45ff8d747..dec72ee3d 100755 --- a/queries/aws_cloudtrail_trail_4.yaml +++ b/queries/aws_cloudtrail_trail_4.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS CloudTrail Trails for information about the + AWS CloudTrail service''s trail records. This includes trail configuration details, + status, and associated metadata. ID: aws_cloudtrail_trail_4 -Title: "List all AWS CloudTrail Trails with Bucket Details" -Description: "Allows users to query AWS CloudTrail Trails for information about the AWS CloudTrail service''s trail records. This includes trail configuration details, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - trail.name as trail_name, - bucket.name as bucket_name, - logging - from - aws_cloudtrail_trail as trail - join aws_s3_bucket as bucket on trail.s3_bucket_name = bucket.name - where - not versioning_enabled; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n trail.name as trail_name,\n bucket.name as bucket_name,\n\ + \ logging\nfrom\n aws_cloudtrail_trail as trail\n join aws_s3_bucket as bucket\ + \ on trail.s3_bucket_name = bucket.name\nwhere\n not versioning_enabled;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS CloudTrail +Title: List all AWS CloudTrail Trails with Bucket Details diff --git a/queries/aws_cloudtrail_trail_5.yaml b/queries/aws_cloudtrail_trail_5.yaml index 6497ca674..c176118f5 100755 --- a/queries/aws_cloudtrail_trail_5.yaml +++ b/queries/aws_cloudtrail_trail_5.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS CloudTrail Trails for information about the + AWS CloudTrail service''s trail records. This includes trail configuration details, + status, and associated metadata. ID: aws_cloudtrail_trail_5 -Title: "List all AWS CloudTrail Trails configuration and metadata" -Description: "Allows users to query AWS CloudTrail Trails for information about the AWS CloudTrail service''s trail records. This includes trail configuration details, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - is_logging - from - aws_cloudtrail_trail - where - not is_logging; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n is_logging\nfrom\n aws_cloudtrail_trail\nwhere\n\ + \ not is_logging;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: List all AWS CloudTrail Trails configuration and metadata diff --git a/queries/aws_cloudtrail_trail_6.yaml b/queries/aws_cloudtrail_trail_6.yaml index 933b01ef3..4da1b8a45 100755 --- a/queries/aws_cloudtrail_trail_6.yaml +++ b/queries/aws_cloudtrail_trail_6.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS CloudTrail Trails for information about the + AWS CloudTrail service''s trail records. This includes trail configuration details, + status, and associated metadata. ID: aws_cloudtrail_trail_6 -Title: "List all AWS CloudTrail Trails and their Status" -Description: "Allows users to query AWS CloudTrail Trails for information about the AWS CloudTrail service''s trail records. This includes trail configuration details, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - log_file_validation_enabled - from - aws_cloudtrail_trail - where - not log_file_validation_enabled; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n log_file_validation_enabled\nfrom\n\ + \ aws_cloudtrail_trail\nwhere\n not log_file_validation_enabled;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: List all AWS CloudTrail Trails and their Status diff --git a/queries/aws_cloudtrail_trail_7.yaml b/queries/aws_cloudtrail_trail_7.yaml index 8bc27fe26..4e78d7792 100755 --- a/queries/aws_cloudtrail_trail_7.yaml +++ b/queries/aws_cloudtrail_trail_7.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS CloudTrail Trails for information about the + AWS CloudTrail service''s trail records. This includes trail configuration details, + status, and associated metadata. ID: aws_cloudtrail_trail_7 -Title: "List AWS CloudTrail Trails with Multi-Region Configuration" -Description: "Allows users to query AWS CloudTrail Trails for information about the AWS CloudTrail service''s trail records. This includes trail configuration details, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - region, - home_region - from - aws_cloudtrail_trail - where - is_multi_region_trail - and home_region <> region; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n region,\n home_region\nfrom\n aws_cloudtrail_trail\n\ + where\n is_multi_region_trail\n and home_region <> region;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: List AWS CloudTrail Trails with Multi-Region Configuration diff --git a/queries/aws_cloudtrail_trail_event_1.yaml b/queries/aws_cloudtrail_trail_event_1.yaml index b2b279aff..37f6480d8 100755 --- a/queries/aws_cloudtrail_trail_event_1.yaml +++ b/queries/aws_cloudtrail_trail_event_1.yaml @@ -1,35 +1,27 @@ +Description: Allows users to query AWS CloudTrail Events, providing information about + each trail event within AWS CloudTrail. The table can be used to retrieve details + such as the event time, event name, resources involved, and much more. ID: aws_cloudtrail_trail_event_1 -Title: "Find AWS CloudTrail Events with Details in Table Format" -Description: "Allows users to query AWS CloudTrail Events, providing information about each trail event within AWS CloudTrail. The table can be used to retrieve details such as the event time, event name, resources involved, and much more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - event_name, - event_source, - event_time, - user_type, - username, - user_identifier, - jsonb_pretty(response_elements) as response_elements - from - aws_cloudtrail_trail_event - where - log_group_name = 'aws-cloudtrail-log-group-name' - and timestamp >= now() - interval '5 minutes'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n event_name,\n event_source,\n event_time,\n user_type,\n\ + \ username,\n user_identifier,\n jsonb_pretty(response_elements) as response_elements\n\ + from\n aws_cloudtrail_trail_event\nwhere\n log_group_name = 'aws-cloudtrail-log-group-name'\n\ + \ and timestamp >= now() - interval '5 minutes';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: Find AWS CloudTrail Events with Details in Table Format diff --git a/queries/aws_cloudtrail_trail_event_2.yaml b/queries/aws_cloudtrail_trail_event_2.yaml index e87013c65..f9939fd66 100755 --- a/queries/aws_cloudtrail_trail_event_2.yaml +++ b/queries/aws_cloudtrail_trail_event_2.yaml @@ -1,35 +1,26 @@ +Description: Allows users to query AWS CloudTrail Events, providing information about + each trail event within AWS CloudTrail. The table can be used to retrieve details + such as the event time, event name, resources involved, and much more. ID: aws_cloudtrail_trail_event_2 -Title: "Find CloudTrail Events in AWS with Event Details" -Description: "Allows users to query AWS CloudTrail Events, providing information about each trail event within AWS CloudTrail. The table can be used to retrieve details such as the event time, event name, resources involved, and much more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - event_name, - event_source, - event_time, - user_type, - username, - user_identifier, - jsonb_pretty(response_elements) as response_elements - from - aws_cloudtrail_trail_event - where - log_group_name = 'aws-cloudtrail-log-group-name' - and timestamp between (now() - interval '10 minutes') and (now() - interval '5 minutes') - order by - event_time asc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n event_name,\n event_source,\n event_time,\n user_type,\n\ + \ username,\n user_identifier,\n jsonb_pretty(response_elements) as response_elements\n\ + from\n aws_cloudtrail_trail_event\nwhere\n log_group_name = 'aws-cloudtrail-log-group-name'\n\ + \ and timestamp between (now() - interval '10 minutes') and (now() - interval\ + \ '5 minutes')\norder by\n event_time asc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: Find CloudTrail Events in AWS with Event Details diff --git a/queries/aws_cloudtrail_trail_event_3.yaml b/queries/aws_cloudtrail_trail_event_3.yaml index 5d2ab506d..c1c4b4461 100755 --- a/queries/aws_cloudtrail_trail_event_3.yaml +++ b/queries/aws_cloudtrail_trail_event_3.yaml @@ -1,38 +1,28 @@ +Description: Allows users to query AWS CloudTrail Events, providing information about + each trail event within AWS CloudTrail. The table can be used to retrieve details + such as the event time, event name, resources involved, and much more. ID: aws_cloudtrail_trail_event_3 -Title: "Query AWS CloudTrail Events within AWS CloudTrail" -Description: "Allows users to query AWS CloudTrail Events, providing information about each trail event within AWS CloudTrail. The table can be used to retrieve details such as the event time, event name, resources involved, and much more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - event_name, - event_source, - event_time, - user_type, - username, - user_identifier, - jsonb_pretty(response_elements) as response_elements - from - aws_cloudtrail_trail_event - where - log_group_name = 'aws-cloudtrail-log-group-name' - and not read_only - and timestamp >= now() - interval '1 hour' - order by - event_time asc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n event_name,\n event_source,\n event_time,\n user_type,\n\ + \ username,\n user_identifier,\n jsonb_pretty(response_elements) as response_elements\n\ + from\n aws_cloudtrail_trail_event\nwhere\n log_group_name = 'aws-cloudtrail-log-group-name'\n\ + \ and not read_only\n and timestamp >= now() - interval '1 hour'\norder by\n\ + \ event_time asc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: Query AWS CloudTrail Events within AWS CloudTrail diff --git a/queries/aws_cloudtrail_trail_event_4.yaml b/queries/aws_cloudtrail_trail_event_4.yaml index e992948c4..1df5cd6b8 100755 --- a/queries/aws_cloudtrail_trail_event_4.yaml +++ b/queries/aws_cloudtrail_trail_event_4.yaml @@ -1,36 +1,27 @@ +Description: Allows users to query AWS CloudTrail Events, providing information about + each trail event within AWS CloudTrail. The table can be used to retrieve details + such as the event time, event name, resources involved, and much more. ID: aws_cloudtrail_trail_event_4 -Title: "Find AWS CloudTrail Events with Detailed Information" -Description: "Allows users to query AWS CloudTrail Events, providing information about each trail event within AWS CloudTrail. The table can be used to retrieve details such as the event time, event name, resources involved, and much more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - event_name, - event_source, - event_time, - user_type, - user_identifier, - jsonb_pretty(request_parameters) as request_parameters, - jsonb_pretty(response_elements) as response_elements - from - aws_cloudtrail_trail_event - where - log_group_name = 'aws-cloudtrail-log-group-name' - and event_source = 'iam.amazonaws.com' - and timestamp >= now() - interval '1 hour' - order by - event_time asc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n event_name,\n event_source,\n event_time,\n user_type,\n\ + \ user_identifier,\n jsonb_pretty(request_parameters) as request_parameters,\n\ + \ jsonb_pretty(response_elements) as response_elements\nfrom\n aws_cloudtrail_trail_event\n\ + where\n log_group_name = 'aws-cloudtrail-log-group-name'\n and event_source\ + \ = 'iam.amazonaws.com'\n and timestamp >= now() - interval '1 hour'\norder by\n\ + \ event_time asc;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: Find AWS CloudTrail Events with Detailed Information diff --git a/queries/aws_cloudtrail_trail_event_5.yaml b/queries/aws_cloudtrail_trail_event_5.yaml index e8e018019..d3822fa55 100755 --- a/queries/aws_cloudtrail_trail_event_5.yaml +++ b/queries/aws_cloudtrail_trail_event_5.yaml @@ -1,35 +1,24 @@ +Description: Allows users to query AWS CloudTrail Events, providing information about + each trail event within AWS CloudTrail. The table can be used to retrieve details + such as the event time, event name, resources involved, and much more. ID: aws_cloudtrail_trail_event_5 -Title: "Find AWS CloudTrail Events with Detailed Information" -Description: "Allows users to query AWS CloudTrail Events, providing information about each trail event within AWS CloudTrail. The table can be used to retrieve details such as the event time, event name, resources involved, and much more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - event_name, - event_source, - event_time, - user_type, - username, - user_identifier, - jsonb_pretty(request_parameters) as request_parameters, - jsonb_pretty(response_elements) as response_elements - from - aws_cloudtrail_trail_event - where - log_group_name = 'aws-cloudtrail-log-group-name' - and username = 'steampipe' - and timestamp >= now() - interval '1 hour' - order by - event_time asc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n event_name,\n event_source,\n event_time,\n user_type,\n\ + \ username,\n user_identifier,\n jsonb_pretty(request_parameters) as request_parameters,\n\ + \ jsonb_pretty(response_elements) as response_elements\nfrom\n aws_cloudtrail_trail_event\n\ + where\n log_group_name = 'aws-cloudtrail-log-group-name'\n and username = 'steampipe'\n\ + \ and timestamp >= now() - interval '1 hour'\norder by\n event_time asc;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: Find AWS CloudTrail Events with Detailed Information diff --git a/queries/aws_cloudtrail_trail_event_6.yaml b/queries/aws_cloudtrail_trail_event_6.yaml index 799950e1e..60cfd14fd 100755 --- a/queries/aws_cloudtrail_trail_event_6.yaml +++ b/queries/aws_cloudtrail_trail_event_6.yaml @@ -1,37 +1,26 @@ +Description: Allows users to query AWS CloudTrail Events, providing information about + each trail event within AWS CloudTrail. The table can be used to retrieve details + such as the event time, event name, resources involved, and much more. ID: aws_cloudtrail_trail_event_6 -Title: "Find AWS CloudTrail Events within AWS CloudTrail" -Description: "Allows users to query AWS CloudTrail Events, providing information about each trail event within AWS CloudTrail. The table can be used to retrieve details such as the event time, event name, resources involved, and much more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - event_name, - event_source, - event_time, - user_type, - username, - user_identifier, - jsonb_pretty(request_parameters) as request_parameters, - jsonb_pretty(response_elements) as response_elements - from - aws_cloudtrail_trail_event - where - log_group_name = 'aws-cloudtrail-log-group-name' - and user_type = 'IAMUser' - and timestamp >= now() - interval '1 hour' - order by - event_time asc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n event_name,\n event_source,\n event_time,\n user_type,\n\ + \ username,\n user_identifier,\n jsonb_pretty(request_parameters) as request_parameters,\n\ + \ jsonb_pretty(response_elements) as response_elements\nfrom\n aws_cloudtrail_trail_event\n\ + where\n log_group_name = 'aws-cloudtrail-log-group-name'\n and user_type = 'IAMUser'\n\ + \ and timestamp >= now() - interval '1 hour'\norder by\n event_time asc;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: Find AWS CloudTrail Events within AWS CloudTrail diff --git a/queries/aws_cloudtrail_trail_event_7.yaml b/queries/aws_cloudtrail_trail_event_7.yaml index 8b37fa5f6..321079891 100755 --- a/queries/aws_cloudtrail_trail_event_7.yaml +++ b/queries/aws_cloudtrail_trail_event_7.yaml @@ -1,37 +1,26 @@ +Description: Allows users to query AWS CloudTrail Events, providing information about + each trail event within AWS CloudTrail. The table can be used to retrieve details + such as the event time, event name, resources involved, and much more. ID: aws_cloudtrail_trail_event_7 -Title: "List all AWS CloudTrail Events using SQL Queries" -Description: "Allows users to query AWS CloudTrail Events, providing information about each trail event within AWS CloudTrail. The table can be used to retrieve details such as the event time, event name, resources involved, and much more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - event_name, - event_source, - event_time, - user_type, - username, - user_identifier, - jsonb_pretty(request_parameters) as request_parameters, - jsonb_pretty(response_elements) as response_elements - from - aws_cloudtrail_trail_event - where - log_group_name = 'aws-cloudtrail-log-group-name' - and user_type = 'AssumedRole' - and timestamp >= now() - interval '1 hour' - order by - event_time asc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n event_name,\n event_source,\n event_time,\n user_type,\n\ + \ username,\n user_identifier,\n jsonb_pretty(request_parameters) as request_parameters,\n\ + \ jsonb_pretty(response_elements) as response_elements\nfrom\n aws_cloudtrail_trail_event\n\ + where\n log_group_name = 'aws-cloudtrail-log-group-name'\n and user_type = 'AssumedRole'\n\ + \ and timestamp >= now() - interval '1 hour'\norder by\n event_time asc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: List all AWS CloudTrail Events using SQL Queries diff --git a/queries/aws_cloudtrail_trail_event_8.yaml b/queries/aws_cloudtrail_trail_event_8.yaml index 462b738bf..4498179f3 100755 --- a/queries/aws_cloudtrail_trail_event_8.yaml +++ b/queries/aws_cloudtrail_trail_event_8.yaml @@ -1,39 +1,27 @@ +Description: Allows users to query AWS CloudTrail Events, providing information about + each trail event within AWS CloudTrail. The table can be used to retrieve details + such as the event time, event name, resources involved, and much more. ID: aws_cloudtrail_trail_event_8 -Title: "Find AWS CloudTrail Events With Errors From Last Hour" -Description: "Allows users to query AWS CloudTrail Events, providing information about each trail event within AWS CloudTrail. The table can be used to retrieve details such as the event time, event name, resources involved, and much more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - event_name, - event_source, - event_time, - error_code, - error_message, - user_type, - username, - user_identifier, - jsonb_pretty(request_parameters) as request_parameters, - jsonb_pretty(response_elements) as response_elements - from - aws_cloudtrail_trail_event - where - log_group_name = 'aws-cloudtrail-log-group-name' - and error_code is not null - and timestamp >= now() - interval '1 hour' - order by - event_time asc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n event_name,\n event_source,\n event_time,\n error_code,\n\ + \ error_message,\n user_type,\n username,\n user_identifier,\n jsonb_pretty(request_parameters)\ + \ as request_parameters,\n jsonb_pretty(response_elements) as response_elements\n\ + from\n aws_cloudtrail_trail_event\nwhere\n log_group_name = 'aws-cloudtrail-log-group-name'\n\ + \ and error_code is not null\n and timestamp >= now() - interval '1 hour'\n\ + order by\n event_time asc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: Find AWS CloudTrail Events With Errors From Last Hour diff --git a/queries/aws_cloudtrail_trail_event_9.yaml b/queries/aws_cloudtrail_trail_event_9.yaml index db0fa273c..51ca071ba 100755 --- a/queries/aws_cloudtrail_trail_event_9.yaml +++ b/queries/aws_cloudtrail_trail_event_9.yaml @@ -1,39 +1,27 @@ +Description: Allows users to query AWS CloudTrail Events, providing information about + each trail event within AWS CloudTrail. The table can be used to retrieve details + such as the event time, event name, resources involved, and much more. ID: aws_cloudtrail_trail_event_9 -Title: "Find All AWS CloudTrail Events with Detailed Information" -Description: "Allows users to query AWS CloudTrail Events, providing information about each trail event within AWS CloudTrail. The table can be used to retrieve details such as the event time, event name, resources involved, and much more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - event_name, - event_source, - event_time, - error_code, - error_message, - user_type, - username, - user_identifier, - jsonb_pretty(request_parameters) as request_parameters, - jsonb_pretty(response_elements) as response_elements - from - aws_cloudtrail_trail_event - where - log_group_name = 'aws-cloudtrail-log-group-name' - and filter = '{ $.sourceIPAddress = 203.189.* }' - and timestamp >= now() - interval '1 hour' - order by - event_time asc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n event_name,\n event_source,\n event_time,\n error_code,\n\ + \ error_message,\n user_type,\n username,\n user_identifier,\n jsonb_pretty(request_parameters)\ + \ as request_parameters,\n jsonb_pretty(response_elements) as response_elements\n\ + from\n aws_cloudtrail_trail_event\nwhere\n log_group_name = 'aws-cloudtrail-log-group-name'\n\ + \ and filter = '{ $.sourceIPAddress = 203.189.* }'\n and timestamp >= now()\ + \ - interval '1 hour'\norder by\n event_time asc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudTrail +Title: Find All AWS CloudTrail Events with Detailed Information diff --git a/queries/aws_cloudwatch_alarm_1.yaml b/queries/aws_cloudwatch_alarm_1.yaml index 506959842..fdde04964 100755 --- a/queries/aws_cloudwatch_alarm_1.yaml +++ b/queries/aws_cloudwatch_alarm_1.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS CloudWatch Alarms, providing detailed information + about each alarm, including its configuration, state, and associated actions. ID: aws_cloudwatch_alarm_1 -Title: "List all AWS CloudWatch Alarms with Detailed Configuration" -Description: "Allows users to query AWS CloudWatch Alarms, providing detailed information about each alarm, including its configuration, state, and associated actions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - state_value, - metric_name, - actions_enabled, - comparison_operator, - namespace, - statistic - from - aws_cloudwatch_alarm; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n state_value,\n metric_name,\n actions_enabled,\n\ + \ comparison_operator,\n namespace,\n statistic\nfrom\n aws_cloudwatch_alarm;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: List all AWS CloudWatch Alarms with Detailed Configuration diff --git a/queries/aws_cloudwatch_alarm_2.yaml b/queries/aws_cloudwatch_alarm_2.yaml index 9b83a4215..fe8bf9ae2 100755 --- a/queries/aws_cloudwatch_alarm_2.yaml +++ b/queries/aws_cloudwatch_alarm_2.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS CloudWatch Alarms, providing detailed information + about each alarm, including its configuration, state, and associated actions. ID: aws_cloudwatch_alarm_2 -Title: "List AWS CloudWatch Alarms with Detailed Information" -Description: "Allows users to query AWS CloudWatch Alarms, providing detailed information about each alarm, including its configuration, state, and associated actions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - state_value, - state_reason - from - aws_cloudwatch_alarm - where - state_value = 'ALARM'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n state_value,\n state_reason\nfrom\n\ + \ aws_cloudwatch_alarm\nwhere\n state_value = 'ALARM';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: List AWS CloudWatch Alarms with Detailed Information diff --git a/queries/aws_cloudwatch_alarm_3.yaml b/queries/aws_cloudwatch_alarm_3.yaml index 21c89c132..f8e182d5d 100755 --- a/queries/aws_cloudwatch_alarm_3.yaml +++ b/queries/aws_cloudwatch_alarm_3.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS CloudWatch Alarms, providing detailed information + about each alarm, including its configuration, state, and associated actions. ID: aws_cloudwatch_alarm_3 -Title: "List all AWS CloudWatch Alarms with Details" -Description: "Allows users to query AWS CloudWatch Alarms, providing detailed information about each alarm, including its configuration, state, and associated actions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - actions_enabled, - alarm_actions - from - aws_cloudwatch_alarm - where - actions_enabled; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n actions_enabled,\n alarm_actions\nfrom\n aws_cloudwatch_alarm\n\ + where\n actions_enabled;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: List all AWS CloudWatch Alarms with Details diff --git a/queries/aws_cloudwatch_alarm_4.yaml b/queries/aws_cloudwatch_alarm_4.yaml index f4514730f..01f64a225 100755 --- a/queries/aws_cloudwatch_alarm_4.yaml +++ b/queries/aws_cloudwatch_alarm_4.yaml @@ -1,29 +1,20 @@ +Description: Allows users to query AWS CloudWatch Alarms, providing detailed information + about each alarm, including its configuration, state, and associated actions. ID: aws_cloudwatch_alarm_4 -Title: "List AWS CloudWatch Alarms with Metric Names" -Description: "Allows users to query AWS CloudWatch Alarms, providing detailed information about each alarm, including its configuration, state, and associated actions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - metric_name, - namespace, - period, - statistic, - dimensions - from - aws_cloudwatch_alarm - where - metric_name is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n metric_name,\n namespace,\n period,\n statistic,\n\ + \ dimensions\nfrom\n aws_cloudwatch_alarm\nwhere\n metric_name is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: List AWS CloudWatch Alarms with Metric Names diff --git a/queries/aws_cloudwatch_alarm_5.yaml b/queries/aws_cloudwatch_alarm_5.yaml index 4ad8209ad..24988ac45 100755 --- a/queries/aws_cloudwatch_alarm_5.yaml +++ b/queries/aws_cloudwatch_alarm_5.yaml @@ -1,31 +1,26 @@ +Description: Allows users to query AWS CloudWatch Alarms, providing detailed information + about each alarm, including its configuration, state, and associated actions. ID: aws_cloudwatch_alarm_5 -Title: "Query AWS CloudWatch Alarms for Detailed Information" -Description: "Allows users to query AWS CloudWatch Alarms, providing detailed information about each alarm, including its configuration, state, and associated actions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - metric ->> 'Id' as metric_id, - metric ->> 'Expression' as metric_expression, - metric -> 'MetricStat' -> 'Metric' ->> 'MetricName' as metric_name, - metric -> 'MetricStat' -> 'Metric' ->> 'Namespace' as metric_namespace, - metric -> 'MetricStat' -> 'Metric' ->> 'Dimensions' as metric_dimensions, - metric ->> 'ReturnData' as metric_return_data - from - aws_cloudwatch_alarm, - jsonb_array_elements(metrics) as metric; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n metric ->> 'Id' as metric_id,\n metric ->>\ + \ 'Expression' as metric_expression,\n metric -> 'MetricStat' -> 'Metric' ->>\ + \ 'MetricName' as metric_name,\n metric -> 'MetricStat' -> 'Metric' ->> 'Namespace'\ + \ as metric_namespace,\n metric -> 'MetricStat' -> 'Metric' ->> 'Dimensions'\ + \ as metric_dimensions,\n metric ->> 'ReturnData' as metric_return_data\nfrom\n\ + \ aws_cloudwatch_alarm,\n jsonb_array_elements(metrics) as metric;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: Query AWS CloudWatch Alarms for Detailed Information diff --git a/queries/aws_cloudwatch_log_event_1.yaml b/queries/aws_cloudwatch_log_event_1.yaml index e0449e8df..3ce659d41 100755 --- a/queries/aws_cloudwatch_log_event_1.yaml +++ b/queries/aws_cloudwatch_log_event_1.yaml @@ -1,32 +1,25 @@ +Description: Allows users to query AWS CloudWatch Log Events to retrieve information + about log events from a specified log group. Users can utilize this table to monitor + and troubleshoot systems and applications using their existing log data. ID: aws_cloudwatch_log_event_1 -Title: "List AWS CloudWatch Log Events for Monitoring" -Description: "Allows users to query AWS CloudWatch Log Events to retrieve information about log events from a specified log group. Users can utilize this table to monitor and troubleshoot systems and applications using their existing log data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - log_group_name, - log_stream_name, - event_id, - timestamp, - ingestion_time, - message - from - aws_cloudwatch_log_event - where - log_group_name = 'cloudwatch-log-event-group-name' - and timestamp >= now() - interval '5 minutes'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n log_group_name,\n log_stream_name,\n event_id,\n timestamp,\n\ + \ ingestion_time,\n message\nfrom\n aws_cloudwatch_log_event\nwhere\n log_group_name\ + \ = 'cloudwatch-log-event-group-name'\n and timestamp >= now() - interval '5\ + \ minutes';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: List AWS CloudWatch Log Events for Monitoring diff --git a/queries/aws_cloudwatch_log_event_2.yaml b/queries/aws_cloudwatch_log_event_2.yaml index d67fd1229..888496b76 100755 --- a/queries/aws_cloudwatch_log_event_2.yaml +++ b/queries/aws_cloudwatch_log_event_2.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS CloudWatch Log Events to retrieve information + about log events from a specified log group. Users can utilize this table to monitor + and troubleshoot systems and applications using their existing log data. ID: aws_cloudwatch_log_event_2 -Title: "List all AWS CloudWatch Log Events for Monitoring" -Description: "Allows users to query AWS CloudWatch Log Events to retrieve information about log events from a specified log group. Users can utilize this table to monitor and troubleshoot systems and applications using their existing log data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - log_group_name, - log_stream_name, - event_id, - timestamp, - ingestion_time, - message - from - aws_cloudwatch_log_event - where - log_group_name = 'cloudwatch-log-event-group-name' - and timestamp between (now() - interval '10 minutes') and (now() - interval '5 minutes') - order by - timestamp asc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n log_group_name,\n log_stream_name,\n event_id,\n timestamp,\n\ + \ ingestion_time,\n message\nfrom\n aws_cloudwatch_log_event\nwhere\n log_group_name\ + \ = 'cloudwatch-log-event-group-name'\n and timestamp between (now() - interval\ + \ '10 minutes') and (now() - interval '5 minutes')\norder by\n timestamp asc;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: List all AWS CloudWatch Log Events for Monitoring diff --git a/queries/aws_cloudwatch_log_event_3.yaml b/queries/aws_cloudwatch_log_event_3.yaml index 12a55314a..109ff0c5b 100755 --- a/queries/aws_cloudwatch_log_event_3.yaml +++ b/queries/aws_cloudwatch_log_event_3.yaml @@ -1,33 +1,25 @@ +Description: Allows users to query AWS CloudWatch Log Events to retrieve information + about log events from a specified log group. Users can utilize this table to monitor + and troubleshoot systems and applications using their existing log data. ID: aws_cloudwatch_log_event_3 -Title: "Find AWS CloudWatch Log Events to Monitor Systems" -Description: "Allows users to query AWS CloudWatch Log Events to retrieve information about log events from a specified log group. Users can utilize this table to monitor and troubleshoot systems and applications using their existing log data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - log_group_name, - log_stream_name, - event_id, - timestamp, - ingestion_time, - message - from - aws_cloudwatch_log_event - where - log_group_name = 'cloudwatch-log-event-group-name' - and filter = '{$.eventName="DescribeVpcs"}' - and timestamp >= now() - interval '1 hour'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n log_group_name,\n log_stream_name,\n event_id,\n timestamp,\n\ + \ ingestion_time,\n message\nfrom\n aws_cloudwatch_log_event\nwhere\n log_group_name\ + \ = 'cloudwatch-log-event-group-name'\n and filter = '{$.eventName=\"DescribeVpcs\"\ + }'\n and timestamp >= now() - interval '1 hour';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: Find AWS CloudWatch Log Events to Monitor Systems diff --git a/queries/aws_cloudwatch_log_event_4.yaml b/queries/aws_cloudwatch_log_event_4.yaml index 835e45ddb..de013c2d9 100755 --- a/queries/aws_cloudwatch_log_event_4.yaml +++ b/queries/aws_cloudwatch_log_event_4.yaml @@ -1,35 +1,28 @@ +Description: Allows users to query AWS CloudWatch Log Events to retrieve information + about log events from a specified log group. Users can utilize this table to monitor + and troubleshoot systems and applications using their existing log data. ID: aws_cloudwatch_log_event_4 -Title: "Query AWS CloudWatch Log Events for Unauthorized Access" -Description: "Allows users to query AWS CloudWatch Log Events to retrieve information about log events from a specified log group. Users can utilize this table to monitor and troubleshoot systems and applications using their existing log data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - log_group_name, - log_stream_name, - event_id, - timestamp, - ingestion_time, - message - from - aws_cloudwatch_log_event - where - log_group_name = 'cloudwatch-log-event-group-name' - and filter = '{ ($.errorCode = "*UnauthorizedOperation") || ($.errorCode = "AccessDenied*") }' - and timestamp >= now() - interval '1 hour'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n log_group_name,\n log_stream_name,\n event_id,\n timestamp,\n\ + \ ingestion_time,\n message\nfrom\n aws_cloudwatch_log_event\nwhere\n log_group_name\ + \ = 'cloudwatch-log-event-group-name'\n and filter = '{ ($.errorCode = \"*UnauthorizedOperation\"\ + ) || ($.errorCode = \"AccessDenied*\") }'\n and timestamp >= now() - interval\ + \ '1 hour';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: Query AWS CloudWatch Log Events for Unauthorized Access diff --git a/queries/aws_cloudwatch_log_event_5.yaml b/queries/aws_cloudwatch_log_event_5.yaml index 2e606a15c..77852b366 100755 --- a/queries/aws_cloudwatch_log_event_5.yaml +++ b/queries/aws_cloudwatch_log_event_5.yaml @@ -1,34 +1,28 @@ +Description: Allows users to query AWS CloudWatch Log Events to retrieve information + about log events from a specified log group. Users can utilize this table to monitor + and troubleshoot systems and applications using their existing log data. ID: aws_cloudwatch_log_event_5 -Title: "Find All AWS CloudWatch Log Events for Security Groups" -Description: "Allows users to query AWS CloudWatch Log Events to retrieve information about log events from a specified log group. Users can utilize this table to monitor and troubleshoot systems and applications using their existing log data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - log_group_name, - log_stream_name, - event_id, - timestamp, - ingestion_time, - message - from - aws_cloudwatch_log_event - where - log_group_name = 'cloudwatch-log-event-group-name' - and filter = '{($.eventName = AuthorizeSecurityGroupIngress) || ($.eventName = AuthorizeSecurityGroupEgress) || ($.eventName = RevokeSecurityGroupIngress) || ($.eventName = RevokeSecurityGroupEgress) || ($.eventName = CreateSecurityGroup) || ($.eventName = DeleteSecurityGroup)}' - and region = 'us-east-1' - and timestamp >= now() - interval '1 hour'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n log_group_name,\n log_stream_name,\n event_id,\n timestamp,\n\ + \ ingestion_time,\n message\nfrom\n aws_cloudwatch_log_event\nwhere\n log_group_name\ + \ = 'cloudwatch-log-event-group-name'\n and filter = '{($.eventName = AuthorizeSecurityGroupIngress)\ + \ || ($.eventName = AuthorizeSecurityGroupEgress) || ($.eventName = RevokeSecurityGroupIngress)\ + \ || ($.eventName = RevokeSecurityGroupEgress) || ($.eventName = CreateSecurityGroup)\ + \ || ($.eventName = DeleteSecurityGroup)}'\n and region = 'us-east-1'\n and\ + \ timestamp >= now() - interval '1 hour';" Tags: cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: Find All AWS CloudWatch Log Events for Security Groups diff --git a/queries/aws_cloudwatch_log_event_6.yaml b/queries/aws_cloudwatch_log_event_6.yaml index 33e230042..b3d094b13 100755 --- a/queries/aws_cloudwatch_log_event_6.yaml +++ b/queries/aws_cloudwatch_log_event_6.yaml @@ -1,33 +1,25 @@ +Description: Allows users to query AWS CloudWatch Log Events to retrieve information + about log events from a specified log group. Users can utilize this table to monitor + and troubleshoot systems and applications using their existing log data. ID: aws_cloudwatch_log_event_6 -Title: "List all AWS CloudWatch Log Events within 1 Day" -Description: "Allows users to query AWS CloudWatch Log Events to retrieve information about log events from a specified log group. Users can utilize this table to monitor and troubleshoot systems and applications using their existing log data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - log_group_name, - log_stream_name, - event_id, - timestamp, - ingestion_time, - message - from - aws_cloudwatch_log_event - where - log_group_name = 'cloudwatch-log-event-group-name' - and filter = '{$.userIdentity.sessionContext.sessionIssuer.userName="turbot_superuser"}' - and timestamp >= now() - interval '1 day'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n log_group_name,\n log_stream_name,\n event_id,\n timestamp,\n\ + \ ingestion_time,\n message\nfrom\n aws_cloudwatch_log_event\nwhere\n log_group_name\ + \ = 'cloudwatch-log-event-group-name'\n and filter = '{$.userIdentity.sessionContext.sessionIssuer.userName=\"\ + turbot_superuser\"}'\n and timestamp >= now() - interval '1 day';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: List all AWS CloudWatch Log Events within 1 Day diff --git a/queries/aws_cloudwatch_log_group_1.yaml b/queries/aws_cloudwatch_log_group_1.yaml index e8944d4e3..97a0d7646 100755 --- a/queries/aws_cloudwatch_log_group_1.yaml +++ b/queries/aws_cloudwatch_log_group_1.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS CloudWatch Log Groups and retrieve their attributes + such as ARN, creation time, stored bytes, metric filter count, and more. ID: aws_cloudwatch_log_group_1 -Title: "List AWS CloudWatch Log Groups Details Including Metrics" -Description: "Allows users to query AWS CloudWatch Log Groups and retrieve their attributes such as ARN, creation time, stored bytes, metric filter count, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - kms_key_id, - metric_filter_count, - retention_in_days - from - aws_cloudwatch_log_group - where - kms_key_id is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n kms_key_id,\n metric_filter_count,\n retention_in_days\n\ + from\n aws_cloudwatch_log_group\nwhere\n kms_key_id is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: List AWS CloudWatch Log Groups Details Including Metrics diff --git a/queries/aws_cloudwatch_log_group_2.yaml b/queries/aws_cloudwatch_log_group_2.yaml index 0e0fc8fc7..c38078c99 100755 --- a/queries/aws_cloudwatch_log_group_2.yaml +++ b/queries/aws_cloudwatch_log_group_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS CloudWatch Log Groups and retrieve their attributes + such as ARN, creation time, stored bytes, metric filter count, and more. ID: aws_cloudwatch_log_group_2 -Title: "Find AWS CloudWatch Log Groups with Retention Time < 7 Days" -Description: "Allows users to query AWS CloudWatch Log Groups and retrieve their attributes such as ARN, creation time, stored bytes, metric filter count, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - retention_in_days - from - aws_cloudwatch_log_group - where - retention_in_days < 7; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n retention_in_days\nfrom\n aws_cloudwatch_log_group\n\ + where\n retention_in_days < 7;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: Find AWS CloudWatch Log Groups with Retention Time < 7 Days diff --git a/queries/aws_cloudwatch_log_group_3.yaml b/queries/aws_cloudwatch_log_group_3.yaml index 3e0470b87..7cac42066 100755 --- a/queries/aws_cloudwatch_log_group_3.yaml +++ b/queries/aws_cloudwatch_log_group_3.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS CloudWatch Log Groups and retrieve their attributes + such as ARN, creation time, stored bytes, metric filter count, and more. ID: aws_cloudwatch_log_group_3 -Title: "Find AWS CloudWatch Log Groups and Their Attributes" -Description: "Allows users to query AWS CloudWatch Log Groups and retrieve their attributes such as ARN, creation time, stored bytes, metric filter count, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - groups.name as log_group_name, - metric.name as metric_filter_name, - metric.filter_pattern, - metric.metric_transformation_name, - metric.metric_transformation_value - from - aws_cloudwatch_log_group groups - join aws_cloudwatch_log_metric_filter metric on groups.name = metric.log_group_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n groups.name as log_group_name,\n metric.name as metric_filter_name,\n\ + \ metric.filter_pattern,\n metric.metric_transformation_name,\n metric.metric_transformation_value\n\ + from\n aws_cloudwatch_log_group groups\n join aws_cloudwatch_log_metric_filter\ + \ metric on groups.name = metric.log_group_name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: Find AWS CloudWatch Log Groups and Their Attributes diff --git a/queries/aws_cloudwatch_log_group_4.yaml b/queries/aws_cloudwatch_log_group_4.yaml index dd46c7eba..39b3f6c77 100755 --- a/queries/aws_cloudwatch_log_group_4.yaml +++ b/queries/aws_cloudwatch_log_group_4.yaml @@ -1,32 +1,28 @@ +Description: Allows users to query AWS CloudWatch Log Groups and retrieve their attributes + such as ARN, creation time, stored bytes, metric filter count, and more. ID: aws_cloudwatch_log_group_4 -Title: "Find AWS CloudWatch Log Groups and Retrieve Attributes" -Description: "Allows users to query AWS CloudWatch Log Groups and retrieve their attributes such as ARN, creation time, stored bytes, metric filter count, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - i as data_identifier, - s -> 'Operation' -> 'Audit' -> 'FindingsDestination' -> 'S3' -> 'Bucket' as destination_bucket, - s -> 'Operation' -> 'Audit' -> 'FindingsDestination' -> 'CloudWatchLogs' -> 'LogGroup'as destination_log_group, - s -> 'Operation' -> 'Audit' -> 'FindingsDestination' -> 'Firehose' -> 'DeliveryStream'as destination_delivery_stream - from - aws_cloudwatch_log_group, - jsonb_array_elements(data_protection_policy -> 'Statement') as s, - jsonb_array_elements_text(s -> 'DataIdentifier') as i - where - s ->> 'Sid' = 'audit-policy' - and name = 'log-group-name'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n i as data_identifier,\n s -> 'Operation' -> 'Audit'\ + \ -> 'FindingsDestination' -> 'S3' -> 'Bucket' as destination_bucket,\n s ->\ + \ 'Operation' -> 'Audit' -> 'FindingsDestination' -> 'CloudWatchLogs' -> 'LogGroup'as\ + \ destination_log_group,\n s -> 'Operation' -> 'Audit' -> 'FindingsDestination'\ + \ -> 'Firehose' -> 'DeliveryStream'as destination_delivery_stream\nfrom\n aws_cloudwatch_log_group,\n\ + \ jsonb_array_elements(data_protection_policy -> 'Statement') as s,\n jsonb_array_elements_text(s\ + \ -> 'DataIdentifier') as i\nwhere\n s ->> 'Sid' = 'audit-policy'\n and name\ + \ = 'log-group-name';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch Log Groups +Title: Find AWS CloudWatch Log Groups and Retrieve Attributes diff --git a/queries/aws_cloudwatch_log_group_5.yaml b/queries/aws_cloudwatch_log_group_5.yaml index 3c3dc2920..b93e40757 100755 --- a/queries/aws_cloudwatch_log_group_5.yaml +++ b/queries/aws_cloudwatch_log_group_5.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS CloudWatch Log Groups and retrieve their attributes + such as ARN, creation time, stored bytes, metric filter count, and more. ID: aws_cloudwatch_log_group_5 -Title: "Find AWS CloudWatch Log Groups and Retrieve Attributes" -Description: "Allows users to query AWS CloudWatch Log Groups and retrieve their attributes such as ARN, creation time, stored bytes, metric filter count, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - name, - creation_time - from - aws_cloudwatch_log_group - where - data_protection_policy is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n name,\n creation_time\nfrom\n aws_cloudwatch_log_group\n\ + where\n data_protection_policy is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: Find AWS CloudWatch Log Groups and Retrieve Attributes diff --git a/queries/aws_cloudwatch_log_metric_filter_1.yaml b/queries/aws_cloudwatch_log_metric_filter_1.yaml index f6476f715..d3fe258ac 100755 --- a/queries/aws_cloudwatch_log_metric_filter_1.yaml +++ b/queries/aws_cloudwatch_log_metric_filter_1.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS CloudWatch log metric filters to obtain detailed + information about each filter, including its name, creation date, associated log + group, filter pattern, metric transformations and more. ID: aws_cloudwatch_log_metric_filter_1 -Title: "Find all AWS CloudWatch log metric filters" -Description: "Allows users to query AWS CloudWatch log metric filters to obtain detailed information about each filter, including its name, creation date, associated log group, filter pattern, metric transformations and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - log_group_name, - creation_time, - filter_pattern, - metric_transformation_name, - metric_transformation_namespace, - metric_transformation_value - from - aws_cloudwatch_log_metric_filter; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n log_group_name,\n creation_time,\n filter_pattern,\n\ + \ metric_transformation_name,\n metric_transformation_namespace,\n metric_transformation_value\n\ + from\n aws_cloudwatch_log_metric_filter;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: Find all AWS CloudWatch log metric filters diff --git a/queries/aws_cloudwatch_log_metric_filter_2.yaml b/queries/aws_cloudwatch_log_metric_filter_2.yaml index 16bf6c19d..6fc0e49d0 100755 --- a/queries/aws_cloudwatch_log_metric_filter_2.yaml +++ b/queries/aws_cloudwatch_log_metric_filter_2.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS CloudWatch log metric filters to obtain detailed + information about each filter, including its name, creation date, associated log + group, filter pattern, metric transformations and more. ID: aws_cloudwatch_log_metric_filter_2 -Title: "List all AWS CloudWatch log metric filters and details" -Description: "Allows users to query AWS CloudWatch log metric filters to obtain detailed information about each filter, including its name, creation date, associated log group, filter pattern, metric transformations and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - log_group_name, - filter_pattern - from - aws_cloudwatch_log_metric_filter - where - filter_pattern ilike '%error%'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n log_group_name,\n filter_pattern\nfrom\n aws_cloudwatch_log_metric_filter\n\ + where\n filter_pattern ilike '%error%';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: List all AWS CloudWatch log metric filters and details diff --git a/queries/aws_cloudwatch_log_metric_filter_3.yaml b/queries/aws_cloudwatch_log_metric_filter_3.yaml index 6105121e5..b8abe00de 100755 --- a/queries/aws_cloudwatch_log_metric_filter_3.yaml +++ b/queries/aws_cloudwatch_log_metric_filter_3.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS CloudWatch log metric filters to obtain detailed + information about each filter, including its name, creation date, associated log + group, filter pattern, metric transformations and more. ID: aws_cloudwatch_log_metric_filter_3 -Title: "Find AWS CloudWatch log metric filters with details" -Description: "Allows users to query AWS CloudWatch log metric filters to obtain detailed information about each filter, including its name, creation date, associated log group, filter pattern, metric transformations and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - log_group_name, - count(name) as metric_filter_count - from - aws_cloudwatch_log_metric_filter - group by - log_group_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n log_group_name,\n count(name) as metric_filter_count\n\ + from\n aws_cloudwatch_log_metric_filter\ngroup by\n log_group_name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: Find AWS CloudWatch log metric filters with details diff --git a/queries/aws_cloudwatch_log_resource_policy_1.yaml b/queries/aws_cloudwatch_log_resource_policy_1.yaml index c6970f371..1505134bc 100755 --- a/queries/aws_cloudwatch_log_resource_policy_1.yaml +++ b/queries/aws_cloudwatch_log_resource_policy_1.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS CloudWatch Log Resource Policies, providing + details such as the policy name, policy document, and last updated timestamp. ID: aws_cloudwatch_log_resource_policy_1 -Title: "Find all AWS CloudWatch Log Resource Policies" -Description: "Allows users to query AWS CloudWatch Log Resource Policies, providing details such as the policy name, policy document, and last updated timestamp." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - policy_name, - last_updated_time, - jsonb_pretty(policy) as policy, - jsonb_pretty(policy_std) as policy_std - from - aws_cloudwatch_log_resource_policy; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n policy_name,\n last_updated_time,\n jsonb_pretty(policy)\ + \ as policy,\n jsonb_pretty(policy_std) as policy_std\nfrom\n aws_cloudwatch_log_resource_policy;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: Find all AWS CloudWatch Log Resource Policies diff --git a/queries/aws_cloudwatch_log_stream_1.yaml b/queries/aws_cloudwatch_log_stream_1.yaml index bd901c746..d9ff0fc6d 100755 --- a/queries/aws_cloudwatch_log_stream_1.yaml +++ b/queries/aws_cloudwatch_log_stream_1.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS CloudWatch Log Stream to retrieve detailed + information about each log stream within a log group. ID: aws_cloudwatch_log_stream_1 -Title: "Find AWS CloudWatch Log Streams Using SQL" -Description: "Allows users to query AWS CloudWatch Log Stream to retrieve detailed information about each log stream within a log group." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - log_group_name, - region - from - aws_cloudwatch_log_stream; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n log_group_name,\n region\nfrom\n aws_cloudwatch_log_stream;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch Log Stream +Title: Find AWS CloudWatch Log Streams Using SQL diff --git a/queries/aws_cloudwatch_log_stream_2.yaml b/queries/aws_cloudwatch_log_stream_2.yaml index 33d8b956e..ad226975b 100755 --- a/queries/aws_cloudwatch_log_stream_2.yaml +++ b/queries/aws_cloudwatch_log_stream_2.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS CloudWatch Log Stream to retrieve detailed + information about each log stream within a log group. ID: aws_cloudwatch_log_stream_2 -Title: "List all AWS CloudWatch Log Stream information" -Description: "Allows users to query AWS CloudWatch Log Stream to retrieve detailed information about each log stream within a log group." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - log_group_name, - count(*) as log_stream_count - from - aws_cloudwatch_log_stream - group by - log_group_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n log_group_name,\n count(*) as log_stream_count\nfrom\n\ + \ aws_cloudwatch_log_stream\ngroup by\n log_group_name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch Log Stream +Title: List all AWS CloudWatch Log Stream information diff --git a/queries/aws_cloudwatch_log_subscription_filter_1.yaml b/queries/aws_cloudwatch_log_subscription_filter_1.yaml index dbf0cb777..1f3c51ed4 100755 --- a/queries/aws_cloudwatch_log_subscription_filter_1.yaml +++ b/queries/aws_cloudwatch_log_subscription_filter_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS CloudWatch Log Subscription Filters, providing + information about each subscription filter associated with the specified log group. ID: aws_cloudwatch_log_subscription_filter_1 -Title: "List AWS CloudWatch Log Subscription Filters" -Description: "Allows users to query AWS CloudWatch Log Subscription Filters, providing information about each subscription filter associated with the specified log group." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - log_group_name, - creation_time, - filter_pattern, - destination_arn - from - aws_cloudwatch_log_subscription_filter; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n log_group_name,\n creation_time,\n filter_pattern,\n\ + \ destination_arn\nfrom\n aws_cloudwatch_log_subscription_filter;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: List AWS CloudWatch Log Subscription Filters diff --git a/queries/aws_cloudwatch_log_subscription_filter_2.yaml b/queries/aws_cloudwatch_log_subscription_filter_2.yaml index 1c81b7d14..9c5f578f8 100755 --- a/queries/aws_cloudwatch_log_subscription_filter_2.yaml +++ b/queries/aws_cloudwatch_log_subscription_filter_2.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS CloudWatch Log Subscription Filters, providing + information about each subscription filter associated with the specified log group. ID: aws_cloudwatch_log_subscription_filter_2 -Title: "List all AWS CloudWatch Log Subscription Filters" -Description: "Allows users to query AWS CloudWatch Log Subscription Filters, providing information about each subscription filter associated with the specified log group." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - log_group_name, - filter_pattern - from - aws_cloudwatch_log_subscription_filter - where - filter_pattern ilike '%error%'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n log_group_name,\n filter_pattern\nfrom\n aws_cloudwatch_log_subscription_filter\n\ + where\n filter_pattern ilike '%error%';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: List all AWS CloudWatch Log Subscription Filters diff --git a/queries/aws_cloudwatch_log_subscription_filter_3.yaml b/queries/aws_cloudwatch_log_subscription_filter_3.yaml index 1291b8763..8bd1cd661 100755 --- a/queries/aws_cloudwatch_log_subscription_filter_3.yaml +++ b/queries/aws_cloudwatch_log_subscription_filter_3.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS CloudWatch Log Subscription Filters, providing + information about each subscription filter associated with the specified log group. ID: aws_cloudwatch_log_subscription_filter_3 -Title: "List all AWS CloudWatch Log Subscription Filters" -Description: "Allows users to query AWS CloudWatch Log Subscription Filters, providing information about each subscription filter associated with the specified log group." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - log_group_name, - count(name) as subscription_filter_count - from - aws_cloudwatch_log_subscription_filter - group by - log_group_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n log_group_name,\n count(name) as subscription_filter_count\n\ + from\n aws_cloudwatch_log_subscription_filter\ngroup by\n log_group_name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: List all AWS CloudWatch Log Subscription Filters diff --git a/queries/aws_cloudwatch_metric_1.yaml b/queries/aws_cloudwatch_metric_1.yaml index cd9f8c7c5..61f2d1020 100755 --- a/queries/aws_cloudwatch_metric_1.yaml +++ b/queries/aws_cloudwatch_metric_1.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS CloudWatch Metrics to gather information about + the performance of their AWS resources and applications. ID: aws_cloudwatch_metric_1 -Title: "List AWS CloudWatch Metrics with SQL Queries" -Description: "Allows users to query AWS CloudWatch Metrics to gather information about the performance of their AWS resources and applications." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - metric_name, - namespace, - dimensions - from - aws_cloudwatch_metric; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n metric_name,\n namespace,\n dimensions\nfrom\n aws_cloudwatch_metric;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: List AWS CloudWatch Metrics with SQL Queries diff --git a/queries/aws_cloudwatch_metric_2.yaml b/queries/aws_cloudwatch_metric_2.yaml index 716b2ff23..093df6e2e 100755 --- a/queries/aws_cloudwatch_metric_2.yaml +++ b/queries/aws_cloudwatch_metric_2.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS CloudWatch Metrics to gather information about + the performance of their AWS resources and applications. ID: aws_cloudwatch_metric_2 -Title: "Find AWS Resources Performance via CloudWatch Metrics" -Description: "Allows users to query AWS CloudWatch Metrics to gather information about the performance of their AWS resources and applications." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - metric_name, - namespace, - dimensions - from - aws_cloudwatch_metric - where - namespace = 'AWS/EBS'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n metric_name,\n namespace,\n dimensions\nfrom\n aws_cloudwatch_metric\n\ + where\n namespace = 'AWS/EBS';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: Find AWS Resources Performance via CloudWatch Metrics diff --git a/queries/aws_cloudwatch_metric_3.yaml b/queries/aws_cloudwatch_metric_3.yaml index ffd8d8d2e..054ccf0da 100755 --- a/queries/aws_cloudwatch_metric_3.yaml +++ b/queries/aws_cloudwatch_metric_3.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS CloudWatch Metrics to gather information about + the performance of their AWS resources and applications. ID: aws_cloudwatch_metric_3 -Title: "List all AWS CloudWatch metrics for EBS VolumeReadOps" -Description: "Allows users to query AWS CloudWatch Metrics to gather information about the performance of their AWS resources and applications." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - metric_name, - namespace, - dimensions - from - aws_cloudwatch_metric - where - namespace = 'AWS/EBS' - and metric_name = 'VolumeReadOps'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n metric_name,\n namespace,\n dimensions\nfrom\n aws_cloudwatch_metric\n\ + where\n namespace = 'AWS/EBS'\n and metric_name = 'VolumeReadOps';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: List all AWS CloudWatch metrics for EBS VolumeReadOps diff --git a/queries/aws_cloudwatch_metric_4.yaml b/queries/aws_cloudwatch_metric_4.yaml index f6de4dd15..4d8d3c833 100755 --- a/queries/aws_cloudwatch_metric_4.yaml +++ b/queries/aws_cloudwatch_metric_4.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS CloudWatch Metrics to gather information about + the performance of their AWS resources and applications. ID: aws_cloudwatch_metric_4 -Title: "Find AWS CloudWatch Metrics for Resource Performance" -Description: "Allows users to query AWS CloudWatch Metrics to gather information about the performance of their AWS resources and applications." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - metric_name, - namespace, - dimensions - from - aws_cloudwatch_metric - where - dimensions_filter = '[ - {"Name": "ClusterIdentifier", "Value": "my-cluster-1"} - ]'::jsonb; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n metric_name,\n namespace,\n dimensions\nfrom\n aws_cloudwatch_metric\n\ + where\n dimensions_filter = '[\n {\"Name\": \"ClusterIdentifier\", \"Value\"\ + : \"my-cluster-1\"}\n ]'::jsonb;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch Metrics +Title: Find AWS CloudWatch Metrics for Resource Performance diff --git a/queries/aws_cloudwatch_metric_5.yaml b/queries/aws_cloudwatch_metric_5.yaml index cf445c809..e888e83b4 100755 --- a/queries/aws_cloudwatch_metric_5.yaml +++ b/queries/aws_cloudwatch_metric_5.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query AWS CloudWatch Metrics to gather information about + the performance of their AWS resources and applications. ID: aws_cloudwatch_metric_5 -Title: "Find AWS CloudWatch Metrics for Performance Information" -Description: "Allows users to query AWS CloudWatch Metrics to gather information about the performance of their AWS resources and applications." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - metric_name, - namespace, - dimensions - from - aws_cloudwatch_metric - where - dimensions_filter = '[ - {"Name": "Type", "Value": "API"}, - {"Name": "Service", "Value": "EC2"} - ]'::jsonb; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n metric_name,\n namespace,\n dimensions\nfrom\n aws_cloudwatch_metric\n\ + where\n dimensions_filter = '[\n {\"Name\": \"Type\", \"Value\": \"API\"},\n\ + \ {\"Name\": \"Service\", \"Value\": \"EC2\"}\n ]'::jsonb;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: Find AWS CloudWatch Metrics for Performance Information diff --git a/queries/aws_cloudwatch_metric_data_point_1.yaml b/queries/aws_cloudwatch_metric_data_point_1.yaml index 305e93ec1..fb3339511 100755 --- a/queries/aws_cloudwatch_metric_data_point_1.yaml +++ b/queries/aws_cloudwatch_metric_data_point_1.yaml @@ -1,34 +1,24 @@ +Description: Allows users to query AWS CloudWatch MetricDataPoints to fetch detailed + information about the data points for a defined metric. ID: aws_cloudwatch_metric_data_point_1 -Title: "List All AWS CloudWatch Metric Data Points" -Description: "Allows users to query AWS CloudWatch MetricDataPoints to fetch detailed information about the data points for a defined metric." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - label, - timestamp, - period, - value, - expression - from - aws_cloudwatch_metric_data_point - where - id = 'm1' - and expression = 'select max(CPUUtilization) from schema("AWS/EC2", InstanceId)' - order by - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n label,\n timestamp,\n period,\n value,\n expression\n\ + from\n aws_cloudwatch_metric_data_point\nwhere\n id = 'm1'\n and expression\ + \ = 'select max(CPUUtilization) from schema(\"AWS/EC2\", InstanceId)'\norder by\n\ + \ timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: List All AWS CloudWatch Metric Data Points diff --git a/queries/aws_cloudwatch_metric_data_point_2.yaml b/queries/aws_cloudwatch_metric_data_point_2.yaml index 0ebd25dcc..857612a3e 100755 --- a/queries/aws_cloudwatch_metric_data_point_2.yaml +++ b/queries/aws_cloudwatch_metric_data_point_2.yaml @@ -1,32 +1,21 @@ +Description: Allows users to query AWS CloudWatch MetricDataPoints to fetch detailed + information about the data points for a defined metric. ID: aws_cloudwatch_metric_data_point_2 -Title: "Find AWS CloudWatch MetricDataPoints details" -Description: "Allows users to query AWS CloudWatch MetricDataPoints to fetch detailed information about the data points for a defined metric." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - label, - timestamp, - period, - value, - expression - from - aws_cloudwatch_metric_data_point - where - id = 'e1' - and expression = 'SUM(METRICS(''error''))' - order by - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n label,\n timestamp,\n period,\n value,\n expression\n\ + from\n aws_cloudwatch_metric_data_point\nwhere\n id = 'e1'\n and expression\ + \ = 'SUM(METRICS(''error''))'\norder by\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: Find AWS CloudWatch MetricDataPoints details diff --git a/queries/aws_cloudwatch_metric_data_point_3.yaml b/queries/aws_cloudwatch_metric_data_point_3.yaml index 6fb530dab..65dab015b 100755 --- a/queries/aws_cloudwatch_metric_data_point_3.yaml +++ b/queries/aws_cloudwatch_metric_data_point_3.yaml @@ -1,48 +1,26 @@ +Description: Allows users to query AWS CloudWatch MetricDataPoints to fetch detailed + information about the data points for a defined metric. ID: aws_cloudwatch_metric_data_point_3 -Title: "List All AWS CloudWatch MetricDataPoints" -Description: "Allows users to query AWS CloudWatch MetricDataPoints to fetch detailed information about the data points for a defined metric." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - label, - timestamp, - period, - round(value::numeric, 2) as avg_cpu, - metric_stat - from - aws_cloudwatch_metric_data_point - where - id = 'm1' - and value > 80 - and timestamp >= now() - interval '5 day' - and metric_stat = '{ - "Metric": { - "Namespace": "AWS/EC2", - "MetricName": "CPUUtilization", - "Dimensions": [ - { - "Name": "InstanceId", - "Value": "i-0353536c53f7c8235" - }, - { - "Name": "InstanceId", - "Value": "i-0dd7043e0f6f0f36d" - } - ]}, - "Stat": "Average"}' - order by - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n label,\n timestamp,\n period,\n round(value::numeric,\ + \ 2) as avg_cpu,\n metric_stat\nfrom\n aws_cloudwatch_metric_data_point\nwhere\n\ + \ id = 'm1'\n and value > 80\n and timestamp >= now() - interval '5 day'\n\ + \ and metric_stat = '{\n \"Metric\": {\n \"Namespace\": \"AWS/EC2\",\n\ + \ \"MetricName\": \"CPUUtilization\",\n \"Dimensions\": [\n {\n \ + \ \"Name\": \"InstanceId\",\n \"Value\": \"i-0353536c53f7c8235\"\n\ + \ },\n {\n \"Name\": \"InstanceId\",\n \"Value\": \"i-0dd7043e0f6f0f36d\"\ + \n }\n ]},\n \"Stat\": \"Average\"}'\norder by\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: List All AWS CloudWatch MetricDataPoints diff --git a/queries/aws_cloudwatch_metric_data_point_4.yaml b/queries/aws_cloudwatch_metric_data_point_4.yaml index 13d296f44..d1d84fb29 100755 --- a/queries/aws_cloudwatch_metric_data_point_4.yaml +++ b/queries/aws_cloudwatch_metric_data_point_4.yaml @@ -1,45 +1,28 @@ +Description: Allows users to query AWS CloudWatch MetricDataPoints to fetch detailed + information about the data points for a defined metric. ID: aws_cloudwatch_metric_data_point_4 -Title: "Find AWS CloudWatch MetricDataPoints for defined metric" -Description: "Allows users to query AWS CloudWatch MetricDataPoints to fetch detailed information about the data points for a defined metric." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - label, - timestamp, - value, - metric_stat - from - aws_cloudwatch_metric_data_point - where - id = 'm1' - and value > 1000 - and period = 86400 - and scan_by = 'TimestampDescending' - and timestamp between '2023-03-10T00:00:00Z' and '2023-03-16T00:00:00Z' - and metric_stat = '{ - "Metric": { - "Namespace": "AWS/EBS", - "MetricName": "VolumeReadOps", - "Dimensions": [ - { - "Name": "VolumeId", - "Value": "vol-00607053b218c6d74" - } - ]}, - "Stat": "Average"}'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n label,\n timestamp,\n value,\n metric_stat\n\ + from\n aws_cloudwatch_metric_data_point\nwhere\n id = 'm1'\n and value > 1000\n\ + \ and period = 86400\n and scan_by = 'TimestampDescending'\n and timestamp\ + \ between '2023-03-10T00:00:00Z' and '2023-03-16T00:00:00Z'\n and metric_stat\ + \ = '{\n \"Metric\": {\n \"Namespace\": \"AWS/EBS\",\n \"MetricName\"\ + : \"VolumeReadOps\",\n \"Dimensions\": [\n {\n \"Name\": \"VolumeId\"\ + ,\n \"Value\": \"vol-00607053b218c6d74\"\n }\n ]},\n \"Stat\"\ + : \"Average\"}';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: Find AWS CloudWatch MetricDataPoints for defined metric diff --git a/queries/aws_cloudwatch_metric_data_point_5.yaml b/queries/aws_cloudwatch_metric_data_point_5.yaml index 526ca935e..ba0c09248 100755 --- a/queries/aws_cloudwatch_metric_data_point_5.yaml +++ b/queries/aws_cloudwatch_metric_data_point_5.yaml @@ -1,43 +1,25 @@ +Description: Allows users to query AWS CloudWatch MetricDataPoints to fetch detailed + information about the data points for a defined metric. ID: aws_cloudwatch_metric_data_point_5 -Title: "List all AWS CloudWatch Metric Data Points" -Description: "Allows users to query AWS CloudWatch MetricDataPoints to fetch detailed information about the data points for a defined metric." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - label, - timestamp, - value, - metric_stat - from - aws_cloudwatch_metric_data_point - where - id = 'e1' - and value < 10 - and timestamp >= now() - interval '7 day' - and metric_stat = '{ - "Metric": { - "Namespace": "AWS/ElastiCache", - "MetricName": "CacheHits", - "Dimensions": [ - { - "Name": "CacheClusterId", - "Value": "cluster-delete-001" - } - ]}, - "Stat": "Sum"}' - order by - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n label,\n timestamp,\n value,\n metric_stat\n\ + from\n aws_cloudwatch_metric_data_point\nwhere\n id = 'e1'\n and value < 10\n\ + \ and timestamp >= now() - interval '7 day'\n and metric_stat = '{\n \"Metric\"\ + : {\n \"Namespace\": \"AWS/ElastiCache\",\n \"MetricName\": \"CacheHits\"\ + ,\n \"Dimensions\": [\n {\n \"Name\": \"CacheClusterId\",\n \ + \ \"Value\": \"cluster-delete-001\"\n }\n ]},\n \"Stat\": \"Sum\"\ + }'\norder by\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: List all AWS CloudWatch Metric Data Points diff --git a/queries/aws_cloudwatch_metric_data_point_6.yaml b/queries/aws_cloudwatch_metric_data_point_6.yaml index e680241db..86e29a46b 100755 --- a/queries/aws_cloudwatch_metric_data_point_6.yaml +++ b/queries/aws_cloudwatch_metric_data_point_6.yaml @@ -1,49 +1,28 @@ +Description: Allows users to query AWS CloudWatch MetricDataPoints to fetch detailed + information about the data points for a defined metric. ID: aws_cloudwatch_metric_data_point_6 -Title: "Query AWS CloudWatch Metric Data Points for Detailed Info" -Description: "Allows users to query AWS CloudWatch MetricDataPoints to fetch detailed information about the data points for a defined metric." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - label, - timestamp, - value, - metric_stat - from - aws_cloudwatch_metric_data_point - where - id = 'e1' - and source_account_id = '533743456432100' - and timestamp between '2023-03-10T00:00:00Z' and '2023-03-16T00:00:00Z' - and metric_stat = '{ - "Metric": { - "Namespace": "AWS/S3", - "MetricName": "BucketSizeBytes", - "Dimensions": [ - { - "Name": "BucketName", - "Value": "steampipe-test" - }, - { - "Name": "StorageType", - "Value": "StandardStorage" - } - ]}, - "Stat": "Maximum"}' - order by - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n label,\n timestamp,\n value,\n metric_stat\n\ + from\n aws_cloudwatch_metric_data_point\nwhere\n id = 'e1'\n and source_account_id\ + \ = '533743456432100'\n and timestamp between '2023-03-10T00:00:00Z' and '2023-03-16T00:00:00Z'\n\ + \ and metric_stat = '{\n \"Metric\": {\n \"Namespace\": \"AWS/S3\",\n \ + \ \"MetricName\": \"BucketSizeBytes\",\n \"Dimensions\": [\n {\n \ + \ \"Name\": \"BucketName\",\n \"Value\": \"steampipe-test\"\n \ + \ },\n {\n \"Name\": \"StorageType\",\n \"Value\": \"StandardStorage\"\ + \n }\n ]},\n \"Stat\": \"Maximum\"}'\norder by\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: Query AWS CloudWatch Metric Data Points for Detailed Info diff --git a/queries/aws_cloudwatch_metric_statistic_data_point_1.yaml b/queries/aws_cloudwatch_metric_statistic_data_point_1.yaml index a1d4c6ace..0c8015589 100755 --- a/queries/aws_cloudwatch_metric_statistic_data_point_1.yaml +++ b/queries/aws_cloudwatch_metric_statistic_data_point_1.yaml @@ -1,35 +1,25 @@ +Description: Allows users to query AWS CloudWatch Metric Statistics Data Point to + obtain detailed metrics data. ID: aws_cloudwatch_metric_statistic_data_point_1 -Title: "Query AWS CloudWatch Metric Statistics Data Points" -Description: "Allows users to query AWS CloudWatch Metric Statistics Data Point to obtain detailed metrics data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - metric_name, - timestamp, - round(minimum::numeric, 2) as min_cpu, - round(maximum::numeric, 2) as max_cpu, - round(average::numeric, 2) as avg_cpu, - sum, - sample_count - from - aws_cloudwatch_metric_statistic_data_point - where - namespace = 'AWS/EC2' - and metric_name = 'CPUUtilization' - order by - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n metric_name,\n timestamp,\n round(minimum::numeric,\ + \ 2) as min_cpu,\n round(maximum::numeric, 2) as max_cpu,\n round(average::numeric,\ + \ 2) as avg_cpu,\n sum,\n sample_count\nfrom\n aws_cloudwatch_metric_statistic_data_point\n\ + where\n namespace = 'AWS/EC2'\n and metric_name = 'CPUUtilization'\norder by\n\ + \ timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: Query AWS CloudWatch Metric Statistics Data Points diff --git a/queries/aws_cloudwatch_metric_statistic_data_point_2.yaml b/queries/aws_cloudwatch_metric_statistic_data_point_2.yaml index 77ac3d9ee..d1b6c0aaa 100755 --- a/queries/aws_cloudwatch_metric_statistic_data_point_2.yaml +++ b/queries/aws_cloudwatch_metric_statistic_data_point_2.yaml @@ -1,34 +1,24 @@ +Description: Allows users to query AWS CloudWatch Metric Statistics Data Point to + obtain detailed metrics data. ID: aws_cloudwatch_metric_statistic_data_point_2 -Title: "List AWS CloudWatch Metric Statistics Data Points" -Description: "Allows users to query AWS CloudWatch Metric Statistics Data Point to obtain detailed metrics data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - jsonb_pretty(dimensions) as dimensions, - timestamp, - round(average::numeric, 2) as avg_cpu - from - aws_cloudwatch_metric_statistic_data_point - where - namespace = 'AWS/EC2' - and metric_name = 'CPUUtilization' - and average > 80 - and timestamp >= now() - interval '5 day' - and dimensions = '[ - {"Name": "InstanceId", "Value": "i-0dd7043e0f6f0f36d"} - ]' - order by - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n jsonb_pretty(dimensions) as dimensions,\n timestamp,\n\ + \ round(average::numeric, 2) as avg_cpu\nfrom\n aws_cloudwatch_metric_statistic_data_point\n\ + where\n namespace = 'AWS/EC2'\n and metric_name = 'CPUUtilization'\n and average\ + \ > 80\n and timestamp >= now() - interval '5 day'\n and dimensions = '[\n \ + \ {\"Name\": \"InstanceId\", \"Value\": \"i-0dd7043e0f6f0f36d\"}\n ]'\norder\ + \ by\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: List AWS CloudWatch Metric Statistics Data Points diff --git a/queries/aws_cloudwatch_metric_statistic_data_point_3.yaml b/queries/aws_cloudwatch_metric_statistic_data_point_3.yaml index 57f5d2c48..f242bf823 100755 --- a/queries/aws_cloudwatch_metric_statistic_data_point_3.yaml +++ b/queries/aws_cloudwatch_metric_statistic_data_point_3.yaml @@ -1,37 +1,26 @@ +Description: Allows users to query AWS CloudWatch Metric Statistics Data Point to + obtain detailed metrics data. ID: aws_cloudwatch_metric_statistic_data_point_3 -Title: "Find AWS CloudWatch Metric Statistic Data Points" -Description: "Allows users to query AWS CloudWatch Metric Statistics Data Point to obtain detailed metrics data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - jsonb_pretty(dimensions) as dimensions, - timestamp, - average - from - aws_cloudwatch_metric_statistic_data_point - where - namespace = 'AWS/EBS' - and metric_name = 'VolumeReadOps' - and average > 1000 - and timestamp between '2023-03-10T00:00:00Z' and '2023-03-16T00:00:00Z' - and period = 300 - and dimensions = '[ - {"Name": "VolumeId", "Value": "vol-00607053b218c6d74"} - ]' - order by - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n jsonb_pretty(dimensions) as dimensions,\n timestamp,\n\ + \ average\nfrom\n aws_cloudwatch_metric_statistic_data_point\nwhere\n namespace\ + \ = 'AWS/EBS'\n and metric_name = 'VolumeReadOps'\n and average > 1000\n and\ + \ timestamp between '2023-03-10T00:00:00Z' and '2023-03-16T00:00:00Z'\n and period\ + \ = 300\n and dimensions = '[\n {\"Name\": \"VolumeId\", \"Value\": \"vol-00607053b218c6d74\"\ + }\n ]'\norder by\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: Find AWS CloudWatch Metric Statistic Data Points diff --git a/queries/aws_cloudwatch_metric_statistic_data_point_4.yaml b/queries/aws_cloudwatch_metric_statistic_data_point_4.yaml index 125991533..25bbd3bce 100755 --- a/queries/aws_cloudwatch_metric_statistic_data_point_4.yaml +++ b/queries/aws_cloudwatch_metric_statistic_data_point_4.yaml @@ -1,34 +1,24 @@ +Description: Allows users to query AWS CloudWatch Metric Statistics Data Point to + obtain detailed metrics data. ID: aws_cloudwatch_metric_statistic_data_point_4 -Title: "Find AWS CloudWatch Metric Statistics Data Points" -Description: "Allows users to query AWS CloudWatch Metric Statistics Data Point to obtain detailed metrics data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - jsonb_pretty(dimensions) as dimensions, - timestamp, - sum - from - aws_cloudwatch_metric_statistic_data_point - where - namespace = 'AWS/ElastiCache' - and metric_name = 'CacheHits' - and sum < 10 - and timestamp >= now() - interval '7 day' - and dimensions = '[ - {"Name": "CacheClusterId", "Value": "cluster-delete-001"} - ]' - order by - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n jsonb_pretty(dimensions) as dimensions,\n timestamp,\n\ + \ sum\nfrom\n aws_cloudwatch_metric_statistic_data_point\nwhere\n namespace\ + \ = 'AWS/ElastiCache'\n and metric_name = 'CacheHits'\n and sum < 10\n and\ + \ timestamp >= now() - interval '7 day'\n and dimensions = '[\n {\"Name\"\ + : \"CacheClusterId\", \"Value\": \"cluster-delete-001\"}\n ]'\norder by\n \ + \ timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch Metric Statistics +Title: Find AWS CloudWatch Metric Statistics Data Points diff --git a/queries/aws_cloudwatch_metric_statistic_data_point_5.yaml b/queries/aws_cloudwatch_metric_statistic_data_point_5.yaml index 26d5a4ca3..41bc00cdc 100755 --- a/queries/aws_cloudwatch_metric_statistic_data_point_5.yaml +++ b/queries/aws_cloudwatch_metric_statistic_data_point_5.yaml @@ -1,36 +1,24 @@ +Description: Allows users to query AWS CloudWatch Metric Statistics Data Point to + obtain detailed metrics data. ID: aws_cloudwatch_metric_statistic_data_point_5 -Title: "List All AWS CloudWatch Metric Statistics Data Points" -Description: "Allows users to query AWS CloudWatch Metric Statistics Data Point to obtain detailed metrics data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - jsonb_pretty(dimensions) as dimensions, - timestamp, - maximum - from - aws_cloudwatch_metric_statistic_data_point - where - namespace = 'AWS/Lambda' - and metric_name = 'Duration' - and maximum > 100 - and timestamp >= '2023-02-15T00:00:00Z' - and timestamp <= '2023-03-15T00:00:00Z' - and period = 86400 - and dimensions = '[ - {"Name": "FunctionName", "Value": "test"} - ]' - order by - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n jsonb_pretty(dimensions) as dimensions,\n timestamp,\n\ + \ maximum\nfrom\n aws_cloudwatch_metric_statistic_data_point\nwhere\n namespace\ + \ = 'AWS/Lambda'\n and metric_name = 'Duration'\n and maximum > 100\n and timestamp\ + \ >= '2023-02-15T00:00:00Z'\n and timestamp <= '2023-03-15T00:00:00Z'\n and\ + \ period = 86400\n and dimensions = '[\n {\"Name\": \"FunctionName\", \"Value\"\ + : \"test\"}\n ]'\norder by\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: List All AWS CloudWatch Metric Statistics Data Points diff --git a/queries/aws_cloudwatch_metric_statistic_data_point_6.yaml b/queries/aws_cloudwatch_metric_statistic_data_point_6.yaml index 4d970d27f..7b9f467d0 100755 --- a/queries/aws_cloudwatch_metric_statistic_data_point_6.yaml +++ b/queries/aws_cloudwatch_metric_statistic_data_point_6.yaml @@ -1,34 +1,24 @@ +Description: Allows users to query AWS CloudWatch Metric Statistics Data Point to + obtain detailed metrics data. ID: aws_cloudwatch_metric_statistic_data_point_6 -Title: "Find AWS CloudWatch Metric Statistics Data for RDS CPU Utilization" -Description: "Allows users to query AWS CloudWatch Metric Statistics Data Point to obtain detailed metrics data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - jsonb_pretty(dimensions) as dimensions, - timestamp, - round(average::numeric, 2) as avg_cpu - from - aws_cloudwatch_metric_statistic_data_point - where - namespace = 'AWS/RDS' - and metric_name = 'CPUUtilization' - and average > 80 - and timestamp >= now() - interval '30 day' - and dimensions = '[ - {"Name": "DBInstanceIdentifier", "Value": "database-1"} - ]' - order by - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n jsonb_pretty(dimensions) as dimensions,\n timestamp,\n\ + \ round(average::numeric, 2) as avg_cpu\nfrom\n aws_cloudwatch_metric_statistic_data_point\n\ + where\n namespace = 'AWS/RDS'\n and metric_name = 'CPUUtilization'\n and average\ + \ > 80\n and timestamp >= now() - interval '30 day'\n and dimensions = '[\n\ + \ {\"Name\": \"DBInstanceIdentifier\", \"Value\": \"database-1\"}\n ]'\n\ + order by\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: Find AWS CloudWatch Metric Statistics Data for RDS CPU Utilization diff --git a/queries/aws_cloudwatch_metric_statistic_data_point_7.yaml b/queries/aws_cloudwatch_metric_statistic_data_point_7.yaml index a8e64631f..bb1cd2a63 100755 --- a/queries/aws_cloudwatch_metric_statistic_data_point_7.yaml +++ b/queries/aws_cloudwatch_metric_statistic_data_point_7.yaml @@ -1,35 +1,24 @@ +Description: Allows users to query AWS CloudWatch Metric Statistics Data Point to + obtain detailed metrics data. ID: aws_cloudwatch_metric_statistic_data_point_7 -Title: "List AWS CloudWatch Metric Statistics for S3 Buckets" -Description: "Allows users to query AWS CloudWatch Metric Statistics Data Point to obtain detailed metrics data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - jsonb_pretty(dimensions) as dimensions, - timestamp, - minimum - from - aws_cloudwatch_metric_statistic_data_point - where - namespace = 'AWS/S3' - and metric_name = 'BucketSizeBytes' - and timestamp between '2023-03-6T00:00:00Z' and '2023-03-15T00:00:00Z' - and period = 86400 - and dimensions = '[ - {"Name": "BucketName", "Value": "steampipe-test"}, - {"Name": "StorageType", "Value": "StandardStorage"} - ]' - order by - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n jsonb_pretty(dimensions) as dimensions,\n timestamp,\n\ + \ minimum\nfrom\n aws_cloudwatch_metric_statistic_data_point\nwhere\n namespace\ + \ = 'AWS/S3'\n and metric_name = 'BucketSizeBytes'\n and timestamp between '2023-03-6T00:00:00Z'\ + \ and '2023-03-15T00:00:00Z'\n and period = 86400\n and dimensions = '[\n \ + \ {\"Name\": \"BucketName\", \"Value\": \"steampipe-test\"},\n {\"Name\":\ + \ \"StorageType\", \"Value\": \"StandardStorage\"}\n ]'\norder by\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: List AWS CloudWatch Metric Statistics for S3 Buckets diff --git a/queries/aws_codeartifact_domain_1.yaml b/queries/aws_codeartifact_domain_1.yaml index df24286f9..f072ebfcf 100755 --- a/queries/aws_codeartifact_domain_1.yaml +++ b/queries/aws_codeartifact_domain_1.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS CodeArtifact Domains for details such as domain + ownership, encryption key, and policy information. ID: aws_codeartifact_domain_1 -Title: "Find AWS CodeArtifact Domains and Details" -Description: "Allows users to query AWS CodeArtifact Domains for details such as domain ownership, encryption key, and policy information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - created_time, - encryption_key, - status, - owner, - tags - from - aws_codeartifact_domain; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n created_time,\n encryption_key,\n status,\n\ + \ owner,\n tags\nfrom\n aws_codeartifact_domain;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeArtifact +Title: Find AWS CodeArtifact Domains and Details diff --git a/queries/aws_codeartifact_domain_2.yaml b/queries/aws_codeartifact_domain_2.yaml index 0ad9e7afc..0634b8515 100755 --- a/queries/aws_codeartifact_domain_2.yaml +++ b/queries/aws_codeartifact_domain_2.yaml @@ -1,34 +1,26 @@ +Description: Allows users to query AWS CodeArtifact Domains for details such as domain + ownership, encryption key, and policy information. ID: aws_codeartifact_domain_2 -Title: "Find AWS CodeArtifact Domains and Their Details" -Description: "Allows users to query AWS CodeArtifact Domains for details such as domain ownership, encryption key, and policy information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - created_time, - status, - s3_bucket_arn, - tags - from - aws_codeartifact_domain - where - encryption_key is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n created_time,\n status,\n s3_bucket_arn,\n\ + \ tags\nfrom\n aws_codeartifact_domain\nwhere\n encryption_key is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeArtifact +Title: Find AWS CodeArtifact Domains and Their Details diff --git a/queries/aws_codeartifact_domain_3.yaml b/queries/aws_codeartifact_domain_3.yaml index e595860ff..8c668a160 100755 --- a/queries/aws_codeartifact_domain_3.yaml +++ b/queries/aws_codeartifact_domain_3.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS CodeArtifact Domains for details such as domain + ownership, encryption key, and policy information. ID: aws_codeartifact_domain_3 -Title: "Find AWS CodeArtifact Domains Ownership, Encryption, Policy Info" -Description: "Allows users to query AWS CodeArtifact Domains for details such as domain ownership, encryption key, and policy information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - created_time, - status, - s3_bucket_arn, - tags - from - aws_codeartifact_domain - where - status != 'Active'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n created_time,\n status,\n s3_bucket_arn,\n\ + \ tags\nfrom\n aws_codeartifact_domain\nwhere\n status != 'Active';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeArtifact +Title: Find AWS CodeArtifact Domains Ownership, Encryption, Policy Info diff --git a/queries/aws_codeartifact_domain_4.yaml b/queries/aws_codeartifact_domain_4.yaml index 79cb8f44a..cccca9508 100755 --- a/queries/aws_codeartifact_domain_4.yaml +++ b/queries/aws_codeartifact_domain_4.yaml @@ -1,37 +1,26 @@ +Description: Allows users to query AWS CodeArtifact Domains for details such as domain + ownership, encryption key, and policy information. ID: aws_codeartifact_domain_4 -Title: "Find AWS CodeArtifact Domains for Ownership, Key, Policy" -Description: "Allows users to query AWS CodeArtifact Domains for details such as domain ownership, encryption key, and policy information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - p as principal, - a as action, - s ->> 'Effect' as effect - from - aws_codeartifact_domain, - jsonb_array_elements(policy_std -> 'Statement') as s, - jsonb_array_elements_text(s -> 'Principal' -> 'AWS') as p, - string_to_array(p, ':') as pa, - jsonb_array_elements_text(s -> 'Action') as a - where - s ->> 'Effect' = 'Allow' - and ( - pa [5] != account_id - or p = '*' - ); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n p as principal,\n a as action,\n s ->> 'Effect'\ + \ as effect\nfrom\n aws_codeartifact_domain,\n jsonb_array_elements(policy_std\ + \ -> 'Statement') as s,\n jsonb_array_elements_text(s -> 'Principal' -> 'AWS')\ + \ as p,\n string_to_array(p, ':') as pa,\n jsonb_array_elements_text(s -> 'Action')\ + \ as a\nwhere\n s ->> 'Effect' = 'Allow'\n and (\n pa [5] != account_id\n\ + \ or p = '*'\n );" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeArtifact +Title: Find AWS CodeArtifact Domains for Ownership, Key, Policy diff --git a/queries/aws_codeartifact_domain_5.yaml b/queries/aws_codeartifact_domain_5.yaml index b055fb274..fa49af3fe 100755 --- a/queries/aws_codeartifact_domain_5.yaml +++ b/queries/aws_codeartifact_domain_5.yaml @@ -1,30 +1,25 @@ +Description: Allows users to query AWS CodeArtifact Domains for details such as domain + ownership, encryption key, and policy information. ID: aws_codeartifact_domain_5 -Title: "Find AWS CodeArtifact Domain Ownership & Encryption Key" -Description: "Allows users to query AWS CodeArtifact Domains for details such as domain ownership, encryption key, and policy information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - d.arn as domain_arn, - b.arn as bucket_arn, - d.encryption_key domain_encryption_key, - bucket_policy_is_public - from - aws_codeartifact_domain d - join aws_s3_bucket b on d.s3_bucket_arn = b.arn; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n d.arn as domain_arn,\n b.arn as bucket_arn,\n d.encryption_key\ + \ domain_encryption_key,\n bucket_policy_is_public\nfrom\n aws_codeartifact_domain\ + \ d\n join aws_s3_bucket b on d.s3_bucket_arn = b.arn;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeArtifact +Title: Find AWS CodeArtifact Domain Ownership & Encryption Key diff --git a/queries/aws_codeartifact_domain_6.yaml b/queries/aws_codeartifact_domain_6.yaml index 345915c9d..0c440ec2c 100755 --- a/queries/aws_codeartifact_domain_6.yaml +++ b/queries/aws_codeartifact_domain_6.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS CodeArtifact Domains for details such as domain + ownership, encryption key, and policy information. ID: aws_codeartifact_domain_6 -Title: "Find AWS CodeArtifact Domains with Metadata" -Description: "Allows users to query AWS CodeArtifact Domains for details such as domain ownership, encryption key, and policy information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - d.arn as domain_arn, - d.encryption_key domain_encryption_key, - key_manager, - key_state - from - aws_codeartifact_domain d - join aws_kms_key k on d.encryption_key = k.arn; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n d.arn as domain_arn,\n d.encryption_key domain_encryption_key,\n\ + \ key_manager,\n key_state\nfrom\n aws_codeartifact_domain d\n join aws_kms_key\ + \ k on d.encryption_key = k.arn;" Tags: cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeArtifact +Title: Find AWS CodeArtifact Domains with Metadata diff --git a/queries/aws_codeartifact_domain_7.yaml b/queries/aws_codeartifact_domain_7.yaml index 5b1a50293..4220ba6cd 100755 --- a/queries/aws_codeartifact_domain_7.yaml +++ b/queries/aws_codeartifact_domain_7.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS CodeArtifact Domains for details such as domain + ownership, encryption key, and policy information. ID: aws_codeartifact_domain_7 -Title: "Find all AWS CodeArtifact Domains and Encryption Details" -Description: "Allows users to query AWS CodeArtifact Domains for details such as domain ownership, encryption key, and policy information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - d.arn as domain_arn, - d.encryption_key domain_encryption_key, - key_manager, - key_state - from - aws_codeartifact_domain d - join aws_kms_key k on d.encryption_key = k.arn - where - key_manager = 'CUSTOMER'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n d.arn as domain_arn,\n d.encryption_key domain_encryption_key,\n\ + \ key_manager,\n key_state\nfrom\n aws_codeartifact_domain d\n join aws_kms_key\ + \ k on d.encryption_key = k.arn\nwhere \n key_manager = 'CUSTOMER';" Tags: cloud_data_security: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeArtifact +Title: Find all AWS CodeArtifact Domains and Encryption Details diff --git a/queries/aws_codeartifact_repository_1.yaml b/queries/aws_codeartifact_repository_1.yaml index dfdb5d814..676ec36b0 100755 --- a/queries/aws_codeartifact_repository_1.yaml +++ b/queries/aws_codeartifact_repository_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS CodeArtifact Repository data, including details + about the repository, its domain ownership, and associated metadata. ID: aws_codeartifact_repository_1 -Title: "List all AWS CodeArtifact Repository with Domain Details" -Description: "Allows users to query AWS CodeArtifact Repository data, including details about the repository, its domain ownership, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - domain_name, - domain_owner, - upstreams, - tags - from - aws_codeartifact_repository; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n domain_name,\n domain_owner,\n upstreams,\n\ + \ tags\nfrom\n aws_codeartifact_repository;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS CodeArtifact +Title: List all AWS CodeArtifact Repository with Domain Details diff --git a/queries/aws_codeartifact_repository_2.yaml b/queries/aws_codeartifact_repository_2.yaml index 95be43faf..8596ac5d3 100755 --- a/queries/aws_codeartifact_repository_2.yaml +++ b/queries/aws_codeartifact_repository_2.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query AWS CodeArtifact Repository data, including details + about the repository, its domain ownership, and associated metadata. ID: aws_codeartifact_repository_2 -Title: "List all details about AWS CodeArtifact Repositories" -Description: "Allows users to query AWS CodeArtifact Repository data, including details about the repository, its domain ownership, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - domain_name, - domain_owner, - tags, - repository_endpoint - from - aws_codeartifact_repository - where - repository_endpoint is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n domain_name,\n domain_owner,\n tags,\n repository_endpoint\n\ + from\n aws_codeartifact_repository\nwhere\n repository_endpoint is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeArtifact +Title: List all details about AWS CodeArtifact Repositories diff --git a/queries/aws_codeartifact_repository_3.yaml b/queries/aws_codeartifact_repository_3.yaml index 37260d529..5a0b3561b 100755 --- a/queries/aws_codeartifact_repository_3.yaml +++ b/queries/aws_codeartifact_repository_3.yaml @@ -1,37 +1,26 @@ +Description: Allows users to query AWS CodeArtifact Repository data, including details + about the repository, its domain ownership, and associated metadata. ID: aws_codeartifact_repository_3 -Title: "List all AWS CodeArtifact Repositories with SQL Queries" -Description: "Allows users to query AWS CodeArtifact Repository data, including details about the repository, its domain ownership, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - p as principal, - a as action, - s ->> 'Effect' as effect - from - aws_codeartifact_repository, - jsonb_array_elements(policy_std -> 'Statement') as s, - jsonb_array_elements_text(s -> 'Principal' -> 'AWS') as p, - string_to_array(p, ':') as pa, - jsonb_array_elements_text(s -> 'Action') as a - where - s ->> 'Effect' = 'Allow' - and ( - pa [5] != account_id - or p = '*' - ); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n p as principal,\n a as action,\n s ->> 'Effect'\ + \ as effect\nfrom\n aws_codeartifact_repository,\n jsonb_array_elements(policy_std\ + \ -> 'Statement') as s,\n jsonb_array_elements_text(s -> 'Principal' -> 'AWS')\ + \ as p,\n string_to_array(p, ':') as pa,\n jsonb_array_elements_text(s -> 'Action')\ + \ as a\nwhere\n s ->> 'Effect' = 'Allow'\n and (\n pa [5] != account_id\n\ + \ or p = '*'\n );" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS CodeArtifact +Title: List all AWS CodeArtifact Repositories with SQL Queries diff --git a/queries/aws_codeartifact_repository_4.yaml b/queries/aws_codeartifact_repository_4.yaml index 19835e2fb..37c785355 100755 --- a/queries/aws_codeartifact_repository_4.yaml +++ b/queries/aws_codeartifact_repository_4.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS CodeArtifact Repository data, including details + about the repository, its domain ownership, and associated metadata. ID: aws_codeartifact_repository_4 -Title: "Find AWS CodeArtifact Repository Details with SQL" -Description: "Allows users to query AWS CodeArtifact Repository data, including details about the repository, its domain ownership, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - domain_name, - domain_owner, - u ->> 'RepositoryName' as upstream_repo_name - from - aws_codeartifact_repository, - jsonb_array_elements(upstreams) u; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n domain_name,\n domain_owner,\n u ->> 'RepositoryName'\ + \ as upstream_repo_name\nfrom\n aws_codeartifact_repository,\n jsonb_array_elements(upstreams)\ + \ u;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeArtifact +Title: Find AWS CodeArtifact Repository Details with SQL diff --git a/queries/aws_codebuild_build_1.yaml b/queries/aws_codebuild_build_1.yaml index 994b848a1..c0cca47d9 100755 --- a/queries/aws_codebuild_build_1.yaml +++ b/queries/aws_codebuild_build_1.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS CodeBuild Build to retrieve information about + AWS CodeBuild projects'' builds. ID: aws_codebuild_build_1 -Title: "List all AWS CodeBuild Build Information" -Description: "Allows users to query AWS CodeBuild Build to retrieve information about AWS CodeBuild projects'' builds." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - id, - build_complete, - timeout_in_minutes, - project_name, - build_status, - encryption_key, - end_time, - region - from - aws_codebuild_build; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n id,\n build_complete,\n timeout_in_minutes,\n\ + \ project_name,\n build_status,\n encryption_key,\n end_time,\n region\n\ + from\n aws_codebuild_build;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeBuild +Title: List all AWS CodeBuild Build Information diff --git a/queries/aws_codebuild_build_10.yaml b/queries/aws_codebuild_build_10.yaml index bbe31a0a0..467817877 100755 --- a/queries/aws_codebuild_build_10.yaml +++ b/queries/aws_codebuild_build_10.yaml @@ -1,33 +1,26 @@ +Description: Allows users to query AWS CodeBuild Build to retrieve information about + AWS CodeBuild projects'' builds. ID: aws_codebuild_build_10 -Title: "Find AWS CodeBuild Build Projects Details" -Description: "Allows users to query AWS CodeBuild Build to retrieve information about AWS CodeBuild projects'' builds." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - source ->> 'Auth' as source_auth, - source ->> 'BuildStatusConfig' as source_BuildStatusConfig, - source ->> 'Buildspec' as source_buildspec, - source ->> 'GitCloneDepth' as source_git_clone_depth, - source ->> 'GitSubmodulesConfig' as source_git_submodules_config, - source ->> 'GitCloneDepth' as source_git_clone_depth, - source ->> 'InsecureSsl' as source_insecure_ssl, - source ->> 'Location' as source_location, - source ->> 'ReportBuildStatus' as source_report_build_status, - source ->> 'SourceIdentifier' as source_identifier, - source ->> 'Type' as source_type - from - aws_codebuild_build; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n source ->> 'Auth' as source_auth,\n source ->>\ + \ 'BuildStatusConfig' as source_BuildStatusConfig,\n source ->> 'Buildspec' as\ + \ source_buildspec,\n source ->> 'GitCloneDepth' as source_git_clone_depth,\n\ + \ source ->> 'GitSubmodulesConfig' as source_git_submodules_config,\n source\ + \ ->> 'GitCloneDepth' as source_git_clone_depth,\n source ->> 'InsecureSsl' as\ + \ source_insecure_ssl,\n source ->> 'Location' as source_location,\n source\ + \ ->> 'ReportBuildStatus' as source_report_build_status,\n source ->> 'SourceIdentifier'\ + \ as source_identifier,\n source ->> 'Type' as source_type\nfrom\n aws_codebuild_build;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS CodeBuild +Title: Find AWS CodeBuild Build Projects Details diff --git a/queries/aws_codebuild_build_11.yaml b/queries/aws_codebuild_build_11.yaml index b9b639946..ae6a3cba8 100755 --- a/queries/aws_codebuild_build_11.yaml +++ b/queries/aws_codebuild_build_11.yaml @@ -1,30 +1,25 @@ +Description: Allows users to query AWS CodeBuild Build to retrieve information about + AWS CodeBuild projects'' builds. ID: aws_codebuild_build_11 -Title: "Find all AWS CodeBuild project builds information" -Description: "Allows users to query AWS CodeBuild Build to retrieve information about AWS CodeBuild projects'' builds." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - f ->> 'Identifier' as file_system_identifier, - f ->> 'Location' as file_system_location, - f ->> 'MountOptions' as file_system_mount_options, - f ->> 'MountPoint' as file_system_mount_point, - f ->> 'Type' as file_system_type - from - aws_codebuild_build, - jsonb_array_elements(file_system_locations) as f; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n f ->> 'Identifier' as file_system_identifier,\n\ + \ f ->> 'Location' as file_system_location,\n f ->> 'MountOptions' as file_system_mount_options,\n\ + \ f ->> 'MountPoint' as file_system_mount_point,\n f ->> 'Type' as file_system_type\n\ + from\n aws_codebuild_build,\n jsonb_array_elements(file_system_locations) as\ + \ f;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS CodeBuild +Title: Find all AWS CodeBuild project builds information diff --git a/queries/aws_codebuild_build_2.yaml b/queries/aws_codebuild_build_2.yaml index 83586b481..f3dd6fe14 100755 --- a/queries/aws_codebuild_build_2.yaml +++ b/queries/aws_codebuild_build_2.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS CodeBuild Build to retrieve information about + AWS CodeBuild projects'' builds. ID: aws_codebuild_build_2 -Title: "List AWS CodeBuild Build details with encryption key" -Description: "Allows users to query AWS CodeBuild Build to retrieve information about AWS CodeBuild projects'' builds." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - id, - encryption_key - from - aws_codebuild_build - where - encryption_key is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n id,\n encryption_key\nfrom\n aws_codebuild_build\n\ + where\n encryption_key is not null;" Tags: cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeBuild +Title: List AWS CodeBuild Build details with encryption key diff --git a/queries/aws_codebuild_build_3.yaml b/queries/aws_codebuild_build_3.yaml index ba67f9f5d..f703a11d0 100755 --- a/queries/aws_codebuild_build_3.yaml +++ b/queries/aws_codebuild_build_3.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS CodeBuild Build to retrieve information about + AWS CodeBuild projects'' builds. ID: aws_codebuild_build_3 -Title: "Find completed builds of AWS CodeBuild projects" -Description: "Allows users to query AWS CodeBuild Build to retrieve information about AWS CodeBuild projects'' builds." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - arn, - artifacts, - build_complete - from - aws_codebuild_build - where - build_complete; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n arn,\n artifacts,\n build_complete\nfrom\n \ + \ aws_codebuild_build\nwhere\n build_complete;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeBuild +Title: Find completed builds of AWS CodeBuild projects diff --git a/queries/aws_codebuild_build_4.yaml b/queries/aws_codebuild_build_4.yaml index 0fe44ca0d..b8e54befc 100755 --- a/queries/aws_codebuild_build_4.yaml +++ b/queries/aws_codebuild_build_4.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS CodeBuild Build to retrieve information about + AWS CodeBuild projects'' builds. ID: aws_codebuild_build_4 -Title: "List all AWS CodeBuild projects' builds information" -Description: "Allows users to query AWS CodeBuild Build to retrieve information about AWS CodeBuild projects'' builds." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - arn, - vpc_config ->> 'SecurityGroupIds' as security_group_id, - vpc_config ->> 'Subnets' as subnets, - vpc_config ->> 'VpcId' as vpc_id - from - aws_codebuild_build; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n arn,\n vpc_config ->> 'SecurityGroupIds' as security_group_id,\n\ + \ vpc_config ->> 'Subnets' as subnets,\n vpc_config ->> 'VpcId' as vpc_id\n\ + from\n aws_codebuild_build;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeBuild +Title: List all AWS CodeBuild projects' builds information diff --git a/queries/aws_codebuild_build_5.yaml b/queries/aws_codebuild_build_5.yaml index 7944ca20a..7c3f6e620 100755 --- a/queries/aws_codebuild_build_5.yaml +++ b/queries/aws_codebuild_build_5.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS CodeBuild Build to retrieve information about + AWS CodeBuild projects'' builds. ID: aws_codebuild_build_5 -Title: "Find all AWS CodeBuild Build Project Details" -Description: "Allows users to query AWS CodeBuild Build to retrieve information about AWS CodeBuild projects'' builds." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - arn, - artifacts ->> 'ArtifactIdentifier' as artifact_id, - artifacts ->> 'BucketOwnerAccess' as bucket_owner_access, - artifacts ->> 'EncryptionDisabled' as encryption_disabled, - artifacts ->> 'OverrideArtifactName' as override_artifact_name - from - aws_codebuild_build; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n arn,\n artifacts ->> 'ArtifactIdentifier' as\ + \ artifact_id,\n artifacts ->> 'BucketOwnerAccess' as bucket_owner_access,\n\ + \ artifacts ->> 'EncryptionDisabled' as encryption_disabled,\n artifacts ->>\ + \ 'OverrideArtifactName' as override_artifact_name\nfrom\n aws_codebuild_build;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeBuild +Title: Find all AWS CodeBuild Build Project Details diff --git a/queries/aws_codebuild_build_6.yaml b/queries/aws_codebuild_build_6.yaml index 0cbfe9639..d9677e19c 100755 --- a/queries/aws_codebuild_build_6.yaml +++ b/queries/aws_codebuild_build_6.yaml @@ -1,32 +1,27 @@ +Description: Allows users to query AWS CodeBuild Build to retrieve information about + AWS CodeBuild projects'' builds. ID: aws_codebuild_build_6 -Title: "Find AWS CodeBuild Build Information with SQL" -Description: "Allows users to query AWS CodeBuild Build to retrieve information about AWS CodeBuild projects'' builds." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - environment ->> 'Certificate' as environment_certificate, - environment ->> 'ComputeType' as environment_compute_type, - environment ->> 'EnvironmentVariables' as environment_variables, - environment ->> 'Image' as environment_image, - environment ->> 'ImagePullCredentialsType' as environment_image_pull_credentials_type, - environment ->> 'PrivilegedMode' as environment_privileged_mode, - environment ->> 'RegistryCredential' as environment_registry_credential, - environment ->> 'Type' as environment_type - from - aws_codebuild_build; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n environment ->> 'Certificate' as environment_certificate,\n\ + \ environment ->> 'ComputeType' as environment_compute_type,\n environment ->>\ + \ 'EnvironmentVariables' as environment_variables,\n environment ->> 'Image'\ + \ as environment_image,\n environment ->> 'ImagePullCredentialsType' as environment_image_pull_credentials_type,\n\ + \ environment ->> 'PrivilegedMode' as environment_privileged_mode,\n environment\ + \ ->> 'RegistryCredential' as environment_registry_credential,\n environment\ + \ ->> 'Type' as environment_type\nfrom\n aws_codebuild_build;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS CodeBuild +Title: Find AWS CodeBuild Build Information with SQL diff --git a/queries/aws_codebuild_build_7.yaml b/queries/aws_codebuild_build_7.yaml index e78ad17be..bd3b7d7bd 100755 --- a/queries/aws_codebuild_build_7.yaml +++ b/queries/aws_codebuild_build_7.yaml @@ -1,35 +1,28 @@ +Description: Allows users to query AWS CodeBuild Build to retrieve information about + AWS CodeBuild projects'' builds. ID: aws_codebuild_build_7 -Title: "Find AWS CodeBuild project builds using SQL" -Description: "Allows users to query AWS CodeBuild Build to retrieve information about AWS CodeBuild projects'' builds." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - logs -> 'S3Logs' ->> 'Status' as s3_log_status, - logs -> 'S3Logs' ->> 'Location' as s3_log_location, - logs -> 'S3Logs' ->> 'BucketOwnerAccess' as s3_log_bucket_owner_access, - logs -> 'S3Logs' ->> 'EncryptionDisabled' as s3_log_encryption_disabled, - logs ->> 'DeepLink' as deep_link, - logs ->> 'GroupName' as group_name, - logs ->> 'S3LogsArn' as s3_logs_arn, - logs ->> 'S3DeepLink' as s3_deep_link, - logs ->> 'StreamName' as stream_name, - logs ->> 'CloudWatchLogsArn' as cloud_watch_logs_arn, - logs -> 'CloudWatchLogs' ->> 'Status' as cloud_watch_logs_status, - logs -> 'CloudWatchLogs' ->> 'GroupName' as cloud_watch_logs_group_name, - logs -> 'CloudWatchLogs' ->> 'StreamName' as cloud_watch_logs_stream_name - from - aws_codebuild_build; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n logs -> 'S3Logs' ->> 'Status' as s3_log_status,\n\ + \ logs -> 'S3Logs' ->> 'Location' as s3_log_location,\n logs -> 'S3Logs' ->>\ + \ 'BucketOwnerAccess' as s3_log_bucket_owner_access,\n logs -> 'S3Logs' ->> 'EncryptionDisabled'\ + \ as s3_log_encryption_disabled,\n logs ->> 'DeepLink' as deep_link,\n logs\ + \ ->> 'GroupName' as group_name,\n logs ->> 'S3LogsArn' as s3_logs_arn,\n logs\ + \ ->> 'S3DeepLink' as s3_deep_link,\n logs ->> 'StreamName' as stream_name,\n\ + \ logs ->> 'CloudWatchLogsArn' as cloud_watch_logs_arn,\n logs -> 'CloudWatchLogs'\ + \ ->> 'Status' as cloud_watch_logs_status,\n logs -> 'CloudWatchLogs' ->> 'GroupName'\ + \ as cloud_watch_logs_group_name,\n logs -> 'CloudWatchLogs' ->> 'StreamName'\ + \ as cloud_watch_logs_stream_name\nfrom\n aws_codebuild_build;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeBuild +Title: Find AWS CodeBuild project builds using SQL diff --git a/queries/aws_codebuild_build_8.yaml b/queries/aws_codebuild_build_8.yaml index e596ec28f..e2fba8748 100755 --- a/queries/aws_codebuild_build_8.yaml +++ b/queries/aws_codebuild_build_8.yaml @@ -1,24 +1,21 @@ +Description: Allows users to query AWS CodeBuild Build to retrieve information about + AWS CodeBuild projects'' builds. ID: aws_codebuild_build_8 -Title: "Find all AWS CodeBuild Build Information" -Description: "Allows users to query AWS CodeBuild Build to retrieve information about AWS CodeBuild projects'' builds." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - network_interface ->> 'NetworkInterfaceId' as network_interface_id, - network_interface ->> 'SubnetId' as subnet_id, - from - aws_codebuild_build; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n network_interface ->> 'NetworkInterfaceId' as\ + \ network_interface_id,\n network_interface ->> 'SubnetId' as subnet_id,\nfrom\n\ + \ aws_codebuild_build;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeBuild +Title: Find all AWS CodeBuild Build Information diff --git a/queries/aws_codebuild_build_9.yaml b/queries/aws_codebuild_build_9.yaml index 67bee01eb..80e303a51 100755 --- a/queries/aws_codebuild_build_9.yaml +++ b/queries/aws_codebuild_build_9.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS CodeBuild Build to retrieve information about + AWS CodeBuild projects'' builds. ID: aws_codebuild_build_9 -Title: "List AWS CodeBuild Build Phases and Durations" -Description: "Allows users to query AWS CodeBuild Build to retrieve information about AWS CodeBuild projects'' builds." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - p ->> 'EndTime' as end_time, - p ->> 'Contexts' as contexts, - p ->> 'PhaseType' as phase_type, - p ->> 'StartTime' as start_time, - p ->> 'DurationInSeconds' as duration_in_seconds, - p ->> 'PhaseStatus' as phase_status - from - aws_codebuild_build, - jsonb_array_elements(phases) as p; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n p ->> 'EndTime' as end_time,\n p ->> 'Contexts'\ + \ as contexts,\n p ->> 'PhaseType' as phase_type,\n p ->> 'StartTime' as start_time,\n\ + \ p ->> 'DurationInSeconds' as duration_in_seconds,\n p ->> 'PhaseStatus' as\ + \ phase_status\nfrom\n aws_codebuild_build,\n jsonb_array_elements(phases) as\ + \ p;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeBuild +Title: List AWS CodeBuild Build Phases and Durations diff --git a/queries/aws_codebuild_project_1.yaml b/queries/aws_codebuild_project_1.yaml index e060ecf1a..29e58519d 100755 --- a/queries/aws_codebuild_project_1.yaml +++ b/queries/aws_codebuild_project_1.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS CodeBuild Projects and retrieve comprehensive + information about each project. ID: aws_codebuild_project_1 -Title: "Find AWS CodeBuild Projects with Comprehensive Details" -Description: "Allows users to query AWS CodeBuild Projects and retrieve comprehensive information about each project." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - description, - encryption_key, - concurrent_build_limit, - source_version, - service_role, - created, - last_modified, - region - from - aws_codebuild_project; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n description,\n encryption_key,\n concurrent_build_limit,\n\ + \ source_version,\n service_role,\n created,\n last_modified,\n region\n\ + from\n aws_codebuild_project;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeBuild +Title: Find AWS CodeBuild Projects with Comprehensive Details diff --git a/queries/aws_codebuild_project_2.yaml b/queries/aws_codebuild_project_2.yaml index 53ad1f461..6fa9367e6 100755 --- a/queries/aws_codebuild_project_2.yaml +++ b/queries/aws_codebuild_project_2.yaml @@ -1,33 +1,25 @@ +Description: Allows users to query AWS CodeBuild Projects and retrieve comprehensive + information about each project. ID: aws_codebuild_project_2 -Title: "List all AWS CodeBuild Projects and Details" -Description: "Allows users to query AWS CodeBuild Projects and retrieve comprehensive information about each project." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - source_version, - source ->> 'Auth' as auth, - source ->> 'BuildStatusConfig' as build_status_config, - source ->> 'Buildspec' as build_spec, - source ->> 'GitCloneDepth' as git_clone_depth, - source ->> 'GitSubmodulesConfig' as git_submodules_config, - source ->> 'InsecureSsl' as insecure_ssl, - source ->> 'Location' as location, - source ->> 'ReportBuildStatus' as report_build_status, - source ->> 'SourceIdentifier' as source_identifier, - source ->> 'Type' as type - from - aws_codebuild_project; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n source_version,\n source ->> 'Auth' as auth,\n\ + \ source ->> 'BuildStatusConfig' as build_status_config,\n source ->> 'Buildspec'\ + \ as build_spec,\n source ->> 'GitCloneDepth' as git_clone_depth,\n source ->>\ + \ 'GitSubmodulesConfig' as git_submodules_config,\n source ->> 'InsecureSsl'\ + \ as insecure_ssl,\n source ->> 'Location' as location,\n source ->> 'ReportBuildStatus'\ + \ as report_build_status,\n source ->> 'SourceIdentifier' as source_identifier,\n\ + \ source ->> 'Type' as type\nfrom\n aws_codebuild_project;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeBuild +Title: List all AWS CodeBuild Projects and Details diff --git a/queries/aws_codebuild_project_3.yaml b/queries/aws_codebuild_project_3.yaml index 249c6d463..34378fd49 100755 --- a/queries/aws_codebuild_project_3.yaml +++ b/queries/aws_codebuild_project_3.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS CodeBuild Projects and retrieve comprehensive + information about each project. ID: aws_codebuild_project_3 -Title: "List all AWS CodeBuild Projects and their details" -Description: "Allows users to query AWS CodeBuild Projects and retrieve comprehensive information about each project." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - description, - vpc_config - from - aws_codebuild_project - where - vpc_config is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n description,\n vpc_config\nfrom\n aws_codebuild_project\n\ + where\n vpc_config is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeBuild +Title: List all AWS CodeBuild Projects and their details diff --git a/queries/aws_codebuild_project_4.yaml b/queries/aws_codebuild_project_4.yaml index 88d8e1a7f..220fcc953 100755 --- a/queries/aws_codebuild_project_4.yaml +++ b/queries/aws_codebuild_project_4.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS CodeBuild Projects and retrieve comprehensive + information about each project. ID: aws_codebuild_project_4 -Title: "List all AWS CodeBuild Projects" -Description: "Allows users to query AWS CodeBuild Projects and retrieve comprehensive information about each project." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - description, - logs_config -> 'CloudWatchLogs' ->> 'Status' as cloud_watch_logs_status, - logs_config -> 'S3Logs' ->> 'Status' as s3_logs_status - from - aws_codebuild_project - where - logs_config -> 'CloudWatchLogs' ->> 'Status' = 'DISABLED' - and logs_config -> 'S3Logs' ->> 'Status' = 'DISABLED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n description,\n logs_config -> 'CloudWatchLogs'\ + \ ->> 'Status' as cloud_watch_logs_status,\n logs_config -> 'S3Logs' ->> 'Status'\ + \ as s3_logs_status\nfrom\n aws_codebuild_project\nwhere\n logs_config -> 'CloudWatchLogs'\ + \ ->> 'Status' = 'DISABLED'\n and logs_config -> 'S3Logs' ->> 'Status' = 'DISABLED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeBuild +Title: List all AWS CodeBuild Projects diff --git a/queries/aws_codebuild_project_5.yaml b/queries/aws_codebuild_project_5.yaml index f7c981bf9..3ba94f568 100755 --- a/queries/aws_codebuild_project_5.yaml +++ b/queries/aws_codebuild_project_5.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS CodeBuild Projects and retrieve comprehensive + information about each project. ID: aws_codebuild_project_5 -Title: "List all AWS CodeBuild Projects with Private Visibility" -Description: "Allows users to query AWS CodeBuild Projects and retrieve comprehensive information about each project." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - project_visibility - from - aws_codebuild_project - where - project_visibility = 'PRIVATE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n project_visibility\nfrom\n aws_codebuild_project\n\ + where\n project_visibility = 'PRIVATE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeBuild +Title: List all AWS CodeBuild Projects with Private Visibility diff --git a/queries/aws_codebuild_source_credential_1.yaml b/queries/aws_codebuild_source_credential_1.yaml index 3120a1c0a..d06539344 100755 --- a/queries/aws_codebuild_source_credential_1.yaml +++ b/queries/aws_codebuild_source_credential_1.yaml @@ -1,25 +1,19 @@ +Description: Allows users to query AWS CodeBuild Source Credentials ID: aws_codebuild_source_credential_1 -Title: "Find all AWS CodeBuild Source Credentials" -Description: "Allows users to query AWS CodeBuild Source Credentials" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - server_type, - auth_type, - region - from - aws_codebuild_source_credential; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n server_type,\n auth_type,\n region\nfrom\n\ + \ aws_codebuild_source_credential;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeBuild +Title: Find all AWS CodeBuild Source Credentials diff --git a/queries/aws_codebuild_source_credential_2.yaml b/queries/aws_codebuild_source_credential_2.yaml index 367593ca2..a2992d2c3 100755 --- a/queries/aws_codebuild_source_credential_2.yaml +++ b/queries/aws_codebuild_source_credential_2.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS CodeBuild Source Credentials ID: aws_codebuild_source_credential_2 -Title: "Find all AWS CodeBuild Source Credentials" -Description: "Allows users to query AWS CodeBuild Source Credentials" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - p.arn as project_arn, - p.source ->> 'Location' as source_repository, - p.source ->> 'Type' as source_repository_type, - c.auth_type as authorization_type - from - aws_codebuild_project as p - join aws_codebuild_source_credential as c on (p.region = c.region and p.source ->> 'Type' = c.server_type) - where - p.source ->> 'Type' = 'GITHUB' - and c.auth_type = 'OAUTH'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n p.arn as project_arn,\n p.source ->> 'Location' as source_repository,\ + \ \n p.source ->> 'Type' as source_repository_type,\n c.auth_type as authorization_type\n\ + from\n aws_codebuild_project as p\n join aws_codebuild_source_credential as\ + \ c on (p.region = c.region and p.source ->> 'Type' = c.server_type)\nwhere\n\ + \ p.source ->> 'Type' = 'GITHUB'\n and c.auth_type = 'OAUTH';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeBuild +Title: Find all AWS CodeBuild Source Credentials diff --git a/queries/aws_codecommit_repository_1.yaml b/queries/aws_codecommit_repository_1.yaml index c865d6ae4..f0a3d2bfc 100755 --- a/queries/aws_codecommit_repository_1.yaml +++ b/queries/aws_codecommit_repository_1.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS CodeCommit repositories and retrieve data such + as repository name, ARN, description, clone URL, last modified date, and other related + details. ID: aws_codecommit_repository_1 -Title: "List AWS CodeCommit Repositories with Details" -Description: "Allows users to query AWS CodeCommit repositories and retrieve data such as repository name, ARN, description, clone URL, last modified date, and other related details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - repository_name, - repository_id, - arn, - creation_date, - region - from - aws_codecommit_repository; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n repository_name,\n repository_id,\n arn,\n creation_date,\n\ + \ region\nfrom\n aws_codecommit_repository;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeCommit +Title: List AWS CodeCommit Repositories with Details diff --git a/queries/aws_codedeploy_app_1.yaml b/queries/aws_codedeploy_app_1.yaml index 693f008c8..ab52f7ac6 100755 --- a/queries/aws_codedeploy_app_1.yaml +++ b/queries/aws_codedeploy_app_1.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS CodeDeploy Applications to return detailed + information about each application, including application name, ID, and associated + deployment groups. ID: aws_codedeploy_app_1 -Title: "List AWS CodeDeploy Apps with Details" -Description: "Allows users to query AWS CodeDeploy Applications to return detailed information about each application, including application name, ID, and associated deployment groups." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - application_id, - application_name - compute_platform, - create_time, - region - from - aws_codedeploy_app; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n application_id,\n application_name\n compute_platform,\n\ + \ create_time,\n region\nfrom\n aws_codedeploy_app;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeDeploy +Title: List AWS CodeDeploy Apps with Details diff --git a/queries/aws_codedeploy_app_2.yaml b/queries/aws_codedeploy_app_2.yaml index 562c91c2b..8656d7196 100755 --- a/queries/aws_codedeploy_app_2.yaml +++ b/queries/aws_codedeploy_app_2.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS CodeDeploy Applications to return detailed + information about each application, including application name, ID, and associated + deployment groups. ID: aws_codedeploy_app_2 -Title: "List all AWS CodeDeploy Applications and Deployment Groups" -Description: "Allows users to query AWS CodeDeploy Applications to return detailed information about each application, including application name, ID, and associated deployment groups." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - count(arn) as application_count, - compute_platform - from - aws_codedeploy_app - group by - compute_platform; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n count(arn) as application_count,\n compute_platform\n\ + from\n aws_codedeploy_app\ngroup by\n compute_platform;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeDeploy +Title: List all AWS CodeDeploy Applications and Deployment Groups diff --git a/queries/aws_codedeploy_app_3.yaml b/queries/aws_codedeploy_app_3.yaml index 95907e946..ad1e35480 100755 --- a/queries/aws_codedeploy_app_3.yaml +++ b/queries/aws_codedeploy_app_3.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS CodeDeploy Applications to return detailed + information about each application, including application name, ID, and associated + deployment groups. ID: aws_codedeploy_app_3 -Title: "List all AWS CodeDeploy Apps Linked to GitHub" -Description: "Allows users to query AWS CodeDeploy Applications to return detailed information about each application, including application name, ID, and associated deployment groups." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - application_id, - compute_platform, - create_time, - github_account_name - from - aws_codedeploy_app - where - linked_to_github; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n application_id,\n compute_platform,\n create_time,\n\ + \ github_account_name\nfrom\n aws_codedeploy_app\nwhere\n linked_to_github;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeDeploy +Title: List all AWS CodeDeploy Apps Linked to GitHub diff --git a/queries/aws_codedeploy_deployment_config_1.yaml b/queries/aws_codedeploy_deployment_config_1.yaml index b8f252baa..9974364fd 100755 --- a/queries/aws_codedeploy_deployment_config_1.yaml +++ b/queries/aws_codedeploy_deployment_config_1.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS CodeDeploy Deployment Configurations to retrieve + information about the deployment configurations within AWS CodeDeploy service. ID: aws_codedeploy_deployment_config_1 -Title: "List AWS CodeDeploy Deployment Configs and Details" -Description: "Allows users to query AWS CodeDeploy Deployment Configurations to retrieve information about the deployment configurations within AWS CodeDeploy service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - deployment_config_id, - deployment_config_name, - compute_platform, - create_time, - region - from - aws_codedeploy_deployment_config; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n deployment_config_id,\n deployment_config_name,\n\ + \ compute_platform,\n create_time,\n region\nfrom\n aws_codedeploy_deployment_config;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeDeploy +Title: List AWS CodeDeploy Deployment Configs and Details diff --git a/queries/aws_codedeploy_deployment_config_2.yaml b/queries/aws_codedeploy_deployment_config_2.yaml index 5f2eb1d0c..c16c747f8 100755 --- a/queries/aws_codedeploy_deployment_config_2.yaml +++ b/queries/aws_codedeploy_deployment_config_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS CodeDeploy Deployment Configurations to retrieve + information about the deployment configurations within AWS CodeDeploy service. ID: aws_codedeploy_deployment_config_2 -Title: "List all AWS CodeDeploy Deployment Configurations" -Description: "Allows users to query AWS CodeDeploy Deployment Configurations to retrieve information about the deployment configurations within AWS CodeDeploy service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - count(arn) as configuration_count, - compute_platform - from - aws_codedeploy_deployment_config - group by - compute_platform; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n count(arn) as configuration_count,\n compute_platform\n\ + from\n aws_codedeploy_deployment_config\ngroup by\n compute_platform;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeDeploy +Title: List all AWS CodeDeploy Deployment Configurations diff --git a/queries/aws_codedeploy_deployment_config_3.yaml b/queries/aws_codedeploy_deployment_config_3.yaml index 6751dd81f..f4869cf81 100755 --- a/queries/aws_codedeploy_deployment_config_3.yaml +++ b/queries/aws_codedeploy_deployment_config_3.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query AWS CodeDeploy Deployment Configurations to retrieve + information about the deployment configurations within AWS CodeDeploy service. ID: aws_codedeploy_deployment_config_3 -Title: "List AWS CodeDeploy Deployment Configurations" -Description: "Allows users to query AWS CodeDeploy Deployment Configurations to retrieve information about the deployment configurations within AWS CodeDeploy service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - deployment_config_id, - deployment_config_name - compute_platform, - create_time, - region - from - aws_codedeploy_deployment_config - where - create_time is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n deployment_config_id,\n deployment_config_name\n\ + \ compute_platform,\n create_time,\n region\nfrom\n aws_codedeploy_deployment_config\n\ + where\n create_time is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeDeploy +Title: List AWS CodeDeploy Deployment Configurations diff --git a/queries/aws_codedeploy_deployment_config_4.yaml b/queries/aws_codedeploy_deployment_config_4.yaml index 90b9ae2c9..4a6f20234 100755 --- a/queries/aws_codedeploy_deployment_config_4.yaml +++ b/queries/aws_codedeploy_deployment_config_4.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS CodeDeploy Deployment Configurations to retrieve + information about the deployment configurations within AWS CodeDeploy service. ID: aws_codedeploy_deployment_config_4 -Title: "List all AWS CodeDeploy Deployment Configurations" -Description: "Allows users to query AWS CodeDeploy Deployment Configurations to retrieve information about the deployment configurations within AWS CodeDeploy service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - deployment_config_id, - deployment_config_name - compute_platform, - minimum_healthy_hosts ->> 'Type' as host_type, - minimum_healthy_hosts ->> 'Value' as host_value, - region - from - aws_codedeploy_deployment_config - where - create_time is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n deployment_config_id,\n deployment_config_name\n\ + \ compute_platform,\n minimum_healthy_hosts ->> 'Type' as host_type,\n minimum_healthy_hosts\ + \ ->> 'Value' as host_value,\n region\nfrom\n aws_codedeploy_deployment_config\n\ + where\n create_time is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeDeploy +Title: List all AWS CodeDeploy Deployment Configurations diff --git a/queries/aws_codedeploy_deployment_config_5.yaml b/queries/aws_codedeploy_deployment_config_5.yaml index 16bd73b30..3a110eae2 100755 --- a/queries/aws_codedeploy_deployment_config_5.yaml +++ b/queries/aws_codedeploy_deployment_config_5.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS CodeDeploy Deployment Configurations to retrieve + information about the deployment configurations within AWS CodeDeploy service. ID: aws_codedeploy_deployment_config_5 -Title: "Find AWS CodeDeploy Deployment Configurations" -Description: "Allows users to query AWS CodeDeploy Deployment Configurations to retrieve information about the deployment configurations within AWS CodeDeploy service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - deployment_config_id, - deployment_config_name, - traffic_routing_config -> 'TimeBasedCanary' ->> 'CanaryInterval' as canary_interval, - traffic_routing_config -> 'TimeBasedCanary' ->> 'CanaryPercentage' as canary_percentage - from - aws_codedeploy_deployment_config - where - traffic_routing_config ->> 'Type' = 'TimeBasedCanary'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n deployment_config_id,\n deployment_config_name,\n\ + \ traffic_routing_config -> 'TimeBasedCanary' ->> 'CanaryInterval' as canary_interval,\n\ + \ traffic_routing_config -> 'TimeBasedCanary' ->> 'CanaryPercentage' as canary_percentage\n\ + from\n aws_codedeploy_deployment_config\nwhere\n traffic_routing_config ->>\ + \ 'Type' = 'TimeBasedCanary';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeDeploy +Title: Find AWS CodeDeploy Deployment Configurations diff --git a/queries/aws_codedeploy_deployment_config_6.yaml b/queries/aws_codedeploy_deployment_config_6.yaml index e25de9ad5..5a04fae1f 100755 --- a/queries/aws_codedeploy_deployment_config_6.yaml +++ b/queries/aws_codedeploy_deployment_config_6.yaml @@ -1,30 +1,25 @@ +Description: Allows users to query AWS CodeDeploy Deployment Configurations to retrieve + information about the deployment configurations within AWS CodeDeploy service. ID: aws_codedeploy_deployment_config_6 -Title: "Find AWS CodeDeploy deployment configurations" -Description: "Allows users to query AWS CodeDeploy Deployment Configurations to retrieve information about the deployment configurations within AWS CodeDeploy service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - deployment_config_id, - deployment_config_name, - traffic_routing_config -> 'TimeBasedLinear' ->> 'LinearInterval' as linear_interval, - traffic_routing_config -> 'TimeBasedLinear' ->> 'LinearPercentage' as linear_percentage - from - aws_codedeploy_deployment_config - where - traffic_routing_config ->> 'Type' = 'TimeBasedLinear'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n deployment_config_id,\n deployment_config_name,\n\ + \ traffic_routing_config -> 'TimeBasedLinear' ->> 'LinearInterval' as linear_interval,\n\ + \ traffic_routing_config -> 'TimeBasedLinear' ->> 'LinearPercentage' as linear_percentage\n\ + from\n aws_codedeploy_deployment_config\nwhere\n traffic_routing_config ->>\ + \ 'Type' = 'TimeBasedLinear';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeDeploy +Title: Find AWS CodeDeploy deployment configurations diff --git a/queries/aws_codedeploy_deployment_group_1.yaml b/queries/aws_codedeploy_deployment_group_1.yaml index a04e13bed..5c14f5768 100755 --- a/queries/aws_codedeploy_deployment_group_1.yaml +++ b/queries/aws_codedeploy_deployment_group_1.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS CodeDeploy Deployment Group details including + deployment configurations, target revisions, and associated alarm configurations. ID: aws_codedeploy_deployment_group_1 -Title: "Find AWS CodeDeploy Deployment Group Details" -Description: "Allows users to query AWS CodeDeploy Deployment Group details including deployment configurations, target revisions, and associated alarm configurations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - deployment_group_id, - deployment_group_name, - application_name, - deployment_style, - region - from - aws_codedeploy_deployment_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n deployment_group_id,\n deployment_group_name,\n\ + \ application_name,\n deployment_style,\n region\nfrom\n aws_codedeploy_deployment_group;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS CodeDeploy +Title: Find AWS CodeDeploy Deployment Group Details diff --git a/queries/aws_codedeploy_deployment_group_2.yaml b/queries/aws_codedeploy_deployment_group_2.yaml index ddd45c746..36ba4a58a 100755 --- a/queries/aws_codedeploy_deployment_group_2.yaml +++ b/queries/aws_codedeploy_deployment_group_2.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS CodeDeploy Deployment Group details including + deployment configurations, target revisions, and associated alarm configurations. ID: aws_codedeploy_deployment_group_2 -Title: "List AWS CodeDeploy Deployment Group Details and Configurations" -Description: "Allows users to query AWS CodeDeploy Deployment Group details including deployment configurations, target revisions, and associated alarm configurations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - count(arn) as group_count, - compute_platform - from - aws_codedeploy_deployment_group - group by - compute_platform; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n count(arn) as group_count,\n compute_platform\nfrom\n\ + \ aws_codedeploy_deployment_group\ngroup by\n compute_platform;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeDeploy +Title: List AWS CodeDeploy Deployment Group Details and Configurations diff --git a/queries/aws_codedeploy_deployment_group_3.yaml b/queries/aws_codedeploy_deployment_group_3.yaml index 9a3113d81..c33d6c813 100755 --- a/queries/aws_codedeploy_deployment_group_3.yaml +++ b/queries/aws_codedeploy_deployment_group_3.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query AWS CodeDeploy Deployment Group details including + deployment configurations, target revisions, and associated alarm configurations. ID: aws_codedeploy_deployment_group_3 -Title: "Find AWS CodeDeploy Deployment Group Details" -Description: "Allows users to query AWS CodeDeploy Deployment Group details including deployment configurations, target revisions, and associated alarm configurations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - deployment_group_id, - last_successful_deployment - from - aws_codedeploy_deployment_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n deployment_group_id,\n last_successful_deployment\n\ + from\n aws_codedeploy_deployment_group;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeDeploy +Title: Find AWS CodeDeploy Deployment Group Details diff --git a/queries/aws_codedeploy_deployment_group_4.yaml b/queries/aws_codedeploy_deployment_group_4.yaml index 699a5799a..7b7d2296b 100755 --- a/queries/aws_codedeploy_deployment_group_4.yaml +++ b/queries/aws_codedeploy_deployment_group_4.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS CodeDeploy Deployment Group details including + deployment configurations, target revisions, and associated alarm configurations. ID: aws_codedeploy_deployment_group_4 -Title: "List all AWS CodeDeploy Deployment Group Details" -Description: "Allows users to query AWS CodeDeploy Deployment Group details including deployment configurations, target revisions, and associated alarm configurations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - count(arn) as group_count, - deployment_style - from - aws_codedeploy_deployment_group - group by - deployment_style; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n count(arn) as group_count,\n deployment_style\nfrom\n\ + \ aws_codedeploy_deployment_group\ngroup by\n deployment_style;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeDeploy +Title: List all AWS CodeDeploy Deployment Group Details diff --git a/queries/aws_codedeploy_deployment_group_5.yaml b/queries/aws_codedeploy_deployment_group_5.yaml index a5b796ec2..c99edfd73 100755 --- a/queries/aws_codedeploy_deployment_group_5.yaml +++ b/queries/aws_codedeploy_deployment_group_5.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS CodeDeploy Deployment Group details including + deployment configurations, target revisions, and associated alarm configurations. ID: aws_codedeploy_deployment_group_5 -Title: "Find AWS CodeDeploy Deployment Group Details including Alarms" -Description: "Allows users to query AWS CodeDeploy Deployment Group details including deployment configurations, target revisions, and associated alarm configurations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - deployment_group_id, - deployment_group_name, - auto_rollback_configuration ->> 'Enabled' as auto_rollback_configuration_enabled - from - aws_codedeploy_deployment_group - where - auto_rollback_configuration ->> 'Enabled' = 'true'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n deployment_group_id,\n deployment_group_name,\n\ + \ auto_rollback_configuration ->> 'Enabled' as auto_rollback_configuration_enabled\n\ + from\n aws_codedeploy_deployment_group\nwhere\n auto_rollback_configuration\ + \ ->> 'Enabled' = 'true';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeDeploy +Title: Find AWS CodeDeploy Deployment Group Details including Alarms diff --git a/queries/aws_codedeploy_deployment_group_6.yaml b/queries/aws_codedeploy_deployment_group_6.yaml index 49716759b..5d1298cb7 100755 --- a/queries/aws_codedeploy_deployment_group_6.yaml +++ b/queries/aws_codedeploy_deployment_group_6.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS CodeDeploy Deployment Group details including + deployment configurations, target revisions, and associated alarm configurations. ID: aws_codedeploy_deployment_group_6 -Title: "Find AWS CodeDeploy Deployment Group Details" -Description: "Allows users to query AWS CodeDeploy Deployment Group details including deployment configurations, target revisions, and associated alarm configurations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn as group_arn, - deployment_group_id, - deployment_group_name, - auto_scaling_groups ->> 'Hook' as auto_scaling_group_hook, - auto_scaling_groups ->> 'Name' as auto_scaling_group_name - from - aws_codedeploy_deployment_group - where - application_name = 'abc' - and deployment_group_name = 'def'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn as group_arn,\n deployment_group_id,\n deployment_group_name,\n\ + \ auto_scaling_groups ->> 'Hook' as auto_scaling_group_hook,\n auto_scaling_groups\ + \ ->> 'Name' as auto_scaling_group_name\nfrom\n aws_codedeploy_deployment_group\n\ + where\n application_name = 'abc'\n and deployment_group_name = 'def';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeDeploy +Title: Find AWS CodeDeploy Deployment Group Details diff --git a/queries/aws_codedeploy_deployment_group_7.yaml b/queries/aws_codedeploy_deployment_group_7.yaml index 1036ffa01..4707ae55b 100755 --- a/queries/aws_codedeploy_deployment_group_7.yaml +++ b/queries/aws_codedeploy_deployment_group_7.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS CodeDeploy Deployment Group details including + deployment configurations, target revisions, and associated alarm configurations. ID: aws_codedeploy_deployment_group_7 -Title: "Find AWS CodeDeploy Deployment Groups with Alarm Configs" -Description: "Allows users to query AWS CodeDeploy Deployment Group details including deployment configurations, target revisions, and associated alarm configurations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - deployment_group_id, - deployment_group_name, - alarm_configuration ->> 'Enabled' as alarm_configuration_enabled - from - aws_codedeploy_deployment_group - where - alarm_configuration ->> 'Enabled' = 'true'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n deployment_group_id,\n deployment_group_name,\n\ + \ alarm_configuration ->> 'Enabled' as alarm_configuration_enabled\nfrom\n aws_codedeploy_deployment_group\n\ + where\n alarm_configuration ->> 'Enabled' = 'true';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeDeploy +Title: Find AWS CodeDeploy Deployment Groups with Alarm Configs diff --git a/queries/aws_codepipeline_pipeline_1.yaml b/queries/aws_codepipeline_pipeline_1.yaml index 35c1a81dc..83354f904 100755 --- a/queries/aws_codepipeline_pipeline_1.yaml +++ b/queries/aws_codepipeline_pipeline_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS CodePipeline Pipeline data, including pipeline + names, statuses, stages, and associated metadata. ID: aws_codepipeline_pipeline_1 -Title: "List all AWS CodePipeline Pipeline Data" -Description: "Allows users to query AWS CodePipeline Pipeline data, including pipeline names, statuses, stages, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - tags_src, - region, - account_id - from - aws_codepipeline_pipeline; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n tags_src,\n region,\n account_id\n\ + from\n aws_codepipeline_pipeline;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodePipeline +Title: List all AWS CodePipeline Pipeline Data diff --git a/queries/aws_codepipeline_pipeline_2.yaml b/queries/aws_codepipeline_pipeline_2.yaml index 32f830c70..149efb663 100755 --- a/queries/aws_codepipeline_pipeline_2.yaml +++ b/queries/aws_codepipeline_pipeline_2.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS CodePipeline Pipeline data, including pipeline + names, statuses, stages, and associated metadata. ID: aws_codepipeline_pipeline_2 -Title: "List all AWS CodePipeline Pipelines and Metadata" -Description: "Allows users to query AWS CodePipeline Pipeline data, including pipeline names, statuses, stages, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - encryption_key - from - aws_codepipeline_pipeline - where - encryption_key is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n encryption_key\nfrom\n aws_codepipeline_pipeline\n\ + where\n encryption_key is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS CodePipeline +Title: List all AWS CodePipeline Pipelines and Metadata diff --git a/queries/aws_codestar_notification_rule_1.yaml b/queries/aws_codestar_notification_rule_1.yaml index 2988a9364..66afd1180 100755 --- a/queries/aws_codestar_notification_rule_1.yaml +++ b/queries/aws_codestar_notification_rule_1.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query CodeStar notification rules in the AWS Developer + Tools to retrieve information about notification rules. ID: aws_codestar_notification_rule_1 -Title: "Find all CodeStar notification rules in AWS using SQL" -Description: "Allows users to query CodeStar notification rules in the AWS Developer Tools to retrieve information about notification rules." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - resource, - detail_type, - status - from - aws_codestar_notification_rule; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n resource,\n detail_type,\n status\nfrom\n\ + \ aws_codestar_notification_rule;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeStar +Title: Find all CodeStar notification rules in AWS using SQL diff --git a/queries/aws_codestar_notification_rule_2.yaml b/queries/aws_codestar_notification_rule_2.yaml index 9f9ced62d..40545d784 100755 --- a/queries/aws_codestar_notification_rule_2.yaml +++ b/queries/aws_codestar_notification_rule_2.yaml @@ -1,25 +1,22 @@ +Description: Allows users to query CodeStar notification rules in the AWS Developer + Tools to retrieve information about notification rules. ID: aws_codestar_notification_rule_2 -Title: "Find AWS CodeStar notification rules using SQL" -Description: "Allows users to query CodeStar notification rules in the AWS Developer Tools to retrieve information about notification rules." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - pipeline.name as pipeline, - notification_rule.name notification_rule, - notification_rule.status - from - aws_codepipeline_pipeline as pipeline - left join aws_codestar_notification_rule as notification_rule on pipeline.arn = notification_rule.resource; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n pipeline.name as pipeline,\n notification_rule.name\ + \ notification_rule,\n notification_rule.status\nfrom\n aws_codepipeline_pipeline\ + \ as pipeline\n left join aws_codestar_notification_rule as notification_rule\ + \ on pipeline.arn = notification_rule.resource;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeStar +Title: Find AWS CodeStar notification rules using SQL diff --git a/queries/aws_codestar_notification_rule_3.yaml b/queries/aws_codestar_notification_rule_3.yaml index daceea6a3..9f2883808 100755 --- a/queries/aws_codestar_notification_rule_3.yaml +++ b/queries/aws_codestar_notification_rule_3.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query CodeStar notification rules in the AWS Developer + Tools to retrieve information about notification rules. ID: aws_codestar_notification_rule_3 -Title: "List all AWS CodeStar notification rules with no targets" -Description: "Allows users to query CodeStar notification rules in the AWS Developer Tools to retrieve information about notification rules." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name - from - aws_codestar_notification_rule - where - jsonb_array_length(targets) = 0; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name\nfrom\n aws_codestar_notification_rule\nwhere\n\ + \ jsonb_array_length(targets) = 0;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeStar +Title: List all AWS CodeStar notification rules with no targets diff --git a/queries/aws_codestar_notification_rule_4.yaml b/queries/aws_codestar_notification_rule_4.yaml index d14783c2a..b8859fdcc 100755 --- a/queries/aws_codestar_notification_rule_4.yaml +++ b/queries/aws_codestar_notification_rule_4.yaml @@ -1,28 +1,25 @@ +Description: Allows users to query CodeStar notification rules in the AWS Developer + Tools to retrieve information about notification rules. ID: aws_codestar_notification_rule_4 -Title: "List all AWS CodeStar Notification Rules with Target Details" -Description: "Allows users to query CodeStar notification rules in the AWS Developer Tools to retrieve information about notification rules." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - notification_rule.name as notification_rule, - target ->> 'TargetType' as target_type, - topic.title as target_topic - from - aws_codestar_notification_rule as notification_rule cross - join jsonb_array_elements(notification_rule.targets) as target - left join aws_sns_topic as topic on target ->> 'TargetAddress' = topic.topic_arn; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n notification_rule.name as notification_rule,\n target\ + \ ->> 'TargetType' as target_type,\n topic.title as target_topic\nfrom\n aws_codestar_notification_rule\ + \ as notification_rule cross\n join jsonb_array_elements(notification_rule.targets)\ + \ as target\n left join aws_sns_topic as topic on target ->> 'TargetAddress'\ + \ = topic.topic_arn;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeStar +Title: List all AWS CodeStar Notification Rules with Target Details diff --git a/queries/aws_codestar_notification_rule_5.yaml b/queries/aws_codestar_notification_rule_5.yaml index d3ead873e..491ba5905 100755 --- a/queries/aws_codestar_notification_rule_5.yaml +++ b/queries/aws_codestar_notification_rule_5.yaml @@ -1,38 +1,28 @@ +Description: Allows users to query CodeStar notification rules in the AWS Developer + Tools to retrieve information about notification rules. ID: aws_codestar_notification_rule_5 -Title: "List AWS CodeStar Notification Rules with Targets" -Description: "Allows users to query CodeStar notification rules in the AWS Developer Tools to retrieve information about notification rules." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - with rule_target as ( - select - arn, - target ->> 'TargetAddress' as target_address, - target ->> 'TargetStatus' as target_status, - target ->> 'TargetType' as target_type - from - aws_codestar_notification_rule cross - join jsonb_array_elements(targets) as target - ) - select - notification_rule.name as notification_rule, - rule_target.target_type, - topic.title as target_topic - from - aws_codestar_notification_rule as notification_rule - left join rule_target on rule_target.arn = notification_rule.arn - left join aws_sns_topic as topic on rule_target.target_address = topic.topic_arn; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "with rule_target as (\n select\n arn,\n target ->> 'TargetAddress'\ + \ as target_address,\n target ->> 'TargetStatus' as target_status,\n target\ + \ ->> 'TargetType' as target_type\n from\n aws_codestar_notification_rule\ + \ cross\n join jsonb_array_elements(targets) as target\n)\nselect\n notification_rule.name\ + \ as notification_rule,\n rule_target.target_type,\n topic.title as target_topic\n\ + from\n aws_codestar_notification_rule as notification_rule\n left join rule_target\ + \ on rule_target.arn = notification_rule.arn\n left join aws_sns_topic as topic\ + \ on rule_target.target_address = topic.topic_arn;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CodeStar +Title: List AWS CodeStar Notification Rules with Targets diff --git a/queries/aws_cognito_identity_pool_1.yaml b/queries/aws_cognito_identity_pool_1.yaml index 81abcf19c..fbb82cd64 100755 --- a/queries/aws_cognito_identity_pool_1.yaml +++ b/queries/aws_cognito_identity_pool_1.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS Cognito Identity Pools and retrieve detailed + information about each identity pool, including its configuration and associated + roles. ID: aws_cognito_identity_pool_1 -Title: "List AWS Cognito Identity Pools with Config and Roles" -Description: "Allows users to query AWS Cognito Identity Pools and retrieve detailed information about each identity pool, including its configuration and associated roles." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - identity_pool_id, - identity_pool_name, - tags, - region, - account_id - from - aws_cognito_identity_pool; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n identity_pool_id,\n identity_pool_name,\n tags,\n \ + \ region,\n account_id\nfrom\n aws_cognito_identity_pool;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cognito +Title: List AWS Cognito Identity Pools with Config and Roles diff --git a/queries/aws_cognito_identity_pool_2.yaml b/queries/aws_cognito_identity_pool_2.yaml index 22aca55ad..dd9dd4faa 100755 --- a/queries/aws_cognito_identity_pool_2.yaml +++ b/queries/aws_cognito_identity_pool_2.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS Cognito Identity Pools and retrieve detailed + information about each identity pool, including its configuration and associated + roles. ID: aws_cognito_identity_pool_2 -Title: "List AWS Cognito Identity Pools and Their Configurations" -Description: "Allows users to query AWS Cognito Identity Pools and retrieve detailed information about each identity pool, including its configuration and associated roles." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - identity_pool_id, - identity_pool_name, - allow_classic_flow - from - aws_cognito_identity_pool - where - allow_classic_flow; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n identity_pool_id,\n identity_pool_name,\n allow_classic_flow\n\ + from\n aws_cognito_identity_pool\nwhere\n allow_classic_flow;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cognito +Title: List AWS Cognito Identity Pools and Their Configurations diff --git a/queries/aws_cognito_identity_pool_3.yaml b/queries/aws_cognito_identity_pool_3.yaml index 38b7fea0d..edd878729 100755 --- a/queries/aws_cognito_identity_pool_3.yaml +++ b/queries/aws_cognito_identity_pool_3.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS Cognito Identity Pools and retrieve detailed + information about each identity pool, including its configuration and associated + roles. ID: aws_cognito_identity_pool_3 -Title: "List AWS Cognito Identity Pools and Configurations" -Description: "Allows users to query AWS Cognito Identity Pools and retrieve detailed information about each identity pool, including its configuration and associated roles." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - identity_pool_id, - identity_pool_name, - allow_classic_flow - from - aws_cognito_identity_pool - where - allow_unauthenticated_identities; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n identity_pool_id,\n identity_pool_name,\n allow_classic_flow\n\ + from\n aws_cognito_identity_pool\nwhere\n allow_unauthenticated_identities;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cognito Identity Pools +Title: List AWS Cognito Identity Pools and Configurations diff --git a/queries/aws_cognito_identity_pool_4.yaml b/queries/aws_cognito_identity_pool_4.yaml index 5d369a86a..cb171ac97 100755 --- a/queries/aws_cognito_identity_pool_4.yaml +++ b/queries/aws_cognito_identity_pool_4.yaml @@ -1,31 +1,26 @@ +Description: Allows users to query AWS Cognito Identity Pools and retrieve detailed + information about each identity pool, including its configuration and associated + roles. ID: aws_cognito_identity_pool_4 -Title: "List all AWS Cognito Identity Pools with Detailed Info" -Description: "Allows users to query AWS Cognito Identity Pools and retrieve detailed information about each identity pool, including its configuration and associated roles." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - identity_pool_id, - identity_pool_name, - allow_classic_flow, - cognito_identity_providers ->> 'ClientId' as identity_provider_client_id, - cognito_identity_providers ->> 'ProviderName' as identity_provider_name, - cognito_identity_providers ->> 'ServerSideTokenCheck' as server_side_token_enabled - from - aws_cognito_identity_pool - where - identity_pool_id = 'eu-west-3:e96205bf-1ef2-4fe6-a748-65e948673960'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n identity_pool_id,\n identity_pool_name,\n allow_classic_flow,\n\ + \ cognito_identity_providers ->> 'ClientId' as identity_provider_client_id,\n\ + \ cognito_identity_providers ->> 'ProviderName' as identity_provider_name,\n\ + \ cognito_identity_providers ->> 'ServerSideTokenCheck' as server_side_token_enabled\n\ + from\n aws_cognito_identity_pool\nwhere\n identity_pool_id = 'eu-west-3:e96205bf-1ef2-4fe6-a748-65e948673960';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cognito Identity Pools +Title: List all AWS Cognito Identity Pools with Detailed Info diff --git a/queries/aws_cognito_identity_provider_1.yaml b/queries/aws_cognito_identity_provider_1.yaml index f0a040ac7..3498e1a11 100755 --- a/queries/aws_cognito_identity_provider_1.yaml +++ b/queries/aws_cognito_identity_provider_1.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Cognito Identity Providers, providing essential + details about the identity provider configurations within AWS Cognito User Pools. ID: aws_cognito_identity_provider_1 -Title: "Find AWS Cognito Identity Provider Configurations" -Description: "Allows users to query AWS Cognito Identity Providers, providing essential details about the identity provider configurations within AWS Cognito User Pools." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - provider_name, - user_pool_id, - region, - account_id - from - aws_cognito_identity_provider - where - user_pool_id = 'us-east-1_012345678'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n provider_name,\n user_pool_id,\n region,\n account_id\n\ + from\n aws_cognito_identity_provider\nwhere\n user_pool_id = 'us-east-1_012345678';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cognito +Title: Find AWS Cognito Identity Provider Configurations diff --git a/queries/aws_cognito_identity_provider_2.yaml b/queries/aws_cognito_identity_provider_2.yaml index b0fb77744..c8d9f348a 100755 --- a/queries/aws_cognito_identity_provider_2.yaml +++ b/queries/aws_cognito_identity_provider_2.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS Cognito Identity Providers, providing essential + details about the identity provider configurations within AWS Cognito User Pools. ID: aws_cognito_identity_provider_2 -Title: "Find AWS Cognito Identity Providers Using SQL" -Description: "Allows users to query AWS Cognito Identity Providers, providing essential details about the identity provider configurations within AWS Cognito User Pools." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - provider_name, - user_pool_id, - provider_details - from - aws_cognito_identity_provider - where - provider_type = 'Google' - and user_pool_id = 'us-east-1_012345678'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n provider_name,\n user_pool_id,\n provider_details\n\ + from\n aws_cognito_identity_provider\nwhere\n provider_type = 'Google'\n and\ + \ user_pool_id = 'us-east-1_012345678';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Cognito +Title: Find AWS Cognito Identity Providers Using SQL diff --git a/queries/aws_cognito_user_pool_1.yaml b/queries/aws_cognito_user_pool_1.yaml index e36aece09..e54d22ffa 100755 --- a/queries/aws_cognito_user_pool_1.yaml +++ b/queries/aws_cognito_user_pool_1.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Cognito User Pools to fetch detailed information + about each user pool, including the pool''s configuration, status, and associated + metadata. ID: aws_cognito_user_pool_1 -Title: "Find AWS Cognito User Pools and their configuration" -Description: "Allows users to query AWS Cognito User Pools to fetch detailed information about each user pool, including the pool''s configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - name, - arn, - tags, - region, - account_id - from - aws_cognito_user_pool; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n name,\n arn,\n tags,\n region,\n account_id\n\ + from\n aws_cognito_user_pool;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Cognito User Pools +Title: Find AWS Cognito User Pools and their configuration diff --git a/queries/aws_cognito_user_pool_2.yaml b/queries/aws_cognito_user_pool_2.yaml index f04fda858..7da1f6457 100755 --- a/queries/aws_cognito_user_pool_2.yaml +++ b/queries/aws_cognito_user_pool_2.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS Cognito User Pools to fetch detailed information + about each user pool, including the pool''s configuration, status, and associated + metadata. ID: aws_cognito_user_pool_2 -Title: "List All AWS Cognito User Pools with MFA Configuration" -Description: "Allows users to query AWS Cognito User Pools to fetch detailed information about each user pool, including the pool''s configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - mfa_configuration - from - aws_cognito_user_pool - where - mfa_configuration != 'OFF'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n mfa_configuration\nfrom\n aws_cognito_user_pool\n\ + where\n mfa_configuration != 'OFF';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cognito +Title: List All AWS Cognito User Pools with MFA Configuration diff --git a/queries/aws_config_aggregate_authorization_1.yaml b/queries/aws_config_aggregate_authorization_1.yaml index 8847f1586..8fc6c49a5 100755 --- a/queries/aws_config_aggregate_authorization_1.yaml +++ b/queries/aws_config_aggregate_authorization_1.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS Config Aggregate Authorizations, providing + vital information about AWS Config rules and their respective authorizations in + an aggregated form. ID: aws_config_aggregate_authorization_1 -Title: "Find AWS Config Aggregate Authorizations Info" -Description: "Allows users to query AWS Config Aggregate Authorizations, providing vital information about AWS Config rules and their respective authorizations in an aggregated form." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - authorized_account_id, - authorized_aws_region, - creation_time - from - aws_config_aggregate_authorization; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n authorized_account_id,\n authorized_aws_region,\n\ + \ creation_time\nfrom\n aws_config_aggregate_authorization;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Config +Title: Find AWS Config Aggregate Authorizations Info diff --git a/queries/aws_config_configuration_recorder_1.yaml b/queries/aws_config_configuration_recorder_1.yaml index bf9e0dba4..ace696e3e 100755 --- a/queries/aws_config_configuration_recorder_1.yaml +++ b/queries/aws_config_configuration_recorder_1.yaml @@ -1,28 +1,19 @@ +Description: Allows users to query AWS Config Configuration Recorder ID: aws_config_configuration_recorder_1 -Title: "Find AWS Config Configuration Recorder using SQL" -Description: "Allows users to query AWS Config Configuration Recorder" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - role_arn, - status, - recording_group, - status_recording, - akas, - title - from - aws_config_configuration_recorder; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n role_arn,\n status,\n recording_group,\n \ + \ status_recording,\n akas,\n title\nfrom\n aws_config_configuration_recorder;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Config Configuration Recorder +Title: Find AWS Config Configuration Recorder using SQL diff --git a/queries/aws_config_configuration_recorder_2.yaml b/queries/aws_config_configuration_recorder_2.yaml index 6336db0df..e1a1fa85e 100755 --- a/queries/aws_config_configuration_recorder_2.yaml +++ b/queries/aws_config_configuration_recorder_2.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query AWS Config Configuration Recorder ID: aws_config_configuration_recorder_2 -Title: "Find AWS Config Configuration Recorder Status" -Description: "Allows users to query AWS Config Configuration Recorder" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - role_arn, - status_recording, - title - from - aws_config_configuration_recorder - where - not status_recording; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n role_arn,\n status_recording,\n title\nfrom\n\ + \ aws_config_configuration_recorder\nwhere\n not status_recording;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Config +Title: Find AWS Config Configuration Recorder Status diff --git a/queries/aws_config_configuration_recorder_3.yaml b/queries/aws_config_configuration_recorder_3.yaml index f158236ab..e98d6e838 100755 --- a/queries/aws_config_configuration_recorder_3.yaml +++ b/queries/aws_config_configuration_recorder_3.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Config Configuration Recorder ID: aws_config_configuration_recorder_3 -Title: "Find all AWS Config Configuration Recorder using SQL" -Description: "Allows users to query AWS Config Configuration Recorder" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - status ->> 'LastStatus' as last_status, - status ->> 'LastStatusChangeTime' as last_status_change_time, - status ->> 'LastErrorCode' as last_error_code, - status ->> 'LastErrorMessage' as last_error_message - from - aws_config_configuration_recorder - where - status ->> 'LastStatus' = 'FAILURE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n status ->> 'LastStatus' as last_status,\n status\ + \ ->> 'LastStatusChangeTime' as last_status_change_time,\n status ->> 'LastErrorCode'\ + \ as last_error_code,\n status ->> 'LastErrorMessage' as last_error_message\n\ + from\n aws_config_configuration_recorder\nwhere\n status ->> 'LastStatus' =\ + \ 'FAILURE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Config +Title: Find all AWS Config Configuration Recorder using SQL diff --git a/queries/aws_config_conformance_pack_1.yaml b/queries/aws_config_conformance_pack_1.yaml index d2e3eb264..e0214885c 100755 --- a/queries/aws_config_conformance_pack_1.yaml +++ b/queries/aws_config_conformance_pack_1.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS Config Conformance Packs to fetch information + about the AWS Config conformance packs deployed on an AWS account. ID: aws_config_conformance_pack_1 -Title: "List all AWS Config Conformance Packs" -Description: "Allows users to query AWS Config Conformance Packs to fetch information about the AWS Config conformance packs deployed on an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - conformance_pack_id, - created_by, - last_update_requested_time, - title, - akas - from - aws_config_conformance_pack; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n conformance_pack_id,\n created_by,\n last_update_requested_time,\n\ + \ title,\n akas\nfrom\n aws_config_conformance_pack;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Config +Title: List all AWS Config Conformance Packs diff --git a/queries/aws_config_conformance_pack_2.yaml b/queries/aws_config_conformance_pack_2.yaml index fa1ab8f11..8eacda2e2 100755 --- a/queries/aws_config_conformance_pack_2.yaml +++ b/queries/aws_config_conformance_pack_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Config Conformance Packs to fetch information + about the AWS Config conformance packs deployed on an AWS account. ID: aws_config_conformance_pack_2 -Title: "List all AWS Config Conformance Packs Info" -Description: "Allows users to query AWS Config Conformance Packs to fetch information about the AWS Config conformance packs deployed on an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - conformance_pack_id, - delivery_s3_bucket, - delivery_s3_key_prefix - from - aws_config_conformance_pack; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n conformance_pack_id,\n delivery_s3_bucket,\n\ + \ delivery_s3_key_prefix\nfrom\n aws_config_conformance_pack;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Config +Title: List all AWS Config Conformance Packs Info diff --git a/queries/aws_config_conformance_pack_3.yaml b/queries/aws_config_conformance_pack_3.yaml index 05987a513..86f59f453 100755 --- a/queries/aws_config_conformance_pack_3.yaml +++ b/queries/aws_config_conformance_pack_3.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Config Conformance Packs to fetch information + about the AWS Config conformance packs deployed on an AWS account. ID: aws_config_conformance_pack_3 -Title: "Find all AWS Config Conformance Packs and Parameters" -Description: "Allows users to query AWS Config Conformance Packs to fetch information about the AWS Config conformance packs deployed on an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - inp ->> 'ParameterName' as parameter_name, - inp ->> 'ParameterValue' as parameter_value, - title, - akas - from - aws_config_conformance_pack, - jsonb_array_elements(input_parameters) as inp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n inp ->> 'ParameterName' as parameter_name,\n\ + \ inp ->> 'ParameterValue' as parameter_value,\n title,\n akas\nfrom\n aws_config_conformance_pack,\n\ + \ jsonb_array_elements(input_parameters) as inp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Config +Title: Find all AWS Config Conformance Packs and Parameters diff --git a/queries/aws_config_retention_configuration_1.yaml b/queries/aws_config_retention_configuration_1.yaml index ac7546f2c..88bfc4886 100755 --- a/queries/aws_config_retention_configuration_1.yaml +++ b/queries/aws_config_retention_configuration_1.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Config Retention Configuration for information + about the retention period that AWS Config uses to retain your configuration items. ID: aws_config_retention_configuration_1 -Title: "List AWS Config Retention Configuration Details" -Description: "Allows users to query AWS Config Retention Configuration for information about the retention period that AWS Config uses to retain your configuration items." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - retention_period_in_days, - title, - region - from - aws_config_retention_configuration; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n retention_period_in_days,\n title,\n region\n\ + from\n aws_config_retention_configuration;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Config +Title: List AWS Config Retention Configuration Details diff --git a/queries/aws_config_retention_configuration_2.yaml b/queries/aws_config_retention_configuration_2.yaml index 24734f277..161b67bd8 100755 --- a/queries/aws_config_retention_configuration_2.yaml +++ b/queries/aws_config_retention_configuration_2.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Config Retention Configuration for information + about the retention period that AWS Config uses to retain your configuration items. ID: aws_config_retention_configuration_2 -Title: "Find AWS Config Retention Configuration Details" -Description: "Allows users to query AWS Config Retention Configuration for information about the retention period that AWS Config uses to retain your configuration items." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - retention_period_in_days, - title - from - aws_config_retention_configuration - where - retention_period_in_days < 356; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n retention_period_in_days,\n title\nfrom\n \ + \ aws_config_retention_configuration\nwhere\n retention_period_in_days < 356;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Config +Title: Find AWS Config Retention Configuration Details diff --git a/queries/aws_config_retention_configuration_3.yaml b/queries/aws_config_retention_configuration_3.yaml index 32cec67e6..ee7f6a6e1 100755 --- a/queries/aws_config_retention_configuration_3.yaml +++ b/queries/aws_config_retention_configuration_3.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS Config Retention Configuration for information + about the retention period that AWS Config uses to retain your configuration items. ID: aws_config_retention_configuration_3 -Title: "Find AWS Config Retention Configuration Retention Period" -Description: "Allows users to query AWS Config Retention Configuration for information about the retention period that AWS Config uses to retain your configuration items." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - retention_period_in_days, - title, - region - from - aws_config_retention_configuration - where - region = 'us-east-1'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n retention_period_in_days,\n title,\n region\n\ + from\n aws_config_retention_configuration\nwhere\n region = 'us-east-1';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Config +Title: Find AWS Config Retention Configuration Retention Period diff --git a/queries/aws_config_retention_configuration_4.yaml b/queries/aws_config_retention_configuration_4.yaml index be8106577..a8527073c 100755 --- a/queries/aws_config_retention_configuration_4.yaml +++ b/queries/aws_config_retention_configuration_4.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS Config Retention Configuration for information + about the retention period that AWS Config uses to retain your configuration items. ID: aws_config_retention_configuration_4 -Title: "Find AWS Config Retention Configuration Using SQL" -Description: "Allows users to query AWS Config Retention Configuration for information about the retention period that AWS Config uses to retain your configuration items." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - c.title as configuration_recorder, - r.name as retention_configuration_name, - r.retention_period_in_days, - r.region - from - aws_config_retention_configuration as r - left join aws_config_configuration_recorder as c - on - r.region = c.region; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n c.title as configuration_recorder,\n r.name as retention_configuration_name,\n\ + \ r.retention_period_in_days,\n r.region\nfrom\n aws_config_retention_configuration\ + \ as r\n left join aws_config_configuration_recorder as c\non\n r.region = c.region;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Config +Title: Find AWS Config Retention Configuration Using SQL diff --git a/queries/aws_config_rule_1.yaml b/queries/aws_config_rule_1.yaml index 58fbee4c6..1c8d0a601 100755 --- a/queries/aws_config_rule_1.yaml +++ b/queries/aws_config_rule_1.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query Config Rules in AWS Config service. It provides + information about each Config Rule, including its name, ARN, description, scope, + and compliance status. ID: aws_config_rule_1 -Title: "List all AWS Config Rules with Details" -Description: "Allows users to query Config Rules in AWS Config service. It provides information about each Config Rule, including its name, ARN, description, scope, and compliance status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - rule_id, - arn, - rule_state, - created_by, - scope - from - aws_config_rule; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n rule_id,\n arn,\n rule_state,\n created_by,\n\ + \ scope\nfrom\n aws_config_rule;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Config +Title: List all AWS Config Rules with Details diff --git a/queries/aws_config_rule_2.yaml b/queries/aws_config_rule_2.yaml index 7c44c4120..e77aa0bb7 100755 --- a/queries/aws_config_rule_2.yaml +++ b/queries/aws_config_rule_2.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query Config Rules in AWS Config service. It provides + information about each Config Rule, including its name, ARN, description, scope, + and compliance status. ID: aws_config_rule_2 -Title: "Find AWS Config Rules with Inactive Rule State" -Description: "Allows users to query Config Rules in AWS Config service. It provides information about each Config Rule, including its name, ARN, description, scope, and compliance status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - rule_id, - arn, - rule_state - from - aws_config_rule - where - rule_state <> 'ACTIVE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n rule_id,\n arn,\n rule_state\nfrom\n aws_config_rule\n\ + where\n rule_state <> 'ACTIVE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Config +Title: Find AWS Config Rules with Inactive Rule State diff --git a/queries/aws_config_rule_3.yaml b/queries/aws_config_rule_3.yaml index 906f058a8..de863222d 100755 --- a/queries/aws_config_rule_3.yaml +++ b/queries/aws_config_rule_3.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query Config Rules in AWS Config service. It provides + information about each Config Rule, including its name, ARN, description, scope, + and compliance status. ID: aws_config_rule_3 -Title: "Find AWS Config Rules for S3 Buckets by Name" -Description: "Allows users to query Config Rules in AWS Config service. It provides information about each Config Rule, including its name, ARN, description, scope, and compliance status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - rule_id, - tags - from - aws_config_rule - where - name Like '%s3-bucket%'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n rule_id,\n tags\nfrom\n aws_config_rule\n\ + where\n name Like '%s3-bucket%';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Config +Title: Find AWS Config Rules for S3 Buckets by Name diff --git a/queries/aws_config_rule_4.yaml b/queries/aws_config_rule_4.yaml index a4960ca5c..116bb4b90 100755 --- a/queries/aws_config_rule_4.yaml +++ b/queries/aws_config_rule_4.yaml @@ -1,26 +1,23 @@ +Description: Allows users to query Config Rules in AWS Config service. It provides + information about each Config Rule, including its name, ARN, description, scope, + and compliance status. ID: aws_config_rule_4 -Title: "Find AWS Config Rule Info Including Compliance Status" -Description: "Allows users to query Config Rules in AWS Config service. It provides information about each Config Rule, including its name, ARN, description, scope, and compliance status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - jsonb_pretty(compliance_by_config_rule) as compliance_info - from - aws_config_rule - where - name = 'approved-amis-by-id'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n jsonb_pretty(compliance_by_config_rule) as compliance_info\n\ + from\n aws_config_rule\nwhere\n name = 'approved-amis-by-id';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Config +Title: Find AWS Config Rule Info Including Compliance Status diff --git a/queries/aws_config_rule_5.yaml b/queries/aws_config_rule_5.yaml index e3bb5e002..56db163ac 100755 --- a/queries/aws_config_rule_5.yaml +++ b/queries/aws_config_rule_5.yaml @@ -1,26 +1,24 @@ +Description: Allows users to query Config Rules in AWS Config service. It provides + information about each Config Rule, including its name, ARN, description, scope, + and compliance status. ID: aws_config_rule_5 -Title: "Find Config Rules in AWS with Compliance Status" -Description: "Allows users to query Config Rules in AWS Config service. It provides information about each Config Rule, including its name, ARN, description, scope, and compliance status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name as config_rule_name, - compliance_status -> 'Compliance' -> 'ComplianceType' as compliance_type - from - aws_config_rule, - jsonb_array_elements(compliance_by_config_rule) as compliance_status; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name as config_rule_name,\n compliance_status -> 'Compliance'\ + \ -> 'ComplianceType' as compliance_type\nfrom\n aws_config_rule,\n jsonb_array_elements(compliance_by_config_rule)\ + \ as compliance_status;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Config +Title: Find Config Rules in AWS with Compliance Status diff --git a/queries/aws_config_rule_6.yaml b/queries/aws_config_rule_6.yaml index 73dd53291..7702019c3 100755 --- a/queries/aws_config_rule_6.yaml +++ b/queries/aws_config_rule_6.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query Config Rules in AWS Config service. It provides + information about each Config Rule, including its name, ARN, description, scope, + and compliance status. ID: aws_config_rule_6 -Title: "List all AWS Config Rules with Proactive Evaluation Mode" -Description: "Allows users to query Config Rules in AWS Config service. It provides information about each Config Rule, including its name, ARN, description, scope, and compliance status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name as config_rule_name, - c ->> 'Mode' as evaluation_mode - from - aws_config_rule, - jsonb_array_elements(evaluation_modes) as c - where - c ->> 'Mode' = 'PROACTIVE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name as config_rule_name,\n c ->> 'Mode' as evaluation_mode\n\ + from\n aws_config_rule,\n jsonb_array_elements(evaluation_modes) as c\nwhere\n\ + \ c ->> 'Mode' = 'PROACTIVE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Config Rules +Title: List all AWS Config Rules with Proactive Evaluation Mode diff --git a/queries/aws_cost_by_account_daily_1.yaml b/queries/aws_cost_by_account_daily_1.yaml index 9f2b9cb38..3d8b36d4c 100755 --- a/queries/aws_cost_by_account_daily_1.yaml +++ b/queries/aws_cost_by_account_daily_1.yaml @@ -1,33 +1,24 @@ +Description: Allows users to query daily AWS costs by account. This table provides + an overview of AWS usage and cost data for each AWS account on a daily basis. ID: aws_cost_by_account_daily_1 -Title: "Find AWS Cost and Usage By Account Daily" -Description: "Allows users to query daily AWS costs by account. This table provides an overview of AWS usage and cost data for each AWS account on a daily basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - linked_account_id, - period_start, - blended_cost_amount::numeric::money, - unblended_cost_amount::numeric::money, - amortized_cost_amount::numeric::money, - net_unblended_cost_amount::numeric::money, - net_amortized_cost_amount::numeric::money - from - aws_cost_by_account_daily - order by - linked_account_id, - period_start; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n linked_account_id,\n period_start,\n blended_cost_amount::numeric::money,\n\ + \ unblended_cost_amount::numeric::money,\n amortized_cost_amount::numeric::money,\n\ + \ net_unblended_cost_amount::numeric::money,\n net_amortized_cost_amount::numeric::money\n\ + from \n aws_cost_by_account_daily\norder by\n linked_account_id,\n period_start;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cost Explorer +Title: Find AWS Cost and Usage By Account Daily diff --git a/queries/aws_cost_by_account_daily_2.yaml b/queries/aws_cost_by_account_daily_2.yaml index 8d48ed3fd..ed1912865 100755 --- a/queries/aws_cost_by_account_daily_2.yaml +++ b/queries/aws_cost_by_account_daily_2.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query daily AWS costs by account. This table provides + an overview of AWS usage and cost data for each AWS account on a daily basis. ID: aws_cost_by_account_daily_2 -Title: "List AWS Daily Costs by Account Overview with SQL" -Description: "Allows users to query daily AWS costs by account. This table provides an overview of AWS usage and cost data for each AWS account on a daily basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - linked_account_id, - min(unblended_cost_amount)::numeric::money as min, - max(unblended_cost_amount)::numeric::money as max, - avg(unblended_cost_amount)::numeric::money as average - from - aws_cost_by_account_daily - group by - linked_account_id - order by - linked_account_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n linked_account_id,\n min(unblended_cost_amount)::numeric::money\ + \ as min,\n max(unblended_cost_amount)::numeric::money as max,\n avg(unblended_cost_amount)::numeric::money\ + \ as average\nfrom \n aws_cost_by_account_daily\ngroup by\n linked_account_id\n\ + order by\n linked_account_id;" Tags: cloud_finops: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Cost Explorer +Title: List AWS Daily Costs by Account Overview with SQL diff --git a/queries/aws_cost_by_account_daily_3.yaml b/queries/aws_cost_by_account_daily_3.yaml index 816db5bee..3003ad7e4 100755 --- a/queries/aws_cost_by_account_daily_3.yaml +++ b/queries/aws_cost_by_account_daily_3.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query daily AWS costs by account. This table provides + an overview of AWS usage and cost data for each AWS account on a daily basis. ID: aws_cost_by_account_daily_3 -Title: "Find Daily AWS Costs by Account" -Description: "Allows users to query daily AWS costs by account. This table provides an overview of AWS usage and cost data for each AWS account on a daily basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - with ranked_costs as ( - select - linked_account_id, - period_start, - unblended_cost_amount::numeric::money, - rank() over(partition by linked_account_id order by unblended_cost_amount desc) - from - aws_cost_by_account_daily - ) - select * from ranked_costs where rank <= 10; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "with ranked_costs as (\n select\n linked_account_id,\n period_start,\n\ + \ unblended_cost_amount::numeric::money,\n rank() over(partition by linked_account_id\ + \ order by unblended_cost_amount desc)\n from \n aws_cost_by_account_daily\n\ + )\nselect * from ranked_costs where rank <= 10;" Tags: cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cost Explorer +Title: Find Daily AWS Costs by Account diff --git a/queries/aws_cost_by_account_monthly_1.yaml b/queries/aws_cost_by_account_monthly_1.yaml index 7c7da0236..00137ba32 100755 --- a/queries/aws_cost_by_account_monthly_1.yaml +++ b/queries/aws_cost_by_account_monthly_1.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query monthly AWS costs per account. It provides cost + details for each AWS account, allowing users to monitor and manage their AWS spending. ID: aws_cost_by_account_monthly_1 -Title: "List AWS Monthly Costs Per Account Using AWS Cost Explorer" -Description: "Allows users to query monthly AWS costs per account. It provides cost details for each AWS account, allowing users to monitor and manage their AWS spending." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - linked_account_id, - period_start, - blended_cost_amount::numeric::money, - unblended_cost_amount::numeric::money, - amortized_cost_amount::numeric::money, - net_unblended_cost_amount::numeric::money, - net_amortized_cost_amount::numeric::money - from - aws_cost_by_account_monthly - order by - linked_account_id, - period_start; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n linked_account_id,\n period_start,\n blended_cost_amount::numeric::money,\n\ + \ unblended_cost_amount::numeric::money,\n amortized_cost_amount::numeric::money,\n\ + \ net_unblended_cost_amount::numeric::money,\n net_amortized_cost_amount::numeric::money\n\ + from \n aws_cost_by_account_monthly\norder by\n linked_account_id,\n period_start;" Tags: cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Cost Explorer +Title: List AWS Monthly Costs Per Account Using AWS Cost Explorer diff --git a/queries/aws_cost_by_account_monthly_2.yaml b/queries/aws_cost_by_account_monthly_2.yaml index b558182c1..21fcdae71 100755 --- a/queries/aws_cost_by_account_monthly_2.yaml +++ b/queries/aws_cost_by_account_monthly_2.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query monthly AWS costs per account. It provides cost + details for each AWS account, allowing users to monitor and manage their AWS spending. ID: aws_cost_by_account_monthly_2 -Title: "Find Monthly AWS Costs Per Account" -Description: "Allows users to query monthly AWS costs per account. It provides cost details for each AWS account, allowing users to monitor and manage their AWS spending." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - linked_account_id, - min(unblended_cost_amount)::numeric::money as min, - max(unblended_cost_amount)::numeric::money as max, - avg(unblended_cost_amount)::numeric::money as average - from - aws_cost_by_account_monthly - group by - linked_account_id - order by - linked_account_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n linked_account_id,\n min(unblended_cost_amount)::numeric::money\ + \ as min,\n max(unblended_cost_amount)::numeric::money as max,\n avg(unblended_cost_amount)::numeric::money\ + \ as average\nfrom \n aws_cost_by_account_monthly\ngroup by\n linked_account_id\n\ + order by\n linked_account_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cost Explorer +Title: Find Monthly AWS Costs Per Account diff --git a/queries/aws_cost_by_account_monthly_3.yaml b/queries/aws_cost_by_account_monthly_3.yaml index 1e5bd2ad9..a7354ae5f 100755 --- a/queries/aws_cost_by_account_monthly_3.yaml +++ b/queries/aws_cost_by_account_monthly_3.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query monthly AWS costs per account. It provides cost + details for each AWS account, allowing users to monitor and manage their AWS spending. ID: aws_cost_by_account_monthly_3 -Title: "List all Monthly AWS Costs Per Account" -Description: "Allows users to query monthly AWS costs per account. It provides cost details for each AWS account, allowing users to monitor and manage their AWS spending." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - linked_account_id, - period_start, - unblended_cost_amount::numeric::money, - rank() over(partition by linked_account_id order by unblended_cost_amount desc) - from - aws_cost_by_account_monthly; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n linked_account_id,\n period_start,\n unblended_cost_amount::numeric::money,\n\ + \ rank() over(partition by linked_account_id order by unblended_cost_amount desc)\n\ + from \n aws_cost_by_account_monthly;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cost Explorer Service +Title: List all Monthly AWS Costs Per Account diff --git a/queries/aws_cost_by_account_monthly_4.yaml b/queries/aws_cost_by_account_monthly_4.yaml index 1abb85bc0..d4d00bd12 100755 --- a/queries/aws_cost_by_account_monthly_4.yaml +++ b/queries/aws_cost_by_account_monthly_4.yaml @@ -1,40 +1,27 @@ +Description: Allows users to query monthly AWS costs per account. It provides cost + details for each AWS account, allowing users to monitor and manage their AWS spending. ID: aws_cost_by_account_monthly_4 -Title: "Find AWS Monthly Cost Per Account for Management" -Description: "Allows users to query monthly AWS costs per account. It provides cost details for each AWS account, allowing users to monitor and manage their AWS spending." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - with cost_data as ( - select - linked_account_id, - period_start, - unblended_cost_amount as this_month, - lag(unblended_cost_amount,-1) over(partition by linked_account_id order by period_start desc) as previous_month - from - aws_cost_by_account_monthly - ) - select - linked_account_id, - period_start, - this_month::numeric::money, - previous_month::numeric::money, - round((100 * ( (this_month - previous_month) / previous_month))::numeric, 2) as percent_change - from - cost_data - order by - linked_account_id, - period_start; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "with cost_data as (\n select\n linked_account_id,\n period_start,\n\ + \ unblended_cost_amount as this_month,\n lag(unblended_cost_amount,-1) over(partition\ + \ by linked_account_id order by period_start desc) as previous_month\n from \n\ + \ aws_cost_by_account_monthly\n)\nselect\n linked_account_id,\n period_start,\n\ + \ this_month::numeric::money,\n previous_month::numeric::money,\n round((100\ + \ * ( (this_month - previous_month) / previous_month))::numeric, 2) as percent_change\n\ + from\n cost_data\norder by\n linked_account_id,\n period_start;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cost Explorer +Title: Find AWS Monthly Cost Per Account for Management diff --git a/queries/aws_cost_by_record_type_daily_1.yaml b/queries/aws_cost_by_record_type_daily_1.yaml index 5475316fa..b8c411359 100755 --- a/queries/aws_cost_by_record_type_daily_1.yaml +++ b/queries/aws_cost_by_record_type_daily_1.yaml @@ -1,34 +1,25 @@ +Description: Allows users to query daily AWS cost data by record type. This table + provides information about AWS costs incurred per record type on a daily basis. ID: aws_cost_by_record_type_daily_1 -Title: "List Daily AWS Cost Data by Record Type" -Description: "Allows users to query daily AWS cost data by record type. This table provides information about AWS costs incurred per record type on a daily basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - linked_account_id, - record_type, - period_start, - blended_cost_amount::numeric::money, - unblended_cost_amount::numeric::money, - amortized_cost_amount::numeric::money, - net_unblended_cost_amount::numeric::money, - net_amortized_cost_amount::numeric::money - from - aws_cost_by_record_type_daily - order by - linked_account_id, - period_start; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n linked_account_id,\n record_type,\n period_start,\n\ + \ blended_cost_amount::numeric::money,\n unblended_cost_amount::numeric::money,\n\ + \ amortized_cost_amount::numeric::money,\n net_unblended_cost_amount::numeric::money,\n\ + \ net_amortized_cost_amount::numeric::money\nfrom \n aws_cost_by_record_type_daily\n\ + order by\n linked_account_id,\n period_start;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Cost and Usage Report +Title: List Daily AWS Cost Data by Record Type diff --git a/queries/aws_cost_by_record_type_daily_2.yaml b/queries/aws_cost_by_record_type_daily_2.yaml index 61599000f..86a5257f2 100755 --- a/queries/aws_cost_by_record_type_daily_2.yaml +++ b/queries/aws_cost_by_record_type_daily_2.yaml @@ -1,33 +1,24 @@ +Description: Allows users to query daily AWS cost data by record type. This table + provides information about AWS costs incurred per record type on a daily basis. ID: aws_cost_by_record_type_daily_2 -Title: "List all AWS costs by record type on a daily basis" -Description: "Allows users to query daily AWS cost data by record type. This table provides information about AWS costs incurred per record type on a daily basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - linked_account_id, - record_type, - min(unblended_cost_amount)::numeric::money as min, - max(unblended_cost_amount)::numeric::money as max, - avg(unblended_cost_amount)::numeric::money as average - from - aws_cost_by_record_type_daily - group by - linked_account_id, - record_type - order by - linked_account_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n linked_account_id,\n record_type,\n min(unblended_cost_amount)::numeric::money\ + \ as min,\n max(unblended_cost_amount)::numeric::money as max,\n avg(unblended_cost_amount)::numeric::money\ + \ as average\nfrom \n aws_cost_by_record_type_daily\ngroup by\n linked_account_id,\n\ + \ record_type\norder by\n linked_account_id;" Tags: cloud_finops: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cost and Usage Report +Title: List all AWS costs by record type on a daily basis diff --git a/queries/aws_cost_by_record_type_daily_3.yaml b/queries/aws_cost_by_record_type_daily_3.yaml index 5f6aac779..11831f95d 100755 --- a/queries/aws_cost_by_record_type_daily_3.yaml +++ b/queries/aws_cost_by_record_type_daily_3.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query daily AWS cost data by record type. This table + provides information about AWS costs incurred per record type on a daily basis. ID: aws_cost_by_record_type_daily_3 -Title: "List All Daily AWS Costs by Record Type" -Description: "Allows users to query daily AWS cost data by record type. This table provides information about AWS costs incurred per record type on a daily basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - with ranked_costs as ( - select - linked_account_id, - record_type, - period_start, - unblended_cost_amount::numeric::money, - rank() over(partition by linked_account_id, record_type order by unblended_cost_amount desc) - from - aws_cost_by_record_type_daily - ) - select * from ranked_costs where rank <= 10; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "with ranked_costs as (\n select\n linked_account_id,\n record_type,\n\ + \ period_start,\n unblended_cost_amount::numeric::money,\n rank() over(partition\ + \ by linked_account_id, record_type order by unblended_cost_amount desc)\n from\ + \ \n aws_cost_by_record_type_daily\n)\nselect * from ranked_costs where rank\ + \ <= 10;" Tags: cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cost and Usage Report +Title: List All Daily AWS Costs by Record Type diff --git a/queries/aws_cost_by_record_type_monthly_1.yaml b/queries/aws_cost_by_record_type_monthly_1.yaml index a8c833e0d..cd3f4ea87 100755 --- a/queries/aws_cost_by_record_type_monthly_1.yaml +++ b/queries/aws_cost_by_record_type_monthly_1.yaml @@ -1,34 +1,25 @@ +Description: Allows users to query AWS Cost and Usage Report Records on a monthly + basis. ID: aws_cost_by_record_type_monthly_1 -Title: "Find AWS Cost and Usage Report Records Monthly" -Description: "Allows users to query AWS Cost and Usage Report Records on a monthly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - linked_account_id, - record_type, - period_start, - blended_cost_amount::numeric::money, - unblended_cost_amount::numeric::money, - amortized_cost_amount::numeric::money, - net_unblended_cost_amount::numeric::money, - net_amortized_cost_amount::numeric::money - from - aws_cost_by_record_type_monthly - order by - linked_account_id, - period_start; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n linked_account_id,\n record_type,\n period_start,\n\ + \ blended_cost_amount::numeric::money,\n unblended_cost_amount::numeric::money,\n\ + \ amortized_cost_amount::numeric::money,\n net_unblended_cost_amount::numeric::money,\n\ + \ net_amortized_cost_amount::numeric::money\nfrom \n aws_cost_by_record_type_monthly\n\ + order by\n linked_account_id,\n period_start;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cost and Usage Report +Title: Find AWS Cost and Usage Report Records Monthly diff --git a/queries/aws_cost_by_record_type_monthly_2.yaml b/queries/aws_cost_by_record_type_monthly_2.yaml index 505ede410..6094e23cc 100755 --- a/queries/aws_cost_by_record_type_monthly_2.yaml +++ b/queries/aws_cost_by_record_type_monthly_2.yaml @@ -1,33 +1,24 @@ +Description: Allows users to query AWS Cost and Usage Report Records on a monthly + basis. ID: aws_cost_by_record_type_monthly_2 -Title: "Find AWS Monthly Cost and Usage Report Records" -Description: "Allows users to query AWS Cost and Usage Report Records on a monthly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - linked_account_id, - record_type, - min(unblended_cost_amount)::numeric::money as min, - max(unblended_cost_amount)::numeric::money as max, - avg(unblended_cost_amount)::numeric::money as average - from - aws_cost_by_record_type_monthly - group by - linked_account_id, - record_type - order by - linked_account_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n linked_account_id,\n record_type,\n min(unblended_cost_amount)::numeric::money\ + \ as min,\n max(unblended_cost_amount)::numeric::money as max,\n avg(unblended_cost_amount)::numeric::money\ + \ as average\nfrom \n aws_cost_by_record_type_monthly\ngroup by\n linked_account_id,\n\ + \ record_type\norder by\n linked_account_id;" Tags: cloud_finops: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cost and Usage Report +Title: Find AWS Monthly Cost and Usage Report Records diff --git a/queries/aws_cost_by_record_type_monthly_3.yaml b/queries/aws_cost_by_record_type_monthly_3.yaml index 32e371379..b2d6d9ce2 100755 --- a/queries/aws_cost_by_record_type_monthly_3.yaml +++ b/queries/aws_cost_by_record_type_monthly_3.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS Cost and Usage Report Records on a monthly + basis. ID: aws_cost_by_record_type_monthly_3 -Title: "List AWS Cost and Usage Report Records Monthly" -Description: "Allows users to query AWS Cost and Usage Report Records on a monthly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - linked_account_id, - record_type, - period_start, - unblended_cost_amount::numeric::money, - rank() over(partition by linked_account_id, record_type order by unblended_cost_amount desc) - from - aws_cost_by_record_type_monthly; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n linked_account_id,\n record_type,\n period_start,\n\ + \ unblended_cost_amount::numeric::money,\n rank() over(partition by linked_account_id,\ + \ record_type order by unblended_cost_amount desc)\nfrom \n aws_cost_by_record_type_monthly;" Tags: cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cost and Usage Report +Title: List AWS Cost and Usage Report Records Monthly diff --git a/queries/aws_cost_by_service_daily_1.yaml b/queries/aws_cost_by_service_daily_1.yaml index 0947167ab..1b3f480e4 100755 --- a/queries/aws_cost_by_service_daily_1.yaml +++ b/queries/aws_cost_by_service_daily_1.yaml @@ -1,35 +1,26 @@ +Description: Allows users to query AWS Cost Explorer to retrieve daily cost breakdown + by AWS service. ID: aws_cost_by_service_daily_1 -Title: "List all Daily AWS Costs by Service" -Description: "Allows users to query AWS Cost Explorer to retrieve daily cost breakdown by AWS service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service, - period_start, - blended_cost_amount::numeric::money, - unblended_cost_amount::numeric::money, - amortized_cost_amount::numeric::money, - net_unblended_cost_amount::numeric::money, - net_amortized_cost_amount::numeric::money - from - aws_cost_by_service_daily - order by - service, - period_start; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service,\n period_start,\n blended_cost_amount::numeric::money,\n\ + \ unblended_cost_amount::numeric::money,\n amortized_cost_amount::numeric::money,\n\ + \ net_unblended_cost_amount::numeric::money,\n net_amortized_cost_amount::numeric::money\n\ + from \n aws_cost_by_service_daily\norder by\n service,\n period_start;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cost Explorer +Title: List all Daily AWS Costs by Service diff --git a/queries/aws_cost_by_service_daily_2.yaml b/queries/aws_cost_by_service_daily_2.yaml index 76a36b5e3..67e3a8746 100755 --- a/queries/aws_cost_by_service_daily_2.yaml +++ b/queries/aws_cost_by_service_daily_2.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS Cost Explorer to retrieve daily cost breakdown + by AWS service. ID: aws_cost_by_service_daily_2 -Title: "List AWS Cost Explorer Daily Service Cost Breakdown" -Description: "Allows users to query AWS Cost Explorer to retrieve daily cost breakdown by AWS service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service, - min(unblended_cost_amount)::numeric::money as min, - max(unblended_cost_amount)::numeric::money as max, - avg(unblended_cost_amount)::numeric::money as average - from - aws_cost_by_service_daily - group by - service - order by - service; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service,\n min(unblended_cost_amount)::numeric::money\ + \ as min,\n max(unblended_cost_amount)::numeric::money as max,\n avg(unblended_cost_amount)::numeric::money\ + \ as average\nfrom \n aws_cost_by_service_daily\ngroup by\n service\norder by\n\ + \ service;" Tags: cloud_finops: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Cost Explorer +Title: List AWS Cost Explorer Daily Service Cost Breakdown diff --git a/queries/aws_cost_by_service_daily_3.yaml b/queries/aws_cost_by_service_daily_3.yaml index 8fb24e022..c5a05b163 100755 --- a/queries/aws_cost_by_service_daily_3.yaml +++ b/queries/aws_cost_by_service_daily_3.yaml @@ -1,33 +1,25 @@ +Description: Allows users to query AWS Cost Explorer to retrieve daily cost breakdown + by AWS service. ID: aws_cost_by_service_daily_3 -Title: "Find daily cost breakdown by AWS service" -Description: "Allows users to query AWS Cost Explorer to retrieve daily cost breakdown by AWS service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service, - sum(unblended_cost_amount)::numeric::money as sum, - avg(unblended_cost_amount)::numeric::money as average - from - aws_cost_by_service_daily - group by - service - order by - average desc - limit 10; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service,\n sum(unblended_cost_amount)::numeric::money\ + \ as sum,\n avg(unblended_cost_amount)::numeric::money as average\nfrom \n aws_cost_by_service_daily\n\ + group by\n service\norder by\n average desc\nlimit 10;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Cost Explorer +Title: Find daily cost breakdown by AWS service diff --git a/queries/aws_cost_by_service_daily_4.yaml b/queries/aws_cost_by_service_daily_4.yaml index b34a308ed..e8883bac0 100755 --- a/queries/aws_cost_by_service_daily_4.yaml +++ b/queries/aws_cost_by_service_daily_4.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS Cost Explorer to retrieve daily cost breakdown + by AWS service. ID: aws_cost_by_service_daily_4 -Title: "List all AWS Cost Breakdown by Service" -Description: "Allows users to query AWS Cost Explorer to retrieve daily cost breakdown by AWS service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service, - sum(unblended_cost_amount)::numeric::money as sum, - avg(unblended_cost_amount)::numeric::money as average - from - aws_cost_by_service_daily - group by - service - order by - sum desc - limit 10; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service,\n sum(unblended_cost_amount)::numeric::money\ + \ as sum,\n avg(unblended_cost_amount)::numeric::money as average\nfrom \n aws_cost_by_service_daily\n\ + group by\n service\norder by\n sum desc\nlimit 10;" Tags: cloud_finops: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cost Explorer +Title: List all AWS Cost Breakdown by Service diff --git a/queries/aws_cost_by_service_daily_5.yaml b/queries/aws_cost_by_service_daily_5.yaml index 7502fb40e..0e95516c4 100755 --- a/queries/aws_cost_by_service_daily_5.yaml +++ b/queries/aws_cost_by_service_daily_5.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS Cost Explorer to retrieve daily cost breakdown + by AWS service. ID: aws_cost_by_service_daily_5 -Title: "Find Top 10 AWS Daily Costs by Service" -Description: "Allows users to query AWS Cost Explorer to retrieve daily cost breakdown by AWS service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - with ranked_costs as ( - select - service, - period_start, - unblended_cost_amount::numeric::money, - rank() over(partition by service order by unblended_cost_amount desc) - from - aws_cost_by_service_daily - ) - select * from ranked_costs where rank <= 10; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "with ranked_costs as (\n select\n service,\n period_start,\n\ + \ unblended_cost_amount::numeric::money,\n rank() over(partition by service\ + \ order by unblended_cost_amount desc)\n from \n aws_cost_by_service_daily\n\ + )\nselect * from ranked_costs where rank <= 10;" Tags: cloud_finops: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cost Explorer +Title: Find Top 10 AWS Daily Costs by Service diff --git a/queries/aws_cost_by_service_monthly_1.yaml b/queries/aws_cost_by_service_monthly_1.yaml index 7ffc5f257..547fd4a52 100755 --- a/queries/aws_cost_by_service_monthly_1.yaml +++ b/queries/aws_cost_by_service_monthly_1.yaml @@ -1,33 +1,25 @@ +Description: Allows users to query AWS Cost Explorer Service for monthly cost breakdown + by service. This table provides details such as the service name, the cost associated + with it, and the currency code. ID: aws_cost_by_service_monthly_1 -Title: "List AWS monthly cost breakdown by service" -Description: "Allows users to query AWS Cost Explorer Service for monthly cost breakdown by service. This table provides details such as the service name, the cost associated with it, and the currency code." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service, - period_start, - blended_cost_amount::numeric::money, - unblended_cost_amount::numeric::money, - amortized_cost_amount::numeric::money, - net_unblended_cost_amount::numeric::money, - net_amortized_cost_amount::numeric::money - from - aws_cost_by_service_monthly - order by - service, - period_start; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service,\n period_start,\n blended_cost_amount::numeric::money,\n\ + \ unblended_cost_amount::numeric::money,\n amortized_cost_amount::numeric::money,\n\ + \ net_unblended_cost_amount::numeric::money,\n net_amortized_cost_amount::numeric::money\n\ + from \n aws_cost_by_service_monthly\norder by\n service,\n period_start;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Cost Explorer Service +Title: List AWS monthly cost breakdown by service diff --git a/queries/aws_cost_by_service_monthly_2.yaml b/queries/aws_cost_by_service_monthly_2.yaml index e2a5fd65e..816e6154f 100755 --- a/queries/aws_cost_by_service_monthly_2.yaml +++ b/queries/aws_cost_by_service_monthly_2.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Cost Explorer Service for monthly cost breakdown + by service. This table provides details such as the service name, the cost associated + with it, and the currency code. ID: aws_cost_by_service_monthly_2 -Title: "List AWS Monthly Cost Breakdown by Service" -Description: "Allows users to query AWS Cost Explorer Service for monthly cost breakdown by service. This table provides details such as the service name, the cost associated with it, and the currency code." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service, - min(unblended_cost_amount)::numeric::money as min, - max(unblended_cost_amount)::numeric::money as max, - avg(unblended_cost_amount)::numeric::money as average - from - aws_cost_by_service_monthly - group by - service - order by - service; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service,\n min(unblended_cost_amount)::numeric::money\ + \ as min,\n max(unblended_cost_amount)::numeric::money as max,\n avg(unblended_cost_amount)::numeric::money\ + \ as average\nfrom \n aws_cost_by_service_monthly\ngroup by\n service\norder\ + \ by\n service;" Tags: cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Cost Explorer +Title: List AWS Monthly Cost Breakdown by Service diff --git a/queries/aws_cost_by_service_monthly_3.yaml b/queries/aws_cost_by_service_monthly_3.yaml index 5e195d04c..a57572581 100755 --- a/queries/aws_cost_by_service_monthly_3.yaml +++ b/queries/aws_cost_by_service_monthly_3.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS Cost Explorer Service for monthly cost breakdown + by service. This table provides details such as the service name, the cost associated + with it, and the currency code. ID: aws_cost_by_service_monthly_3 -Title: "Find AWS Monthly Cost Breakdown by Service" -Description: "Allows users to query AWS Cost Explorer Service for monthly cost breakdown by service. This table provides details such as the service name, the cost associated with it, and the currency code." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service, - sum(unblended_cost_amount)::numeric::money as sum, - avg(unblended_cost_amount)::numeric::money as average - from - aws_cost_by_service_monthly - group by - service - order by - average desc - limit 10; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service,\n sum(unblended_cost_amount)::numeric::money\ + \ as sum,\n avg(unblended_cost_amount)::numeric::money as average\nfrom \n aws_cost_by_service_monthly\n\ + group by\n service\norder by\n average desc\nlimit 10;" Tags: cloud_finops: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Cost Explorer Service +Title: Find AWS Monthly Cost Breakdown by Service diff --git a/queries/aws_cost_by_service_monthly_4.yaml b/queries/aws_cost_by_service_monthly_4.yaml index a8600680d..dd457721a 100755 --- a/queries/aws_cost_by_service_monthly_4.yaml +++ b/queries/aws_cost_by_service_monthly_4.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Cost Explorer Service for monthly cost breakdown + by service. This table provides details such as the service name, the cost associated + with it, and the currency code. ID: aws_cost_by_service_monthly_4 -Title: "List all AWS monthly cost breakdown by service" -Description: "Allows users to query AWS Cost Explorer Service for monthly cost breakdown by service. This table provides details such as the service name, the cost associated with it, and the currency code." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service, - sum(unblended_cost_amount)::numeric::money as sum, - avg(unblended_cost_amount)::numeric::money as average - from - aws_cost_by_service_monthly - group by - service - order by - sum desc - limit 10; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service,\n sum(unblended_cost_amount)::numeric::money\ + \ as sum,\n avg(unblended_cost_amount)::numeric::money as average\nfrom \n aws_cost_by_service_monthly\n\ + group by\n service\norder by\n sum desc\nlimit 10;" Tags: cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cost Explorer +Title: List all AWS monthly cost breakdown by service diff --git a/queries/aws_cost_by_service_monthly_5.yaml b/queries/aws_cost_by_service_monthly_5.yaml index c32250e92..09fcaebb0 100755 --- a/queries/aws_cost_by_service_monthly_5.yaml +++ b/queries/aws_cost_by_service_monthly_5.yaml @@ -1,32 +1,27 @@ +Description: Allows users to query AWS Cost Explorer Service for monthly cost breakdown + by service. This table provides details such as the service name, the cost associated + with it, and the currency code. ID: aws_cost_by_service_monthly_5 -Title: "List all AWS monthly cost breakdowns by service" -Description: "Allows users to query AWS Cost Explorer Service for monthly cost breakdown by service. This table provides details such as the service name, the cost associated with it, and the currency code." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - with ranked_costs as ( - select - service, - period_start, - unblended_cost_amount::numeric::money, - rank() over(partition by service order by unblended_cost_amount desc) - from - aws_cost_by_service_monthly - ) - select * from ranked_costs where rank = 1; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "with ranked_costs as (\n select\n service,\n period_start,\n\ + \ unblended_cost_amount::numeric::money,\n rank() over(partition by service\ + \ order by unblended_cost_amount desc)\n from \n aws_cost_by_service_monthly\n\ + )\nselect * from ranked_costs where rank = 1;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cost Explorer +Title: List all AWS monthly cost breakdowns by service diff --git a/queries/aws_cost_by_service_monthly_6.yaml b/queries/aws_cost_by_service_monthly_6.yaml index 2aa509637..f7695d8ef 100755 --- a/queries/aws_cost_by_service_monthly_6.yaml +++ b/queries/aws_cost_by_service_monthly_6.yaml @@ -1,42 +1,27 @@ +Description: Allows users to query AWS Cost Explorer Service for monthly cost breakdown + by service. This table provides details such as the service name, the cost associated + with it, and the currency code. ID: aws_cost_by_service_monthly_6 -Title: "List AWS Monthly Cost Breakdown by Service" -Description: "Allows users to query AWS Cost Explorer Service for monthly cost breakdown by service. This table provides details such as the service name, the cost associated with it, and the currency code." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - with cost_data as ( - select - service, - period_start, - unblended_cost_amount as this_month, - lag(unblended_cost_amount,-1) over(partition by service order by period_start desc) as previous_month - from - aws_cost_by_service_monthly - ) - select - service, - period_start, - this_month::numeric::money, - previous_month::numeric::money, - case - when previous_month = 0 and this_month = 0 then 0 - when previous_month = 0 then 999 - else round((100 * ( (this_month - previous_month) / previous_month))::numeric, 2) - end as percent_change - from - cost_data - order by - service, - period_start; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "with cost_data as (\n select\n service,\n period_start,\n\ + \ unblended_cost_amount as this_month,\n lag(unblended_cost_amount,-1) over(partition\ + \ by service order by period_start desc) as previous_month\n from \n aws_cost_by_service_monthly\n\ + )\nselect\n service,\n period_start,\n this_month::numeric::money,\n\ + \ previous_month::numeric::money,\n case \n when previous_month = 0\ + \ and this_month = 0 then 0\n when previous_month = 0 then 999\n else\ + \ round((100 * ( (this_month - previous_month) / previous_month))::numeric, 2)\ + \ \n end as percent_change\nfrom\n cost_data\norder by\n service,\n period_start;" Tags: cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Cost Explorer +Title: List AWS Monthly Cost Breakdown by Service diff --git a/queries/aws_cost_by_service_usage_type_daily_1.yaml b/queries/aws_cost_by_service_usage_type_daily_1.yaml index 323ca048c..f715acc1b 100755 --- a/queries/aws_cost_by_service_usage_type_daily_1.yaml +++ b/queries/aws_cost_by_service_usage_type_daily_1.yaml @@ -1,34 +1,24 @@ +Description: Allows users to query AWS Cost Explorer Service daily usage type to fetch + detailed data about AWS service usage and costs. ID: aws_cost_by_service_usage_type_daily_1 -Title: "Find daily AWS Cost Explorer Service usage and costs" -Description: "Allows users to query AWS Cost Explorer Service daily usage type to fetch detailed data about AWS service usage and costs." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service, - usage_type, - period_start, - blended_cost_amount::numeric::money, - unblended_cost_amount::numeric::money, - amortized_cost_amount::numeric::money, - net_unblended_cost_amount::numeric::money, - net_amortized_cost_amount::numeric::money - from - aws_cost_by_service_usage_type_daily - order by - service, - period_start; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service,\n usage_type,\n period_start,\n blended_cost_amount::numeric::money,\n\ + \ unblended_cost_amount::numeric::money,\n amortized_cost_amount::numeric::money,\n\ + \ net_unblended_cost_amount::numeric::money,\n net_amortized_cost_amount::numeric::money\n\ + from \n aws_cost_by_service_usage_type_daily\norder by\n service,\n period_start;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cost Explorer +Title: Find daily AWS Cost Explorer Service usage and costs diff --git a/queries/aws_cost_by_service_usage_type_daily_2.yaml b/queries/aws_cost_by_service_usage_type_daily_2.yaml index e485bed6d..427fd3a51 100755 --- a/queries/aws_cost_by_service_usage_type_daily_2.yaml +++ b/queries/aws_cost_by_service_usage_type_daily_2.yaml @@ -1,34 +1,24 @@ +Description: Allows users to query AWS Cost Explorer Service daily usage type to fetch + detailed data about AWS service usage and costs. ID: aws_cost_by_service_usage_type_daily_2 -Title: "List all AWS service usage and costs by usage type" -Description: "Allows users to query AWS Cost Explorer Service daily usage type to fetch detailed data about AWS service usage and costs." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service, - usage_type, - min(unblended_cost_amount)::numeric::money as min, - max(unblended_cost_amount)::numeric::money as max, - avg(unblended_cost_amount)::numeric::money as average - from - aws_cost_by_service_usage_type_daily - group by - service, - usage_type - order by - service, - usage_type; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service,\n usage_type,\n min(unblended_cost_amount)::numeric::money\ + \ as min,\n max(unblended_cost_amount)::numeric::money as max,\n avg(unblended_cost_amount)::numeric::money\ + \ as average\nfrom \n aws_cost_by_service_usage_type_daily\ngroup by\n service,\n\ + \ usage_type\norder by\n service,\n usage_type;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cost Explorer Service +Title: List all AWS service usage and costs by usage type diff --git a/queries/aws_cost_by_service_usage_type_daily_3.yaml b/queries/aws_cost_by_service_usage_type_daily_3.yaml index a0aba2e7a..cb5fa7491 100755 --- a/queries/aws_cost_by_service_usage_type_daily_3.yaml +++ b/queries/aws_cost_by_service_usage_type_daily_3.yaml @@ -1,25 +1,15 @@ +Description: Allows users to query AWS Cost Explorer Service daily usage type to fetch + detailed data about AWS service usage and costs. ID: aws_cost_by_service_usage_type_daily_3 -Title: "" -Description: "Allows users to query AWS Cost Explorer Service daily usage type to fetch detailed data about AWS service usage and costs." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service, - usage_type, - sum(unblended_cost_amount)::numeric::money as sum, - avg(unblended_cost_amount)::numeric::money as average - from - aws_cost_by_service_usage_type_daily - group by - service, - usage_type - order by - average desc - limit 10; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service,\n usage_type,\n sum(unblended_cost_amount)::numeric::money\ + \ as sum,\n avg(unblended_cost_amount)::numeric::money as average\nfrom \n aws_cost_by_service_usage_type_daily\n\ + group by\n service,\n usage_type\norder by\n average desc\nlimit 10;" Tags: {} +Title: '' diff --git a/queries/aws_cost_by_service_usage_type_daily_4.yaml b/queries/aws_cost_by_service_usage_type_daily_4.yaml index cf2d556fc..38a7653d6 100755 --- a/queries/aws_cost_by_service_usage_type_daily_4.yaml +++ b/queries/aws_cost_by_service_usage_type_daily_4.yaml @@ -1,31 +1,21 @@ +Description: Allows users to query AWS Cost Explorer Service daily usage type to fetch + detailed data about AWS service usage and costs. ID: aws_cost_by_service_usage_type_daily_4 -Title: "List AWS Daily Service Usage and Costs" -Description: "Allows users to query AWS Cost Explorer Service daily usage type to fetch detailed data about AWS service usage and costs." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service, - usage_type, - sum(unblended_cost_amount)::numeric::money as sum, - avg(unblended_cost_amount)::numeric::money as average - from - aws_cost_by_service_usage_type_daily - group by - service, - usage_type - order by - sum desc - limit 10; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service,\n usage_type,\n sum(unblended_cost_amount)::numeric::money\ + \ as sum,\n avg(unblended_cost_amount)::numeric::money as average\nfrom \n aws_cost_by_service_usage_type_daily\n\ + group by\n service,\n usage_type\norder by\n sum desc\nlimit 10;" Tags: cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cost Explorer +Title: List AWS Daily Service Usage and Costs diff --git a/queries/aws_cost_by_service_usage_type_monthly_1.yaml b/queries/aws_cost_by_service_usage_type_monthly_1.yaml index 4e38b4cbc..fbd85a168 100755 --- a/queries/aws_cost_by_service_usage_type_monthly_1.yaml +++ b/queries/aws_cost_by_service_usage_type_monthly_1.yaml @@ -1,34 +1,24 @@ +Description: Allows users to query AWS Cost Explorer Service to get detailed cost + data per service and usage type on a monthly basis. ID: aws_cost_by_service_usage_type_monthly_1 -Title: "Find AWS Monthly Cost by Service and Usage Type" -Description: "Allows users to query AWS Cost Explorer Service to get detailed cost data per service and usage type on a monthly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service, - usage_type, - period_start, - blended_cost_amount::numeric::money, - unblended_cost_amount::numeric::money, - amortized_cost_amount::numeric::money, - net_unblended_cost_amount::numeric::money, - net_amortized_cost_amount::numeric::money - from - aws_cost_by_service_usage_type_monthly - order by - service, - period_start; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service,\n usage_type,\n period_start,\n blended_cost_amount::numeric::money,\n\ + \ unblended_cost_amount::numeric::money,\n amortized_cost_amount::numeric::money,\n\ + \ net_unblended_cost_amount::numeric::money,\n net_amortized_cost_amount::numeric::money\n\ + from \n aws_cost_by_service_usage_type_monthly\norder by\n service,\n period_start;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cost Explorer +Title: Find AWS Monthly Cost by Service and Usage Type diff --git a/queries/aws_cost_by_service_usage_type_monthly_2.yaml b/queries/aws_cost_by_service_usage_type_monthly_2.yaml index 3a4414c8b..6d17a120a 100755 --- a/queries/aws_cost_by_service_usage_type_monthly_2.yaml +++ b/queries/aws_cost_by_service_usage_type_monthly_2.yaml @@ -1,34 +1,24 @@ +Description: Allows users to query AWS Cost Explorer Service to get detailed cost + data per service and usage type on a monthly basis. ID: aws_cost_by_service_usage_type_monthly_2 -Title: "Query AWS Cost Explorer for Service & Usage Monthly" -Description: "Allows users to query AWS Cost Explorer Service to get detailed cost data per service and usage type on a monthly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service, - usage_type, - min(unblended_cost_amount)::numeric::money as min, - max(unblended_cost_amount)::numeric::money as max, - avg(unblended_cost_amount)::numeric::money as average - from - aws_cost_by_service_usage_type_monthly - group by - service, - usage_type - order by - service, - usage_type; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service,\n usage_type,\n min(unblended_cost_amount)::numeric::money\ + \ as min,\n max(unblended_cost_amount)::numeric::money as max,\n avg(unblended_cost_amount)::numeric::money\ + \ as average\nfrom \n aws_cost_by_service_usage_type_monthly\ngroup by\n service,\n\ + \ usage_type\norder by\n service,\n usage_type;" Tags: cloud_finops: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Cost Explorer +Title: Query AWS Cost Explorer for Service & Usage Monthly diff --git a/queries/aws_cost_by_service_usage_type_monthly_3.yaml b/queries/aws_cost_by_service_usage_type_monthly_3.yaml index fd67268a8..63fc34d94 100755 --- a/queries/aws_cost_by_service_usage_type_monthly_3.yaml +++ b/queries/aws_cost_by_service_usage_type_monthly_3.yaml @@ -1,31 +1,21 @@ +Description: Allows users to query AWS Cost Explorer Service to get detailed cost + data per service and usage type on a monthly basis. ID: aws_cost_by_service_usage_type_monthly_3 -Title: "Find AWS Cost by Service and Usage Type Monthly" -Description: "Allows users to query AWS Cost Explorer Service to get detailed cost data per service and usage type on a monthly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service, - usage_type, - sum(unblended_cost_amount)::numeric::money as sum, - avg(unblended_cost_amount)::numeric::money as average - from - aws_cost_by_service_usage_type_monthly - group by - service, - usage_type - order by - average desc - limit 10; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service,\n usage_type,\n sum(unblended_cost_amount)::numeric::money\ + \ as sum,\n avg(unblended_cost_amount)::numeric::money as average\nfrom \n aws_cost_by_service_usage_type_monthly\n\ + group by\n service,\n usage_type\norder by\n average desc\nlimit 10;" Tags: cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cost Explorer +Title: Find AWS Cost by Service and Usage Type Monthly diff --git a/queries/aws_cost_by_service_usage_type_monthly_4.yaml b/queries/aws_cost_by_service_usage_type_monthly_4.yaml index 960d8b3c7..fc283bdeb 100755 --- a/queries/aws_cost_by_service_usage_type_monthly_4.yaml +++ b/queries/aws_cost_by_service_usage_type_monthly_4.yaml @@ -1,33 +1,23 @@ +Description: Allows users to query AWS Cost Explorer Service to get detailed cost + data per service and usage type on a monthly basis. ID: aws_cost_by_service_usage_type_monthly_4 -Title: "List all AWS Cost per Service and Usage Type Monthly" -Description: "Allows users to query AWS Cost Explorer Service to get detailed cost data per service and usage type on a monthly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service, - usage_type, - sum(unblended_cost_amount)::numeric::money as sum, - avg(unblended_cost_amount)::numeric::money as average - from - aws_cost_by_service_usage_type_monthly - group by - service, - usage_type - order by - sum desc - limit 10; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service,\n usage_type,\n sum(unblended_cost_amount)::numeric::money\ + \ as sum,\n avg(unblended_cost_amount)::numeric::money as average\nfrom \n aws_cost_by_service_usage_type_monthly\n\ + group by\n service,\n usage_type\norder by\n sum desc\nlimit 10;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cost Explorer +Title: List all AWS Cost per Service and Usage Type Monthly diff --git a/queries/aws_cost_by_tag_1.yaml b/queries/aws_cost_by_tag_1.yaml index 9396024c8..e6fce34b7 100755 --- a/queries/aws_cost_by_tag_1.yaml +++ b/queries/aws_cost_by_tag_1.yaml @@ -1,27 +1,16 @@ +Description: Allows users to query AWS Cost Explorer to obtain cost allocation tags + and associated costs. ID: aws_cost_by_tag_1 -Title: "Find all AWS Cost Allocation Tags and Associated Costs" -Description: "Allows users to query AWS Cost Explorer to obtain cost allocation tags and associated costs." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - tag_key_1, - tag_value_1, - period_start, - blended_cost_amount::numeric::money, - unblended_cost_amount::numeric::money, - amortized_cost_amount::numeric::money, - net_unblended_cost_amount::numeric::money, - net_amortized_cost_amount::numeric::money - from - aws_cost_by_tag - where - granularity = 'DAILY' - and - tag_key_1 = 'Name'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n tag_key_1,\n tag_value_1,\n period_start,\n blended_cost_amount::numeric::money,\n\ + \ unblended_cost_amount::numeric::money,\n amortized_cost_amount::numeric::money,\n\ + \ net_unblended_cost_amount::numeric::money,\n net_amortized_cost_amount::numeric::money\n\ + from\n aws_cost_by_tag\nwhere\n granularity = 'DAILY'\nand\n tag_key_1 = 'Name';" Tags: {} +Title: Find all AWS Cost Allocation Tags and Associated Costs diff --git a/queries/aws_cost_by_tag_2.yaml b/queries/aws_cost_by_tag_2.yaml index 04eceb94b..3abece3d1 100755 --- a/queries/aws_cost_by_tag_2.yaml +++ b/queries/aws_cost_by_tag_2.yaml @@ -1,30 +1,20 @@ +Description: Allows users to query AWS Cost Explorer to obtain cost allocation tags + and associated costs. ID: aws_cost_by_tag_2 -Title: "Find AWS Cost Explorer Tag Allocations and Costs" -Description: "Allows users to query AWS Cost Explorer to obtain cost allocation tags and associated costs." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - tag_key_1, - tag_value_1, - min(unblended_cost_amount)::numeric::money as min, - max(unblended_cost_amount)::numeric::money as max, - avg(unblended_cost_amount)::numeric::money as average - from - aws_cost_by_tag - where - granularity = 'DAILY' - and - tag_key_1 = 'Name' - group by - tag_key_1, tag_value_1; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n tag_key_1,\n tag_value_1,\n min(unblended_cost_amount)::numeric::money\ + \ as min,\n max(unblended_cost_amount)::numeric::money as max,\n avg(unblended_cost_amount)::numeric::money\ + \ as average\nfrom\n aws_cost_by_tag\nwhere\n granularity = 'DAILY'\nand\n \ + \ tag_key_1 = 'Name'\ngroup by\n tag_key_1, tag_value_1;" Tags: cloud_finops: - - "true" + - 'true' cloud_provider: - aws +Title: Find AWS Cost Explorer Tag Allocations and Costs diff --git a/queries/aws_cost_by_tag_3.yaml b/queries/aws_cost_by_tag_3.yaml index 52437182a..ea73c89a8 100755 --- a/queries/aws_cost_by_tag_3.yaml +++ b/queries/aws_cost_by_tag_3.yaml @@ -1,42 +1,25 @@ +Description: Allows users to query AWS Cost Explorer to obtain cost allocation tags + and associated costs. ID: aws_cost_by_tag_3 -Title: "List Top 10 AWS Costs by Tag Using SQL" -Description: "Allows users to query AWS Cost Explorer to obtain cost allocation tags and associated costs." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - with ranked_costs as - ( - select - tag_key_1, - tag_value_1, - period_start, - unblended_cost_amount::numeric::money, - rank() over(partition by tag_key_1 - order by - unblended_cost_amount desc) - from - aws_cost_by_tag - where - granularity = 'DAILY' - and tag_key_1 = 'Name' - ) - select - * - from - ranked_costs - where - rank <= 10; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "with ranked_costs as\n(\n select\n tag_key_1,\n tag_value_1,\n\ + \ period_start,\n unblended_cost_amount::numeric::money,\n rank() over(partition\ + \ by tag_key_1\n order by\n unblended_cost_amount desc)\n from\n aws_cost_by_tag\n\ + \ where\n granularity = 'DAILY'\n and tag_key_1 = 'Name'\n)\nselect\n \ + \ *\nfrom\n ranked_costs\nwhere\n rank <= 10;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cost Explorer +Title: List Top 10 AWS Costs by Tag Using SQL diff --git a/queries/aws_cost_forecast_daily_1.yaml b/queries/aws_cost_forecast_daily_1.yaml index 06f052a59..1e0d8e3e4 100755 --- a/queries/aws_cost_forecast_daily_1.yaml +++ b/queries/aws_cost_forecast_daily_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Cost Explorer''s daily cost forecast data, + providing insights into projected daily costs based on historical data. ID: aws_cost_forecast_daily_1 -Title: "Find Daily Cost Forecast Insights with AWS Cost Explorer" -Description: "Allows users to query AWS Cost Explorer''s daily cost forecast data, providing insights into projected daily costs based on historical data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - period_start, - period_end, - mean_value::numeric::money - from - aws_cost_forecast_daily - order by - period_start; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n period_start,\n period_end,\n mean_value::numeric::money\ + \ \nfrom \n aws_cost_forecast_daily\norder by\n period_start;" Tags: cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Cost Explorer +Title: Find Daily Cost Forecast Insights with AWS Cost Explorer diff --git a/queries/aws_cost_forecast_monthly_1.yaml b/queries/aws_cost_forecast_monthly_1.yaml index c05005675..0fd115533 100755 --- a/queries/aws_cost_forecast_monthly_1.yaml +++ b/queries/aws_cost_forecast_monthly_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query Cost Forecasts in AWS Cost Explorer for monthly + cost predictions. ID: aws_cost_forecast_monthly_1 -Title: "Find Cost Forecasts in AWS Cost Explorer for Monthly Costs" -Description: "Allows users to query Cost Forecasts in AWS Cost Explorer for monthly cost predictions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - period_start, - period_end, - mean_value::numeric::money - from - aws_cost_forecast_monthly - order by - period_start; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n period_start,\n period_end,\n mean_value::numeric::money\ + \ \nfrom \n aws_cost_forecast_monthly\norder by\n period_start;" Tags: cloud_finops: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cost Explorer +Title: Find Cost Forecasts in AWS Cost Explorer for Monthly Costs diff --git a/queries/aws_cost_forecast_monthly_2.yaml b/queries/aws_cost_forecast_monthly_2.yaml index 0f7888c52..724534b4a 100755 --- a/queries/aws_cost_forecast_monthly_2.yaml +++ b/queries/aws_cost_forecast_monthly_2.yaml @@ -1,41 +1,27 @@ +Description: Allows users to query Cost Forecasts in AWS Cost Explorer for monthly + cost predictions. ID: aws_cost_forecast_monthly_2 -Title: "List AWS Monthly Cost Forecasts using SQL" -Description: "Allows users to query Cost Forecasts in AWS Cost Explorer for monthly cost predictions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - with cost_data as ( - select - period_start, - mean_value as this_month, - lag(mean_value,-1) over(order by period_start desc) as previous_month - from - aws_cost_forecast_monthly - ) - select - period_start, - this_month::numeric::money, - previous_month::numeric::money, - case - when previous_month = 0 and this_month = 0 then 0 - when previous_month = 0 then 999 - else round((100 * ( (this_month - previous_month) / previous_month))::numeric, 2) - end as percent_change - from - cost_data - order by - period_start; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "with cost_data as (\n select\n period_start,\n mean_value\ + \ as this_month,\n lag(mean_value,-1) over(order by period_start desc) as previous_month\n\ + \ from \n aws_cost_forecast_monthly\n)\nselect\n period_start,\n this_month::numeric::money,\n\ + \ previous_month::numeric::money,\n case \n when previous_month = 0\ + \ and this_month = 0 then 0\n when previous_month = 0 then 999\n else\ + \ round((100 * ( (this_month - previous_month) / previous_month))::numeric, 2)\ + \ \n end as percent_change\nfrom\n cost_data\norder by\n period_start;" Tags: cloud_finops: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cost Explorer +Title: List AWS Monthly Cost Forecasts using SQL diff --git a/queries/aws_cost_usage_1.yaml b/queries/aws_cost_usage_1.yaml index 4923edd67..68a65aaf4 100755 --- a/queries/aws_cost_usage_1.yaml +++ b/queries/aws_cost_usage_1.yaml @@ -1,34 +1,24 @@ +Description: Allows users to query Cost and Usage data from AWS Cost Explorer Service + to monitor, track, and manage AWS costs and usage over time. ID: aws_cost_usage_1 -Title: "Find AWS Cost Explorer Service Cost and Usage Data" -Description: "Allows users to query Cost and Usage data from AWS Cost Explorer Service to monitor, track, and manage AWS costs and usage over time." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - period_start, - dimension_1 as account_id, - dimension_2 as service_name, - net_unblended_cost_amount::numeric::money - from - aws_cost_usage - where - granularity = 'MONTHLY' - and dimension_type_1 = 'LINKED_ACCOUNT' - and dimension_type_2 = 'SERVICE' - order by - dimension_1, - period_start; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n period_start,\n dimension_1 as account_id,\n dimension_2\ + \ as service_name,\n net_unblended_cost_amount::numeric::money\nfrom\n aws_cost_usage\n\ + where\n granularity = 'MONTHLY'\n and dimension_type_1 = 'LINKED_ACCOUNT'\n\ + \ and dimension_type_2 = 'SERVICE'\norder by\n dimension_1,\n period_start;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cost Explorer Service +Title: Find AWS Cost Explorer Service Cost and Usage Data diff --git a/queries/aws_cost_usage_2.yaml b/queries/aws_cost_usage_2.yaml index ab3962b35..fdf565030 100755 --- a/queries/aws_cost_usage_2.yaml +++ b/queries/aws_cost_usage_2.yaml @@ -1,42 +1,29 @@ +Description: Allows users to query Cost and Usage data from AWS Cost Explorer Service + to monitor, track, and manage AWS costs and usage over time. ID: aws_cost_usage_2 -Title: "List Top 5 AWS Cost and Usage Data" -Description: "Allows users to query Cost and Usage data from AWS Cost Explorer Service to monitor, track, and manage AWS costs and usage over time." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - with ranked_costs as ( - select - dimension_1 as account_id, - dimension_2 as service_name, - sum(net_unblended_cost_amount)::numeric::money as net_unblended_cost, - rank() over(partition by dimension_1 order by sum(net_unblended_cost_amount) desc) - from - aws_cost_usage - where - granularity = 'MONTHLY' - and dimension_type_1 = 'LINKED_ACCOUNT' - and dimension_type_2 = 'SERVICE' - group by - dimension_1, - dimension_2 - order by - dimension_1, - net_unblended_cost desc - ) - select * from ranked_costs where rank <=5 - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "with ranked_costs as (\n select\n dimension_1 as account_id,\n\ + \ dimension_2 as service_name,\n sum(net_unblended_cost_amount)::numeric::money\ + \ as net_unblended_cost,\n rank() over(partition by dimension_1 order by sum(net_unblended_cost_amount)\ + \ desc)\n from\n aws_cost_usage\n where\n granularity = 'MONTHLY'\n \ + \ and dimension_type_1 = 'LINKED_ACCOUNT'\n and dimension_type_2 = 'SERVICE'\n\ + \ group by\n dimension_1,\n dimension_2\n order by\n dimension_1,\n\ + \ net_unblended_cost desc\n)\nselect * from ranked_costs where rank <=5" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cost Explorer +Title: List Top 5 AWS Cost and Usage Data diff --git a/queries/aws_cost_usage_3.yaml b/queries/aws_cost_usage_3.yaml index 1da41ea08..5313ad725 100755 --- a/queries/aws_cost_usage_3.yaml +++ b/queries/aws_cost_usage_3.yaml @@ -1,34 +1,24 @@ +Description: Allows users to query Cost and Usage data from AWS Cost Explorer Service + to monitor, track, and manage AWS costs and usage over time. ID: aws_cost_usage_3 -Title: "Find All AWS Monthly Cost and Usage Data" -Description: "Allows users to query Cost and Usage data from AWS Cost Explorer Service to monitor, track, and manage AWS costs and usage over time." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - period_start, - dimension_1 as account_id, - dimension_2 as record_type, - net_unblended_cost_amount::numeric::money - from - aws_cost_usage - where - granularity = 'MONTHLY' - and dimension_type_1 = 'LINKED_ACCOUNT' - and dimension_type_2 = 'RECORD_TYPE' - order by - dimension_1, - period_start; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n period_start,\n dimension_1 as account_id,\n dimension_2\ + \ as record_type,\n net_unblended_cost_amount::numeric::money\nfrom\n aws_cost_usage\n\ + where\n granularity = 'MONTHLY'\n and dimension_type_1 = 'LINKED_ACCOUNT'\n\ + \ and dimension_type_2 = 'RECORD_TYPE'\norder by\n dimension_1,\n period_start;" Tags: cloud_finops: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Cost Explorer +Title: Find All AWS Monthly Cost and Usage Data diff --git a/queries/aws_cost_usage_4.yaml b/queries/aws_cost_usage_4.yaml index 91c98e436..e57dd1178 100755 --- a/queries/aws_cost_usage_4.yaml +++ b/queries/aws_cost_usage_4.yaml @@ -1,35 +1,25 @@ +Description: Allows users to query Cost and Usage data from AWS Cost Explorer Service + to monitor, track, and manage AWS costs and usage over time. ID: aws_cost_usage_4 -Title: "List all AWS Cost and Usage Data from Cost Explorer Service" -Description: "Allows users to query Cost and Usage data from AWS Cost Explorer Service to monitor, track, and manage AWS costs and usage over time." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - period_start, - dimension_1 as account_id, - dimension_2 as record_type, - net_unblended_cost_amount::numeric::money - from - aws_cost_usage - where - granularity = 'MONTHLY' - and dimension_type_1 = 'LINKED_ACCOUNT' - and dimension_type_2 = 'RECORD_TYPE' - and dimension_2 in ('DiscountedUsage', 'Credit') - order by - dimension_1, - period_start; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n period_start,\n dimension_1 as account_id,\n dimension_2\ + \ as record_type,\n net_unblended_cost_amount::numeric::money\nfrom\n aws_cost_usage\n\ + where\n granularity = 'MONTHLY'\n and dimension_type_1 = 'LINKED_ACCOUNT'\n\ + \ and dimension_type_2 = 'RECORD_TYPE'\n and dimension_2 in ('DiscountedUsage',\ + \ 'Credit')\norder by\n dimension_1,\n period_start;" Tags: cloud_finops: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cost Explorer Service +Title: List all AWS Cost and Usage Data from Cost Explorer Service diff --git a/queries/aws_dax_cluster_1.yaml b/queries/aws_dax_cluster_1.yaml index 33aa16dc5..659ba4058 100755 --- a/queries/aws_dax_cluster_1.yaml +++ b/queries/aws_dax_cluster_1.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS DAX Clusters to fetch details about their configurations, + status, nodes, and other associated metadata. ID: aws_dax_cluster_1 -Title: "List all AWS DAX Clusters with Configuration Details" -Description: "Allows users to query AWS DAX Clusters to fetch details about their configurations, status, nodes, and other associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_name, - description, - active_nodes, - iam_role_arn, - status, - region - from - aws_dax_cluster; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_name,\n description,\n active_nodes,\n iam_role_arn,\n\ + \ status,\n region\nfrom\n aws_dax_cluster;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DAX +Title: List all AWS DAX Clusters with Configuration Details diff --git a/queries/aws_dax_cluster_2.yaml b/queries/aws_dax_cluster_2.yaml index 65fe5acef..f24a1561d 100755 --- a/queries/aws_dax_cluster_2.yaml +++ b/queries/aws_dax_cluster_2.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS DAX Clusters to fetch details about their configurations, + status, nodes, and other associated metadata. ID: aws_dax_cluster_2 -Title: "List all AWS DAX Clusters and Their Configurations" -Description: "Allows users to query AWS DAX Clusters to fetch details about their configurations, status, nodes, and other associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_name, - description, - sse_description ->> 'Status' as sse_status - from - aws_dax_cluster - where - sse_description ->> 'Status' = 'DISABLED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_name,\n description,\n sse_description ->>\ + \ 'Status' as sse_status\nfrom\n aws_dax_cluster\nwhere\n sse_description ->>\ + \ 'Status' = 'DISABLED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DAX +Title: List all AWS DAX Clusters and Their Configurations diff --git a/queries/aws_dax_cluster_3.yaml b/queries/aws_dax_cluster_3.yaml index 4e176d9c0..ec3cfbae3 100755 --- a/queries/aws_dax_cluster_3.yaml +++ b/queries/aws_dax_cluster_3.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS DAX Clusters to fetch details about their configurations, + status, nodes, and other associated metadata. ID: aws_dax_cluster_3 -Title: "List all AWS DAX Clusters with Configuration and Status" -Description: "Allows users to query AWS DAX Clusters to fetch details about their configurations, status, nodes, and other associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_name, - node_type, - count(*) as count - from - aws_dax_cluster - where - node_type not in ('cache.m5.large', 'cache.m4.4xlarge') - group by - cluster_name, node_type; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_name,\n node_type,\n count(*) as count\nfrom\n\ + \ aws_dax_cluster\nwhere\n node_type not in ('cache.m5.large', 'cache.m4.4xlarge')\n\ + group by\n cluster_name, node_type;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DAX +Title: List all AWS DAX Clusters with Configuration and Status diff --git a/queries/aws_dax_cluster_4.yaml b/queries/aws_dax_cluster_4.yaml index 378d57d5b..06b5db9be 100755 --- a/queries/aws_dax_cluster_4.yaml +++ b/queries/aws_dax_cluster_4.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS DAX Clusters to fetch details about their configurations, + status, nodes, and other associated metadata. ID: aws_dax_cluster_4 -Title: "Find AWS DAX Cluster Configurations and Status" -Description: "Allows users to query AWS DAX Clusters to fetch details about their configurations, status, nodes, and other associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_name, - subnet_group, - sg ->> 'SecurityGroupIdentifier' as sg_id, - n ->> 'AvailabilityZone' as az_name, - cluster_discovery_endpoint ->> 'Address' as cluster_discovery_endpoint_address, - cluster_discovery_endpoint ->> 'Port' as cluster_discovery_endpoint_port - from - aws_dax_cluster, - jsonb_array_elements(security_groups) as sg, - jsonb_array_elements(nodes) as n; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_name,\n subnet_group,\n sg ->> 'SecurityGroupIdentifier'\ + \ as sg_id,\n n ->> 'AvailabilityZone' as az_name,\n cluster_discovery_endpoint\ + \ ->> 'Address' as cluster_discovery_endpoint_address,\n cluster_discovery_endpoint\ + \ ->> 'Port' as cluster_discovery_endpoint_port\nfrom\n aws_dax_cluster,\n jsonb_array_elements(security_groups)\ + \ as sg,\n jsonb_array_elements(nodes) as n;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DAX +Title: Find AWS DAX Cluster Configurations and Status diff --git a/queries/aws_dax_parameter_1.yaml b/queries/aws_dax_parameter_1.yaml index 8f5dcf9bb..9758b553b 100755 --- a/queries/aws_dax_parameter_1.yaml +++ b/queries/aws_dax_parameter_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS DAX Parameter Groups to retrieve information + about their configuration settings. ID: aws_dax_parameter_1 -Title: "Find AWS DAX Parameter Groups Configuration Settings" -Description: "Allows users to query AWS DAX Parameter Groups to retrieve information about their configuration settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - parameter_name, - parameter_group_name, - parameter_value, - data_type, - parameter_type - from - aws_dax_parameter; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n parameter_name,\n parameter_group_name,\n parameter_value,\n\ + \ data_type,\n parameter_type\nfrom\n aws_dax_parameter;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DAX +Title: Find AWS DAX Parameter Groups Configuration Settings diff --git a/queries/aws_dax_parameter_2.yaml b/queries/aws_dax_parameter_2.yaml index aa88f90d5..5eb0ac140 100755 --- a/queries/aws_dax_parameter_2.yaml +++ b/queries/aws_dax_parameter_2.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS DAX Parameter Groups to retrieve information + about their configuration settings. ID: aws_dax_parameter_2 -Title: "List AWS DAX Parameter Groups and Their Settings" -Description: "Allows users to query AWS DAX Parameter Groups to retrieve information about their configuration settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - parameter_group_name, - region, - count(parameter_name) as number_of_parameters - from - aws_dax_parameter - group by - parameter_group_name, - region; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n parameter_group_name,\n region,\n count(parameter_name)\ + \ as number_of_parameters\nfrom\n aws_dax_parameter\ngroup by\n parameter_group_name,\ + \ \n region;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DAX +Title: List AWS DAX Parameter Groups and Their Settings diff --git a/queries/aws_dax_parameter_3.yaml b/queries/aws_dax_parameter_3.yaml index 49cd8a901..df3b0a250 100755 --- a/queries/aws_dax_parameter_3.yaml +++ b/queries/aws_dax_parameter_3.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS DAX Parameter Groups to retrieve information + about their configuration settings. ID: aws_dax_parameter_3 -Title: "List All DAX Parameter Groups and Configurations in AWS" -Description: "Allows users to query AWS DAX Parameter Groups to retrieve information about their configuration settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - parameter_name, - parameter_group_name, - parameter_value, - data_type, - parameter_type, - is_modifiable - from - aws_dax_parameter - where - is_modifiable = 'TRUE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n parameter_name,\n parameter_group_name,\n parameter_value,\n\ + \ data_type,\n parameter_type,\n is_modifiable\nfrom\n aws_dax_parameter\n\ + where\n is_modifiable = 'TRUE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DAX +Title: List All DAX Parameter Groups and Configurations in AWS diff --git a/queries/aws_dax_parameter_group_1.yaml b/queries/aws_dax_parameter_group_1.yaml index b4122bd4a..be78c6d77 100755 --- a/queries/aws_dax_parameter_group_1.yaml +++ b/queries/aws_dax_parameter_group_1.yaml @@ -1,24 +1,21 @@ +Description: Allows users to query AWS DynamoDB Accelerator (DAX) Parameter Groups, + providing details such as parameter group name, ARN, description, and parameter + settings. ID: aws_dax_parameter_group_1 -Title: "List AWS DAX Parameter Groups and Details" -Description: "Allows users to query AWS DynamoDB Accelerator (DAX) Parameter Groups, providing details such as parameter group name, ARN, description, and parameter settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - parameter_group_name, - description, - region - from - aws_dax_parameter_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n parameter_group_name,\n description,\n region\nfrom\n\ + \ aws_dax_parameter_group;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DynamoDB Accelerator (DAX) +Title: List AWS DAX Parameter Groups and Details diff --git a/queries/aws_dax_parameter_group_2.yaml b/queries/aws_dax_parameter_group_2.yaml index 48e2c299d..1af26a2f7 100755 --- a/queries/aws_dax_parameter_group_2.yaml +++ b/queries/aws_dax_parameter_group_2.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS DynamoDB Accelerator (DAX) Parameter Groups, + providing details such as parameter group name, ARN, description, and parameter + settings. ID: aws_dax_parameter_group_2 -Title: "Find all AWS DAX Parameter Groups and their Settings" -Description: "Allows users to query AWS DynamoDB Accelerator (DAX) Parameter Groups, providing details such as parameter group name, ARN, description, and parameter settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - p.parameter_group_name, - c.cluster_name, - c.node_type, - c.status - from - aws_dax_parameter_group as p, - aws_dax_cluster as c - where - c.parameter_group ->> 'ParameterGroupName' = p.parameter_group_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n p.parameter_group_name,\n c.cluster_name,\n c.node_type,\n\ + \ c.status\nfrom\n aws_dax_parameter_group as p,\n aws_dax_cluster as c\nwhere\n\ + \ c.parameter_group ->> 'ParameterGroupName' = p.parameter_group_name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DynamoDB Accelerator +Title: Find all AWS DAX Parameter Groups and their Settings diff --git a/queries/aws_dax_subnet_group_1.yaml b/queries/aws_dax_subnet_group_1.yaml index 916d18921..c33d7dbf6 100755 --- a/queries/aws_dax_subnet_group_1.yaml +++ b/queries/aws_dax_subnet_group_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS DAX Subnet Group details, such as the subnet + group name, description, VPC ID, and the subnets in the group. ID: aws_dax_subnet_group_1 -Title: "List AWS DAX Subnet Group Details" -Description: "Allows users to query AWS DAX Subnet Group details, such as the subnet group name, description, VPC ID, and the subnets in the group." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - subnet_group_name, - description, - vpc_id, - subnets, - region - from - aws_dax_subnet_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n subnet_group_name,\n description,\n vpc_id,\n subnets,\n\ + \ region\nfrom\n aws_dax_subnet_group;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS DAX +Title: List AWS DAX Subnet Group Details diff --git a/queries/aws_dax_subnet_group_2.yaml b/queries/aws_dax_subnet_group_2.yaml index 6e4697057..d7a0b0e23 100755 --- a/queries/aws_dax_subnet_group_2.yaml +++ b/queries/aws_dax_subnet_group_2.yaml @@ -1,32 +1,24 @@ +Description: Allows users to query AWS DAX Subnet Group details, such as the subnet + group name, description, VPC ID, and the subnets in the group. ID: aws_dax_subnet_group_2 -Title: "Find AWS DAX Subnet Group details including VPC info" -Description: "Allows users to query AWS DAX Subnet Group details, such as the subnet group name, description, VPC ID, and the subnets in the group." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - subnet_group_name, - v.vpc_id, - v.arn as vpc_arn, - v.cidr_block as vpc_cidr_block, - v.state as vpc_state, - v.is_default as is_default_vpc, - v.region - from - aws_dax_subnet_group g - join aws_vpc v - on v.vpc_id = g.vpc_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n subnet_group_name,\n v.vpc_id,\n v.arn as vpc_arn,\n\ + \ v.cidr_block as vpc_cidr_block,\n v.state as vpc_state,\n v.is_default as\ + \ is_default_vpc,\n v.region\nfrom\n aws_dax_subnet_group g\njoin aws_vpc v\n\ + \ on v.vpc_id = g.vpc_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DAX +Title: Find AWS DAX Subnet Group details including VPC info diff --git a/queries/aws_dax_subnet_group_3.yaml b/queries/aws_dax_subnet_group_3.yaml index 8279b2327..a9a235285 100755 --- a/queries/aws_dax_subnet_group_3.yaml +++ b/queries/aws_dax_subnet_group_3.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS DAX Subnet Group details, such as the subnet + group name, description, VPC ID, and the subnets in the group. ID: aws_dax_subnet_group_3 -Title: "List all AWS DAX Subnet Group details" -Description: "Allows users to query AWS DAX Subnet Group details, such as the subnet group name, description, VPC ID, and the subnets in the group." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - subnet_group_name, - g.vpc_id, - vs.subnet_arn, - vs.cidr_block as subnet_cidr_block, - vs.state as subnet_state, - vs.availability_zone as subnet_availability_zone, - vs.region - from - aws_dax_subnet_group g, - jsonb_array_elements(subnets) s - join aws_vpc_subnet vs - on vs.subnet_id = s ->> 'SubnetIdentifier'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n subnet_group_name,\n g.vpc_id,\n vs.subnet_arn,\n \ + \ vs.cidr_block as subnet_cidr_block,\n vs.state as subnet_state,\n vs.availability_zone\ + \ as subnet_availability_zone,\n vs.region\nfrom\n aws_dax_subnet_group g,\n\ + \ jsonb_array_elements(subnets) s\njoin aws_vpc_subnet vs\n on vs.subnet_id\ + \ = s ->> 'SubnetIdentifier';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DAX Subnet Group +Title: List all AWS DAX Subnet Group details diff --git a/queries/aws_directory_service_certificate_1.yaml b/queries/aws_directory_service_certificate_1.yaml index c7afcd6c1..83e096ba8 100755 --- a/queries/aws_directory_service_certificate_1.yaml +++ b/queries/aws_directory_service_certificate_1.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS Directory Service Certificates to gather information + about the certificates associated with AWS Managed Microsoft AD and Simple AD directories. ID: aws_directory_service_certificate_1 -Title: "Find AWS Directory Service Certificates and Details" -Description: "Allows users to query AWS Directory Service Certificates to gather information about the certificates associated with AWS Managed Microsoft AD and Simple AD directories." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - directory_id, - certificate_id, - common_name, - type, - state, - expiry_date_time - from - aws_directory_service_certificate; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n directory_id,\n certificate_id,\n common_name,\n type,\n\ + \ state,\n expiry_date_time\nfrom\n aws_directory_service_certificate;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Directory Service +Title: Find AWS Directory Service Certificates and Details diff --git a/queries/aws_directory_service_certificate_2.yaml b/queries/aws_directory_service_certificate_2.yaml index 96c61d07f..95d8800a1 100755 --- a/queries/aws_directory_service_certificate_2.yaml +++ b/queries/aws_directory_service_certificate_2.yaml @@ -1,32 +1,24 @@ +Description: Allows users to query AWS Directory Service Certificates to gather information + about the certificates associated with AWS Managed Microsoft AD and Simple AD directories. ID: aws_directory_service_certificate_2 -Title: "List all AWS Directory Service Certificates" -Description: "Allows users to query AWS Directory Service Certificates to gather information about the certificates associated with AWS Managed Microsoft AD and Simple AD directories." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - c.certificate_id, - c.common_name, - c.directory_id, - c.type as certificate_type, - d.name as directory_name, - d.type as directory_type - from - aws_directory_service_certificate c, - aws_directory_service_directory d - where - d.type = 'MicrosoftAD'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n c.certificate_id,\n c.common_name,\n c.directory_id,\n\ + \ c.type as certificate_type,\n d.name as directory_name,\n d.type as directory_type\n\ + from\n aws_directory_service_certificate c,\n aws_directory_service_directory\ + \ d\nwhere\n d.type = 'MicrosoftAD';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Directory Service +Title: List all AWS Directory Service Certificates diff --git a/queries/aws_directory_service_certificate_3.yaml b/queries/aws_directory_service_certificate_3.yaml index 33dad67aa..e874f78ac 100755 --- a/queries/aws_directory_service_certificate_3.yaml +++ b/queries/aws_directory_service_certificate_3.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS Directory Service Certificates to gather information + about the certificates associated with AWS Managed Microsoft AD and Simple AD directories. ID: aws_directory_service_certificate_3 -Title: "Find AWS Directory Service Certificates with Specific States" -Description: "Allows users to query AWS Directory Service Certificates to gather information about the certificates associated with AWS Managed Microsoft AD and Simple AD directories." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - common_name, - directory_id, - type, - state - from - aws_directory_service_certificate - where - state = 'Deregistered'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n common_name,\n directory_id,\n type,\n state\nfrom\n\ + \ aws_directory_service_certificate\nwhere\n state = 'Deregistered';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Directory Service +Title: Find AWS Directory Service Certificates with Specific States diff --git a/queries/aws_directory_service_certificate_4.yaml b/queries/aws_directory_service_certificate_4.yaml index 00dc27267..352247fd1 100755 --- a/queries/aws_directory_service_certificate_4.yaml +++ b/queries/aws_directory_service_certificate_4.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query AWS Directory Service Certificates to gather information + about the certificates associated with AWS Managed Microsoft AD and Simple AD directories. ID: aws_directory_service_certificate_4 -Title: "Find AWS Directory Service Certificates with SQL Query" -Description: "Allows users to query AWS Directory Service Certificates to gather information about the certificates associated with AWS Managed Microsoft AD and Simple AD directories." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - directory_id, - certificate_id, - common_name, - type, - state, - expiry_date_time - from - aws_directory_service_certificate - where - expiry_date_time >= now() + interval '7' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n directory_id,\n certificate_id,\n common_name,\n type,\n\ + \ state,\n expiry_date_time\nfrom\n aws_directory_service_certificate\nwhere\n\ + \ expiry_date_time >= now() + interval '7' day;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Directory Service +Title: Find AWS Directory Service Certificates with SQL Query diff --git a/queries/aws_directory_service_certificate_5.yaml b/queries/aws_directory_service_certificate_5.yaml index 662e221a4..34c8d72a4 100755 --- a/queries/aws_directory_service_certificate_5.yaml +++ b/queries/aws_directory_service_certificate_5.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Directory Service Certificates to gather information + about the certificates associated with AWS Managed Microsoft AD and Simple AD directories. ID: aws_directory_service_certificate_5 -Title: "List all AWS Directory Service Certificates' Information" -Description: "Allows users to query AWS Directory Service Certificates to gather information about the certificates associated with AWS Managed Microsoft AD and Simple AD directories." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - directory_id, - certificate_id, - common_name, - client_cert_auth_settings -> 'OCSPUrl' as ocsp_url - from - aws_directory_service_certificate; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n directory_id,\n certificate_id,\n common_name,\n client_cert_auth_settings\ + \ -> 'OCSPUrl' as ocsp_url\nfrom\n aws_directory_service_certificate;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Directory Service +Title: List all AWS Directory Service Certificates' Information diff --git a/queries/aws_directory_service_certificate_6.yaml b/queries/aws_directory_service_certificate_6.yaml index 31a0c8be4..7a81dd9a3 100755 --- a/queries/aws_directory_service_certificate_6.yaml +++ b/queries/aws_directory_service_certificate_6.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Directory Service Certificates to gather information + about the certificates associated with AWS Managed Microsoft AD and Simple AD directories. ID: aws_directory_service_certificate_6 -Title: "List all Directory Service Certificates in AWS" -Description: "Allows users to query AWS Directory Service Certificates to gather information about the certificates associated with AWS Managed Microsoft AD and Simple AD directories." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - directory_id, - count(*) as certificate_count - from - aws_directory_service_certificate - group by - directory_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n directory_id,\n count(*) as certificate_count\nfrom\n\ + \ aws_directory_service_certificate\ngroup by\n directory_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Directory Service +Title: List all Directory Service Certificates in AWS diff --git a/queries/aws_directory_service_certificate_7.yaml b/queries/aws_directory_service_certificate_7.yaml index 06ffa1b4b..00fa27959 100755 --- a/queries/aws_directory_service_certificate_7.yaml +++ b/queries/aws_directory_service_certificate_7.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS Directory Service Certificates to gather information + about the certificates associated with AWS Managed Microsoft AD and Simple AD directories. ID: aws_directory_service_certificate_7 -Title: "Find AWS Directory Service Certificates older than 1 year" -Description: "Allows users to query AWS Directory Service Certificates to gather information about the certificates associated with AWS Managed Microsoft AD and Simple AD directories." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - common_name, - directory_id, - type, - state - from - aws_directory_service_certificate - where - registered_date_time <= now() - interval '1 year' - and state not like 'Deregister%'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n common_name,\n directory_id,\n type,\n state\nfrom\n\ + \ aws_directory_service_certificate\nwhere\n registered_date_time <= now() -\ + \ interval '1 year'\n and state not like 'Deregister%';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Directory Service +Title: Find AWS Directory Service Certificates older than 1 year diff --git a/queries/aws_directory_service_certificate_8.yaml b/queries/aws_directory_service_certificate_8.yaml index 8c0c31fab..bb59a3343 100755 --- a/queries/aws_directory_service_certificate_8.yaml +++ b/queries/aws_directory_service_certificate_8.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS Directory Service Certificates to gather information + about the certificates associated with AWS Managed Microsoft AD and Simple AD directories. ID: aws_directory_service_certificate_8 -Title: "Find AWS Directory Service Certificates Details" -Description: "Allows users to query AWS Directory Service Certificates to gather information about the certificates associated with AWS Managed Microsoft AD and Simple AD directories." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - distinct partition, - registered_date_time - from - aws_directory_service_certificate - order by - partition, - registered_date_time desc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n distinct partition,\n registered_date_time\nfrom\n \ + \ aws_directory_service_certificate\norder by\n partition,\n registered_date_time\ + \ desc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Directory Service +Title: Find AWS Directory Service Certificates Details diff --git a/queries/aws_directory_service_directory_1.yaml b/queries/aws_directory_service_directory_1.yaml index 0e911215d..410dfad51 100755 --- a/queries/aws_directory_service_directory_1.yaml +++ b/queries/aws_directory_service_directory_1.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS Directory Service Directories for information + about AWS Managed Microsoft AD, AWS Managed AD, and Simple AD directories. ID: aws_directory_service_directory_1 -Title: "Query AWS Directory Service Directories for Information" -Description: "Allows users to query AWS Directory Service Directories for information about AWS Managed Microsoft AD, AWS Managed AD, and Simple AD directories." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - directory_id - from - aws_directory_service_directory; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n directory_id\nfrom\n aws_directory_service_directory;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Directory Service +Title: Query AWS Directory Service Directories for Information diff --git a/queries/aws_directory_service_directory_2.yaml b/queries/aws_directory_service_directory_2.yaml index fd38d7f1e..13b9dff4d 100755 --- a/queries/aws_directory_service_directory_2.yaml +++ b/queries/aws_directory_service_directory_2.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Directory Service Directories for information + about AWS Managed Microsoft AD, AWS Managed AD, and Simple AD directories. ID: aws_directory_service_directory_2 -Title: "Find AWS Managed and Simple AD Directory Details" -Description: "Allows users to query AWS Directory Service Directories for information about AWS Managed Microsoft AD, AWS Managed AD, and Simple AD directories." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - directory_id, - type - from - aws_directory_service_directory - where - type = 'MicrosoftAD'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n directory_id,\n type\nfrom\n aws_directory_service_directory\n\ + where\n type = 'MicrosoftAD';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Directory Service +Title: Find AWS Managed and Simple AD Directory Details diff --git a/queries/aws_directory_service_directory_3.yaml b/queries/aws_directory_service_directory_3.yaml index a6728aecc..6cc617455 100755 --- a/queries/aws_directory_service_directory_3.yaml +++ b/queries/aws_directory_service_directory_3.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS Directory Service Directories for information + about AWS Managed Microsoft AD, AWS Managed AD, and Simple AD directories. ID: aws_directory_service_directory_3 -Title: "List all AWS Managed and Simple AD Directory Info" -Description: "Allows users to query AWS Directory Service Directories for information about AWS Managed Microsoft AD, AWS Managed AD, and Simple AD directories." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - directory_id, - sd ->> 'ShareMethod' share_method, - sd ->> 'ShareStatus' share_status, - sd ->> 'SharedAccountId' shared_account_id, - sd ->> 'SharedDirectoryId' shared_directory_id - from - aws_directory_service_directory, - jsonb_array_elements(shared_directories) sd; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n directory_id,\n sd ->> 'ShareMethod' share_method,\n\ + \ sd ->> 'ShareStatus' share_status,\n sd ->> 'SharedAccountId' shared_account_id,\n\ + \ sd ->> 'SharedDirectoryId' shared_directory_id\nfrom\n aws_directory_service_directory,\n\ + \ jsonb_array_elements(shared_directories) sd;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Directory Service +Title: List all AWS Managed and Simple AD Directory Info diff --git a/queries/aws_directory_service_directory_4.yaml b/queries/aws_directory_service_directory_4.yaml index 0f59d31e9..f607272cd 100755 --- a/queries/aws_directory_service_directory_4.yaml +++ b/queries/aws_directory_service_directory_4.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query AWS Directory Service Directories for information + about AWS Managed Microsoft AD, AWS Managed AD, and Simple AD directories. ID: aws_directory_service_directory_4 -Title: "List all AWS Directory Service Directories" -Description: "Allows users to query AWS Directory Service Directories for information about AWS Managed Microsoft AD, AWS Managed AD, and Simple AD directories." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - directory_id, - snapshot_limit ->> 'ManualSnapshotsCurrentCount' as manual_snapshots_current_count, - snapshot_limit ->> 'ManualSnapshotsLimit' as manual_snapshots_limit, - snapshot_limit ->> 'ManualSnapshotsLimitReached' as manual_snapshots_limit_reached - from - aws_directory_service_directory; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n directory_id,\n snapshot_limit ->> 'ManualSnapshotsCurrentCount'\ + \ as manual_snapshots_current_count,\n snapshot_limit ->> 'ManualSnapshotsLimit'\ + \ as manual_snapshots_limit,\n snapshot_limit ->> 'ManualSnapshotsLimitReached'\ + \ as manual_snapshots_limit_reached\nfrom\n aws_directory_service_directory;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Directory Service +Title: List all AWS Directory Service Directories diff --git a/queries/aws_directory_service_directory_5.yaml b/queries/aws_directory_service_directory_5.yaml index ff1624ce8..7e83360ff 100755 --- a/queries/aws_directory_service_directory_5.yaml +++ b/queries/aws_directory_service_directory_5.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS Directory Service Directories for information + about AWS Managed Microsoft AD, AWS Managed AD, and Simple AD directories. ID: aws_directory_service_directory_5 -Title: "List All AWS Directory Service Directory Information" -Description: "Allows users to query AWS Directory Service Directories for information about AWS Managed Microsoft AD, AWS Managed AD, and Simple AD directories." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - directory_id, - e ->> 'CreatedDateTime' as topic_created_date_time, - e ->> 'Status' as topic_status, - e ->> 'TopicArn' as topic_arn, - e ->> 'TopicName' as topic_name - from - aws_directory_service_directory, - jsonb_array_elements(event_topics) as e; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n directory_id,\n e ->> 'CreatedDateTime' as\ + \ topic_created_date_time,\n e ->> 'Status' as topic_status,\n e ->> 'TopicArn'\ + \ as topic_arn,\n e ->> 'TopicName' as topic_name\nfrom\n aws_directory_service_directory,\n\ + \ jsonb_array_elements(event_topics) as e;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Directory Service +Title: List All AWS Directory Service Directory Information diff --git a/queries/aws_directory_servicelog_subscription_1.yaml b/queries/aws_directory_servicelog_subscription_1.yaml index 7079c690b..e89f7bbe8 100755 --- a/queries/aws_directory_servicelog_subscription_1.yaml +++ b/queries/aws_directory_servicelog_subscription_1.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS Directory Service Log Subscription to obtain + detailed information about each log subscription associated with the AWS Directory + Service. ID: aws_directory_servicelog_subscription_1 -Title: "List all AWS Directory Service Log Subscriptions" -Description: "Allows users to query AWS Directory Service Log Subscription to obtain detailed information about each log subscription associated with the AWS Directory Service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - log_group_name, - partition, - subscription_created_date_time, - directory_id, - title - from - aws_directory_service_log_subscription; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n log_group_name,\n partition,\n subscription_created_date_time,\n\ + \ directory_id,\n title\nfrom\n aws_directory_service_log_subscription;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Directory Service +Title: List all AWS Directory Service Log Subscriptions diff --git a/queries/aws_directory_servicelog_subscription_2.yaml b/queries/aws_directory_servicelog_subscription_2.yaml index f6a7ad30d..98edef8f2 100755 --- a/queries/aws_directory_servicelog_subscription_2.yaml +++ b/queries/aws_directory_servicelog_subscription_2.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS Directory Service Log Subscription to obtain + detailed information about each log subscription associated with the AWS Directory + Service. ID: aws_directory_servicelog_subscription_2 -Title: "List AWS Directory Service Log Subscriptions with Details" -Description: "Allows users to query AWS Directory Service Log Subscription to obtain detailed information about each log subscription associated with the AWS Directory Service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - s.log_group_name, - d.name as directory_name, - d.arn as directory_arn, - d.directory_id, - d.type as directory_type - from - aws_directory_service_log_subscription as s - left join aws_directory_service_directory as d on s.directory_id = d.directory_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n s.log_group_name,\n d.name as directory_name,\n d.arn\ + \ as directory_arn,\n d.directory_id,\n d.type as directory_type\nfrom\n aws_directory_service_log_subscription\ + \ as s\n left join aws_directory_service_directory as d on s.directory_id = d.directory_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Directory Service +Title: List AWS Directory Service Log Subscriptions with Details diff --git a/queries/aws_dlm_lifecycle_policy_1.yaml b/queries/aws_dlm_lifecycle_policy_1.yaml index 02d683725..a4a67e217 100755 --- a/queries/aws_dlm_lifecycle_policy_1.yaml +++ b/queries/aws_dlm_lifecycle_policy_1.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS DLM Lifecycle Policies to retrieve detailed + information about each policy, including its configuration, status, and tags. ID: aws_dlm_lifecycle_policy_1 -Title: "List AWS DLM Lifecycle Policies and Details" -Description: "Allows users to query AWS DLM Lifecycle Policies to retrieve detailed information about each policy, including its configuration, status, and tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - policy_id, - arn, - date_created - from - aws_dlm_lifecycle_policy; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n policy_id,\n arn,\n date_created\nfrom\n aws_dlm_lifecycle_policy;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS DLM +Title: List AWS DLM Lifecycle Policies and Details diff --git a/queries/aws_dlm_lifecycle_policy_2.yaml b/queries/aws_dlm_lifecycle_policy_2.yaml index 00b8bfc21..4e80f9e29 100755 --- a/queries/aws_dlm_lifecycle_policy_2.yaml +++ b/queries/aws_dlm_lifecycle_policy_2.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query AWS DLM Lifecycle Policies to retrieve detailed + information about each policy, including its configuration, status, and tags. ID: aws_dlm_lifecycle_policy_2 -Title: "List All AWS DLM Lifecycle Policies and Details" -Description: "Allows users to query AWS DLM Lifecycle Policies to retrieve detailed information about each policy, including its configuration, status, and tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - policy_id, - arn, - date_created, - policy_type, - s ->> 'ShareRules' as share_rules - from - aws_dlm_lifecycle_policy, - jsonb_array_elements(policy_details -> 'Schedules') s - where - s ->> 'ShareRules' is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n policy_id,\n arn,\n date_created,\n policy_type,\n\ + \ s ->> 'ShareRules' as share_rules\nfrom\n aws_dlm_lifecycle_policy,\n jsonb_array_elements(policy_details\ + \ -> 'Schedules') s\nwhere \n s ->> 'ShareRules' is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DLM Lifecycle Policy +Title: List All AWS DLM Lifecycle Policies and Details diff --git a/queries/aws_dlm_lifecycle_policy_3.yaml b/queries/aws_dlm_lifecycle_policy_3.yaml index 45fbaddb1..447bf1f21 100755 --- a/queries/aws_dlm_lifecycle_policy_3.yaml +++ b/queries/aws_dlm_lifecycle_policy_3.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS DLM Lifecycle Policies to retrieve detailed + information about each policy, including its configuration, status, and tags. ID: aws_dlm_lifecycle_policy_3 -Title: "List all AWS DLM Lifecycle Policies with Configuration" -Description: "Allows users to query AWS DLM Lifecycle Policies to retrieve detailed information about each policy, including its configuration, status, and tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - policy_id, - arn, - date_created, - policy_type, - s ->> 'CrossRegionCopyRules' as cross_region_copy_rules - from - aws_dlm_lifecycle_policy, - jsonb_array_elements(policy_details -> 'Schedules') s - where - s ->> 'CrossRegionCopyRules' is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n policy_id,\n arn,\n date_created,\n policy_type,\n\ + \ s ->> 'CrossRegionCopyRules' as cross_region_copy_rules\nfrom\n aws_dlm_lifecycle_policy,\n\ + \ jsonb_array_elements(policy_details -> 'Schedules') s\nwhere \n s ->> 'CrossRegionCopyRules'\ + \ is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DLM +Title: List all AWS DLM Lifecycle Policies with Configuration diff --git a/queries/aws_dlm_lifecycle_policy_4.yaml b/queries/aws_dlm_lifecycle_policy_4.yaml index c5cf2651f..ec810ad5c 100755 --- a/queries/aws_dlm_lifecycle_policy_4.yaml +++ b/queries/aws_dlm_lifecycle_policy_4.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS DLM Lifecycle Policies to retrieve detailed + information about each policy, including its configuration, status, and tags. ID: aws_dlm_lifecycle_policy_4 -Title: "List AWS DLM Lifecycle Policies with Configuration and Status" -Description: "Allows users to query AWS DLM Lifecycle Policies to retrieve detailed information about each policy, including its configuration, status, and tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - policy_id, - arn, - date_created, - policy_type, - s -> 'RetainRule' ->> 'Count' as retain_count - from - aws_dlm_lifecycle_policy, - jsonb_array_elements(policy_details -> 'Schedules') s - where - s -> 'RetainRule' is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n policy_id,\n arn,\n date_created,\n policy_type,\n\ + \ s -> 'RetainRule' ->> 'Count' as retain_count\nfrom\n aws_dlm_lifecycle_policy,\n\ + \ jsonb_array_elements(policy_details -> 'Schedules') s\nwhere \n s -> 'RetainRule'\ + \ is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS DLM +Title: List AWS DLM Lifecycle Policies with Configuration and Status diff --git a/queries/aws_dms_certificate_1.yaml b/queries/aws_dms_certificate_1.yaml index face30601..5d03aef4f 100755 --- a/queries/aws_dms_certificate_1.yaml +++ b/queries/aws_dms_certificate_1.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS DMS (Database Migration Service) Certificates. + This table provides information about SSL/TLS certificates used in AWS DMS for encrypting + data during database migration tasks. Certificates play a crucial role in ensuring + the security and integrity of data transferred between source and target databases. ID: aws_dms_certificate_1 -Title: "Find all AWS DMS Certificates and Their Details" -Description: "Allows users to query AWS DMS (Database Migration Service) Certificates. This table provides information about SSL/TLS certificates used in AWS DMS for encrypting data during database migration tasks. Certificates play a crucial role in ensuring the security and integrity of data transferred between source and target databases." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - certificate_identifier, - arn, - certificate_creation_date, - signing_algorithm, - valid_to_date, - region - from - aws_dms_certificate; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n certificate_identifier,\n arn,\n certificate_creation_date,\n\ + \ signing_algorithm,\n valid_to_date,\n region\nfrom\n aws_dms_certificate;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Database Migration Service +Title: Find all AWS DMS Certificates and Their Details diff --git a/queries/aws_dms_certificate_2.yaml b/queries/aws_dms_certificate_2.yaml index 7ce99e4ba..e9df38897 100755 --- a/queries/aws_dms_certificate_2.yaml +++ b/queries/aws_dms_certificate_2.yaml @@ -1,32 +1,27 @@ +Description: Allows users to query AWS DMS (Database Migration Service) Certificates. + This table provides information about SSL/TLS certificates used in AWS DMS for encrypting + data during database migration tasks. Certificates play a crucial role in ensuring + the security and integrity of data transferred between source and target databases. ID: aws_dms_certificate_2 -Title: "Find all AWS DMS Certificates Expiring in 10 Days" -Description: "Allows users to query AWS DMS (Database Migration Service) Certificates. This table provides information about SSL/TLS certificates used in AWS DMS for encrypting data during database migration tasks. Certificates play a crucial role in ensuring the security and integrity of data transferred between source and target databases." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - certificate_identifier, - arn, - key_length, - signing_algorithm, - valid_to_date - from - aws_dms_certificate - where - valid_to_date <= current_date + interval '10' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n certificate_identifier,\n arn,\n key_length,\n signing_algorithm,\n\ + \ valid_to_date\nfrom\n aws_dms_certificate\nwhere\n valid_to_date <= current_date\ + \ + interval '10' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Database Migration Service +Title: Find all AWS DMS Certificates Expiring in 10 Days diff --git a/queries/aws_dms_certificate_3.yaml b/queries/aws_dms_certificate_3.yaml index 6176ff069..399e0446a 100755 --- a/queries/aws_dms_certificate_3.yaml +++ b/queries/aws_dms_certificate_3.yaml @@ -1,30 +1,25 @@ +Description: Allows users to query AWS DMS (Database Migration Service) Certificates. + This table provides information about SSL/TLS certificates used in AWS DMS for encrypting + data during database migration tasks. Certificates play a crucial role in ensuring + the security and integrity of data transferred between source and target databases. ID: aws_dms_certificate_3 -Title: "List all AWS DMS Certificates and Details" -Description: "Allows users to query AWS DMS (Database Migration Service) Certificates. This table provides information about SSL/TLS certificates used in AWS DMS for encrypting data during database migration tasks. Certificates play a crucial role in ensuring the security and integrity of data transferred between source and target databases." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - certificate_identifier, - arn, - signing_algorithm, - key_length, - certificate_owner - from - aws_dms_certificate - where - signing_algorithm = 'SHA256withRSA'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n certificate_identifier,\n arn,\n signing_algorithm,\n\ + \ key_length,\n certificate_owner\nfrom\n aws_dms_certificate\nwhere\n signing_algorithm\ + \ = 'SHA256withRSA';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DMS +Title: List all AWS DMS Certificates and Details diff --git a/queries/aws_dms_certificate_4.yaml b/queries/aws_dms_certificate_4.yaml index 62b3e8d14..7ab24e0eb 100755 --- a/queries/aws_dms_certificate_4.yaml +++ b/queries/aws_dms_certificate_4.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS DMS (Database Migration Service) Certificates. + This table provides information about SSL/TLS certificates used in AWS DMS for encrypting + data during database migration tasks. Certificates play a crucial role in ensuring + the security and integrity of data transferred between source and target databases. ID: aws_dms_certificate_4 -Title: "Find AWS DMS Certificates for Data Migration Security" -Description: "Allows users to query AWS DMS (Database Migration Service) Certificates. This table provides information about SSL/TLS certificates used in AWS DMS for encrypting data during database migration tasks. Certificates play a crucial role in ensuring the security and integrity of data transferred between source and target databases." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - certificate_identifier, - arn, - certificate_owner, - account_id - from - aws_dms_certificate - where - certificate_owner <> account_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n certificate_identifier,\n arn,\n certificate_owner,\n\ + \ account_id\nfrom\n aws_dms_certificate\nwhere\n certificate_owner <> account_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Database Migration Service +Title: Find AWS DMS Certificates for Data Migration Security diff --git a/queries/aws_dms_certificate_5.yaml b/queries/aws_dms_certificate_5.yaml index d8f98ac28..c82b27aee 100755 --- a/queries/aws_dms_certificate_5.yaml +++ b/queries/aws_dms_certificate_5.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query AWS DMS (Database Migration Service) Certificates. + This table provides information about SSL/TLS certificates used in AWS DMS for encrypting + data during database migration tasks. Certificates play a crucial role in ensuring + the security and integrity of data transferred between source and target databases. ID: aws_dms_certificate_5 -Title: "Find all AWS DMS Certificates with Details" -Description: "Allows users to query AWS DMS (Database Migration Service) Certificates. This table provides information about SSL/TLS certificates used in AWS DMS for encrypting data during database migration tasks. Certificates play a crucial role in ensuring the security and integrity of data transferred between source and target databases." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - certificate_identifier, - arn, - certificate_owner, - (valid_to_date - current_date) as days_left, - region - from - aws_dms_certificate; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n certificate_identifier,\n arn,\n certificate_owner,\n\ + \ (valid_to_date - current_date) as days_left,\n region\nfrom\n aws_dms_certificate;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Database Migration Service +Title: Find all AWS DMS Certificates with Details diff --git a/queries/aws_dms_endpoint_1.yaml b/queries/aws_dms_endpoint_1.yaml index 7d7e6674b..995a10729 100755 --- a/queries/aws_dms_endpoint_1.yaml +++ b/queries/aws_dms_endpoint_1.yaml @@ -1,28 +1,20 @@ +Description: Query AWS DMS Endpoints to retrieve connection information for source + or target databases in database migration activities. ID: aws_dms_endpoint_1 -Title: "Find AWS DMS Endpoints Connection Info for Databases" -Description: "Query AWS DMS Endpoints to retrieve connection information for source or target databases in database migration activities." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - endpoint_identifier, - arn, - certificate_arn, - database_name, - endpoint_type, - engine_display_name, - engine_name - from - aws_dms_endpoint; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n endpoint_identifier,\n arn,\n certificate_arn,\n database_name,\n\ + \ endpoint_type,\n engine_display_name,\n engine_name\nfrom\n aws_dms_endpoint;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Database Migration Service +Title: Find AWS DMS Endpoints Connection Info for Databases diff --git a/queries/aws_dms_endpoint_2.yaml b/queries/aws_dms_endpoint_2.yaml index b3198ee1a..c4ecdad2b 100755 --- a/queries/aws_dms_endpoint_2.yaml +++ b/queries/aws_dms_endpoint_2.yaml @@ -1,28 +1,21 @@ +Description: Query AWS DMS Endpoints to retrieve connection information for source + or target databases in database migration activities. ID: aws_dms_endpoint_2 -Title: "Find AWS DMS Endpoints Connection Info for Migration" -Description: "Query AWS DMS Endpoints to retrieve connection information for source or target databases in database migration activities." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - endpoint_identifier, - arn, - engine_display_name, - endpoint_type, - engine_name - from - aws_dms_endpoint - where - endpoint_type = 'SOURCE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n endpoint_identifier,\n arn,\n engine_display_name,\n\ + \ endpoint_type,\n engine_name\nfrom\n aws_dms_endpoint\nwhere\n endpoint_type\ + \ = 'SOURCE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DMS +Title: Find AWS DMS Endpoints Connection Info for Migration diff --git a/queries/aws_dms_endpoint_3.yaml b/queries/aws_dms_endpoint_3.yaml index 89fd7dcd8..920db50eb 100755 --- a/queries/aws_dms_endpoint_3.yaml +++ b/queries/aws_dms_endpoint_3.yaml @@ -1,30 +1,22 @@ +Description: Query AWS DMS Endpoints to retrieve connection information for source + or target databases in database migration activities. ID: aws_dms_endpoint_3 -Title: "List all AWS DMS Endpoints for connection details" -Description: "Query AWS DMS Endpoints to retrieve connection information for source or target databases in database migration activities." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - endpoint_identifier, - arn, - engine_name, - instance_create_time, - my_sql_settings - from - aws_dms_endpoint - where - engine_name = 'mysql'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n endpoint_identifier,\n arn,\n engine_name,\n instance_create_time,\n\ + \ my_sql_settings\nfrom\n aws_dms_endpoint\nwhere\n engine_name = 'mysql';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DMS +Title: List all AWS DMS Endpoints for connection details diff --git a/queries/aws_dms_endpoint_4.yaml b/queries/aws_dms_endpoint_4.yaml index 1b3c3c331..59c5303cd 100755 --- a/queries/aws_dms_endpoint_4.yaml +++ b/queries/aws_dms_endpoint_4.yaml @@ -1,32 +1,25 @@ +Description: Query AWS DMS Endpoints to retrieve connection information for source + or target databases in database migration activities. ID: aws_dms_endpoint_4 -Title: "List All AWS DMS Endpoints for Database Migrations" -Description: "Query AWS DMS Endpoints to retrieve connection information for source or target databases in database migration activities." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - endpoint_identifier, - kms_key_id, - server_name, - service_access_role_arn, - ssl_mode - from - aws_dms_endpoint - where - ssl_mode <> 'none'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n endpoint_identifier,\n kms_key_id,\n server_name,\n\ + \ service_access_role_arn,\n ssl_mode\nfrom\n aws_dms_endpoint\nwhere\n ssl_mode\ + \ <> 'none';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Database Migration Service +Title: List All AWS DMS Endpoints for Database Migrations diff --git a/queries/aws_dms_endpoint_5.yaml b/queries/aws_dms_endpoint_5.yaml index 95ef25a99..25422d61c 100755 --- a/queries/aws_dms_endpoint_5.yaml +++ b/queries/aws_dms_endpoint_5.yaml @@ -1,40 +1,32 @@ +Description: Query AWS DMS Endpoints to retrieve connection information for source + or target databases in database migration activities. ID: aws_dms_endpoint_5 -Title: "Find AWS DMS Endpoints and Retrieve Connection Information" -Description: "Query AWS DMS Endpoints to retrieve connection information for source or target databases in database migration activities." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - endpoint_identifier, - arn, - my_sql_settings ->> 'AfterConnectScript' as after_connect_script, - (my_sql_settings ->> 'CleanSourceMetadataOnMismatch')::boolean as clean_source_metadata_on_mismatch, - my_sql_settings ->> 'DatabaseName' as database_name, - (my_sql_settings ->> 'EventsPollInterval')::integer as events_poll_interval, - (my_sql_settings ->> 'ExecuteTimeout')::integer as execute_timeout, - (my_sql_settings ->> 'MaxFileSize')::integer as max_file_size, - (my_sql_settings ->> 'ParallelLoadThreads')::integer as parallel_load_threads, - my_sql_settings ->> 'Password' as password, - (my_sql_settings ->> 'Port')::integer as port, - my_sql_settings ->> 'SecretsManagerAccessRoleArn' as secrets_manager_access_role_arn, - my_sql_settings ->> 'SecretsManagerSecretId' as secrets_manager_secret_id, - my_sql_settings ->> 'ServerName' as server_name, - my_sql_settings ->> 'ServerTimezone' as server_timezone, - my_sql_settings ->> 'TargetDbType' as target_db_type, - my_sql_settings ->> 'Username' as username - from - aws_dms_endpoint - where - engine_name = 'mysql'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n endpoint_identifier,\n arn,\n my_sql_settings ->> 'AfterConnectScript'\ + \ as after_connect_script,\n (my_sql_settings ->> 'CleanSourceMetadataOnMismatch')::boolean\ + \ as clean_source_metadata_on_mismatch,\n my_sql_settings ->> 'DatabaseName'\ + \ as database_name,\n (my_sql_settings ->> 'EventsPollInterval')::integer as\ + \ events_poll_interval,\n (my_sql_settings ->> 'ExecuteTimeout')::integer as\ + \ execute_timeout,\n (my_sql_settings ->> 'MaxFileSize')::integer as max_file_size,\n\ + \ (my_sql_settings ->> 'ParallelLoadThreads')::integer as parallel_load_threads,\n\ + \ my_sql_settings ->> 'Password' as password,\n (my_sql_settings ->> 'Port')::integer\ + \ as port,\n my_sql_settings ->> 'SecretsManagerAccessRoleArn' as secrets_manager_access_role_arn,\n\ + \ my_sql_settings ->> 'SecretsManagerSecretId' as secrets_manager_secret_id,\n\ + \ my_sql_settings ->> 'ServerName' as server_name,\n my_sql_settings ->> 'ServerTimezone'\ + \ as server_timezone,\n my_sql_settings ->> 'TargetDbType' as target_db_type,\n\ + \ my_sql_settings ->> 'Username' as username\nfrom\n aws_dms_endpoint\nwhere\n\ + \ engine_name = 'mysql';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS DMS Endpoints +Title: Find AWS DMS Endpoints and Retrieve Connection Information diff --git a/queries/aws_dms_replication_instance_1.yaml b/queries/aws_dms_replication_instance_1.yaml index fd3f52c5e..0cd63aed2 100755 --- a/queries/aws_dms_replication_instance_1.yaml +++ b/queries/aws_dms_replication_instance_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Database Migration Service Replication Instances + and provides information about each replication instance in an AWS DMS (Database + Migration Service). ID: aws_dms_replication_instance_1 -Title: "List all AWS DMS Replication Instances" -Description: "Allows users to query AWS Database Migration Service Replication Instances and provides information about each replication instance in an AWS DMS (Database Migration Service)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - replication_instance_identifier, - arn, - engine_version, - instance_create_time, - kms_key_id, - publicly_accessible, - region - from - aws_dms_replication_instance; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n replication_instance_identifier,\n arn,\n engine_version,\n\ + \ instance_create_time,\n kms_key_id,\n publicly_accessible,\n region\nfrom\n\ + \ aws_dms_replication_instance;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Database Migration Service +Title: List all AWS DMS Replication Instances diff --git a/queries/aws_dms_replication_instance_2.yaml b/queries/aws_dms_replication_instance_2.yaml index ef2de1139..d98e24169 100755 --- a/queries/aws_dms_replication_instance_2.yaml +++ b/queries/aws_dms_replication_instance_2.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Database Migration Service Replication Instances + and provides information about each replication instance in an AWS DMS (Database + Migration Service). ID: aws_dms_replication_instance_2 -Title: "List all AWS DMS Replication Instances for Asset Management" -Description: "Allows users to query AWS Database Migration Service Replication Instances and provides information about each replication instance in an AWS DMS (Database Migration Service)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - replication_instance_identifier, - arn, - engine_version, - instance_create_time, - auto_minor_version_upgrade, - region - from - aws_dms_replication_instance - where - not auto_minor_version_upgrade; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n replication_instance_identifier,\n arn,\n engine_version,\n\ + \ instance_create_time,\n auto_minor_version_upgrade,\n region\nfrom\n aws_dms_replication_instance\n\ + where\n not auto_minor_version_upgrade;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Database Migration Service +Title: List all AWS DMS Replication Instances for Asset Management diff --git a/queries/aws_dms_replication_instance_3.yaml b/queries/aws_dms_replication_instance_3.yaml index be727552e..f22e83883 100755 --- a/queries/aws_dms_replication_instance_3.yaml +++ b/queries/aws_dms_replication_instance_3.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Database Migration Service Replication Instances + and provides information about each replication instance in an AWS DMS (Database + Migration Service). ID: aws_dms_replication_instance_3 -Title: "Find AWS Database Migration Service Replication Instances" -Description: "Allows users to query AWS Database Migration Service Replication Instances and provides information about each replication instance in an AWS DMS (Database Migration Service)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - replication_instance_identifier, - arn, - engine_version, - instance_create_time, - replication_instance_class, - region - from - aws_dms_replication_instance - where - replication_instance_class not in ('dms.r5.16xlarge', 'dms.r5.24xlarge'); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n replication_instance_identifier,\n arn,\n engine_version,\n\ + \ instance_create_time,\n replication_instance_class,\n region\nfrom\n aws_dms_replication_instance\n\ + where\n replication_instance_class not in ('dms.r5.16xlarge', 'dms.r5.24xlarge');" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Database Migration Service +Title: Find AWS Database Migration Service Replication Instances diff --git a/queries/aws_dms_replication_instance_4.yaml b/queries/aws_dms_replication_instance_4.yaml index d0784ab08..98a81de6d 100755 --- a/queries/aws_dms_replication_instance_4.yaml +++ b/queries/aws_dms_replication_instance_4.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS Database Migration Service Replication Instances + and provides information about each replication instance in an AWS DMS (Database + Migration Service). ID: aws_dms_replication_instance_4 -Title: "List all AWS Database Migration Service Replication Instances" -Description: "Allows users to query AWS Database Migration Service Replication Instances and provides information about each replication instance in an AWS DMS (Database Migration Service)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - replication_instance_identifier, - arn, - publicly_accessible, - region - from - aws_dms_replication_instance - where - publicly_accessible; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n replication_instance_identifier,\n arn,\n publicly_accessible,\n\ + \ region\nfrom\n aws_dms_replication_instance\nwhere\n publicly_accessible;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Database Migration Service +Title: List all AWS Database Migration Service Replication Instances diff --git a/queries/aws_dms_replication_instance_5.yaml b/queries/aws_dms_replication_instance_5.yaml index e9caaf772..9e5ce29e1 100755 --- a/queries/aws_dms_replication_instance_5.yaml +++ b/queries/aws_dms_replication_instance_5.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS Database Migration Service Replication Instances + and provides information about each replication instance in an AWS DMS (Database + Migration Service). ID: aws_dms_replication_instance_5 -Title: "Find AWS Database Migration Service Replication Instances" -Description: "Allows users to query AWS Database Migration Service Replication Instances and provides information about each replication instance in an AWS DMS (Database Migration Service)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - replication_instance_identifier, - arn, - publicly_accessible, - multi_az, - region - from - aws_dms_replication_instance - where - not multi_az; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n replication_instance_identifier,\n arn,\n publicly_accessible,\n\ + \ multi_az,\n region\nfrom\n aws_dms_replication_instance\nwhere\n not multi_az;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Database Migration Service +Title: Find AWS Database Migration Service Replication Instances diff --git a/queries/aws_dms_replication_task_1.yaml b/queries/aws_dms_replication_task_1.yaml index 23efa7d20..a83176fae 100755 --- a/queries/aws_dms_replication_task_1.yaml +++ b/queries/aws_dms_replication_task_1.yaml @@ -1,30 +1,24 @@ +Description: Enables users to query AWS DMS Replication Tasks to retrieve detailed + information on data migration activities between source and target databases. ID: aws_dms_replication_task_1 -Title: "List AWS DMS Replication Task Information" -Description: "Enables users to query AWS DMS Replication Tasks to retrieve detailed information on data migration activities between source and target databases." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - replication_task_identifier, - arn, - migration_type, - status, - replication_task_creation_date - from - aws_dms_replication_task; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n replication_task_identifier,\n arn,\n migration_type,\n\ + \ status,\n replication_task_creation_date\nfrom\n aws_dms_replication_task;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS DMS Replication Tasks +Title: List AWS DMS Replication Task Information diff --git a/queries/aws_dms_replication_task_2.yaml b/queries/aws_dms_replication_task_2.yaml index 924f45a81..b6dfa8586 100755 --- a/queries/aws_dms_replication_task_2.yaml +++ b/queries/aws_dms_replication_task_2.yaml @@ -1,28 +1,22 @@ +Description: Enables users to query AWS DMS Replication Tasks to retrieve detailed + information on data migration activities between source and target databases. ID: aws_dms_replication_task_2 -Title: "List AWS DMS Replication Tasks for Data Migration" -Description: "Enables users to query AWS DMS Replication Tasks to retrieve detailed information on data migration activities between source and target databases." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - replication_task_identifier, - migration_type, - status - from - aws_dms_replication_task - where - migration_type = 'full-load'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n replication_task_identifier,\n migration_type,\n status\n\ + from\n aws_dms_replication_task\nwhere\n migration_type = 'full-load';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DMS +Title: List AWS DMS Replication Tasks for Data Migration diff --git a/queries/aws_dms_replication_task_3.yaml b/queries/aws_dms_replication_task_3.yaml index 8c253bf7d..61c44f4cd 100755 --- a/queries/aws_dms_replication_task_3.yaml +++ b/queries/aws_dms_replication_task_3.yaml @@ -1,28 +1,22 @@ +Description: Enables users to query AWS DMS Replication Tasks to retrieve detailed + information on data migration activities between source and target databases. ID: aws_dms_replication_task_3 -Title: "Find AWS DMS Tasks with Failed Status Using SQL" -Description: "Enables users to query AWS DMS Replication Tasks to retrieve detailed information on data migration activities between source and target databases." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - replication_task_identifier, - status, - last_failure_message - from - aws_dms_replication_task - where - status = 'failed'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n replication_task_identifier,\n status,\n last_failure_message\n\ + from\n aws_dms_replication_task\nwhere\n status = 'failed';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DMS +Title: Find AWS DMS Tasks with Failed Status Using SQL diff --git a/queries/aws_dms_replication_task_4.yaml b/queries/aws_dms_replication_task_4.yaml index db6de646b..6ad3266d1 100755 --- a/queries/aws_dms_replication_task_4.yaml +++ b/queries/aws_dms_replication_task_4.yaml @@ -1,34 +1,28 @@ +Description: Enables users to query AWS DMS Replication Tasks to retrieve detailed + information on data migration activities between source and target databases. ID: aws_dms_replication_task_4 -Title: "Find AWS DMS Replication Task Details for Data Migration" -Description: "Enables users to query AWS DMS Replication Tasks to retrieve detailed information on data migration activities between source and target databases." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - replication_task_identifier, - status, - replication_task_stats -> 'ElapsedTimeMillis' as elapsed_time_millis, - replication_task_stats -> 'FreshStartDate' as fresh_start_date, - replication_task_stats -> 'FullLoadFinishDate' as full_load_finish_date, - replication_task_stats -> 'FullLoadProgressPercent' as full_load_progress_percent, - replication_task_stats -> 'FullLoadStartDate' as full_load_start_date, - replication_task_stats -> 'StartDate' as start_date, - replication_task_stats -> 'StopDate' as stop_date, - replication_task_stats -> 'TablesErrored' as tables_errored, - replication_task_stats -> 'TablesLoaded' as tables_loaded, - replication_task_stats -> 'TablesLoading' as tables_loading, - replication_task_stats -> 'TablesQueued' as tables_queued - from - aws_dms_replication_task; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n replication_task_identifier,\n status,\n replication_task_stats\ + \ -> 'ElapsedTimeMillis' as elapsed_time_millis,\n replication_task_stats ->\ + \ 'FreshStartDate' as fresh_start_date,\n replication_task_stats -> 'FullLoadFinishDate'\ + \ as full_load_finish_date,\n replication_task_stats -> 'FullLoadProgressPercent'\ + \ as full_load_progress_percent,\n replication_task_stats -> 'FullLoadStartDate'\ + \ as full_load_start_date,\n replication_task_stats -> 'StartDate' as start_date,\n\ + \ replication_task_stats -> 'StopDate' as stop_date,\n replication_task_stats\ + \ -> 'TablesErrored' as tables_errored,\n replication_task_stats -> 'TablesLoaded'\ + \ as tables_loaded,\n replication_task_stats -> 'TablesLoading' as tables_loading,\n\ + \ replication_task_stats -> 'TablesQueued' as tables_queued\nfrom\n aws_dms_replication_task;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DMS +Title: Find AWS DMS Replication Task Details for Data Migration diff --git a/queries/aws_dms_replication_task_5.yaml b/queries/aws_dms_replication_task_5.yaml index c7cbfc979..8c786d02f 100755 --- a/queries/aws_dms_replication_task_5.yaml +++ b/queries/aws_dms_replication_task_5.yaml @@ -1,30 +1,24 @@ +Description: Enables users to query AWS DMS Replication Tasks to retrieve detailed + information on data migration activities between source and target databases. ID: aws_dms_replication_task_5 -Title: "List all AWS DMS Replication Tasks with Details" -Description: "Enables users to query AWS DMS Replication Tasks to retrieve detailed information on data migration activities between source and target databases." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - t.replication_task_identifier, - t.arn as task_arn, - i.replication_instance_class, - i.engine_version, - i.publicly_accessible, - i.dns_name_servers - from - aws_dms_replication_task t - join aws_dms_replication_instance i on t.replication_instance_arn = i.arn; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n t.replication_task_identifier,\n t.arn as task_arn,\n\ + \ i.replication_instance_class,\n i.engine_version,\n i.publicly_accessible,\n\ + \ i.dns_name_servers\nfrom\n aws_dms_replication_task t\njoin aws_dms_replication_instance\ + \ i on t.replication_instance_arn = i.arn;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS DMS +Title: List all AWS DMS Replication Tasks with Details diff --git a/queries/aws_dms_replication_task_6.yaml b/queries/aws_dms_replication_task_6.yaml index be9180f77..af1be20e6 100755 --- a/queries/aws_dms_replication_task_6.yaml +++ b/queries/aws_dms_replication_task_6.yaml @@ -1,28 +1,22 @@ +Description: Enables users to query AWS DMS Replication Tasks to retrieve detailed + information on data migration activities between source and target databases. ID: aws_dms_replication_task_6 -Title: "Find AWS DMS Replication Tasks for Data Migration" -Description: "Enables users to query AWS DMS Replication Tasks to retrieve detailed information on data migration activities between source and target databases." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - replication_task_identifier, - source_endpoint_arn, - status - from - aws_dms_replication_task - where - endpoint_type = 'source'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n replication_task_identifier,\n source_endpoint_arn,\n\ + \ status\nfrom\n aws_dms_replication_task\nwhere\n endpoint_type = 'source';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DMS +Title: Find AWS DMS Replication Tasks for Data Migration diff --git a/queries/aws_dms_replication_task_7.yaml b/queries/aws_dms_replication_task_7.yaml index cdb4042e0..1db3fdab3 100755 --- a/queries/aws_dms_replication_task_7.yaml +++ b/queries/aws_dms_replication_task_7.yaml @@ -1,29 +1,24 @@ +Description: Enables users to query AWS DMS Replication Tasks to retrieve detailed + information on data migration activities between source and target databases. ID: aws_dms_replication_task_7 -Title: "List all AWS DMS Replication Task Details" -Description: "Enables users to query AWS DMS Replication Tasks to retrieve detailed information on data migration activities between source and target databases." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - endpoint_type, - count(*) as task_count - from - aws_dms_replication_task - group by - endpoint_type; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n endpoint_type,\n count(*) as task_count\nfrom\n aws_dms_replication_task\n\ + group by\n endpoint_type;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DMS +Title: List all AWS DMS Replication Task Details diff --git a/queries/aws_docdb_cluster_1.yaml b/queries/aws_docdb_cluster_1.yaml index b31fc186c..48c49dc53 100755 --- a/queries/aws_docdb_cluster_1.yaml +++ b/queries/aws_docdb_cluster_1.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query Amazon DocumentDB Clusters for detailed information + about their configuration, status, and associated metadata. ID: aws_docdb_cluster_1 -Title: "Find Amazon DocumentDB Cluster Configuration and Status" -Description: "Allows users to query Amazon DocumentDB Clusters for detailed information about their configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - db_cluster_identifier, - deletion_protection, - engine, - status, - region - from - aws_docdb_cluster; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n db_cluster_identifier,\n deletion_protection,\n\ + \ engine,\n status,\n region\nfrom\n aws_docdb_cluster;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon DocumentDB +Title: Find Amazon DocumentDB Cluster Configuration and Status diff --git a/queries/aws_docdb_cluster_2.yaml b/queries/aws_docdb_cluster_2.yaml index 8a53ebc75..05346701d 100755 --- a/queries/aws_docdb_cluster_2.yaml +++ b/queries/aws_docdb_cluster_2.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query Amazon DocumentDB Clusters for detailed information + about their configuration, status, and associated metadata. ID: aws_docdb_cluster_2 -Title: "Find Amazon DocumentDB Cluster Configuration and Status" -Description: "Allows users to query Amazon DocumentDB Clusters for detailed information about their configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_cluster_identifier, - status, - cluster_create_time, - kms_key_id, - storage_encrypted - from - aws_docdb_cluster - where - not storage_encrypted; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_cluster_identifier,\n status,\n cluster_create_time,\n\ + \ kms_key_id,\n storage_encrypted\nfrom\n aws_docdb_cluster\nwhere\n not storage_encrypted;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon DocumentDB +Title: Find Amazon DocumentDB Cluster Configuration and Status diff --git a/queries/aws_docdb_cluster_3.yaml b/queries/aws_docdb_cluster_3.yaml index d4f51f404..d13c09fbf 100755 --- a/queries/aws_docdb_cluster_3.yaml +++ b/queries/aws_docdb_cluster_3.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query Amazon DocumentDB Clusters for detailed information + about their configuration, status, and associated metadata. ID: aws_docdb_cluster_3 -Title: "Find Amazon DocumentDB Cluster Config and Status" -Description: "Allows users to query Amazon DocumentDB Clusters for detailed information about their configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_cluster_identifier, - backup_retention_period - from - aws_docdb_cluster - where - backup_retention_period > 7; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_cluster_identifier,\n backup_retention_period\nfrom\n\ + \ aws_docdb_cluster\nwhere\n backup_retention_period > 7;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DocumentDB +Title: Find Amazon DocumentDB Cluster Config and Status diff --git a/queries/aws_docdb_cluster_4.yaml b/queries/aws_docdb_cluster_4.yaml index 30f6ee0c5..edb02dad6 100755 --- a/queries/aws_docdb_cluster_4.yaml +++ b/queries/aws_docdb_cluster_4.yaml @@ -1,25 +1,22 @@ +Description: Allows users to query Amazon DocumentDB Clusters for detailed information + about their configuration, status, and associated metadata. ID: aws_docdb_cluster_4 -Title: "List all Amazon DocumentDB Cluster Configuration and Status" -Description: "Allows users to query Amazon DocumentDB Clusters for detailed information about their configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_cluster_identifier, - jsonb_array_length(availability_zones) as availability_zones_count - from - aws_docdb_cluster; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_cluster_identifier,\n jsonb_array_length(availability_zones)\ + \ as availability_zones_count\nfrom\n aws_docdb_cluster;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon DocumentDB +Title: List all Amazon DocumentDB Cluster Configuration and Status diff --git a/queries/aws_docdb_cluster_5.yaml b/queries/aws_docdb_cluster_5.yaml index 52f16f4df..7365d9e2f 100755 --- a/queries/aws_docdb_cluster_5.yaml +++ b/queries/aws_docdb_cluster_5.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query Amazon DocumentDB Clusters for detailed information + about their configuration, status, and associated metadata. ID: aws_docdb_cluster_5 -Title: "List Amazon DocumentDB Clusters and Their Status" -Description: "Allows users to query Amazon DocumentDB Clusters for detailed information about their configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_cluster_identifier, - status, - cluster_create_time, - deletion_protection - from - aws_docdb_cluster - where - not deletion_protection; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_cluster_identifier,\n status,\n cluster_create_time,\n\ + \ deletion_protection\nfrom\n aws_docdb_cluster\nwhere\n not deletion_protection;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DocumentDB +Title: List Amazon DocumentDB Clusters and Their Status diff --git a/queries/aws_docdb_cluster_6.yaml b/queries/aws_docdb_cluster_6.yaml index f1ddf78d7..642278827 100755 --- a/queries/aws_docdb_cluster_6.yaml +++ b/queries/aws_docdb_cluster_6.yaml @@ -1,29 +1,25 @@ +Description: Allows users to query Amazon DocumentDB Clusters for detailed information + about their configuration, status, and associated metadata. ID: aws_docdb_cluster_6 -Title: "List all Amazon DocumentDB Clusters for Configuration and Status" -Description: "Allows users to query Amazon DocumentDB Clusters for detailed information about their configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_cluster_identifier, - member ->> 'DBClusterParameterGroupStatus' as db_cluster_parameter_group_status, - member ->> 'DBInstanceIdentifier' as db_instance_identifier, - member ->> 'IsClusterWriter' as is_cluster_writer, - member ->> 'PromotionTier' as promotion_tier - from - aws_docdb_cluster - cross join jsonb_array_elements(members) as member; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_cluster_identifier,\n member ->> 'DBClusterParameterGroupStatus'\ + \ as db_cluster_parameter_group_status,\n member ->> 'DBInstanceIdentifier' as\ + \ db_instance_identifier,\n member ->> 'IsClusterWriter' as is_cluster_writer,\n\ + \ member ->> 'PromotionTier' as promotion_tier\nfrom\n aws_docdb_cluster\n \ + \ cross join jsonb_array_elements(members) as member;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DocumentDB +Title: List all Amazon DocumentDB Clusters for Configuration and Status diff --git a/queries/aws_docdb_cluster_7.yaml b/queries/aws_docdb_cluster_7.yaml index 021e798d1..6752976f4 100755 --- a/queries/aws_docdb_cluster_7.yaml +++ b/queries/aws_docdb_cluster_7.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query Amazon DocumentDB Clusters for detailed information + about their configuration, status, and associated metadata. ID: aws_docdb_cluster_7 -Title: "Find Amazon DocumentDB Clusters and Configuration Status" -Description: "Allows users to query Amazon DocumentDB Clusters for detailed information about their configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_cluster_identifier, - status, - cluster_create_time, - deletion_protection - from - aws_docdb_cluster - where - not deletion_protection; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_cluster_identifier,\n status,\n cluster_create_time,\n\ + \ deletion_protection\nfrom\n aws_docdb_cluster\nwhere\n not deletion_protection;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon DocumentDB +Title: Find Amazon DocumentDB Clusters and Configuration Status diff --git a/queries/aws_docdb_cluster_instance_1.yaml b/queries/aws_docdb_cluster_instance_1.yaml index c009d8dbd..1be37eb0d 100755 --- a/queries/aws_docdb_cluster_instance_1.yaml +++ b/queries/aws_docdb_cluster_instance_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query Amazon DocumentDB Cluster Instances to gather detailed + information such as instance identifier, cluster identifier, instance class, availability + zone, engine version, and more. ID: aws_docdb_cluster_instance_1 -Title: "List Amazon DocumentDB Cluster Instances" -Description: "Allows users to query Amazon DocumentDB Cluster Instances to gather detailed information such as instance identifier, cluster identifier, instance class, availability zone, engine version, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - db_cluster_identifier, - engine, - engine_version, - db_instance_class, - availability_zone - from - aws_docdb_cluster_instance; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n db_cluster_identifier,\n \ + \ engine,\n engine_version,\n db_instance_class,\n availability_zone\nfrom\n\ + \ aws_docdb_cluster_instance;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon DocumentDB +Title: List Amazon DocumentDB Cluster Instances diff --git a/queries/aws_docdb_cluster_instance_2.yaml b/queries/aws_docdb_cluster_instance_2.yaml index 4c29de451..1f2286b05 100755 --- a/queries/aws_docdb_cluster_instance_2.yaml +++ b/queries/aws_docdb_cluster_instance_2.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query Amazon DocumentDB Cluster Instances to gather detailed + information such as instance identifier, cluster identifier, instance class, availability + zone, engine version, and more. ID: aws_docdb_cluster_instance_2 -Title: "List all Amazon DocumentDB Cluster Instances" -Description: "Allows users to query Amazon DocumentDB Cluster Instances to gather detailed information such as instance identifier, cluster identifier, instance class, availability zone, engine version, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - db_cluster_identifier, - engine, - engine_version, - db_instance_class, - availability_zone - from - aws_docdb_cluster_instance - where - publicly_accessible; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n db_cluster_identifier,\n \ + \ engine,\n engine_version,\n db_instance_class,\n availability_zone\nfrom\n\ + \ aws_docdb_cluster_instance\nwhere\n publicly_accessible;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DocumentDB +Title: List all Amazon DocumentDB Cluster Instances diff --git a/queries/aws_docdb_cluster_instance_3.yaml b/queries/aws_docdb_cluster_instance_3.yaml index 481682854..93b959b40 100755 --- a/queries/aws_docdb_cluster_instance_3.yaml +++ b/queries/aws_docdb_cluster_instance_3.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query Amazon DocumentDB Cluster Instances to gather detailed + information such as instance identifier, cluster identifier, instance class, availability + zone, engine version, and more. ID: aws_docdb_cluster_instance_3 -Title: "Find all Amazon DocumentDB Cluster Instances with Details" -Description: "Allows users to query Amazon DocumentDB Cluster Instances to gather detailed information such as instance identifier, cluster identifier, instance class, availability zone, engine version, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_subnet_group_arn, - db_subnet_group_name, - db_subnet_group_description, - db_subnet_group_status - from - aws_docdb_cluster_instance; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_subnet_group_arn,\n db_subnet_group_name,\n db_subnet_group_description,\n\ + \ db_subnet_group_status\nfrom\n aws_docdb_cluster_instance;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon DocumentDB +Title: Find all Amazon DocumentDB Cluster Instances with Details diff --git a/queries/aws_docdb_cluster_instance_4.yaml b/queries/aws_docdb_cluster_instance_4.yaml index 911a9d594..9dbe8110e 100755 --- a/queries/aws_docdb_cluster_instance_4.yaml +++ b/queries/aws_docdb_cluster_instance_4.yaml @@ -1,30 +1,25 @@ +Description: Allows users to query Amazon DocumentDB Cluster Instances to gather detailed + information such as instance identifier, cluster identifier, instance class, availability + zone, engine version, and more. ID: aws_docdb_cluster_instance_4 -Title: "List all Information of Amazon DocumentDB Clusters" -Description: "Allows users to query Amazon DocumentDB Cluster Instances to gather detailed information such as instance identifier, cluster identifier, instance class, availability zone, engine version, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier as attached_vpc, - vsg ->> 'VpcSecurityGroupId' as vpc_security_group_id, - vsg ->> 'Status' as status, - sub -> 'SubnetAvailabilityZone' ->> 'Name' as subnet_availability_zone, - sub ->> 'SubnetIdentifier' as subnet_identifier, - sub -> 'SubnetOutpost' ->> 'Arn' as subnet_outpost, - sub ->> 'SubnetStatus' as subnet_status - from - aws_docdb_cluster_instance - cross join jsonb_array_elements(vpc_security_groups) as vsg - cross join jsonb_array_elements(subnets) as sub; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier as attached_vpc,\n vsg ->> 'VpcSecurityGroupId'\ + \ as vpc_security_group_id,\n vsg ->> 'Status' as status,\n sub -> 'SubnetAvailabilityZone'\ + \ ->> 'Name' as subnet_availability_zone,\n sub ->> 'SubnetIdentifier' as subnet_identifier,\n\ + \ sub -> 'SubnetOutpost' ->> 'Arn' as subnet_outpost,\n sub ->> 'SubnetStatus'\ + \ as subnet_status\nfrom\n aws_docdb_cluster_instance\n cross join jsonb_array_elements(vpc_security_groups)\ + \ as vsg\n cross join jsonb_array_elements(subnets) as sub;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon DocumentDB +Title: List all Information of Amazon DocumentDB Clusters diff --git a/queries/aws_docdb_cluster_instance_5.yaml b/queries/aws_docdb_cluster_instance_5.yaml index 46a26fdd8..a2d484c99 100755 --- a/queries/aws_docdb_cluster_instance_5.yaml +++ b/queries/aws_docdb_cluster_instance_5.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query Amazon DocumentDB Cluster Instances to gather detailed + information such as instance identifier, cluster identifier, instance class, availability + zone, engine version, and more. ID: aws_docdb_cluster_instance_5 -Title: "Find all Amazon DocumentDB Cluster Instances using SQL" -Description: "Allows users to query Amazon DocumentDB Cluster Instances to gather detailed information such as instance identifier, cluster identifier, instance class, availability zone, engine version, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - db_cluster_identifier, - db_instance_class - from - aws_docdb_cluster_instance - where - not storage_encrypted; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n db_cluster_identifier,\n \ + \ db_instance_class\nfrom\n aws_docdb_cluster_instance\nwhere\n not storage_encrypted;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon DocumentDB +Title: Find all Amazon DocumentDB Cluster Instances using SQL diff --git a/queries/aws_docdb_cluster_instance_6.yaml b/queries/aws_docdb_cluster_instance_6.yaml index 8af20be8a..1673d7c40 100755 --- a/queries/aws_docdb_cluster_instance_6.yaml +++ b/queries/aws_docdb_cluster_instance_6.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query Amazon DocumentDB Cluster Instances to gather detailed + information such as instance identifier, cluster identifier, instance class, availability + zone, engine version, and more. ID: aws_docdb_cluster_instance_6 -Title: "List Amazon DocumentDB Cluster Instances with SQL" -Description: "Allows users to query Amazon DocumentDB Cluster Instances to gather detailed information such as instance identifier, cluster identifier, instance class, availability zone, engine version, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - db_cluster_identifier, - db_instance_class - from - aws_docdb_cluster_instance - where - enabled_cloudwatch_logs_exports is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n db_cluster_identifier,\n \ + \ db_instance_class\nfrom\n aws_docdb_cluster_instance\nwhere\n enabled_cloudwatch_logs_exports\ + \ is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon DocumentDB +Title: List Amazon DocumentDB Cluster Instances with SQL diff --git a/queries/aws_docdb_cluster_instance_7.yaml b/queries/aws_docdb_cluster_instance_7.yaml index 2b4366302..e18031ce0 100755 --- a/queries/aws_docdb_cluster_instance_7.yaml +++ b/queries/aws_docdb_cluster_instance_7.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query Amazon DocumentDB Cluster Instances to gather detailed + information such as instance identifier, cluster identifier, instance class, availability + zone, engine version, and more. ID: aws_docdb_cluster_instance_7 -Title: "List all Amazon DocumentDB Cluster Instances and Details" -Description: "Allows users to query Amazon DocumentDB Cluster Instances to gather detailed information such as instance identifier, cluster identifier, instance class, availability zone, engine version, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - endpoint_address, - endpoint_hosted_zone_id, - endpoint_port - from - aws_docdb_cluster_instance; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n endpoint_address,\n endpoint_hosted_zone_id,\n\ + \ endpoint_port\nfrom\n aws_docdb_cluster_instance;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon DocumentDB +Title: List all Amazon DocumentDB Cluster Instances and Details diff --git a/queries/aws_docdb_cluster_snapshot_1.yaml b/queries/aws_docdb_cluster_snapshot_1.yaml index 7836b0295..483d58bc1 100755 --- a/queries/aws_docdb_cluster_snapshot_1.yaml +++ b/queries/aws_docdb_cluster_snapshot_1.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query Amazon DocumentDB Cluster Snapshots for detailed + information about their configuration, status, and associated metadata. ID: aws_docdb_cluster_snapshot_1 -Title: "Find Amazon DocumentDB Cluster Snapshots Configuration and Status" -Description: "Allows users to query Amazon DocumentDB Cluster Snapshots for detailed information about their configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_cluster_snapshot_identifier, - snapshot_type, - not storage_encrypted as storage_not_encrypted, - split_part(kms_key_id, '/', 1) as kms_key_id - from - aws_docdb_cluster_snapshot - where - not storage_encrypted; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_cluster_snapshot_identifier,\n snapshot_type,\n \ + \ not storage_encrypted as storage_not_encrypted,\n split_part(kms_key_id, '/',\ + \ 1) as kms_key_id\nfrom\n aws_docdb_cluster_snapshot\nwhere\n not storage_encrypted;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon DocumentDB +Title: Find Amazon DocumentDB Cluster Snapshots Configuration and Status diff --git a/queries/aws_docdb_cluster_snapshot_2.yaml b/queries/aws_docdb_cluster_snapshot_2.yaml index 287568ee2..bab944b5b 100755 --- a/queries/aws_docdb_cluster_snapshot_2.yaml +++ b/queries/aws_docdb_cluster_snapshot_2.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query Amazon DocumentDB Cluster Snapshots for detailed + information about their configuration, status, and associated metadata. ID: aws_docdb_cluster_snapshot_2 -Title: "Find Amazon DocumentDB Cluster Snapshot Details" -Description: "Allows users to query Amazon DocumentDB Cluster Snapshots for detailed information about their configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_cluster_snapshot_identifier, - cluster_create_time, - engine, - engine_version - from - aws_docdb_cluster_snapshot; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_cluster_snapshot_identifier,\n cluster_create_time,\n\ + \ engine,\n engine_version\nfrom\n aws_docdb_cluster_snapshot;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DocumentDB +Title: Find Amazon DocumentDB Cluster Snapshot Details diff --git a/queries/aws_docdb_cluster_snapshot_3.yaml b/queries/aws_docdb_cluster_snapshot_3.yaml index a57758ce4..dc62427a5 100755 --- a/queries/aws_docdb_cluster_snapshot_3.yaml +++ b/queries/aws_docdb_cluster_snapshot_3.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query Amazon DocumentDB Cluster Snapshots for detailed + information about their configuration, status, and associated metadata. ID: aws_docdb_cluster_snapshot_3 -Title: "List Amazon DocumentDB Cluster Snapshots and their Details" -Description: "Allows users to query Amazon DocumentDB Cluster Snapshots for detailed information about their configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_cluster_identifier, - count(db_cluster_snapshot_identifier) as snapshot_count - from - aws_docdb_cluster_snapshot - group by - db_cluster_identifier; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_cluster_identifier,\n count(db_cluster_snapshot_identifier)\ + \ as snapshot_count\nfrom\n aws_docdb_cluster_snapshot\ngroup by\n db_cluster_identifier;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon DocumentDB +Title: List Amazon DocumentDB Cluster Snapshots and their Details diff --git a/queries/aws_docdb_cluster_snapshot_4.yaml b/queries/aws_docdb_cluster_snapshot_4.yaml index 1245ee67b..f8fd73d37 100755 --- a/queries/aws_docdb_cluster_snapshot_4.yaml +++ b/queries/aws_docdb_cluster_snapshot_4.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query Amazon DocumentDB Cluster Snapshots for detailed + information about their configuration, status, and associated metadata. ID: aws_docdb_cluster_snapshot_4 -Title: "Find Amazon DocumentDB Cluster Snapshot details" -Description: "Allows users to query Amazon DocumentDB Cluster Snapshots for detailed information about their configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_cluster_snapshot_identifier, - engine, - snapshot_type - from - aws_docdb_cluster_snapshot - where - snapshot_type = 'manual'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_cluster_snapshot_identifier,\n engine,\n snapshot_type\n\ + from\n aws_docdb_cluster_snapshot\nwhere\n snapshot_type = 'manual';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon DocumentDB +Title: Find Amazon DocumentDB Cluster Snapshot details diff --git a/queries/aws_drs_job_1.yaml b/queries/aws_drs_job_1.yaml index a862cd659..7e2178621 100755 --- a/queries/aws_drs_job_1.yaml +++ b/queries/aws_drs_job_1.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS Data Replication Service Jobs and retrieve + key job details such as job ID, job status, creation time, and more. ID: aws_drs_job_1 -Title: "List all AWS Data Replication Service Jobs Details" -Description: "Allows users to query AWS Data Replication Service Jobs and retrieve key job details such as job ID, job status, creation time, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - arn, - status, - initiated_by - from - aws_drs_job; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n arn,\n status,\n initiated_by\nfrom\n aws_drs_job;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Data Replication Service +Title: List all AWS Data Replication Service Jobs Details diff --git a/queries/aws_drs_job_2.yaml b/queries/aws_drs_job_2.yaml index feab23dca..d39c858ee 100755 --- a/queries/aws_drs_job_2.yaml +++ b/queries/aws_drs_job_2.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query AWS Data Replication Service Jobs and retrieve + key job details such as job ID, job status, creation time, and more. ID: aws_drs_job_2 -Title: "Find AWS Data Replication Service Job Details" -Description: "Allows users to query AWS Data Replication Service Jobs and retrieve key job details such as job ID, job status, creation time, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - arn, - status, - initiated_by, - creation_date_time - from - aws_drs_job - where - status = 'PENDING'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n arn,\n status,\n initiated_by,\n creation_date_time\n\ + from\n aws_drs_job\nwhere\n status = 'PENDING';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Data Replication Service +Title: Find AWS Data Replication Service Job Details diff --git a/queries/aws_drs_job_3.yaml b/queries/aws_drs_job_3.yaml index f8a26e7c7..58ec44a29 100755 --- a/queries/aws_drs_job_3.yaml +++ b/queries/aws_drs_job_3.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS Data Replication Service Jobs and retrieve + key job details such as job ID, job status, creation time, and more. ID: aws_drs_job_3 -Title: "List AWS Data Replication Service Job Details" -Description: "Allows users to query AWS Data Replication Service Jobs and retrieve key job details such as job ID, job status, creation time, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - arn, - status, - initiated_by, - type, - creation_date_time, - end_date_time - from - aws_drs_job - where - creation_date_time >= now() - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n arn,\n status,\n initiated_by,\n type,\n\ + \ creation_date_time,\n end_date_time\nfrom\n aws_drs_job\nwhere\n creation_date_time\ + \ >= now() - interval '30' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Data Replication Service +Title: List AWS Data Replication Service Job Details diff --git a/queries/aws_drs_recovery_instance_1.yaml b/queries/aws_drs_recovery_instance_1.yaml index ef80140af..6da4ba849 100755 --- a/queries/aws_drs_recovery_instance_1.yaml +++ b/queries/aws_drs_recovery_instance_1.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS Disaster Recovery Service Recovery Instances + to retrieve information about recovery instances, including instance type, recovery + instance ARN, and associated tags. ID: aws_drs_recovery_instance_1 -Title: "List AWS Disaster Recovery Service Recovery Instances" -Description: "Allows users to query AWS Disaster Recovery Service Recovery Instances to retrieve information about recovery instances, including instance type, recovery instance ARN, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - recovery_instance_id, - arn, - source_server_id, - ec2_instance_id, - ec2_instance_state - from - aws_drs_recovery_instance; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n recovery_instance_id,\n arn,\n source_server_id,\n\ + \ ec2_instance_id,\n ec2_instance_state\nfrom\n aws_drs_recovery_instance;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Disaster Recovery Service +Title: List AWS Disaster Recovery Service Recovery Instances diff --git a/queries/aws_drs_recovery_instance_2.yaml b/queries/aws_drs_recovery_instance_2.yaml index 6dba32326..2c6160bce 100755 --- a/queries/aws_drs_recovery_instance_2.yaml +++ b/queries/aws_drs_recovery_instance_2.yaml @@ -1,32 +1,29 @@ +Description: Allows users to query AWS Disaster Recovery Service Recovery Instances + to retrieve information about recovery instances, including instance type, recovery + instance ARN, and associated tags. ID: aws_drs_recovery_instance_2 -Title: "Query AWS DRS Recovery Instances for Detailed Information" -Description: "Allows users to query AWS Disaster Recovery Service Recovery Instances to retrieve information about recovery instances, including instance type, recovery instance ARN, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - recovery_instance_id - arn, - recovery_instance_properties ->> 'Cpus' as recovery_instance_cpus, - recovery_instance_properties ->> 'Disks' as recovery_instance_disks, - recovery_instance_properties ->> 'IdentificationHints' as recovery_instance_identification_hints, - recovery_instance_properties ->> 'LastUpdatedDateTime' as recovery_instance_last_updated_date_time, - recovery_instance_properties ->> 'NetworkInterfaces' as recovery_instance_network_interfaces, - recovery_instance_properties ->> 'Os' as recovery_instance_os, - recovery_instance_properties ->> 'RamBytes' as recovery_instance_ram_bytes - from - aws_drs_recovery_instance; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n recovery_instance_id\n arn,\n recovery_instance_properties\ + \ ->> 'Cpus' as recovery_instance_cpus,\n recovery_instance_properties ->> 'Disks'\ + \ as recovery_instance_disks,\n recovery_instance_properties ->> 'IdentificationHints'\ + \ as recovery_instance_identification_hints,\n recovery_instance_properties ->>\ + \ 'LastUpdatedDateTime' as recovery_instance_last_updated_date_time,\n recovery_instance_properties\ + \ ->> 'NetworkInterfaces' as recovery_instance_network_interfaces,\n recovery_instance_properties\ + \ ->> 'Os' as recovery_instance_os,\n recovery_instance_properties ->> 'RamBytes'\ + \ as recovery_instance_ram_bytes\nfrom\n aws_drs_recovery_instance;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Disaster Recovery Service +Title: Query AWS DRS Recovery Instances for Detailed Information diff --git a/queries/aws_drs_recovery_instance_3.yaml b/queries/aws_drs_recovery_instance_3.yaml index f681f6cbf..3c420f717 100755 --- a/queries/aws_drs_recovery_instance_3.yaml +++ b/queries/aws_drs_recovery_instance_3.yaml @@ -1,37 +1,30 @@ +Description: Allows users to query AWS Disaster Recovery Service Recovery Instances + to retrieve information about recovery instances, including instance type, recovery + instance ARN, and associated tags. ID: aws_drs_recovery_instance_3 -Title: "List all AWS Disaster Recovery Recovery Instances" -Description: "Allows users to query AWS Disaster Recovery Service Recovery Instances to retrieve information about recovery instances, including instance type, recovery instance ARN, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - recovery_instance_id, - arn, - source_server_id, - ec2_instance_id, - failback ->> 'AgentLastSeenByServiceDateTime' as agent_last_seen_by_service_date_time, - failback ->> 'ElapsedReplicationDuration' as elapsed_replication_duration, - failback ->> 'FailbackClientID' as failback_client_id, - failback ->> 'FailbackClientLastSeenByServiceDateTime' as failback_client_last_seen_by_service_date_time, - failback ->> 'FailbackInitiationTime' as failback_initiation_time, - failback -> 'FailbackJobID' as failback_job_id, - failback -> 'FailbackLaunchType' as failback_launch_type, - failback -> 'FailbackToOriginalServer' as failback_to_original_server, - failback -> 'FirstByteDateTime' as failback_first_byte_date_time, - failback -> 'State' as failback_state - from - aws_drs_recovery_instance; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n recovery_instance_id,\n arn,\n source_server_id,\n\ + \ ec2_instance_id,\n failback ->> 'AgentLastSeenByServiceDateTime' as agent_last_seen_by_service_date_time,\n\ + \ failback ->> 'ElapsedReplicationDuration' as elapsed_replication_duration,\n\ + \ failback ->> 'FailbackClientID' as failback_client_id,\n failback ->> 'FailbackClientLastSeenByServiceDateTime'\ + \ as failback_client_last_seen_by_service_date_time,\n failback ->> 'FailbackInitiationTime'\ + \ as failback_initiation_time,\n failback -> 'FailbackJobID' as failback_job_id,\n\ + \ failback -> 'FailbackLaunchType' as failback_launch_type,\n failback -> 'FailbackToOriginalServer'\ + \ as failback_to_original_server,\n failback -> 'FirstByteDateTime' as failback_first_byte_date_time,\n\ + \ failback -> 'State' as failback_state\nfrom\n aws_drs_recovery_instance;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Disaster Recovery Service +Title: List all AWS Disaster Recovery Recovery Instances diff --git a/queries/aws_drs_recovery_instance_4.yaml b/queries/aws_drs_recovery_instance_4.yaml index 3c89b3818..2f098b25f 100755 --- a/queries/aws_drs_recovery_instance_4.yaml +++ b/queries/aws_drs_recovery_instance_4.yaml @@ -1,28 +1,26 @@ +Description: Allows users to query AWS Disaster Recovery Service Recovery Instances + to retrieve information about recovery instances, including instance type, recovery + instance ARN, and associated tags. ID: aws_drs_recovery_instance_4 -Title: "List All AWS Disaster Recovery Service Recovery Instances" -Description: "Allows users to query AWS Disaster Recovery Service Recovery Instances to retrieve information about recovery instances, including instance type, recovery instance ARN, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - recovery_instance_id, - arn, - data_replication_info -> 'DataReplicationInitiation' ->> 'StartDateTime' as data_replication_start_date_time, - data_replication_info -> 'DataReplicationInitiation' ->> 'NextAttemptDateTime' as data_replication_next_attempt_date_time, - data_replication_info ->> 'DataReplicationError' as data_replication_error, - data_replication_info ->> 'DataReplicationState' as data_replication_state, - data_replication_info ->> 'ReplicatedDisks' as data_replication_replicated_disks - from - aws_drs_recovery_instance; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n recovery_instance_id,\n arn,\n data_replication_info\ + \ -> 'DataReplicationInitiation' ->> 'StartDateTime' as data_replication_start_date_time,\n\ + \ data_replication_info -> 'DataReplicationInitiation' ->> 'NextAttemptDateTime'\ + \ as data_replication_next_attempt_date_time,\n data_replication_info ->> 'DataReplicationError'\ + \ as data_replication_error,\n data_replication_info ->> 'DataReplicationState'\ + \ as data_replication_state,\n data_replication_info ->> 'ReplicatedDisks' as\ + \ data_replication_replicated_disks\nfrom\n aws_drs_recovery_instance;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Disaster Recovery Service +Title: List All AWS Disaster Recovery Service Recovery Instances diff --git a/queries/aws_drs_recovery_instance_5.yaml b/queries/aws_drs_recovery_instance_5.yaml index c7bf1a811..b7a877fc6 100755 --- a/queries/aws_drs_recovery_instance_5.yaml +++ b/queries/aws_drs_recovery_instance_5.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS Disaster Recovery Service Recovery Instances + to retrieve information about recovery instances, including instance type, recovery + instance ARN, and associated tags. ID: aws_drs_recovery_instance_5 -Title: "List all AWS Disaster Recovery Service Recovery Instances" -Description: "Allows users to query AWS Disaster Recovery Service Recovery Instances to retrieve information about recovery instances, including instance type, recovery instance ARN, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - recovery_instance_id, - arn, - source_server_id, - ec2_instance_id, - ec2_instance_state, - is_drill, - job_id - from - aws_drs_recovery_instance - where - not is_drill; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n recovery_instance_id,\n arn,\n source_server_id,\n\ + \ ec2_instance_id,\n ec2_instance_state,\n is_drill,\n job_id\nfrom\n aws_drs_recovery_instance\n\ + where\n not is_drill;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Disaster Recovery Service +Title: List all AWS Disaster Recovery Service Recovery Instances diff --git a/queries/aws_drs_recovery_snapshot_1.yaml b/queries/aws_drs_recovery_snapshot_1.yaml index 9150c59e8..267154b6b 100755 --- a/queries/aws_drs_recovery_snapshot_1.yaml +++ b/queries/aws_drs_recovery_snapshot_1.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query DRS Recovery Snapshot data in AWS. It provides + information about recovery snapshots within AWS Disaster Recovery Service (DRS). + This table can be used to gather insights on recovery snapshots, including their + details, associated metadata, and more. ID: aws_drs_recovery_snapshot_1 -Title: "List AWS DRS Recovery Snapshot Data with Details" -Description: "Allows users to query DRS Recovery Snapshot data in AWS. It provides information about recovery snapshots within AWS Disaster Recovery Service (DRS). This table can be used to gather insights on recovery snapshots, including their details, associated metadata, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - snapshot_id, - source_server_id, - expected_timestamp, - timestamp, - title - from - aws_drs_recovery_snapshot; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n snapshot_id,\n source_server_id,\n expected_timestamp,\n\ + \ timestamp,\n title\nfrom\n aws_drs_recovery_snapshot;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Disaster Recovery Service +Title: List AWS DRS Recovery Snapshot Data with Details diff --git a/queries/aws_drs_recovery_snapshot_2.yaml b/queries/aws_drs_recovery_snapshot_2.yaml index 7aac49a8d..889f92cf2 100755 --- a/queries/aws_drs_recovery_snapshot_2.yaml +++ b/queries/aws_drs_recovery_snapshot_2.yaml @@ -1,31 +1,25 @@ +Description: Allows users to query DRS Recovery Snapshot data in AWS. It provides + information about recovery snapshots within AWS Disaster Recovery Service (DRS). + This table can be used to gather insights on recovery snapshots, including their + details, associated metadata, and more. ID: aws_drs_recovery_snapshot_2 -Title: "List AWS DRS Recovery Snapshot Details and Metadata" -Description: "Allows users to query DRS Recovery Snapshot data in AWS. It provides information about recovery snapshots within AWS Disaster Recovery Service (DRS). This table can be used to gather insights on recovery snapshots, including their details, associated metadata, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.snapshot_id, - r.source_server_id, - s.arn as source_server_arn, - s.recovery_instance_id, - s.replication_direction - from - aws_drs_recovery_snapshot r, - aws_drs_source_server as s - where - r.source_server_id = s.source_server_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n r.snapshot_id,\n r.source_server_id,\n s.arn as source_server_arn,\n\ + \ s.recovery_instance_id,\n s.replication_direction\nfrom\n aws_drs_recovery_snapshot\ + \ r,\n aws_drs_source_server as s\nwhere\n r.source_server_id = s.source_server_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Disaster Recovery Service +Title: List AWS DRS Recovery Snapshot Details and Metadata diff --git a/queries/aws_drs_recovery_snapshot_3.yaml b/queries/aws_drs_recovery_snapshot_3.yaml index 9772065e7..477cb465e 100755 --- a/queries/aws_drs_recovery_snapshot_3.yaml +++ b/queries/aws_drs_recovery_snapshot_3.yaml @@ -1,27 +1,24 @@ +Description: Allows users to query DRS Recovery Snapshot data in AWS. It provides + information about recovery snapshots within AWS Disaster Recovery Service (DRS). + This table can be used to gather insights on recovery snapshots, including their + details, associated metadata, and more. ID: aws_drs_recovery_snapshot_3 -Title: "List all Recovery Snapshot Data in AWS DRS" -Description: "Allows users to query DRS Recovery Snapshot data in AWS. It provides information about recovery snapshots within AWS Disaster Recovery Service (DRS). This table can be used to gather insights on recovery snapshots, including their details, associated metadata, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - source_server_id, - count(snapshot_id) as recovery_snapshot_count - from - aws_drs_recovery_snapshot - group by - source_server_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n source_server_id,\n count(snapshot_id) as recovery_snapshot_count\n\ + from\n aws_drs_recovery_snapshot\ngroup by\n source_server_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Disaster Recovery Service +Title: List all Recovery Snapshot Data in AWS DRS diff --git a/queries/aws_drs_recovery_snapshot_4.yaml b/queries/aws_drs_recovery_snapshot_4.yaml index 45cd6f093..e90fc3514 100755 --- a/queries/aws_drs_recovery_snapshot_4.yaml +++ b/queries/aws_drs_recovery_snapshot_4.yaml @@ -1,29 +1,25 @@ +Description: Allows users to query DRS Recovery Snapshot data in AWS. It provides + information about recovery snapshots within AWS Disaster Recovery Service (DRS). + This table can be used to gather insights on recovery snapshots, including their + details, associated metadata, and more. ID: aws_drs_recovery_snapshot_4 -Title: "List AWS DRS Recovery Snapshots with Metadata Details" -Description: "Allows users to query DRS Recovery Snapshot data in AWS. It provides information about recovery snapshots within AWS Disaster Recovery Service (DRS). This table can be used to gather insights on recovery snapshots, including their details, associated metadata, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - snapshot_id, - source_server_id, - expected_timestamp, - timestamp - from - aws_drs_recovery_snapshot - where - timestamp <= now() - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n snapshot_id,\n source_server_id,\n expected_timestamp,\n\ + \ timestamp\nfrom\n aws_drs_recovery_snapshot\nwhere\n timestamp <= now() -\ + \ interval '30' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Disaster Recovery Service +Title: List AWS DRS Recovery Snapshots with Metadata Details diff --git a/queries/aws_drs_recovery_snapshot_5.yaml b/queries/aws_drs_recovery_snapshot_5.yaml index 9dd9cb210..d94327aa8 100755 --- a/queries/aws_drs_recovery_snapshot_5.yaml +++ b/queries/aws_drs_recovery_snapshot_5.yaml @@ -1,38 +1,27 @@ +Description: Allows users to query DRS Recovery Snapshot data in AWS. It provides + information about recovery snapshots within AWS Disaster Recovery Service (DRS). + This table can be used to gather insights on recovery snapshots, including their + details, associated metadata, and more. ID: aws_drs_recovery_snapshot_5 -Title: "List all AWS DRS Recovery Snapshot Data" -Description: "Allows users to query DRS Recovery Snapshot data in AWS. It provides information about recovery snapshots within AWS Disaster Recovery Service (DRS). This table can be used to gather insights on recovery snapshots, including their details, associated metadata, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.snapshot_id, - r.source_server_id, - s as ebs_snapshot_id, - e.state as snapshot_state, - e.volume_size, - e.volume_id, - e.encrypted, - e.kms_key_id, - e.data_encryption_key_id - from - aws_drs_recovery_snapshot as r, - jsonb_array_elements_text(ebs_snapshots) as s, - aws_ebs_snapshot as e - where - r.snapshot_id = 'pit-3367d3f930778a9c3' - and - s = e.snapshot_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n r.snapshot_id,\n r.source_server_id,\n s as ebs_snapshot_id,\n\ + \ e.state as snapshot_state,\n e.volume_size,\n e.volume_id,\n e.encrypted,\n\ + \ e.kms_key_id,\n e.data_encryption_key_id\nfrom\n aws_drs_recovery_snapshot\ + \ as r,\n jsonb_array_elements_text(ebs_snapshots) as s,\n aws_ebs_snapshot\ + \ as e\nwhere\n r.snapshot_id = 'pit-3367d3f930778a9c3'\nand\n s = e.snapshot_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Disaster Recovery Service +Title: List all AWS DRS Recovery Snapshot Data diff --git a/queries/aws_drs_source_server_1.yaml b/queries/aws_drs_source_server_1.yaml index 92cbedd36..c3b521e5f 100755 --- a/queries/aws_drs_source_server_1.yaml +++ b/queries/aws_drs_source_server_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Database Migration Service Source Servers for + detailed information about the replication servers used in database migrations. ID: aws_drs_source_server_1 -Title: "List all AWS Database Migration Service Source Servers" -Description: "Allows users to query AWS Database Migration Service Source Servers for detailed information about the replication servers used in database migrations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - last_launch_result, - source_server_id, - title - from - aws_drs_source_server; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n last_launch_result,\n source_server_id,\n title\n\ + from\n aws_drs_source_server;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Database Migration Service +Title: List all AWS Database Migration Service Source Servers diff --git a/queries/aws_drs_source_server_2.yaml b/queries/aws_drs_source_server_2.yaml index 8e56f3670..56b7bb00e 100755 --- a/queries/aws_drs_source_server_2.yaml +++ b/queries/aws_drs_source_server_2.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query AWS Database Migration Service Source Servers for + detailed information about the replication servers used in database migrations. ID: aws_drs_source_server_2 -Title: "List all AWS DMS Source Servers for Detailed Info" -Description: "Allows users to query AWS Database Migration Service Source Servers for detailed information about the replication servers used in database migrations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - title, - source_cloud_properties ->> 'OriginAccountID' as source_cloud_origin_account_id, - source_cloud_properties ->> 'OriginAvailabilityZone' as source_cloud_origin_availability_zone, - source_cloud_properties ->> 'OriginRegion' as source_cloud_origin_region - from - aws_drs_source_server; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n title,\n source_cloud_properties ->> 'OriginAccountID'\ + \ as source_cloud_origin_account_id,\n source_cloud_properties ->> 'OriginAvailabilityZone'\ + \ as source_cloud_origin_availability_zone,\n source_cloud_properties ->> 'OriginRegion'\ + \ as source_cloud_origin_region\nfrom\n aws_drs_source_server;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Database Migration Service +Title: List all AWS DMS Source Servers for Detailed Info diff --git a/queries/aws_drs_source_server_3.yaml b/queries/aws_drs_source_server_3.yaml index 5b7493160..c625c65f2 100755 --- a/queries/aws_drs_source_server_3.yaml +++ b/queries/aws_drs_source_server_3.yaml @@ -1,31 +1,25 @@ +Description: Allows users to query AWS Database Migration Service Source Servers for + detailed information about the replication servers used in database migrations. ID: aws_drs_source_server_3 -Title: "Query AWS DMS Source Servers for Replication Details" -Description: "Allows users to query AWS Database Migration Service Source Servers for detailed information about the replication servers used in database migrations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - title, - source_properties ->> 'Cpus' as source_cpus, - source_properties ->> 'Disks' as source_disks, - source_properties -> 'IdentificationHints' ->> 'Hostname' as source_hostname, - source_properties ->> 'NetworkInterfaces' as source_network_interfaces, - source_properties -> 'Os' ->> 'FullString' as source_os, - source_properties -> 'RamBytes' as source_ram_bytes, - source_properties -> 'RecommendedInstanceType' as source_recommended_instance_type, - source_properties -> 'LastUpdatedDateTime' as source_last_updated_date_time - from - aws_drs_source_server; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n title,\n source_properties ->> 'Cpus' as source_cpus,\n\ + \ source_properties ->> 'Disks' as source_disks,\n source_properties -> 'IdentificationHints'\ + \ ->> 'Hostname' as source_hostname,\n source_properties ->> 'NetworkInterfaces'\ + \ as source_network_interfaces,\n source_properties -> 'Os' ->> 'FullString'\ + \ as source_os,\n source_properties -> 'RamBytes' as source_ram_bytes,\n source_properties\ + \ -> 'RecommendedInstanceType' as source_recommended_instance_type,\n source_properties\ + \ -> 'LastUpdatedDateTime' as source_last_updated_date_time\nfrom\n aws_drs_source_server;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Database Migration Service +Title: Query AWS DMS Source Servers for Replication Details diff --git a/queries/aws_drs_source_server_4.yaml b/queries/aws_drs_source_server_4.yaml index 311b59711..a3790a944 100755 --- a/queries/aws_drs_source_server_4.yaml +++ b/queries/aws_drs_source_server_4.yaml @@ -1,30 +1,27 @@ +Description: Allows users to query AWS Database Migration Service Source Servers for + detailed information about the replication servers used in database migrations. ID: aws_drs_source_server_4 -Title: "List all AWS DMS Source Servers with Replication Info" -Description: "Allows users to query AWS Database Migration Service Source Servers for detailed information about the replication servers used in database migrations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - title, - data_replication_info -> 'DataReplicationInitiation' ->> 'StartDateTime' as data_replication_start_date_time, - data_replication_info -> 'DataReplicationInitiation' ->> 'NextAttemptDateTime' as data_replication_next_attempt_date_time, - data_replication_info ->> 'DataReplicationError' as data_replication_error, - data_replication_info ->> 'DataReplicationState' as data_replication_state, - data_replication_info ->> 'ReplicatedDisks' as data_replication_replicated_disks - from - aws_drs_source_server; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n title,\n data_replication_info -> 'DataReplicationInitiation'\ + \ ->> 'StartDateTime' as data_replication_start_date_time,\n data_replication_info\ + \ -> 'DataReplicationInitiation' ->> 'NextAttemptDateTime' as data_replication_next_attempt_date_time,\n\ + \ data_replication_info ->> 'DataReplicationError' as data_replication_error,\n\ + \ data_replication_info ->> 'DataReplicationState' as data_replication_state,\n\ + \ data_replication_info ->> 'ReplicatedDisks' as data_replication_replicated_disks\n\ + from\n aws_drs_source_server;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Database Migration Service +Title: List all AWS DMS Source Servers with Replication Info diff --git a/queries/aws_drs_source_server_5.yaml b/queries/aws_drs_source_server_5.yaml index cf673d2f4..ed3c2cbcc 100755 --- a/queries/aws_drs_source_server_5.yaml +++ b/queries/aws_drs_source_server_5.yaml @@ -1,31 +1,26 @@ +Description: Allows users to query AWS Database Migration Service Source Servers for + detailed information about the replication servers used in database migrations. ID: aws_drs_source_server_5 -Title: "List AWS DMS Source Servers with Detailed Information" -Description: "Allows users to query AWS Database Migration Service Source Servers for detailed information about the replication servers used in database migrations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - title, - launch_configuration ->> 'Name' as launch_configuration_name, - launch_configuration ->> 'CopyPrivateIp' as launch_configuration_copy_private_ip, - launch_configuration ->> 'CopyTags' as launch_configuration_copy_tags, - launch_configuration ->> 'Ec2LaunchTemplateID' as launch_configuration_ec2_launch_template_id, - launch_configuration ->> 'LaunchDisposition' as launch_configuration_disposition, - launch_configuration ->> 'TargetInstanceTypeRightSizingMethod' as launch_configuration_target_instance_type_right_sizing_method, - launch_configuration -> 'Licensing' as launch_configuration_licensing, - launch_configuration -> 'ResultMetadata' as launch_configuration_result_metadata - from - aws_drs_source_server; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n title,\n launch_configuration ->> 'Name' as\ + \ launch_configuration_name,\n launch_configuration ->> 'CopyPrivateIp' as launch_configuration_copy_private_ip,\n\ + \ launch_configuration ->> 'CopyTags' as launch_configuration_copy_tags,\n launch_configuration\ + \ ->> 'Ec2LaunchTemplateID' as launch_configuration_ec2_launch_template_id,\n\ + \ launch_configuration ->> 'LaunchDisposition' as launch_configuration_disposition,\n\ + \ launch_configuration ->> 'TargetInstanceTypeRightSizingMethod' as launch_configuration_target_instance_type_right_sizing_method,\n\ + \ launch_configuration -> 'Licensing' as launch_configuration_licensing,\n launch_configuration\ + \ -> 'ResultMetadata' as launch_configuration_result_metadata\nfrom\n aws_drs_source_server;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Database Migration Service +Title: List AWS DMS Source Servers with Detailed Information diff --git a/queries/aws_drs_source_server_6.yaml b/queries/aws_drs_source_server_6.yaml index a9a557b4b..3c6a09a9d 100755 --- a/queries/aws_drs_source_server_6.yaml +++ b/queries/aws_drs_source_server_6.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS Database Migration Service Source Servers for + detailed information about the replication servers used in database migrations. ID: aws_drs_source_server_6 -Title: "Find Failed AWS Database Migration Source Servers" -Description: "Allows users to query AWS Database Migration Service Source Servers for detailed information about the replication servers used in database migrations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - arn, - last_launch_result, - source_server_id - from - aws_drs_source_server - where - last_launch_result = 'FAILED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n arn,\n last_launch_result,\n source_server_id\n\ + from\n aws_drs_source_server\nwhere\n last_launch_result = 'FAILED';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Database Migration Service +Title: Find Failed AWS Database Migration Source Servers diff --git a/queries/aws_drs_source_server_7.yaml b/queries/aws_drs_source_server_7.yaml index da3969927..7e359ac67 100755 --- a/queries/aws_drs_source_server_7.yaml +++ b/queries/aws_drs_source_server_7.yaml @@ -1,31 +1,27 @@ +Description: Allows users to query AWS Database Migration Service Source Servers for + detailed information about the replication servers used in database migrations. ID: aws_drs_source_server_7 -Title: "Find AWS DMS Source Server Data Replication Details" -Description: "Allows users to query AWS Database Migration Service Source Servers for detailed information about the replication servers used in database migrations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - arn, - data_replication_info ->> 'DataReplicationState' as data_replication_state, - data_replication_info ->> 'DataReplicationError' as data_replication_error, - data_replication_info -> 'DataReplicationInitiation' ->> 'StartDateTime' as data_replication_start_date_time, - data_replication_info -> 'DataReplicationInitiation' ->> 'NextAttemptDateTime' as data_replication_next_attempt_date_time - from - aws_drs_source_server - where - data_replication_info ->> 'DataReplicationState' = 'DISCONNECTED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n arn,\n data_replication_info ->> 'DataReplicationState'\ + \ as data_replication_state,\n data_replication_info ->> 'DataReplicationError'\ + \ as data_replication_error,\n data_replication_info -> 'DataReplicationInitiation'\ + \ ->> 'StartDateTime' as data_replication_start_date_time,\n data_replication_info\ + \ -> 'DataReplicationInitiation' ->> 'NextAttemptDateTime' as data_replication_next_attempt_date_time\n\ + from\n aws_drs_source_server\nwhere\n data_replication_info ->> 'DataReplicationState'\ + \ = 'DISCONNECTED';" Tags: cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Database Migration Service +Title: Find AWS DMS Source Server Data Replication Details diff --git a/queries/aws_dynamodb_backup_1.yaml b/queries/aws_dynamodb_backup_1.yaml index a0489a9f0..16e610e19 100755 --- a/queries/aws_dynamodb_backup_1.yaml +++ b/queries/aws_dynamodb_backup_1.yaml @@ -1,24 +1,19 @@ +Description: Allows users to query DynamoDB Backup details such as backup ARN, backup + creation date, backup size, backup status, and more. ID: aws_dynamodb_backup_1 -Title: "List all DynamoDB Backup details with SQL query" -Description: "Allows users to query DynamoDB Backup details such as backup ARN, backup creation date, backup size, backup status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - table_name, - table_id - from - aws_dynamodb_backup; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n table_name,\n table_id\nfrom\n aws_dynamodb_backup;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DynamoDB +Title: List all DynamoDB Backup details with SQL query diff --git a/queries/aws_dynamodb_backup_2.yaml b/queries/aws_dynamodb_backup_2.yaml index 44dc0ddd8..66d72ef3c 100755 --- a/queries/aws_dynamodb_backup_2.yaml +++ b/queries/aws_dynamodb_backup_2.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query DynamoDB Backup details such as backup ARN, backup + creation date, backup size, backup status, and more. ID: aws_dynamodb_backup_2 -Title: "List all AWS DynamoDB Backup Details" -Description: "Allows users to query DynamoDB Backup details such as backup ARN, backup creation date, backup size, backup status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - backup_status, - backup_type, - backup_expiry_datetime, - backup_size_bytes - from - aws_dynamodb_backup; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n backup_status,\n backup_type,\n backup_expiry_datetime,\n\ + \ backup_size_bytes\nfrom\n aws_dynamodb_backup;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DynamoDB +Title: List all AWS DynamoDB Backup Details diff --git a/queries/aws_dynamodb_global_table_1.yaml b/queries/aws_dynamodb_global_table_1.yaml index 769a91275..9785b4406 100755 --- a/queries/aws_dynamodb_global_table_1.yaml +++ b/queries/aws_dynamodb_global_table_1.yaml @@ -1,24 +1,22 @@ +Description: Allows users to query AWS DynamoDB Global Tables to gather information + about the global tables, including the table name, creation time, status, and other + related details. ID: aws_dynamodb_global_table_1 -Title: "List all AWS DynamoDB Global Tables and their Regions" -Description: "Allows users to query AWS DynamoDB Global Tables to gather information about the global tables, including the table name, creation time, status, and other related details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - global_table_name, - rg -> 'RegionName' as region_name - from - aws_dynamodb_global_table - cross join jsonb_array_elements(replication_group) as rg; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n global_table_name,\n rg -> 'RegionName' as region_name\n\ + from\n aws_dynamodb_global_table\n cross join jsonb_array_elements(replication_group)\ + \ as rg;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DynamoDB Global Table +Title: List all AWS DynamoDB Global Tables and their Regions diff --git a/queries/aws_dynamodb_global_table_2.yaml b/queries/aws_dynamodb_global_table_2.yaml index 97d2d7793..8dce2dcb7 100755 --- a/queries/aws_dynamodb_global_table_2.yaml +++ b/queries/aws_dynamodb_global_table_2.yaml @@ -1,30 +1,26 @@ +Description: Allows users to query AWS DynamoDB Global Tables to gather information + about the global tables, including the table name, creation time, status, and other + related details. ID: aws_dynamodb_global_table_2 -Title: "List all AWS DynamoDB Global Tables with Details" -Description: "Allows users to query AWS DynamoDB Global Tables to gather information about the global tables, including the table name, creation time, status, and other related details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - global_table_name, - global_table_status, - rg -> 'GlobalSecondaryIndexes' as global_secondary_indexes, - rg -> 'RegionName' as region_name, - rg -> 'ReplicaInaccessibleDateTime' as replica_inaccessible_date_time, - rg -> 'ReplicaStatus' as replica_status, - rg -> 'ReplicaStatusDescription' as replica_status_description, - rg -> 'ReplicaStatusPercentProgress' as replica_status_percent_progress - from - aws_dynamodb_global_table - cross join jsonb_array_elements(replication_group) as rg; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n global_table_name,\n global_table_status,\n rg -> 'GlobalSecondaryIndexes'\ + \ as global_secondary_indexes,\n rg -> 'RegionName' as region_name,\n rg ->\ + \ 'ReplicaInaccessibleDateTime' as replica_inaccessible_date_time,\n rg -> 'ReplicaStatus'\ + \ as replica_status,\n rg -> 'ReplicaStatusDescription' as replica_status_description,\n\ + \ rg -> 'ReplicaStatusPercentProgress' as replica_status_percent_progress\nfrom\n\ + \ aws_dynamodb_global_table\n cross join jsonb_array_elements(replication_group)\ + \ as rg;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DynamoDB +Title: List all AWS DynamoDB Global Tables with Details diff --git a/queries/aws_dynamodb_metric_account_provisioned_read_capacity_util_1.yaml b/queries/aws_dynamodb_metric_account_provisioned_read_capacity_util_1.yaml index 33ab3f8d6..19dcc7759 100755 --- a/queries/aws_dynamodb_metric_account_provisioned_read_capacity_util_1.yaml +++ b/queries/aws_dynamodb_metric_account_provisioned_read_capacity_util_1.yaml @@ -1,30 +1,21 @@ +Description: Allows users to query DynamoDB Metrics on account provisioned read capacity + utilization. ID: aws_dynamodb_metric_account_provisioned_read_capacity_util_1 -Title: "List AWS DynamoDB Metrics on Read Capacity Utilization" -Description: "Allows users to query DynamoDB Metrics on account provisioned read capacity utilization." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - account_id, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_dynamodb_metric_account_provisioned_read_capacity_util - order by - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n account_id,\n timestamp,\n minimum,\n maximum,\n \ + \ average,\n sum,\n sample_count\nfrom\n aws_dynamodb_metric_account_provisioned_read_capacity_util\n\ + order by\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DynamoDB +Title: List AWS DynamoDB Metrics on Read Capacity Utilization diff --git a/queries/aws_dynamodb_metric_account_provisioned_read_capacity_util_2.yaml b/queries/aws_dynamodb_metric_account_provisioned_read_capacity_util_2.yaml index 680f2290e..71a1eb1e8 100755 --- a/queries/aws_dynamodb_metric_account_provisioned_read_capacity_util_2.yaml +++ b/queries/aws_dynamodb_metric_account_provisioned_read_capacity_util_2.yaml @@ -1,32 +1,21 @@ +Description: Allows users to query DynamoDB Metrics on account provisioned read capacity + utilization. ID: aws_dynamodb_metric_account_provisioned_read_capacity_util_2 -Title: "List all AWS DynamoDB Metrics on Read Capacity Utilization" -Description: "Allows users to query DynamoDB Metrics on account provisioned read capacity utilization." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - account_id, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_dynamodb_metric_account_provisioned_read_capacity_util - where - maximum > 80 - order by - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n account_id,\n timestamp,\n minimum,\n maximum,\n \ + \ average,\n sum,\n sample_count\nfrom\n aws_dynamodb_metric_account_provisioned_read_capacity_util\n\ + where\n maximum > 80\norder by\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DynamoDB +Title: List all AWS DynamoDB Metrics on Read Capacity Utilization diff --git a/queries/aws_dynamodb_metric_account_provisioned_write_capacity_util_1.yaml b/queries/aws_dynamodb_metric_account_provisioned_write_capacity_util_1.yaml index 32f053cff..d9d0f91fa 100755 --- a/queries/aws_dynamodb_metric_account_provisioned_write_capacity_util_1.yaml +++ b/queries/aws_dynamodb_metric_account_provisioned_write_capacity_util_1.yaml @@ -1,30 +1,21 @@ +Description: Allows users to query AWS DynamoDB Metrics for account provisioned write + capacity utilization. ID: aws_dynamodb_metric_account_provisioned_write_capacity_util_1 -Title: "List AWS DynamoDB Metrics for Write Capacity Utilization" -Description: "Allows users to query AWS DynamoDB Metrics for account provisioned write capacity utilization." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - account_id, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_dynamodb_metric_account_provisioned_write_capacity_util - order by - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n account_id,\n timestamp,\n minimum,\n maximum,\n \ + \ average,\n sum,\n sample_count\nfrom\n aws_dynamodb_metric_account_provisioned_write_capacity_util\n\ + order by\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DynamoDB +Title: List AWS DynamoDB Metrics for Write Capacity Utilization diff --git a/queries/aws_dynamodb_metric_account_provisioned_write_capacity_util_2.yaml b/queries/aws_dynamodb_metric_account_provisioned_write_capacity_util_2.yaml index 36203fa48..11563ee84 100755 --- a/queries/aws_dynamodb_metric_account_provisioned_write_capacity_util_2.yaml +++ b/queries/aws_dynamodb_metric_account_provisioned_write_capacity_util_2.yaml @@ -1,32 +1,21 @@ +Description: Allows users to query AWS DynamoDB Metrics for account provisioned write + capacity utilization. ID: aws_dynamodb_metric_account_provisioned_write_capacity_util_2 -Title: "List AWS DynamoDB Account Write Capacity Utilization Metrics" -Description: "Allows users to query AWS DynamoDB Metrics for account provisioned write capacity utilization." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - account_id, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_dynamodb_metric_account_provisioned_write_capacity_util - where - maximum > 80 - order by - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n account_id,\n timestamp,\n minimum,\n maximum,\n \ + \ average,\n sum,\n sample_count\nfrom\n aws_dynamodb_metric_account_provisioned_write_capacity_util\n\ + where\n maximum > 80\norder by\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DynamoDB +Title: List AWS DynamoDB Account Write Capacity Utilization Metrics diff --git a/queries/aws_dynamodb_table_1.yaml b/queries/aws_dynamodb_table_1.yaml index 1b91f3e8c..9d93bd294 100755 --- a/queries/aws_dynamodb_table_1.yaml +++ b/queries/aws_dynamodb_table_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS DynamoDB Tables and retrieve detailed information + about their configuration, status, and associated attributes. ID: aws_dynamodb_table_1 -Title: "Find AWS DynamoDB Tables with Missing SSE Description" -Description: "Allows users to query AWS DynamoDB Tables and retrieve detailed information about their configuration, status, and associated attributes." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - sse_description - from - aws_dynamodb_table - where - sse_description is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n sse_description\nfrom\n aws_dynamodb_table\n\ + where\n sse_description is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DynamoDB +Title: Find AWS DynamoDB Tables with Missing SSE Description diff --git a/queries/aws_dynamodb_table_2.yaml b/queries/aws_dynamodb_table_2.yaml index 99da14340..264235bac 100755 --- a/queries/aws_dynamodb_table_2.yaml +++ b/queries/aws_dynamodb_table_2.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS DynamoDB Tables and retrieve detailed information + about their configuration, status, and associated attributes. ID: aws_dynamodb_table_2 -Title: "List all AWS DynamoDB Tables with Disabled Backups" -Description: "Allows users to query AWS DynamoDB Tables and retrieve detailed information about their configuration, status, and associated attributes." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - continuous_backups_status - from - aws_dynamodb_table - where - continuous_backups_status = 'DISABLED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n continuous_backups_status\nfrom\n aws_dynamodb_table\n\ + where\n continuous_backups_status = 'DISABLED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DynamoDB +Title: List all AWS DynamoDB Tables with Disabled Backups diff --git a/queries/aws_dynamodb_table_3.yaml b/queries/aws_dynamodb_table_3.yaml index 83d9f54bb..9f7e00b42 100755 --- a/queries/aws_dynamodb_table_3.yaml +++ b/queries/aws_dynamodb_table_3.yaml @@ -1,25 +1,22 @@ +Description: Allows users to query AWS DynamoDB Tables and retrieve detailed information + about their configuration, status, and associated attributes. ID: aws_dynamodb_table_3 -Title: "List all AWS DynamoDB Tables and retrieve their status" -Description: "Allows users to query AWS DynamoDB Tables and retrieve detailed information about their configuration, status, and associated attributes." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - point_in_time_recovery_description ->> 'EarliestRestorableDateTime' as earliest_restorable_date_time, - point_in_time_recovery_description ->> 'LatestRestorableDateTime' as latest_restorable_date_time, - point_in_time_recovery_description ->> 'PointInTimeRecoveryStatus' as point_in_time_recovery_status - from - aws_dynamodb_table; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n point_in_time_recovery_description ->> 'EarliestRestorableDateTime'\ + \ as earliest_restorable_date_time,\n point_in_time_recovery_description ->>\ + \ 'LatestRestorableDateTime' as latest_restorable_date_time,\n point_in_time_recovery_description\ + \ ->> 'PointInTimeRecoveryStatus' as point_in_time_recovery_status\nfrom\n aws_dynamodb_table;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DynamoDB +Title: List all AWS DynamoDB Tables and retrieve their status diff --git a/queries/aws_dynamodb_table_4.yaml b/queries/aws_dynamodb_table_4.yaml index 20a263148..49889bca9 100755 --- a/queries/aws_dynamodb_table_4.yaml +++ b/queries/aws_dynamodb_table_4.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS DynamoDB Tables and retrieve detailed information + about their configuration, status, and associated attributes. ID: aws_dynamodb_table_4 -Title: "List all AWS DynamoDB table configurations and status" -Description: "Allows users to query AWS DynamoDB Tables and retrieve detailed information about their configuration, status, and associated attributes." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - d ->> 'StreamArn' as kinesis_stream_arn, - d ->> 'DestinationStatus' as stream_status - from - aws_dynamodb_table, - jsonb_array_elements(streaming_destination -> 'KinesisDataStreamDestinations') as d - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n d ->> 'StreamArn' as kinesis_stream_arn,\n \ + \ d ->> 'DestinationStatus' as stream_status\nfrom\n aws_dynamodb_table,\n jsonb_array_elements(streaming_destination\ + \ -> 'KinesisDataStreamDestinations') as d" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DynamoDB +Title: List all AWS DynamoDB table configurations and status diff --git a/queries/aws_dynamodb_table_export_1.yaml b/queries/aws_dynamodb_table_export_1.yaml index ac9a2cc7b..81b2cfb94 100755 --- a/queries/aws_dynamodb_table_export_1.yaml +++ b/queries/aws_dynamodb_table_export_1.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS DynamoDB Table Exports, providing detailed + information on the exports of DynamoDB tables including the export time, status, + and the exported data format. ID: aws_dynamodb_table_export_1 -Title: "List all details of AWS DynamoDB Table Exports" -Description: "Allows users to query AWS DynamoDB Table Exports, providing detailed information on the exports of DynamoDB tables including the export time, status, and the exported data format." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - end_time, - export_format, - export_status, - s3_bucket - from - aws_dynamodb_table_export; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n end_time,\n export_format,\n export_status,\n\ + \ s3_bucket\nfrom\n aws_dynamodb_table_export;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DynamoDB +Title: List all details of AWS DynamoDB Table Exports diff --git a/queries/aws_dynamodb_table_export_2.yaml b/queries/aws_dynamodb_table_export_2.yaml index 32486b991..705072df6 100755 --- a/queries/aws_dynamodb_table_export_2.yaml +++ b/queries/aws_dynamodb_table_export_2.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS DynamoDB Table Exports, providing detailed + information on the exports of DynamoDB tables including the export time, status, + and the exported data format. ID: aws_dynamodb_table_export_2 -Title: "List all AWS DynamoDB Table Exports with Details" -Description: "Allows users to query AWS DynamoDB Table Exports, providing detailed information on the exports of DynamoDB tables including the export time, status, and the exported data format." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - end_time, - export_format, - export_status, - s3_bucket - from - aws_dynamodb_table_export - where - export_status <> 'COMPLETED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n end_time,\n export_format,\n export_status,\n\ + \ s3_bucket\nfrom\n aws_dynamodb_table_export\nwhere\n export_status <> 'COMPLETED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DynamoDB +Title: List all AWS DynamoDB Table Exports with Details diff --git a/queries/aws_dynamodb_table_export_3.yaml b/queries/aws_dynamodb_table_export_3.yaml index 82fe9066c..762bf3715 100755 --- a/queries/aws_dynamodb_table_export_3.yaml +++ b/queries/aws_dynamodb_table_export_3.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS DynamoDB Table Exports, providing detailed + information on the exports of DynamoDB tables including the export time, status, + and the exported data format. ID: aws_dynamodb_table_export_3 -Title: "Find AWS DynamoDB Table Exports with Detailed Info" -Description: "Allows users to query AWS DynamoDB Table Exports, providing detailed information on the exports of DynamoDB tables including the export time, status, and the exported data format." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - end_time, - export_format, - export_status, - export_time, - s3_bucket - from - aws_dynamodb_table_export - where - export_time >= now() - interval '10' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n end_time,\n export_format,\n export_status,\n\ + \ export_time,\n s3_bucket\nfrom\n aws_dynamodb_table_export\nwhere\n export_time\ + \ >= now() - interval '10' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DynamoDB +Title: Find AWS DynamoDB Table Exports with Detailed Info diff --git a/queries/aws_ebs_snapshot_1.yaml b/queries/aws_ebs_snapshot_1.yaml index 388302e5b..5ac75699c 100755 --- a/queries/aws_ebs_snapshot_1.yaml +++ b/queries/aws_ebs_snapshot_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS EBS snapshots, providing detailed information + about each snapshot''s configuration, status, and associated metadata. ID: aws_ebs_snapshot_1 -Title: "Find Detailed Information About AWS EBS Snapshots" -Description: "Allows users to query AWS EBS snapshots, providing detailed information about each snapshot''s configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - snapshot_id, - arn, - encrypted - from - aws_ebs_snapshot - where - not encrypted; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n snapshot_id,\n arn,\n encrypted\nfrom\n aws_ebs_snapshot\n\ + where\n not encrypted;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Block Store (EBS) +Title: Find Detailed Information About AWS EBS Snapshots diff --git a/queries/aws_ebs_snapshot_2.yaml b/queries/aws_ebs_snapshot_2.yaml index ef1ab1b93..5a24ea1d0 100755 --- a/queries/aws_ebs_snapshot_2.yaml +++ b/queries/aws_ebs_snapshot_2.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS EBS snapshots, providing detailed information + about each snapshot''s configuration, status, and associated metadata. ID: aws_ebs_snapshot_2 -Title: "Find AWS EBS Snapshots with User and Group Details" -Description: "Allows users to query AWS EBS snapshots, providing detailed information about each snapshot''s configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - snapshot_id, - arn, - volume_id, - perm ->> 'UserId' as userid, - perm ->> 'Group' as group - from - aws_ebs_snapshot - cross join jsonb_array_elements(create_volume_permissions) as perm - where - perm ->> 'Group' = 'all'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n snapshot_id,\n arn,\n volume_id,\n perm ->> 'UserId'\ + \ as userid,\n perm ->> 'Group' as group\nfrom\n aws_ebs_snapshot\n cross join\ + \ jsonb_array_elements(create_volume_permissions) as perm\nwhere\n perm ->> 'Group'\ + \ = 'all';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Block Store +Title: Find AWS EBS Snapshots with User and Group Details diff --git a/queries/aws_ebs_snapshot_3.yaml b/queries/aws_ebs_snapshot_3.yaml index bf3285318..20e88d8e9 100755 --- a/queries/aws_ebs_snapshot_3.yaml +++ b/queries/aws_ebs_snapshot_3.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS EBS snapshots, providing detailed information + about each snapshot''s configuration, status, and associated metadata. ID: aws_ebs_snapshot_3 -Title: "List all AWS EBS snapshots with details" -Description: "Allows users to query AWS EBS snapshots, providing detailed information about each snapshot''s configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - snapshot_id, - volume_id, - perm ->> 'UserId' as account_ids - from - aws_ebs_snapshot - cross join jsonb_array_elements(create_volume_permissions) as perm; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n snapshot_id,\n volume_id,\n perm ->> 'UserId' as account_ids\n\ + from\n aws_ebs_snapshot\n cross join jsonb_array_elements(create_volume_permissions)\ + \ as perm;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Block Store +Title: List all AWS EBS snapshots with details diff --git a/queries/aws_ebs_snapshot_4.yaml b/queries/aws_ebs_snapshot_4.yaml index b75436496..6355f2974 100755 --- a/queries/aws_ebs_snapshot_4.yaml +++ b/queries/aws_ebs_snapshot_4.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS EBS snapshots, providing detailed information + about each snapshot''s configuration, status, and associated metadata. ID: aws_ebs_snapshot_4 -Title: "List all AWS EBS snapshots with configuration details" -Description: "Allows users to query AWS EBS snapshots, providing detailed information about each snapshot''s configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - volume_id, - count(snapshot_id) as snapshot_id - from - aws_ebs_snapshot - group by - volume_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n volume_id,\n count(snapshot_id) as snapshot_id\nfrom\n\ + \ aws_ebs_snapshot\ngroup by\n volume_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Block Store (EBS) +Title: List all AWS EBS snapshots with configuration details diff --git a/queries/aws_ebs_snapshot_5.yaml b/queries/aws_ebs_snapshot_5.yaml index d2012bc4f..4dbfb3de4 100755 --- a/queries/aws_ebs_snapshot_5.yaml +++ b/queries/aws_ebs_snapshot_5.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS EBS snapshots, providing detailed information + about each snapshot''s configuration, status, and associated metadata. ID: aws_ebs_snapshot_5 -Title: "Find details of AWS EBS snapshot configurations" -Description: "Allows users to query AWS EBS snapshots, providing detailed information about each snapshot''s configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - snapshot_id, - arn, - encrypted, - owner_id - from - aws_ebs_snapshot - where - owner_id = '859788737657'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n snapshot_id,\n arn,\n encrypted,\n owner_id\nfrom\n\ + \ aws_ebs_snapshot\nwhere\n owner_id = '859788737657';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Block Store +Title: Find details of AWS EBS snapshot configurations diff --git a/queries/aws_ebs_snapshot_6.yaml b/queries/aws_ebs_snapshot_6.yaml index f0d483757..5bbbc8cf7 100755 --- a/queries/aws_ebs_snapshot_6.yaml +++ b/queries/aws_ebs_snapshot_6.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS EBS snapshots, providing detailed information + about each snapshot''s configuration, status, and associated metadata. ID: aws_ebs_snapshot_6 -Title: "Find EBS Snapshots Configuration and Metadata in AWS" -Description: "Allows users to query AWS EBS snapshots, providing detailed information about each snapshot''s configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - snapshot_id, - arn, - encrypted, - owner_id - from - aws_ebs_snapshot - where - snapshot_id = 'snap-07bf4f91353ad71ae'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n snapshot_id,\n arn,\n encrypted,\n owner_id\nfrom\n\ + \ aws_ebs_snapshot\nwhere\n snapshot_id = 'snap-07bf4f91353ad71ae';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Block Store +Title: Find EBS Snapshots Configuration and Metadata in AWS diff --git a/queries/aws_ebs_snapshot_7.yaml b/queries/aws_ebs_snapshot_7.yaml index 532c4d8c0..00c155b8b 100755 --- a/queries/aws_ebs_snapshot_7.yaml +++ b/queries/aws_ebs_snapshot_7.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS EBS snapshots, providing detailed information + about each snapshot''s configuration, status, and associated metadata. ID: aws_ebs_snapshot_7 -Title: "List all AWS EBS Snapshot Configurations and Status" -Description: "Allows users to query AWS EBS snapshots, providing detailed information about each snapshot''s configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - snapshot_id, - arn, - encrypted, - owner_id - from - aws_ebs_snapshot - where - owner_alias = 'amazon' - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n snapshot_id,\n arn,\n encrypted,\n owner_id\nfrom\n\ + \ aws_ebs_snapshot\nwhere\n owner_alias = 'amazon'" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Block Store +Title: List all AWS EBS Snapshot Configurations and Status diff --git a/queries/aws_ebs_volume_1.yaml b/queries/aws_ebs_volume_1.yaml index c6468f9ea..546d8bc5a 100755 --- a/queries/aws_ebs_volume_1.yaml +++ b/queries/aws_ebs_volume_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Elastic Block Store (EBS) volumes for detailed + information about their configuration, status, and associated tags. ID: aws_ebs_volume_1 -Title: "Find All Unencrypted EBS Volumes in AWS" -Description: "Allows users to query AWS Elastic Block Store (EBS) volumes for detailed information about their configuration, status, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - volume_id, - encrypted - from - aws_ebs_volume - where - not encrypted; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n volume_id,\n encrypted\nfrom\n aws_ebs_volume\nwhere\n\ + \ not encrypted;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Block Store +Title: Find All Unencrypted EBS Volumes in AWS diff --git a/queries/aws_ebs_volume_2.yaml b/queries/aws_ebs_volume_2.yaml index 02b631158..9b05e6dea 100755 --- a/queries/aws_ebs_volume_2.yaml +++ b/queries/aws_ebs_volume_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Elastic Block Store (EBS) volumes for detailed + information about their configuration, status, and associated tags. ID: aws_ebs_volume_2 -Title: "List all AWS EBS volumes with no attachments" -Description: "Allows users to query AWS Elastic Block Store (EBS) volumes for detailed information about their configuration, status, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - volume_id, - volume_type - from - aws_ebs_volume - where - jsonb_array_length(attachments) = 0; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n volume_id,\n volume_type\nfrom\n aws_ebs_volume\nwhere\n\ + \ jsonb_array_length(attachments) = 0;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Block Store (EBS) +Title: List all AWS EBS volumes with no attachments diff --git a/queries/aws_ebs_volume_3.yaml b/queries/aws_ebs_volume_3.yaml index b58bda1ec..7896f9897 100755 --- a/queries/aws_ebs_volume_3.yaml +++ b/queries/aws_ebs_volume_3.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Elastic Block Store (EBS) volumes for detailed + information about their configuration, status, and associated tags. ID: aws_ebs_volume_3 -Title: "List all AWS EBS Volumes and Their Details" -Description: "Allows users to query AWS Elastic Block Store (EBS) volumes for detailed information about their configuration, status, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - volume_id, - volume_type - from - aws_ebs_volume - where - volume_type = 'io1'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n volume_id,\n volume_type\nfrom\n aws_ebs_volume\nwhere\n\ + \ volume_type = 'io1';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Block Store (EBS) +Title: List all AWS EBS Volumes and Their Details diff --git a/queries/aws_ebs_volume_4.yaml b/queries/aws_ebs_volume_4.yaml index 8059789b3..353c0361b 100755 --- a/queries/aws_ebs_volume_4.yaml +++ b/queries/aws_ebs_volume_4.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Elastic Block Store (EBS) volumes for detailed + information about their configuration, status, and associated tags. ID: aws_ebs_volume_4 -Title: "List all AWS EBS volumes with configuration and status details" -Description: "Allows users to query AWS Elastic Block Store (EBS) volumes for detailed information about their configuration, status, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - volume_id, - size - from - aws_ebs_volume - where - size > '100'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n volume_id,\n size\nfrom\n aws_ebs_volume\nwhere\n \ + \ size > '100';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Block Store +Title: List all AWS EBS volumes with configuration and status details diff --git a/queries/aws_ebs_volume_5.yaml b/queries/aws_ebs_volume_5.yaml index 79a8ee80f..caa606657 100755 --- a/queries/aws_ebs_volume_5.yaml +++ b/queries/aws_ebs_volume_5.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Elastic Block Store (EBS) volumes for detailed + information about their configuration, status, and associated tags. ID: aws_ebs_volume_5 -Title: "List all AWS EBS Volumes and Configuration Details" -Description: "Allows users to query AWS Elastic Block Store (EBS) volumes for detailed information about their configuration, status, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - volume_type, - count(volume_type) as count - from - aws_ebs_volume - group by - volume_type; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n volume_type,\n count(volume_type) as count\nfrom\n \ + \ aws_ebs_volume\ngroup by\n volume_type;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Block Store +Title: List all AWS EBS Volumes and Configuration Details diff --git a/queries/aws_ebs_volume_6.yaml b/queries/aws_ebs_volume_6.yaml index 987fb78a3..c64f1fc42 100755 --- a/queries/aws_ebs_volume_6.yaml +++ b/queries/aws_ebs_volume_6.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS Elastic Block Store (EBS) volumes for detailed + information about their configuration, status, and associated tags. ID: aws_ebs_volume_6 -Title: "List all AWS EBS volumes and their stopped instances" -Description: "Allows users to query AWS Elastic Block Store (EBS) volumes for detailed information about their configuration, status, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - volume_id, - size, - att ->> 'InstanceId' as instance_id - from - aws_ebs_volume - cross join jsonb_array_elements(attachments) as att - join aws_ec2_instance as i on i.instance_id = att ->> 'InstanceId' - where - instance_state = 'stopped'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n volume_id,\n size,\n att ->> 'InstanceId' as instance_id\n\ + from\n aws_ebs_volume\n cross join jsonb_array_elements(attachments) as att\n\ + \ join aws_ec2_instance as i on i.instance_id = att ->> 'InstanceId'\nwhere\n\ + \ instance_state = 'stopped';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Block Store (EBS) +Title: List all AWS EBS volumes and their stopped instances diff --git a/queries/aws_ebs_volume_7.yaml b/queries/aws_ebs_volume_7.yaml index c812df3e2..b0992941e 100755 --- a/queries/aws_ebs_volume_7.yaml +++ b/queries/aws_ebs_volume_7.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Elastic Block Store (EBS) volumes for detailed + information about their configuration, status, and associated tags. ID: aws_ebs_volume_7 -Title: "List AWS EBS Volumes for Configuration and Status" -Description: "Allows users to query AWS Elastic Block Store (EBS) volumes for detailed information about their configuration, status, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - volume_id, - volume_type - from - aws_ebs_volume - where - volume_type = 'io1'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n volume_id,\n volume_type\nfrom\n aws_ebs_volume\nwhere\n\ + \ volume_type = 'io1';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Block Store +Title: List AWS EBS Volumes for Configuration and Status diff --git a/queries/aws_ebs_volume_metric_read_ops_1.yaml b/queries/aws_ebs_volume_metric_read_ops_1.yaml index f7aed238f..441b20c5f 100755 --- a/queries/aws_ebs_volume_metric_read_ops_1.yaml +++ b/queries/aws_ebs_volume_metric_read_ops_1.yaml @@ -1,33 +1,22 @@ +Description: Allows users to query AWS EBS Volume read operations metrics. ID: aws_ebs_volume_metric_read_ops_1 -Title: "List all AWS EBS Volume read operations metrics" -Description: "Allows users to query AWS EBS Volume read operations metrics." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - volume_id, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_ebs_volume_metric_read_ops - order by - volume_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n volume_id,\n timestamp,\n minimum,\n maximum,\n average,\n\ + \ sum,\n sample_count\nfrom\n aws_ebs_volume_metric_read_ops\norder by\n volume_id,\n\ + \ timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EBS Volume +Title: List all AWS EBS Volume read operations metrics diff --git a/queries/aws_ebs_volume_metric_read_ops_2.yaml b/queries/aws_ebs_volume_metric_read_ops_2.yaml index 0e74c6a6f..0fc12c38f 100755 --- a/queries/aws_ebs_volume_metric_read_ops_2.yaml +++ b/queries/aws_ebs_volume_metric_read_ops_2.yaml @@ -1,33 +1,20 @@ +Description: Allows users to query AWS EBS Volume read operations metrics. ID: aws_ebs_volume_metric_read_ops_2 -Title: "Find Read Ops Metrics of AWS EBS Volumes with SQL" -Description: "Allows users to query AWS EBS Volume read operations metrics." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - volume_id, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_ebs_volume_metric_read_ops - where - average > 1000 - order by - volume_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n volume_id,\n timestamp,\n minimum,\n maximum,\n average,\n\ + \ sum,\n sample_count\nfrom\n aws_ebs_volume_metric_read_ops\nwhere\n average\ + \ > 1000\norder by\n volume_id,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EBS +Title: Find Read Ops Metrics of AWS EBS Volumes with SQL diff --git a/queries/aws_ebs_volume_metric_read_ops_3.yaml b/queries/aws_ebs_volume_metric_read_ops_3.yaml index 2b45be172..e3c3e398f 100755 --- a/queries/aws_ebs_volume_metric_read_ops_3.yaml +++ b/queries/aws_ebs_volume_metric_read_ops_3.yaml @@ -1,35 +1,22 @@ +Description: Allows users to query AWS EBS Volume read operations metrics. ID: aws_ebs_volume_metric_read_ops_3 -Title: "List all AWS EBS Volume read operations metrics" -Description: "Allows users to query AWS EBS Volume read operations metrics." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - volume_id, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_ebs_volume_metric_read_ops - where - maximum > 8000 - order by - volume_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n volume_id,\n timestamp,\n minimum,\n maximum,\n average,\n\ + \ sum,\n sample_count\nfrom\n aws_ebs_volume_metric_read_ops\nwhere\n maximum\ + \ > 8000\norder by\n volume_id,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EBS +Title: List all AWS EBS Volume read operations metrics diff --git a/queries/aws_ebs_volume_metric_read_ops_4.yaml b/queries/aws_ebs_volume_metric_read_ops_4.yaml index 102ab9281..94cc7135f 100755 --- a/queries/aws_ebs_volume_metric_read_ops_4.yaml +++ b/queries/aws_ebs_volume_metric_read_ops_4.yaml @@ -1,39 +1,25 @@ +Description: Allows users to query AWS EBS Volume read operations metrics. ID: aws_ebs_volume_metric_read_ops_4 -Title: "List All AWS EBS Volume Read Operations Metrics" -Description: "Allows users to query AWS EBS Volume read operations metrics." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.volume_id, - r.timestamp, - round(r.average) + round(w.average) as iops_avg, - round(r.average) as read_ops_avg, - round(w.average) as write_ops_avg, - round(r.maximum) + round(w.maximum) as iops_max, - round(r.maximum) as read_ops_max, - round(w.maximum) as write_ops_max, - round(r.minimum) + round(w.minimum) as iops_min, - round(r.minimum) as read_ops_min, - round(w.minimum) as write_ops_min - from - aws_ebs_volume_metric_read_ops as r, - aws_ebs_volume_metric_write_ops as w - where - r.volume_id = w.volume_id - and r.timestamp = w.timestamp - order by - r.volume_id, - r.timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n r.volume_id,\n r.timestamp,\n round(r.average) + round(w.average)\ + \ as iops_avg,\n round(r.average) as read_ops_avg,\n round(w.average) as write_ops_avg,\n\ + \ round(r.maximum) + round(w.maximum) as iops_max,\n round(r.maximum) as read_ops_max,\n\ + \ round(w.maximum) as write_ops_max,\n round(r.minimum) + round(w.minimum) as\ + \ iops_min,\n round(r.minimum) as read_ops_min,\n round(w.minimum) as write_ops_min\n\ + from \n aws_ebs_volume_metric_read_ops as r,\n aws_ebs_volume_metric_write_ops\ + \ as w\nwhere \n r.volume_id = w.volume_id\n and r.timestamp = w.timestamp\n\ + order by\n r.volume_id,\n r.timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EBS +Title: List All AWS EBS Volume Read Operations Metrics diff --git a/queries/aws_ebs_volume_metric_read_ops_daily_1.yaml b/queries/aws_ebs_volume_metric_read_ops_daily_1.yaml index 56cdae947..9b22ca2f7 100755 --- a/queries/aws_ebs_volume_metric_read_ops_daily_1.yaml +++ b/queries/aws_ebs_volume_metric_read_ops_daily_1.yaml @@ -1,31 +1,20 @@ +Description: Allows users to query AWS EBS Volume metrics for daily read operations. ID: aws_ebs_volume_metric_read_ops_daily_1 -Title: "List AWS EBS Volume Metrics for Daily Read Ops" -Description: "Allows users to query AWS EBS Volume metrics for daily read operations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - volume_id, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_ebs_volume_metric_read_ops_daily - order by - volume_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n volume_id,\n timestamp,\n minimum,\n maximum,\n average,\n\ + \ sum,\n sample_count\nfrom\n aws_ebs_volume_metric_read_ops_daily\norder by\n\ + \ volume_id,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EBS +Title: List AWS EBS Volume Metrics for Daily Read Ops diff --git a/queries/aws_ebs_volume_metric_read_ops_daily_2.yaml b/queries/aws_ebs_volume_metric_read_ops_daily_2.yaml index bbc5fdd1b..4ea84814d 100755 --- a/queries/aws_ebs_volume_metric_read_ops_daily_2.yaml +++ b/queries/aws_ebs_volume_metric_read_ops_daily_2.yaml @@ -1,33 +1,20 @@ +Description: Allows users to query AWS EBS Volume metrics for daily read operations. ID: aws_ebs_volume_metric_read_ops_daily_2 -Title: "Find Daily AWS EBS Volume Read Ops Metrics using SQL" -Description: "Allows users to query AWS EBS Volume metrics for daily read operations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - volume_id, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_ebs_volume_metric_read_ops_daily - where - average > 1000 - order by - volume_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n volume_id,\n timestamp,\n minimum,\n maximum,\n average,\n\ + \ sum,\n sample_count\nfrom\n aws_ebs_volume_metric_read_ops_daily\nwhere\n\ + \ average > 1000\norder by\n volume_id,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EBS +Title: Find Daily AWS EBS Volume Read Ops Metrics using SQL diff --git a/queries/aws_ebs_volume_metric_read_ops_daily_3.yaml b/queries/aws_ebs_volume_metric_read_ops_daily_3.yaml index 777415438..2bfd38351 100755 --- a/queries/aws_ebs_volume_metric_read_ops_daily_3.yaml +++ b/queries/aws_ebs_volume_metric_read_ops_daily_3.yaml @@ -1,33 +1,20 @@ +Description: Allows users to query AWS EBS Volume metrics for daily read operations. ID: aws_ebs_volume_metric_read_ops_daily_3 -Title: "Find all AWS EBS Volume daily read operations metrics" -Description: "Allows users to query AWS EBS Volume metrics for daily read operations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - volume_id, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_ebs_volume_metric_read_ops_daily - where - maximum > 8000 - order by - volume_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n volume_id,\n timestamp,\n minimum,\n maximum,\n average,\n\ + \ sum,\n sample_count\nfrom\n aws_ebs_volume_metric_read_ops_daily\nwhere\n\ + \ maximum > 8000\norder by\n volume_id,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EBS +Title: Find all AWS EBS Volume daily read operations metrics diff --git a/queries/aws_ebs_volume_metric_read_ops_daily_4.yaml b/queries/aws_ebs_volume_metric_read_ops_daily_4.yaml index cc42a62ed..0d5a3bc1f 100755 --- a/queries/aws_ebs_volume_metric_read_ops_daily_4.yaml +++ b/queries/aws_ebs_volume_metric_read_ops_daily_4.yaml @@ -1,41 +1,27 @@ +Description: Allows users to query AWS EBS Volume metrics for daily read operations. ID: aws_ebs_volume_metric_read_ops_daily_4 -Title: "Find AWS EBS Volume Metrics for Daily Read Operations" -Description: "Allows users to query AWS EBS Volume metrics for daily read operations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.volume_id, - r.timestamp, - round(r.average) + round(w.average) as iops_avg, - round(r.average) as read_ops_avg, - round(w.average) as write_ops_avg, - round(r.maximum) + round(w.maximum) as iops_max, - round(r.maximum) as read_ops_max, - round(w.maximum) as write_ops_max, - round(r.minimum) + round(w.minimum) as iops_min, - round(r.minimum) as read_ops_min, - round(w.minimum) as write_ops_min - from - aws_ebs_volume_metric_read_ops_daily as r, - aws_ebs_volume_metric_write_ops_daily as w - where - r.volume_id = w.volume_id - and r.timestamp = w.timestamp - order by - r.volume_id, - r.timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n r.volume_id,\n r.timestamp,\n round(r.average) + round(w.average)\ + \ as iops_avg,\n round(r.average) as read_ops_avg,\n round(w.average) as write_ops_avg,\n\ + \ round(r.maximum) + round(w.maximum) as iops_max,\n round(r.maximum) as read_ops_max,\n\ + \ round(w.maximum) as write_ops_max,\n round(r.minimum) + round(w.minimum) as\ + \ iops_min,\n round(r.minimum) as read_ops_min,\n round(w.minimum) as write_ops_min\n\ + from \n aws_ebs_volume_metric_read_ops_daily as r,\n aws_ebs_volume_metric_write_ops_daily\ + \ as w\nwhere \n r.volume_id = w.volume_id\n and r.timestamp = w.timestamp\n\ + order by\n r.volume_id,\n r.timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EBS +Title: Find AWS EBS Volume Metrics for Daily Read Operations diff --git a/queries/aws_ebs_volume_metric_read_ops_hourly_1.yaml b/queries/aws_ebs_volume_metric_read_ops_hourly_1.yaml index 6dcea420e..c59c35f9d 100755 --- a/queries/aws_ebs_volume_metric_read_ops_hourly_1.yaml +++ b/queries/aws_ebs_volume_metric_read_ops_hourly_1.yaml @@ -1,33 +1,23 @@ +Description: Allows users to query Amazon EC2 EBS Volume Read Operations metrics on + an hourly basis. ID: aws_ebs_volume_metric_read_ops_hourly_1 -Title: "Find Amazon EC2 EBS Volume Read Operations Metrics Hourly" -Description: "Allows users to query Amazon EC2 EBS Volume Read Operations metrics on an hourly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - volume_id, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_ebs_volume_metric_read_ops_hourly - order by - volume_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n volume_id,\n timestamp,\n minimum,\n maximum,\n average,\n\ + \ sum,\n sample_count\nfrom\n aws_ebs_volume_metric_read_ops_hourly\norder\ + \ by\n volume_id,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon EC2 EBS +Title: Find Amazon EC2 EBS Volume Read Operations Metrics Hourly diff --git a/queries/aws_ebs_volume_metric_read_ops_hourly_2.yaml b/queries/aws_ebs_volume_metric_read_ops_hourly_2.yaml index a8a568cc2..9a47464b0 100755 --- a/queries/aws_ebs_volume_metric_read_ops_hourly_2.yaml +++ b/queries/aws_ebs_volume_metric_read_ops_hourly_2.yaml @@ -1,35 +1,23 @@ +Description: Allows users to query Amazon EC2 EBS Volume Read Operations metrics on + an hourly basis. ID: aws_ebs_volume_metric_read_ops_hourly_2 -Title: "List all Amazon EC2 EBS Volume Read Ops metrics hourly" -Description: "Allows users to query Amazon EC2 EBS Volume Read Operations metrics on an hourly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - volume_id, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_ebs_volume_metric_read_ops_hourly - where - average > 1000 - order by - volume_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n volume_id,\n timestamp,\n minimum,\n maximum,\n average,\n\ + \ sum,\n sample_count\nfrom\n aws_ebs_volume_metric_read_ops_hourly\nwhere\n\ + \ average > 1000\norder by\n volume_id,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon EC2 +Title: List all Amazon EC2 EBS Volume Read Ops metrics hourly diff --git a/queries/aws_ebs_volume_metric_read_ops_hourly_3.yaml b/queries/aws_ebs_volume_metric_read_ops_hourly_3.yaml index 804457456..a40690f68 100755 --- a/queries/aws_ebs_volume_metric_read_ops_hourly_3.yaml +++ b/queries/aws_ebs_volume_metric_read_ops_hourly_3.yaml @@ -1,35 +1,23 @@ +Description: Allows users to query Amazon EC2 EBS Volume Read Operations metrics on + an hourly basis. ID: aws_ebs_volume_metric_read_ops_hourly_3 -Title: "Find Amazon EC2 EBS Volume Read Ops Metrics Hourly" -Description: "Allows users to query Amazon EC2 EBS Volume Read Operations metrics on an hourly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - volume_id, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_ebs_volume_metric_read_ops_hourly - where - maximum > 8000 - order by - volume_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n volume_id,\n timestamp,\n minimum,\n maximum,\n average,\n\ + \ sum,\n sample_count\nfrom\n aws_ebs_volume_metric_read_ops_hourly\nwhere\n\ + \ maximum > 8000\norder by\n volume_id,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon EC2 +Title: Find Amazon EC2 EBS Volume Read Ops Metrics Hourly diff --git a/queries/aws_ebs_volume_metric_read_ops_hourly_4.yaml b/queries/aws_ebs_volume_metric_read_ops_hourly_4.yaml index ea84534e6..619fb10c9 100755 --- a/queries/aws_ebs_volume_metric_read_ops_hourly_4.yaml +++ b/queries/aws_ebs_volume_metric_read_ops_hourly_4.yaml @@ -1,37 +1,25 @@ +Description: Allows users to query Amazon EC2 EBS Volume Read Operations metrics on + an hourly basis. ID: aws_ebs_volume_metric_read_ops_hourly_4 -Title: "List all Amazon EC2 EBS Volume Read Ops Metrics Hourly" -Description: "Allows users to query Amazon EC2 EBS Volume Read Operations metrics on an hourly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.volume_id, - r.timestamp, - v.iops as provisioned_iops, - round(r.average) +round(w.average) as iops_avg, - round(r.average) as read_ops_avg, - round(w.average) as write_ops_avg - from - aws_ebs_volume_metric_read_ops_hourly as r, - aws_ebs_volume_metric_write_ops_hourly as w, - aws_ebs_volume as v - where - r.volume_id = w.volume_id - and r.timestamp = w.timestamp - and v.volume_id = r.volume_id - and r.average + w.average > v.iops - order by - r.volume_id, - r.timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n r.volume_id,\n r.timestamp,\n v.iops as provisioned_iops,\n\ + \ round(r.average) +round(w.average) as iops_avg,\n round(r.average) as read_ops_avg,\n\ + \ round(w.average) as write_ops_avg\nfrom \n aws_ebs_volume_metric_read_ops_hourly\ + \ as r,\n aws_ebs_volume_metric_write_ops_hourly as w,\n aws_ebs_volume as v\n\ + where \n r.volume_id = w.volume_id\n and r.timestamp = w.timestamp\n and v.volume_id\ + \ = r.volume_id \n and r.average + w.average > v.iops\norder by\n r.volume_id,\n\ + \ r.timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon EC2 +Title: List all Amazon EC2 EBS Volume Read Ops Metrics Hourly diff --git a/queries/aws_ebs_volume_metric_read_ops_hourly_5.yaml b/queries/aws_ebs_volume_metric_read_ops_hourly_5.yaml index d2e6fd281..3121ceed8 100755 --- a/queries/aws_ebs_volume_metric_read_ops_hourly_5.yaml +++ b/queries/aws_ebs_volume_metric_read_ops_hourly_5.yaml @@ -1,39 +1,26 @@ +Description: Allows users to query Amazon EC2 EBS Volume Read Operations metrics on + an hourly basis. ID: aws_ebs_volume_metric_read_ops_hourly_5 -Title: "Find AWS EC2 EBS Volume Read Ops Metrics Hourly" -Description: "Allows users to query Amazon EC2 EBS Volume Read Operations metrics on an hourly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.volume_id, - r.timestamp, - round(r.average) + round(w.average) as iops_avg, - round(r.average) as read_ops_avg, - round(w.average) as write_ops_avg, - round(r.maximum) + round(w.maximum) as iops_max, - round(r.maximum) as read_ops_max, - round(w.maximum) as write_ops_max, - round(r.minimum) + round(w.minimum) as iops_min, - round(r.minimum) as read_ops_min, - round(w.minimum) as write_ops_min - from - aws_ebs_volume_metric_read_ops_hourly as r, - aws_ebs_volume_metric_write_ops_hourly as w - where - r.volume_id = w.volume_id - and r.timestamp = w.timestamp - order by - r.volume_id, - r.timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n r.volume_id,\n r.timestamp,\n round(r.average) + round(w.average)\ + \ as iops_avg,\n round(r.average) as read_ops_avg,\n round(w.average) as write_ops_avg,\n\ + \ round(r.maximum) + round(w.maximum) as iops_max,\n round(r.maximum) as read_ops_max,\n\ + \ round(w.maximum) as write_ops_max,\n round(r.minimum) + round(w.minimum) as\ + \ iops_min,\n round(r.minimum) as read_ops_min,\n round(w.minimum) as write_ops_min\n\ + from \n aws_ebs_volume_metric_read_ops_hourly as r,\n aws_ebs_volume_metric_write_ops_hourly\ + \ as w\nwhere \n r.volume_id = w.volume_id\n and r.timestamp = w.timestamp\n\ + order by\n r.volume_id,\n r.timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon EC2 EBS +Title: Find AWS EC2 EBS Volume Read Ops Metrics Hourly diff --git a/queries/aws_ebs_volume_metric_write_ops_1.yaml b/queries/aws_ebs_volume_metric_write_ops_1.yaml index b90872c82..74e2a9fdc 100755 --- a/queries/aws_ebs_volume_metric_write_ops_1.yaml +++ b/queries/aws_ebs_volume_metric_write_ops_1.yaml @@ -1,33 +1,23 @@ +Description: Allows users to query AWS Elastic Block Store (EBS) volume write operations + metrics. ID: aws_ebs_volume_metric_write_ops_1 -Title: "Find AWS EBS Volume Write Operations Metrics" -Description: "Allows users to query AWS Elastic Block Store (EBS) volume write operations metrics." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - volume_id, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_ebs_volume_metric_write_ops - order by - volume_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n volume_id,\n timestamp,\n minimum,\n maximum,\n average,\n\ + \ sum,\n sample_count\nfrom\n aws_ebs_volume_metric_write_ops\norder by\n \ + \ volume_id,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Block Store +Title: Find AWS EBS Volume Write Operations Metrics diff --git a/queries/aws_ebs_volume_metric_write_ops_2.yaml b/queries/aws_ebs_volume_metric_write_ops_2.yaml index fe69e94b8..a44a7ca89 100755 --- a/queries/aws_ebs_volume_metric_write_ops_2.yaml +++ b/queries/aws_ebs_volume_metric_write_ops_2.yaml @@ -1,33 +1,21 @@ +Description: Allows users to query AWS Elastic Block Store (EBS) volume write operations + metrics. ID: aws_ebs_volume_metric_write_ops_2 -Title: "List AWS EBS Volume Write Ops Metrics via SQL" -Description: "Allows users to query AWS Elastic Block Store (EBS) volume write operations metrics." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - volume_id, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_ebs_volume_metric_write_ops - where - average > 1000 - order by - volume_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n volume_id,\n timestamp,\n minimum,\n maximum,\n average,\n\ + \ sum,\n sample_count\nfrom\n aws_ebs_volume_metric_write_ops\nwhere\n average\ + \ > 1000\norder by\n volume_id,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Block Store +Title: List AWS EBS Volume Write Ops Metrics via SQL diff --git a/queries/aws_ebs_volume_metric_write_ops_3.yaml b/queries/aws_ebs_volume_metric_write_ops_3.yaml index 3a8a5b326..6b3575cb0 100755 --- a/queries/aws_ebs_volume_metric_write_ops_3.yaml +++ b/queries/aws_ebs_volume_metric_write_ops_3.yaml @@ -1,35 +1,23 @@ +Description: Allows users to query AWS Elastic Block Store (EBS) volume write operations + metrics. ID: aws_ebs_volume_metric_write_ops_3 -Title: "Find AWS EBS volume write ops metrics" -Description: "Allows users to query AWS Elastic Block Store (EBS) volume write operations metrics." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - volume_id, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_ebs_volume_metric_write_ops - where - maximum > 8000 - order by - volume_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n volume_id,\n timestamp,\n minimum,\n maximum,\n average,\n\ + \ sum,\n sample_count\nfrom\n aws_ebs_volume_metric_write_ops\nwhere\n maximum\ + \ > 8000\norder by\n volume_id,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Block Store +Title: Find AWS EBS volume write ops metrics diff --git a/queries/aws_ebs_volume_metric_write_ops_4.yaml b/queries/aws_ebs_volume_metric_write_ops_4.yaml index bd6ebaace..ed43c3fd6 100755 --- a/queries/aws_ebs_volume_metric_write_ops_4.yaml +++ b/queries/aws_ebs_volume_metric_write_ops_4.yaml @@ -1,41 +1,28 @@ +Description: Allows users to query AWS Elastic Block Store (EBS) volume write operations + metrics. ID: aws_ebs_volume_metric_write_ops_4 -Title: "List EBS Volume Write Ops Metrics using SQL" -Description: "Allows users to query AWS Elastic Block Store (EBS) volume write operations metrics." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.volume_id, - r.timestamp, - round(r.average) + round(w.average) as iops_avg, - round(r.average) as read_ops_avg, - round(w.average) as write_ops_avg, - round(r.maximum) + round(w.maximum) as iops_max, - round(r.maximum) as read_ops_max, - round(w.maximum) as write_ops_max, - round(r.minimum) + round(w.minimum) as iops_min, - round(r.minimum) as read_ops_min, - round(w.minimum) as write_ops_min - from - aws_ebs_volume_metric_read_ops as r, - aws_ebs_volume_metric_write_ops as w - where - r.volume_id = w.volume_id - and r.timestamp = w.timestamp - order by - r.volume_id, - r.timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n r.volume_id,\n r.timestamp,\n round(r.average) + round(w.average)\ + \ as iops_avg,\n round(r.average) as read_ops_avg,\n round(w.average) as write_ops_avg,\n\ + \ round(r.maximum) + round(w.maximum) as iops_max,\n round(r.maximum) as read_ops_max,\n\ + \ round(w.maximum) as write_ops_max,\n round(r.minimum) + round(w.minimum) as\ + \ iops_min,\n round(r.minimum) as read_ops_min,\n round(w.minimum) as write_ops_min\n\ + from \n aws_ebs_volume_metric_read_ops as r,\n aws_ebs_volume_metric_write_ops\ + \ as w\nwhere \n r.volume_id = w.volume_id\n and r.timestamp = w.timestamp\n\ + order by\n r.volume_id,\n r.timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Block Store +Title: List EBS Volume Write Ops Metrics using SQL diff --git a/queries/aws_ebs_volume_metric_write_ops_daily_1.yaml b/queries/aws_ebs_volume_metric_write_ops_daily_1.yaml index f0a72ec1a..30847d391 100755 --- a/queries/aws_ebs_volume_metric_write_ops_daily_1.yaml +++ b/queries/aws_ebs_volume_metric_write_ops_daily_1.yaml @@ -1,33 +1,22 @@ +Description: Allows users to query AWS EBS Volume Metrics for daily write operations. ID: aws_ebs_volume_metric_write_ops_daily_1 -Title: "List all AWS EBS Volume Metrics for daily write operations" -Description: "Allows users to query AWS EBS Volume Metrics for daily write operations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - volume_id, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_ebs_volume_metric_write_ops_daily - order by - volume_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n volume_id,\n timestamp,\n minimum,\n maximum,\n average,\n\ + \ sum,\n sample_count\nfrom\n aws_ebs_volume_metric_write_ops_daily\norder\ + \ by\n volume_id,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EBS +Title: List all AWS EBS Volume Metrics for daily write operations diff --git a/queries/aws_ebs_volume_metric_write_ops_daily_2.yaml b/queries/aws_ebs_volume_metric_write_ops_daily_2.yaml index 5db89a6a8..d3f81e524 100755 --- a/queries/aws_ebs_volume_metric_write_ops_daily_2.yaml +++ b/queries/aws_ebs_volume_metric_write_ops_daily_2.yaml @@ -1,35 +1,22 @@ +Description: Allows users to query AWS EBS Volume Metrics for daily write operations. ID: aws_ebs_volume_metric_write_ops_daily_2 -Title: "Find daily AWS EBS Volume Metrics for write operations" -Description: "Allows users to query AWS EBS Volume Metrics for daily write operations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - volume_id, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_ebs_volume_metric_write_ops_daily - where - average > 1000 - order by - volume_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n volume_id,\n timestamp,\n minimum,\n maximum,\n average,\n\ + \ sum,\n sample_count\nfrom\n aws_ebs_volume_metric_write_ops_daily\nwhere\n\ + \ average > 1000\norder by\n volume_id,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon EBS +Title: Find daily AWS EBS Volume Metrics for write operations diff --git a/queries/aws_ebs_volume_metric_write_ops_daily_3.yaml b/queries/aws_ebs_volume_metric_write_ops_daily_3.yaml index da07573be..c174b3788 100755 --- a/queries/aws_ebs_volume_metric_write_ops_daily_3.yaml +++ b/queries/aws_ebs_volume_metric_write_ops_daily_3.yaml @@ -1,35 +1,22 @@ +Description: Allows users to query AWS EBS Volume Metrics for daily write operations. ID: aws_ebs_volume_metric_write_ops_daily_3 -Title: "Find AWS EBS Volume Write Ops Metrics Daily" -Description: "Allows users to query AWS EBS Volume Metrics for daily write operations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - volume_id, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_ebs_volume_metric_write_ops_daily - where - maximum > 8000 - order by - volume_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n volume_id,\n timestamp,\n minimum,\n maximum,\n average,\n\ + \ sum,\n sample_count\nfrom\n aws_ebs_volume_metric_write_ops_daily\nwhere\n\ + \ maximum > 8000\norder by\n volume_id,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EBS +Title: Find AWS EBS Volume Write Ops Metrics Daily diff --git a/queries/aws_ebs_volume_metric_write_ops_daily_4.yaml b/queries/aws_ebs_volume_metric_write_ops_daily_4.yaml index e3c7e11ac..fb59b09b4 100755 --- a/queries/aws_ebs_volume_metric_write_ops_daily_4.yaml +++ b/queries/aws_ebs_volume_metric_write_ops_daily_4.yaml @@ -1,39 +1,25 @@ +Description: Allows users to query AWS EBS Volume Metrics for daily write operations. ID: aws_ebs_volume_metric_write_ops_daily_4 -Title: "Query Daily AWS EBS Volume Write Ops Metrics" -Description: "Allows users to query AWS EBS Volume Metrics for daily write operations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.volume_id, - r.timestamp, - round(r.average) + round(w.average) as iops_avg, - round(r.average) as read_ops_avg, - round(w.average) as write_ops_avg, - round(r.maximum) + round(w.maximum) as iops_max, - round(r.maximum) as read_ops_max, - round(w.maximum) as write_ops_max, - round(r.minimum) + round(w.minimum) as iops_min, - round(r.minimum) as read_ops_min, - round(w.minimum) as write_ops_min - from - aws_ebs_volume_metric_read_ops_daily as r, - aws_ebs_volume_metric_write_ops_daily as w - where - r.volume_id = w.volume_id - and r.timestamp = w.timestamp - order by - r.volume_id, - r.timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n r.volume_id,\n r.timestamp,\n round(r.average) + round(w.average)\ + \ as iops_avg,\n round(r.average) as read_ops_avg,\n round(w.average) as write_ops_avg,\n\ + \ round(r.maximum) + round(w.maximum) as iops_max,\n round(r.maximum) as read_ops_max,\n\ + \ round(w.maximum) as write_ops_max,\n round(r.minimum) + round(w.minimum) as\ + \ iops_min,\n round(r.minimum) as read_ops_min,\n round(w.minimum) as write_ops_min\n\ + from \n aws_ebs_volume_metric_read_ops_daily as r,\n aws_ebs_volume_metric_write_ops_daily\ + \ as w\nwhere \n r.volume_id = w.volume_id\n and r.timestamp = w.timestamp\n\ + order by\n r.volume_id,\n r.timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EBS +Title: Query Daily AWS EBS Volume Write Ops Metrics diff --git a/queries/aws_ebs_volume_metric_write_ops_hourly_1.yaml b/queries/aws_ebs_volume_metric_write_ops_hourly_1.yaml index ed08a8048..c14c3dd5e 100755 --- a/queries/aws_ebs_volume_metric_write_ops_hourly_1.yaml +++ b/queries/aws_ebs_volume_metric_write_ops_hourly_1.yaml @@ -1,31 +1,20 @@ +Description: Allows users to query AWS EBS Volume Metrics on hourly write operations. ID: aws_ebs_volume_metric_write_ops_hourly_1 -Title: "Find AWS EBS Volume Metrics on Hourly Write Operations" -Description: "Allows users to query AWS EBS Volume Metrics on hourly write operations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - volume_id, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_ebs_volume_metric_write_ops_hourly - order by - volume_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n volume_id,\n timestamp,\n minimum,\n maximum,\n average,\n\ + \ sum,\n sample_count\nfrom\n aws_ebs_volume_metric_write_ops_hourly\norder\ + \ by\n volume_id,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EBS +Title: Find AWS EBS Volume Metrics on Hourly Write Operations diff --git a/queries/aws_ebs_volume_metric_write_ops_hourly_2.yaml b/queries/aws_ebs_volume_metric_write_ops_hourly_2.yaml index 9fc063589..858a37747 100755 --- a/queries/aws_ebs_volume_metric_write_ops_hourly_2.yaml +++ b/queries/aws_ebs_volume_metric_write_ops_hourly_2.yaml @@ -1,33 +1,20 @@ +Description: Allows users to query AWS EBS Volume Metrics on hourly write operations. ID: aws_ebs_volume_metric_write_ops_hourly_2 -Title: "Query AWS EBS Volume Hourly Write Operations Metrics" -Description: "Allows users to query AWS EBS Volume Metrics on hourly write operations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - volume_id, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_ebs_volume_metric_write_ops_hourly - where - average > 1000 - order by - volume_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n volume_id,\n timestamp,\n minimum,\n maximum,\n average,\n\ + \ sum,\n sample_count\nfrom\n aws_ebs_volume_metric_write_ops_hourly\nwhere\n\ + \ average > 1000\norder by\n volume_id,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EBS +Title: Query AWS EBS Volume Hourly Write Operations Metrics diff --git a/queries/aws_ebs_volume_metric_write_ops_hourly_3.yaml b/queries/aws_ebs_volume_metric_write_ops_hourly_3.yaml index 6554e0e03..20b22ad70 100755 --- a/queries/aws_ebs_volume_metric_write_ops_hourly_3.yaml +++ b/queries/aws_ebs_volume_metric_write_ops_hourly_3.yaml @@ -1,33 +1,20 @@ +Description: Allows users to query AWS EBS Volume Metrics on hourly write operations. ID: aws_ebs_volume_metric_write_ops_hourly_3 -Title: "List all AWS EBS Volume Metrics on Hourly Write Ops" -Description: "Allows users to query AWS EBS Volume Metrics on hourly write operations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - volume_id, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_ebs_volume_metric_write_ops_hourly - where - maximum > 8000 - order by - volume_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n volume_id,\n timestamp,\n minimum,\n maximum,\n average,\n\ + \ sum,\n sample_count\nfrom\n aws_ebs_volume_metric_write_ops_hourly\nwhere\n\ + \ maximum > 8000\norder by\n volume_id,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS EBS +Title: List all AWS EBS Volume Metrics on Hourly Write Ops diff --git a/queries/aws_ebs_volume_metric_write_ops_hourly_4.yaml b/queries/aws_ebs_volume_metric_write_ops_hourly_4.yaml index 9c446308b..1098e8a39 100755 --- a/queries/aws_ebs_volume_metric_write_ops_hourly_4.yaml +++ b/queries/aws_ebs_volume_metric_write_ops_hourly_4.yaml @@ -1,39 +1,26 @@ +Description: Allows users to query AWS EBS Volume Metrics on hourly write operations. ID: aws_ebs_volume_metric_write_ops_hourly_4 -Title: "Find AWS EBS Volume Hourly Write Operation Metrics" -Description: "Allows users to query AWS EBS Volume Metrics on hourly write operations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.volume_id, - r.timestamp, - v.iops as provisioned_iops, - round(r.average) +round(w.average) as iops_avg, - round(r.average) as read_ops_avg, - round(w.average) as write_ops_avg - from - aws_ebs_volume_metric_read_ops_hourly as r, - aws_ebs_volume_metric_write_ops_hourly as w, - aws_ebs_volume as v - where - r.volume_id = w.volume_id - and r.timestamp = w.timestamp - and v.volume_id = r.volume_id - and r.average + w.average > v.iops - order by - r.volume_id, - r.timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n r.volume_id,\n r.timestamp,\n v.iops as provisioned_iops,\n\ + \ round(r.average) +round(w.average) as iops_avg,\n round(r.average) as read_ops_avg,\n\ + \ round(w.average) as write_ops_avg\nfrom \n aws_ebs_volume_metric_read_ops_hourly\ + \ as r,\n aws_ebs_volume_metric_write_ops_hourly as w,\n aws_ebs_volume as v\n\ + where \n r.volume_id = w.volume_id\n and r.timestamp = w.timestamp\n and v.volume_id\ + \ = r.volume_id \n and r.average + w.average > v.iops\norder by\n r.volume_id,\n\ + \ r.timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EBS +Title: Find AWS EBS Volume Hourly Write Operation Metrics diff --git a/queries/aws_ebs_volume_metric_write_ops_hourly_5.yaml b/queries/aws_ebs_volume_metric_write_ops_hourly_5.yaml index 9ec155a2a..3842bcfd3 100755 --- a/queries/aws_ebs_volume_metric_write_ops_hourly_5.yaml +++ b/queries/aws_ebs_volume_metric_write_ops_hourly_5.yaml @@ -1,41 +1,27 @@ +Description: Allows users to query AWS EBS Volume Metrics on hourly write operations. ID: aws_ebs_volume_metric_write_ops_hourly_5 -Title: "Find AWS EBS Volume Metrics on Hourly Write Ops" -Description: "Allows users to query AWS EBS Volume Metrics on hourly write operations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.volume_id, - r.timestamp, - round(r.average) + round(w.average) as iops_avg, - round(r.average) as read_ops_avg, - round(w.average) as write_ops_avg, - round(r.maximum) + round(w.maximum) as iops_max, - round(r.maximum) as read_ops_max, - round(w.maximum) as write_ops_max, - round(r.minimum) + round(w.minimum) as iops_min, - round(r.minimum) as read_ops_min, - round(w.minimum) as write_ops_min - from - aws_ebs_volume_metric_read_ops_hourly as r, - aws_ebs_volume_metric_write_ops_hourly as w - where - r.volume_id = w.volume_id - and r.timestamp = w.timestamp - order by - r.volume_id, - r.timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n r.volume_id,\n r.timestamp,\n round(r.average) + round(w.average)\ + \ as iops_avg,\n round(r.average) as read_ops_avg,\n round(w.average) as write_ops_avg,\n\ + \ round(r.maximum) + round(w.maximum) as iops_max,\n round(r.maximum) as read_ops_max,\n\ + \ round(w.maximum) as write_ops_max,\n round(r.minimum) + round(w.minimum) as\ + \ iops_min,\n round(r.minimum) as read_ops_min,\n round(w.minimum) as write_ops_min\n\ + from \n aws_ebs_volume_metric_read_ops_hourly as r,\n aws_ebs_volume_metric_write_ops_hourly\ + \ as w\nwhere \n r.volume_id = w.volume_id\n and r.timestamp = w.timestamp\n\ + order by\n r.volume_id,\n r.timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EBS +Title: Find AWS EBS Volume Metrics on Hourly Write Ops diff --git a/queries/aws_ec2_ami_1.yaml b/queries/aws_ec2_ami_1.yaml index ab735156d..ab4709e0b 100755 --- a/queries/aws_ec2_ami_1.yaml +++ b/queries/aws_ec2_ami_1.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS EC2 AMIs (Amazon Machine Images) to retrieve + detailed information about each AMI available in the AWS account. ID: aws_ec2_ami_1 -Title: "List all AWS EC2 AMIs with Details via SQL" -Description: "Allows users to query AWS EC2 AMIs (Amazon Machine Images) to retrieve detailed information about each AMI available in the AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - image_id, - state, - image_location, - creation_date, - public, - root_device_name - from - aws_ec2_ami; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n image_id,\n state,\n image_location,\n creation_date,\n\ + \ public,\n root_device_name\nfrom\n aws_ec2_ami;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 AMIs with Details via SQL diff --git a/queries/aws_ec2_ami_2.yaml b/queries/aws_ec2_ami_2.yaml index 85711e6ee..573a8cb5f 100755 --- a/queries/aws_ec2_ami_2.yaml +++ b/queries/aws_ec2_ami_2.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS EC2 AMIs (Amazon Machine Images) to retrieve + detailed information about each AMI available in the AWS account. ID: aws_ec2_ami_2 -Title: "List all AWS EC2 AMIs to Retrieve Detailed Information" -Description: "Allows users to query AWS EC2 AMIs (Amazon Machine Images) to retrieve detailed information about each AMI available in the AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - image_id, - public - from - aws_ec2_ami - where - public; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n image_id,\n public\nfrom\n aws_ec2_ami\nwhere\n\ + \ public;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 AMIs to Retrieve Detailed Information diff --git a/queries/aws_ec2_ami_3.yaml b/queries/aws_ec2_ami_3.yaml index 4b42c486b..23661331f 100755 --- a/queries/aws_ec2_ami_3.yaml +++ b/queries/aws_ec2_ami_3.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS EC2 AMIs (Amazon Machine Images) to retrieve + detailed information about each AMI available in the AWS account. ID: aws_ec2_ami_3 -Title: "List all AWS EC2 AMI Details with Failed State" -Description: "Allows users to query AWS EC2 AMIs (Amazon Machine Images) to retrieve detailed information about each AMI available in the AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - image_id, - public, - state - from - aws_ec2_ami - where - state = 'failed'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n image_id,\n public,\n state\nfrom\n aws_ec2_ami\n\ + where\n state = 'failed';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 AMI Details with Failed State diff --git a/queries/aws_ec2_ami_4.yaml b/queries/aws_ec2_ami_4.yaml index 6cced891b..cc1020b03 100755 --- a/queries/aws_ec2_ami_4.yaml +++ b/queries/aws_ec2_ami_4.yaml @@ -1,31 +1,26 @@ +Description: Allows users to query AWS EC2 AMIs (Amazon Machine Images) to retrieve + detailed information about each AMI available in the AWS account. ID: aws_ec2_ami_4 -Title: "List all AWS EC2 AMIs with Detailed Information" -Description: "Allows users to query AWS EC2 AMIs (Amazon Machine Images) to retrieve detailed information about each AMI available in the AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - image_id, - mapping -> 'Ebs' ->> 'VolumeSize' as volume_size, - mapping -> 'Ebs' ->> 'VolumeType' as volume_type, - mapping -> 'Ebs' ->> 'Encrypted' as encryption_status, - mapping -> 'Ebs' ->> 'KmsKeyId' as kms_key, - mapping -> 'Ebs' ->> 'DeleteOnTermination' as delete_on_termination - from - aws_ec2_ami - cross join jsonb_array_elements(block_device_mappings) as mapping; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n image_id,\n mapping -> 'Ebs' ->> 'VolumeSize'\ + \ as volume_size,\n mapping -> 'Ebs' ->> 'VolumeType' as volume_type,\n mapping\ + \ -> 'Ebs' ->> 'Encrypted' as encryption_status,\n mapping -> 'Ebs' ->> 'KmsKeyId'\ + \ as kms_key,\n mapping -> 'Ebs' ->> 'DeleteOnTermination' as delete_on_termination\n\ + from\n aws_ec2_ami\n cross join jsonb_array_elements(block_device_mappings)\ + \ as mapping;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 AMI +Title: List all AWS EC2 AMIs with Detailed Information diff --git a/queries/aws_ec2_ami_shared_1.yaml b/queries/aws_ec2_ami_shared_1.yaml index 0fea12016..83032a2dd 100755 --- a/queries/aws_ec2_ami_shared_1.yaml +++ b/queries/aws_ec2_ami_shared_1.yaml @@ -1,32 +1,22 @@ +Description: Allows users to query shared Amazon Machine Images (AMIs) in AWS EC2 ID: aws_ec2_ami_shared_1 -Title: "Find shared Amazon Machine Images (AMIs) in AWS EC2" -Description: "Allows users to query shared Amazon Machine Images (AMIs) in AWS EC2" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - image_id, - state, - image_location, - creation_date, - public, - root_device_name - from - aws_ec2_ami_shared - where - owner_id = '137112412989'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n image_id,\n state,\n image_location,\n creation_date,\n\ + \ public,\n root_device_name\nfrom\n aws_ec2_ami_shared\nwhere\n owner_id\ + \ = '137112412989';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find shared Amazon Machine Images (AMIs) in AWS EC2 diff --git a/queries/aws_ec2_ami_shared_2.yaml b/queries/aws_ec2_ami_shared_2.yaml index 983108c5d..7b9395e31 100755 --- a/queries/aws_ec2_ami_shared_2.yaml +++ b/queries/aws_ec2_ami_shared_2.yaml @@ -1,33 +1,22 @@ +Description: Allows users to query shared Amazon Machine Images (AMIs) in AWS EC2 ID: aws_ec2_ami_shared_2 -Title: "Find Shared Amazon Machine Images (AMIs) in AWS EC2" -Description: "Allows users to query shared Amazon Machine Images (AMIs) in AWS EC2" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - image_id, - state, - image_location, - creation_date, - public, - root_device_name - from - aws_ec2_ami_shared - where - owner_id = '137112412989' - and architecture = 'arm64'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n image_id,\n state,\n image_location,\n creation_date,\n\ + \ public,\n root_device_name\nfrom\n aws_ec2_ami_shared\nwhere\n owner_id\ + \ = '137112412989'\n and architecture = 'arm64';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find Shared Amazon Machine Images (AMIs) in AWS EC2 diff --git a/queries/aws_ec2_ami_shared_3.yaml b/queries/aws_ec2_ami_shared_3.yaml index a1af0abf5..38d6cc6a3 100755 --- a/queries/aws_ec2_ami_shared_3.yaml +++ b/queries/aws_ec2_ami_shared_3.yaml @@ -1,30 +1,21 @@ +Description: Allows users to query shared Amazon Machine Images (AMIs) in AWS EC2 ID: aws_ec2_ami_shared_3 -Title: "List all shared Amazon Machine Images (AMIs) in AWS EC2" -Description: "Allows users to query shared Amazon Machine Images (AMIs) in AWS EC2" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - i.title, - i.instance_id, - i.image_id, - ami.name, - ami.description, - ami.platform_details - from - aws_ec2_instance as i - join aws_ec2_ami_shared as ami on i.image_id = ami.image_id - where - ami.owner_id = '137112412989'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n i.title,\n i.instance_id,\n i.image_id,\n ami.name,\n\ + \ ami.description,\n ami.platform_details\nfrom\n aws_ec2_instance as i\n join\ + \ aws_ec2_ami_shared as ami on i.image_id = ami.image_id\nwhere\n ami.owner_id\ + \ = '137112412989';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all shared Amazon Machine Images (AMIs) in AWS EC2 diff --git a/queries/aws_ec2_application_load_balancer_1.yaml b/queries/aws_ec2_application_load_balancer_1.yaml index c163bf9e5..cba1dfbd0 100755 --- a/queries/aws_ec2_application_load_balancer_1.yaml +++ b/queries/aws_ec2_application_load_balancer_1.yaml @@ -1,25 +1,23 @@ +Description: Allows users to query AWS EC2 Application Load Balancer, providing detailed + information about each load balancer within an AWS account. This includes its current + state, availability zones, security groups, and other important attributes. ID: aws_ec2_application_load_balancer_1 -Title: "Find AWS EC2 Load Balancers with Security Groups" -Description: "Allows users to query AWS EC2 Application Load Balancer, providing detailed information about each load balancer within an AWS account. This includes its current state, availability zones, security groups, and other important attributes." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - jsonb_array_elements_text(security_groups) as attached_security_group - from - aws_ec2_application_load_balancer; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n jsonb_array_elements_text(security_groups) as\ + \ attached_security_group\nfrom\n aws_ec2_application_load_balancer;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Application Load Balancer +Title: Find AWS EC2 Load Balancers with Security Groups diff --git a/queries/aws_ec2_application_load_balancer_2.yaml b/queries/aws_ec2_application_load_balancer_2.yaml index 759929c71..0c9267856 100755 --- a/queries/aws_ec2_application_load_balancer_2.yaml +++ b/queries/aws_ec2_application_load_balancer_2.yaml @@ -1,31 +1,27 @@ +Description: Allows users to query AWS EC2 Application Load Balancer, providing detailed + information about each load balancer within an AWS account. This includes its current + state, availability zones, security groups, and other important attributes. ID: aws_ec2_application_load_balancer_2 -Title: "List All AWS EC2 Application Load Balancers with Details" -Description: "Allows users to query AWS EC2 Application Load Balancer, providing detailed information about each load balancer within an AWS account. This includes its current state, availability zones, security groups, and other important attributes." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - az ->> 'LoadBalancerAddresses' as load_balancer_addresses, - az ->> 'OutpostId' as outpost_id, - az ->> 'SubnetId' as subnet_id, - az ->> 'ZoneName' as zone_name - from - aws_ec2_application_load_balancer - cross join jsonb_array_elements(availability_zones) as az; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n az ->> 'LoadBalancerAddresses' as load_balancer_addresses,\n\ + \ az ->> 'OutpostId' as outpost_id,\n az ->> 'SubnetId' as subnet_id,\n az\ + \ ->> 'ZoneName' as zone_name\nfrom\n aws_ec2_application_load_balancer\n cross\ + \ join jsonb_array_elements(availability_zones) as az;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Application Load Balancer +Title: List All AWS EC2 Application Load Balancers with Details diff --git a/queries/aws_ec2_application_load_balancer_3.yaml b/queries/aws_ec2_application_load_balancer_3.yaml index 505bb66b7..6d084a4bd 100755 --- a/queries/aws_ec2_application_load_balancer_3.yaml +++ b/queries/aws_ec2_application_load_balancer_3.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query AWS EC2 Application Load Balancer, providing detailed + information about each load balancer within an AWS account. This includes its current + state, availability zones, security groups, and other important attributes. ID: aws_ec2_application_load_balancer_3 -Title: "List All AWS EC2 ALBs with Detailed Information" -Description: "Allows users to query AWS EC2 Application Load Balancer, providing detailed information about each load balancer within an AWS account. This includes its current state, availability zones, security groups, and other important attributes." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - count(az ->> 'ZoneName') < 2 as zone_count_1 - from - aws_ec2_application_load_balancer - cross join jsonb_array_elements(availability_zones) as az - group by - name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n count(az ->> 'ZoneName') < 2 as zone_count_1\n\ + from\n aws_ec2_application_load_balancer\n cross join jsonb_array_elements(availability_zones)\ + \ as az\ngroup by\n name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Application Load Balancer +Title: List All AWS EC2 ALBs with Detailed Information diff --git a/queries/aws_ec2_application_load_balancer_4.yaml b/queries/aws_ec2_application_load_balancer_4.yaml index 7675d6597..92fe9e1be 100755 --- a/queries/aws_ec2_application_load_balancer_4.yaml +++ b/queries/aws_ec2_application_load_balancer_4.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS EC2 Application Load Balancer, providing detailed + information about each load balancer within an AWS account. This includes its current + state, availability zones, security groups, and other important attributes. ID: aws_ec2_application_load_balancer_4 -Title: "List all AWS EC2 Application Load Balancers and Attributes" -Description: "Allows users to query AWS EC2 Application Load Balancer, providing detailed information about each load balancer within an AWS account. This includes its current state, availability zones, security groups, and other important attributes." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - lb ->> 'Key' as logging_key, - lb ->> 'Value' as logging_value - from - aws_ec2_application_load_balancer - cross join jsonb_array_elements(load_balancer_attributes) as lb - where - lb ->> 'Key' = 'access_logs.s3.enabled' - and lb ->> 'Value' = 'false'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n lb ->> 'Key' as logging_key,\n lb ->> 'Value'\ + \ as logging_value\nfrom\n aws_ec2_application_load_balancer\n cross join jsonb_array_elements(load_balancer_attributes)\ + \ as lb\nwhere\n lb ->> 'Key' = 'access_logs.s3.enabled'\n and lb ->> 'Value'\ + \ = 'false';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Application Load Balancer +Title: List all AWS EC2 Application Load Balancers and Attributes diff --git a/queries/aws_ec2_application_load_balancer_5.yaml b/queries/aws_ec2_application_load_balancer_5.yaml index ef60fa395..27eca0309 100755 --- a/queries/aws_ec2_application_load_balancer_5.yaml +++ b/queries/aws_ec2_application_load_balancer_5.yaml @@ -1,32 +1,27 @@ +Description: Allows users to query AWS EC2 Application Load Balancer, providing detailed + information about each load balancer within an AWS account. This includes its current + state, availability zones, security groups, and other important attributes. ID: aws_ec2_application_load_balancer_5 -Title: "List all AWS EC2 Application Load Balancer Details" -Description: "Allows users to query AWS EC2 Application Load Balancer, providing detailed information about each load balancer within an AWS account. This includes its current state, availability zones, security groups, and other important attributes." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - lb ->> 'Key' as deletion_protection_key, - lb ->> 'Value' as deletion_protection_value - from - aws_ec2_application_load_balancer - cross join jsonb_array_elements(load_balancer_attributes) as lb - where - lb ->> 'Key' = 'deletion_protection.enabled' - and lb ->> 'Value' = 'false'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n lb ->> 'Key' as deletion_protection_key,\n \ + \ lb ->> 'Value' as deletion_protection_value\nfrom\n aws_ec2_application_load_balancer\n\ + \ cross join jsonb_array_elements(load_balancer_attributes) as lb\nwhere\n lb\ + \ ->> 'Key' = 'deletion_protection.enabled'\n and lb ->> 'Value' = 'false';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Application Load Balancer +Title: List all AWS EC2 Application Load Balancer Details diff --git a/queries/aws_ec2_application_load_balancer_metric_request_count_1.yaml b/queries/aws_ec2_application_load_balancer_metric_request_count_1.yaml index f33069b65..0c63fb583 100755 --- a/queries/aws_ec2_application_load_balancer_metric_request_count_1.yaml +++ b/queries/aws_ec2_application_load_balancer_metric_request_count_1.yaml @@ -1,32 +1,21 @@ +Description: Allows users to query AWS EC2 Application Load Balancer Metrics, specifically + the request count. ID: aws_ec2_application_load_balancer_metric_request_count_1 -Title: "Query AWS EC2 Application Load Balancer Request Count" -Description: "Allows users to query AWS EC2 Application Load Balancer Metrics, specifically the request count." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - metric_name, - namespace, - average, - maximum, - minimum, - sample_count, - timestamp - from - aws_ec2_application_load_balancer_metric_request_count - order by - name, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n metric_name,\n namespace,\n average,\n maximum,\n\ + \ minimum,\n sample_count,\n timestamp\nfrom\n aws_ec2_application_load_balancer_metric_request_count\n\ + order by\n name,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Application Load Balancer +Title: Query AWS EC2 Application Load Balancer Request Count diff --git a/queries/aws_ec2_application_load_balancer_metric_request_count_2.yaml b/queries/aws_ec2_application_load_balancer_metric_request_count_2.yaml index 2f189bef2..383433e79 100755 --- a/queries/aws_ec2_application_load_balancer_metric_request_count_2.yaml +++ b/queries/aws_ec2_application_load_balancer_metric_request_count_2.yaml @@ -1,36 +1,23 @@ +Description: Allows users to query AWS EC2 Application Load Balancer Metrics, specifically + the request count. ID: aws_ec2_application_load_balancer_metric_request_count_2 -Title: "List AWS EC2 Application Load Balancer Request Counts" -Description: "Allows users to query AWS EC2 Application Load Balancer Metrics, specifically the request count." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - metric_name, - namespace, - maximum, - minimum, - average - sample_count, - timestamp - from - aws_ec2_application_load_balancer_metric_request_count - where - average < 100 - order by - name, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n metric_name,\n namespace,\n maximum,\n minimum,\n\ + \ average\n sample_count,\n timestamp\nfrom\n aws_ec2_application_load_balancer_metric_request_count\n\ + where\n average < 100\norder by\n name,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Application Load Balancer +Title: List AWS EC2 Application Load Balancer Request Counts diff --git a/queries/aws_ec2_application_load_balancer_metric_request_count_daily_1.yaml b/queries/aws_ec2_application_load_balancer_metric_request_count_daily_1.yaml index 7984bdb4a..cd28ea1f3 100755 --- a/queries/aws_ec2_application_load_balancer_metric_request_count_daily_1.yaml +++ b/queries/aws_ec2_application_load_balancer_metric_request_count_daily_1.yaml @@ -1,34 +1,23 @@ +Description: Allows users to query daily request count metrics of the AWS EC2 Application + Load Balancer. ID: aws_ec2_application_load_balancer_metric_request_count_daily_1 -Title: "Find daily request count metrics of AWS EC2 ALB" -Description: "Allows users to query daily request count metrics of the AWS EC2 Application Load Balancer." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - metric_name, - namespace, - average, - maximum, - minimum, - sample_count, - timestamp - from - aws_ec2_application_load_balancer_metric_request_count_daily - order by - name, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n metric_name,\n namespace,\n average,\n maximum,\n\ + \ minimum,\n sample_count,\n timestamp\nfrom\n aws_ec2_application_load_balancer_metric_request_count_daily\n\ + order by\n name,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Application Load Balancer +Title: Find daily request count metrics of AWS EC2 ALB diff --git a/queries/aws_ec2_application_load_balancer_metric_request_count_daily_2.yaml b/queries/aws_ec2_application_load_balancer_metric_request_count_daily_2.yaml index 1cbf44d2a..ac63c32a4 100755 --- a/queries/aws_ec2_application_load_balancer_metric_request_count_daily_2.yaml +++ b/queries/aws_ec2_application_load_balancer_metric_request_count_daily_2.yaml @@ -1,34 +1,21 @@ +Description: Allows users to query daily request count metrics of the AWS EC2 Application + Load Balancer. ID: aws_ec2_application_load_balancer_metric_request_count_daily_2 -Title: "List all daily request count metrics for AWS EC2 Application Load Balancer" -Description: "Allows users to query daily request count metrics of the AWS EC2 Application Load Balancer." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - metric_name, - namespace, - maximum, - minimum, - average - sample_count, - timestamp - from - aws_ec2_application_load_balancer_metric_request_count_daily - where - average < 100 - order by - name, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n metric_name,\n namespace,\n maximum,\n minimum,\n\ + \ average\n sample_count,\n timestamp\nfrom\n aws_ec2_application_load_balancer_metric_request_count_daily\n\ + where\n average < 100\norder by\n name,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Application Load Balancer +Title: List all daily request count metrics for AWS EC2 Application Load Balancer diff --git a/queries/aws_ec2_autoscaling_group_1.yaml b/queries/aws_ec2_autoscaling_group_1.yaml index 5107cf597..7cd5f3296 100755 --- a/queries/aws_ec2_autoscaling_group_1.yaml +++ b/queries/aws_ec2_autoscaling_group_1.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS EC2 Auto Scaling Groups and access detailed + information about each group''s configuration, instances, policies, and more. ID: aws_ec2_autoscaling_group_1 -Title: "List all AWS EC2 Auto Scaling Groups with Details" -Description: "Allows users to query AWS EC2 Auto Scaling Groups and access detailed information about each group''s configuration, instances, policies, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - load_balancer_names, - availability_zones, - service_linked_role_arn, - default_cooldown, - max_size, - min_size, - new_instances_protected_from_scale_in - from - aws_ec2_autoscaling_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n load_balancer_names,\n availability_zones,\n\ + \ service_linked_role_arn,\n default_cooldown,\n max_size,\n min_size,\n \ + \ new_instances_protected_from_scale_in\nfrom\n aws_ec2_autoscaling_group;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Auto Scaling +Title: List all AWS EC2 Auto Scaling Groups with Details diff --git a/queries/aws_ec2_autoscaling_group_2.yaml b/queries/aws_ec2_autoscaling_group_2.yaml index 613d9485c..e32b7a7d9 100755 --- a/queries/aws_ec2_autoscaling_group_2.yaml +++ b/queries/aws_ec2_autoscaling_group_2.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS EC2 Auto Scaling Groups and access detailed + information about each group''s configuration, instances, policies, and more. ID: aws_ec2_autoscaling_group_2 -Title: "Find AWS EC2 Auto Scaling Groups with Less than 2 AZs" -Description: "Allows users to query AWS EC2 Auto Scaling Groups and access detailed information about each group''s configuration, instances, policies, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - jsonb_array_length(availability_zones) as az_count - from - aws_ec2_autoscaling_group - where - jsonb_array_length(availability_zones) < 2; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n jsonb_array_length(availability_zones) as az_count\n\ + from\n aws_ec2_autoscaling_group\nwhere\n jsonb_array_length(availability_zones)\ + \ < 2;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Auto Scaling +Title: Find AWS EC2 Auto Scaling Groups with Less than 2 AZs diff --git a/queries/aws_ec2_autoscaling_group_3.yaml b/queries/aws_ec2_autoscaling_group_3.yaml index 9ee5b77c9..5d0b7b514 100755 --- a/queries/aws_ec2_autoscaling_group_3.yaml +++ b/queries/aws_ec2_autoscaling_group_3.yaml @@ -1,33 +1,28 @@ +Description: Allows users to query AWS EC2 Auto Scaling Groups and access detailed + information about each group''s configuration, instances, policies, and more. ID: aws_ec2_autoscaling_group_3 -Title: "List all AWS EC2 Auto Scaling Groups and Details" -Description: "Allows users to query AWS EC2 Auto Scaling Groups and access detailed information about each group''s configuration, instances, policies, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name as autoscaling_group_name, - ins_detail ->> 'InstanceId' as instance_id, - ins_detail ->> 'InstanceType' as instance_type, - ins_detail ->> 'AvailabilityZone' as az, - ins_detail ->> 'HealthStatus' as health_status, - ins_detail ->> 'LaunchConfigurationName' as launch_configuration_name, - ins_detail -> 'LaunchTemplate' ->> 'LaunchTemplateName' as launch_template_name, - ins_detail -> 'LaunchTemplate' ->> 'Version' as launch_template_version, - ins_detail ->> 'ProtectedFromScaleIn' as protected_from_scale_in - from - aws_ec2_autoscaling_group, - jsonb_array_elements(instances) as ins_detail; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name as autoscaling_group_name,\n ins_detail ->> 'InstanceId'\ + \ as instance_id,\n ins_detail ->> 'InstanceType' as instance_type,\n ins_detail\ + \ ->> 'AvailabilityZone' as az,\n ins_detail ->> 'HealthStatus' as health_status,\n\ + \ ins_detail ->> 'LaunchConfigurationName' as launch_configuration_name,\n ins_detail\ + \ -> 'LaunchTemplate' ->> 'LaunchTemplateName' as launch_template_name,\n ins_detail\ + \ -> 'LaunchTemplate' ->> 'Version' as launch_template_version,\n ins_detail\ + \ ->> 'ProtectedFromScaleIn' as protected_from_scale_in\nfrom\n aws_ec2_autoscaling_group,\n\ + \ jsonb_array_elements(instances) as ins_detail;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Auto Scaling +Title: List all AWS EC2 Auto Scaling Groups and Details diff --git a/queries/aws_ec2_autoscaling_group_4.yaml b/queries/aws_ec2_autoscaling_group_4.yaml index 3f2315e8a..00d9ea4ea 100755 --- a/queries/aws_ec2_autoscaling_group_4.yaml +++ b/queries/aws_ec2_autoscaling_group_4.yaml @@ -1,24 +1,20 @@ +Description: Allows users to query AWS EC2 Auto Scaling Groups and access detailed + information about each group''s configuration, instances, policies, and more. ID: aws_ec2_autoscaling_group_4 -Title: "List AWS EC2 Auto Scaling Groups and Their Configurations" -Description: "Allows users to query AWS EC2 Auto Scaling Groups and access detailed information about each group''s configuration, instances, policies, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - health_check_type, - health_check_grace_period - from - aws_ec2_autoscaling_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n health_check_type,\n health_check_grace_period\n\ + from\n aws_ec2_autoscaling_group;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Auto Scaling +Title: List AWS EC2 Auto Scaling Groups and Their Configurations diff --git a/queries/aws_ec2_capacity_reservation_1.yaml b/queries/aws_ec2_capacity_reservation_1.yaml index 8ac69d474..1e0ccfb30 100755 --- a/queries/aws_ec2_capacity_reservation_1.yaml +++ b/queries/aws_ec2_capacity_reservation_1.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS EC2 Capacity Reservations to provide information + about the reservations within AWS Elastic Compute Cloud (EC2). ID: aws_ec2_capacity_reservation_1 -Title: "Find All AWS EC2 Capacity Reservations via SQL" -Description: "Allows users to query AWS EC2 Capacity Reservations to provide information about the reservations within AWS Elastic Compute Cloud (EC2)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - capacity_reservation_id, - capacity_reservation_arn, - instance_type, - state - from - aws_ec2_capacity_reservation; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n capacity_reservation_id,\n capacity_reservation_arn,\n\ + \ instance_type,\n state\nfrom\n aws_ec2_capacity_reservation;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Compute Cloud (EC2) +Title: Find All AWS EC2 Capacity Reservations via SQL diff --git a/queries/aws_ec2_capacity_reservation_2.yaml b/queries/aws_ec2_capacity_reservation_2.yaml index a49bdbe63..8ee00b107 100755 --- a/queries/aws_ec2_capacity_reservation_2.yaml +++ b/queries/aws_ec2_capacity_reservation_2.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS EC2 Capacity Reservations to provide information + about the reservations within AWS Elastic Compute Cloud (EC2). ID: aws_ec2_capacity_reservation_2 -Title: "Find AWS EC2 Capacity Reservations with SQL Query" -Description: "Allows users to query AWS EC2 Capacity Reservations to provide information about the reservations within AWS Elastic Compute Cloud (EC2)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - capacity_reservation_id, - capacity_reservation_arn, - instance_type, - state - from - aws_ec2_capacity_reservation - where - state = 'expired'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n capacity_reservation_id,\n capacity_reservation_arn,\n\ + \ instance_type,\n state\nfrom\n aws_ec2_capacity_reservation\nwhere\n state\ + \ = 'expired';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find AWS EC2 Capacity Reservations with SQL Query diff --git a/queries/aws_ec2_capacity_reservation_3.yaml b/queries/aws_ec2_capacity_reservation_3.yaml index b14c24f07..41b4e7438 100755 --- a/queries/aws_ec2_capacity_reservation_3.yaml +++ b/queries/aws_ec2_capacity_reservation_3.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS EC2 Capacity Reservations to provide information + about the reservations within AWS Elastic Compute Cloud (EC2). ID: aws_ec2_capacity_reservation_3 -Title: "List AWS EC2 Capacity Reservations Details" -Description: "Allows users to query AWS EC2 Capacity Reservations to provide information about the reservations within AWS Elastic Compute Cloud (EC2)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - capacity_reservation_id, - capacity_reservation_arn, - instance_type, - state - from - aws_ec2_capacity_reservation - where - capacity_reservation_id = 'cr-0b30935e9fc2da81e'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n capacity_reservation_id,\n capacity_reservation_arn,\n\ + \ instance_type,\n state\nfrom\n aws_ec2_capacity_reservation\nwhere\n capacity_reservation_id\ + \ = 'cr-0b30935e9fc2da81e';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Compute Cloud (EC2) +Title: List AWS EC2 Capacity Reservations Details diff --git a/queries/aws_ec2_classic_load_balancer_1.yaml b/queries/aws_ec2_classic_load_balancer_1.yaml index 2c1558cfb..61eefdd62 100755 --- a/queries/aws_ec2_classic_load_balancer_1.yaml +++ b/queries/aws_ec2_classic_load_balancer_1.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query Classic Load Balancers within Amazon EC2. ID: aws_ec2_classic_load_balancer_1 -Title: "List all AWS EC2 Classic Load Balancers with Instances" -Description: "Allows users to query Classic Load Balancers within Amazon EC2." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - instances - from - aws_ec2_classic_load_balancer; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n instances\nfrom\n aws_ec2_classic_load_balancer;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon EC2 +Title: List all AWS EC2 Classic Load Balancers with Instances diff --git a/queries/aws_ec2_classic_load_balancer_2.yaml b/queries/aws_ec2_classic_load_balancer_2.yaml index 6b0ed6b99..a184801f6 100755 --- a/queries/aws_ec2_classic_load_balancer_2.yaml +++ b/queries/aws_ec2_classic_load_balancer_2.yaml @@ -1,25 +1,19 @@ +Description: Allows users to query Classic Load Balancers within Amazon EC2. ID: aws_ec2_classic_load_balancer_2 -Title: "List all disabled access logs on EC2 Classic Load Balancers" -Description: "Allows users to query Classic Load Balancers within Amazon EC2." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - access_log_enabled - from - aws_ec2_classic_load_balancer - where - access_log_enabled = 'false'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n access_log_enabled\nfrom\n aws_ec2_classic_load_balancer\n\ + where\n access_log_enabled = 'false';" Tags: cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Classic Load Balancer +Title: List all disabled access logs on EC2 Classic Load Balancers diff --git a/queries/aws_ec2_classic_load_balancer_3.yaml b/queries/aws_ec2_classic_load_balancer_3.yaml index 637b9f9ca..6d5a91890 100755 --- a/queries/aws_ec2_classic_load_balancer_3.yaml +++ b/queries/aws_ec2_classic_load_balancer_3.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query Classic Load Balancers within Amazon EC2. ID: aws_ec2_classic_load_balancer_3 -Title: "List all Classic Load Balancers within Amazon EC2" -Description: "Allows users to query Classic Load Balancers within Amazon EC2." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - jsonb_array_elements_text(security_groups) as sg - from - aws_ec2_classic_load_balancer; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n jsonb_array_elements_text(security_groups) as\ + \ sg\nfrom\n aws_ec2_classic_load_balancer;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all Classic Load Balancers within Amazon EC2 diff --git a/queries/aws_ec2_classic_load_balancer_4.yaml b/queries/aws_ec2_classic_load_balancer_4.yaml index b09b60996..2cd92d369 100755 --- a/queries/aws_ec2_classic_load_balancer_4.yaml +++ b/queries/aws_ec2_classic_load_balancer_4.yaml @@ -1,29 +1,25 @@ +Description: Allows users to query Classic Load Balancers within Amazon EC2. ID: aws_ec2_classic_load_balancer_4 -Title: "Find all Load Balancers in AWS EC2 Classic" -Description: "Allows users to query Classic Load Balancers within Amazon EC2." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - listener_description -> 'Listener' ->> 'InstancePort' as instance_port, - listener_description -> 'Listener' ->> 'InstanceProtocol' as instance_protocol, - listener_description -> 'Listener' ->> 'LoadBalancerPort' as load_balancer_port, - listener_description -> 'Listener' ->> 'Protocol' as load_balancer_protocol, - listener_description -> 'SSLCertificateId' ->> 'SSLCertificateId' as ssl_certificate, - listener_description -> 'Listener' ->> 'PolicyNames' as policy_names - from - aws_ec2_classic_load_balancer - cross join jsonb_array_elements(listener_descriptions) as listener_description; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n listener_description -> 'Listener' ->> 'InstancePort'\ + \ as instance_port,\n listener_description -> 'Listener' ->> 'InstanceProtocol'\ + \ as instance_protocol,\n listener_description -> 'Listener' ->> 'LoadBalancerPort'\ + \ as load_balancer_port,\n listener_description -> 'Listener' ->> 'Protocol'\ + \ as load_balancer_protocol,\n listener_description -> 'SSLCertificateId' ->>\ + \ 'SSLCertificateId' as ssl_certificate,\n listener_description -> 'Listener'\ + \ ->> 'PolicyNames' as policy_names\nfrom\n aws_ec2_classic_load_balancer\n \ + \ cross join jsonb_array_elements(listener_descriptions) as listener_description;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find all Load Balancers in AWS EC2 Classic diff --git a/queries/aws_ec2_classic_load_balancer_5.yaml b/queries/aws_ec2_classic_load_balancer_5.yaml index 3fa54f1f8..4b56b8564 100755 --- a/queries/aws_ec2_classic_load_balancer_5.yaml +++ b/queries/aws_ec2_classic_load_balancer_5.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query Classic Load Balancers within Amazon EC2. ID: aws_ec2_classic_load_balancer_5 -Title: "List all EC2 Classic Load Balancers and Health Configs" -Description: "Allows users to query Classic Load Balancers within Amazon EC2." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - healthy_threshold, - health_check_interval, - health_check_target, - health_check_timeout, - unhealthy_threshold - from - aws_ec2_classic_load_balancer; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n healthy_threshold,\n health_check_interval,\n\ + \ health_check_target,\n health_check_timeout,\n unhealthy_threshold\nfrom\n\ + \ aws_ec2_classic_load_balancer;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all EC2 Classic Load Balancers and Health Configs diff --git a/queries/aws_ec2_client_vpn_endpoint_1.yaml b/queries/aws_ec2_client_vpn_endpoint_1.yaml index a5df7c4f6..5b5b45c1a 100755 --- a/queries/aws_ec2_client_vpn_endpoint_1.yaml +++ b/queries/aws_ec2_client_vpn_endpoint_1.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS EC2 Client VPN Endpoints to retrieve detailed + information about the configuration, status, and associated network details of each + endpoint. ID: aws_ec2_client_vpn_endpoint_1 -Title: "Find AWS EC2 Client VPN Endpoints Configuration and Status" -Description: "Allows users to query AWS EC2 Client VPN Endpoints to retrieve detailed information about the configuration, status, and associated network details of each endpoint." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - description, - status, - client_vpn_endpoint_id, - transport_protocol, - creation_time, - tags - from - aws_ec2_client_vpn_endpoint; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n description,\n status,\n client_vpn_endpoint_id,\n\ + \ transport_protocol,\n creation_time,\n tags\nfrom\n aws_ec2_client_vpn_endpoint;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Client VPN +Title: Find AWS EC2 Client VPN Endpoints Configuration and Status diff --git a/queries/aws_ec2_client_vpn_endpoint_2.yaml b/queries/aws_ec2_client_vpn_endpoint_2.yaml index 15f86aa08..da9a2f689 100755 --- a/queries/aws_ec2_client_vpn_endpoint_2.yaml +++ b/queries/aws_ec2_client_vpn_endpoint_2.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS EC2 Client VPN Endpoints to retrieve detailed + information about the configuration, status, and associated network details of each + endpoint. ID: aws_ec2_client_vpn_endpoint_2 -Title: "Find AWS EC2 Client VPN Endpoint Network Details" -Description: "Allows users to query AWS EC2 Client VPN Endpoints to retrieve detailed information about the configuration, status, and associated network details of each endpoint." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - status, - client_vpn_endpoint_id, - transport_protocol, - tags - from - aws_ec2_client_vpn_endpoint - where - status ->> 'Code' <> 'available'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n status,\n client_vpn_endpoint_id,\n transport_protocol,\n\ + \ tags\nfrom\n aws_ec2_client_vpn_endpoint\nwhere\n status ->> 'Code' <> 'available';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Client VPN +Title: Find AWS EC2 Client VPN Endpoint Network Details diff --git a/queries/aws_ec2_client_vpn_endpoint_3.yaml b/queries/aws_ec2_client_vpn_endpoint_3.yaml index 8e12d0003..79c425a98 100755 --- a/queries/aws_ec2_client_vpn_endpoint_3.yaml +++ b/queries/aws_ec2_client_vpn_endpoint_3.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS EC2 Client VPN Endpoints to retrieve detailed + information about the configuration, status, and associated network details of each + endpoint. ID: aws_ec2_client_vpn_endpoint_3 -Title: "List all AWS EC2 Client VPN Endpoint Details" -Description: "Allows users to query AWS EC2 Client VPN Endpoints to retrieve detailed information about the configuration, status, and associated network details of each endpoint." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - status ->> 'Code' as status, - client_vpn_endpoint_id, - transport_protocol, - tags - from - aws_ec2_client_vpn_endpoint - where - creation_time >= now() - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n status ->> 'Code' as status,\n client_vpn_endpoint_id,\n\ + \ transport_protocol,\n tags\nfrom\n aws_ec2_client_vpn_endpoint\nwhere\n \ + \ creation_time >= now() - interval '30' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Client VPN +Title: List all AWS EC2 Client VPN Endpoint Details diff --git a/queries/aws_ec2_client_vpn_endpoint_4.yaml b/queries/aws_ec2_client_vpn_endpoint_4.yaml index cfe588c8c..137fa4207 100755 --- a/queries/aws_ec2_client_vpn_endpoint_4.yaml +++ b/queries/aws_ec2_client_vpn_endpoint_4.yaml @@ -1,34 +1,25 @@ +Description: Allows users to query AWS EC2 Client VPN Endpoints to retrieve detailed + information about the configuration, status, and associated network details of each + endpoint. ID: aws_ec2_client_vpn_endpoint_4 -Title: "Find Configuration and Status of AWS EC2 Client VPN Endpoints" -Description: "Allows users to query AWS EC2 Client VPN Endpoints to retrieve detailed information about the configuration, status, and associated network details of each endpoint." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - status ->> 'Code' as status, - client_vpn_endpoint_id, - security_group_ids, - vpc_id, - vpn_port, - vpn_protocol, - transport_protocol, - tags - from - aws_ec2_client_vpn_endpoint - where - creation_time >= now() - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n status ->> 'Code' as status,\n client_vpn_endpoint_id,\n\ + \ security_group_ids,\n vpc_id,\n vpn_port,\n vpn_protocol,\n transport_protocol,\n\ + \ tags\nfrom\n aws_ec2_client_vpn_endpoint\nwhere\n creation_time >= now()\ + \ - interval '30' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Client VPN +Title: Find Configuration and Status of AWS EC2 Client VPN Endpoints diff --git a/queries/aws_ec2_client_vpn_endpoint_5.yaml b/queries/aws_ec2_client_vpn_endpoint_5.yaml index 6c562b40f..9d4a25ce8 100755 --- a/queries/aws_ec2_client_vpn_endpoint_5.yaml +++ b/queries/aws_ec2_client_vpn_endpoint_5.yaml @@ -1,32 +1,24 @@ +Description: Allows users to query AWS EC2 Client VPN Endpoints to retrieve detailed + information about the configuration, status, and associated network details of each + endpoint. ID: aws_ec2_client_vpn_endpoint_5 -Title: "Find AWS EC2 Client VPN Endpoints Configuration Details" -Description: "Allows users to query AWS EC2 Client VPN Endpoints to retrieve detailed information about the configuration, status, and associated network details of each endpoint." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - status ->> 'Code' as status, - client_vpn_endpoint_id, - security_group_ids, - vpc_id, - vpn_port, - vpn_protocol, - transport_protocol, - tags - from - aws_ec2_client_vpn_endpoint; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n status ->> 'Code' as status,\n client_vpn_endpoint_id,\n\ + \ security_group_ids,\n vpc_id,\n vpn_port,\n vpn_protocol,\n transport_protocol,\n\ + \ tags\nfrom\n aws_ec2_client_vpn_endpoint;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find AWS EC2 Client VPN Endpoints Configuration Details diff --git a/queries/aws_ec2_client_vpn_endpoint_6.yaml b/queries/aws_ec2_client_vpn_endpoint_6.yaml index 3914353a5..ea3781c55 100755 --- a/queries/aws_ec2_client_vpn_endpoint_6.yaml +++ b/queries/aws_ec2_client_vpn_endpoint_6.yaml @@ -1,30 +1,26 @@ +Description: Allows users to query AWS EC2 Client VPN Endpoints to retrieve detailed + information about the configuration, status, and associated network details of each + endpoint. ID: aws_ec2_client_vpn_endpoint_6 -Title: "List all AWS EC2 Client VPN Endpoints with Details" -Description: "Allows users to query AWS EC2 Client VPN Endpoints to retrieve detailed information about the configuration, status, and associated network details of each endpoint." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - status ->> 'Code' as status, - client_vpn_endpoint_id, - connection_log_options ->> 'Enabled' as connection_log_options_enabled, - connection_log_options ->> 'CloudwatchLogGroup' as connection_log_options_cloudwatch_log_group, - connection_log_options ->> 'CloudwatchLogStream' as connection_log_options_cloudwatch_log_stream, - tags - from - aws_ec2_client_vpn_endpoint; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n status ->> 'Code' as status,\n client_vpn_endpoint_id,\n\ + \ connection_log_options ->> 'Enabled' as connection_log_options_enabled,\n \ + \ connection_log_options ->> 'CloudwatchLogGroup' as connection_log_options_cloudwatch_log_group,\n\ + \ connection_log_options ->> 'CloudwatchLogStream' as connection_log_options_cloudwatch_log_stream,\n\ + \ tags\nfrom\n aws_ec2_client_vpn_endpoint;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Client VPN +Title: List all AWS EC2 Client VPN Endpoints with Details diff --git a/queries/aws_ec2_client_vpn_endpoint_7.yaml b/queries/aws_ec2_client_vpn_endpoint_7.yaml index 4b831848f..c7d62064d 100755 --- a/queries/aws_ec2_client_vpn_endpoint_7.yaml +++ b/queries/aws_ec2_client_vpn_endpoint_7.yaml @@ -1,31 +1,26 @@ +Description: Allows users to query AWS EC2 Client VPN Endpoints to retrieve detailed + information about the configuration, status, and associated network details of each + endpoint. ID: aws_ec2_client_vpn_endpoint_7 -Title: "List all Configuration and Status of EC2 Client VPN Endpoints" -Description: "Allows users to query AWS EC2 Client VPN Endpoints to retrieve detailed information about the configuration, status, and associated network details of each endpoint." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - status ->> 'Code' as status, - client_vpn_endpoint_id, - autentication ->> 'Type' as authentication_options_type, - autentication -> 'MutualAuthentication' ->> 'ClientRootCertificateChain' as authentication_client_root_certificate_chain, - authentication_options, - tags - from - aws_ec2_client_vpn_endpoint, - jsonb_array_elements(authentication_options) as autentication; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n status ->> 'Code' as status,\n client_vpn_endpoint_id,\n\ + \ autentication ->> 'Type' as authentication_options_type,\n autentication ->\ + \ 'MutualAuthentication' ->> 'ClientRootCertificateChain' as authentication_client_root_certificate_chain,\n\ + \ authentication_options,\n tags\nfrom\n aws_ec2_client_vpn_endpoint,\n jsonb_array_elements(authentication_options)\ + \ as autentication;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all Configuration and Status of EC2 Client VPN Endpoints diff --git a/queries/aws_ec2_gateway_load_balancer_1.yaml b/queries/aws_ec2_gateway_load_balancer_1.yaml index 4c5e9eac5..93a316037 100755 --- a/queries/aws_ec2_gateway_load_balancer_1.yaml +++ b/queries/aws_ec2_gateway_load_balancer_1.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS EC2 Gateway Load Balancer details, including + its configuration, state, type, and associated tags. ID: aws_ec2_gateway_load_balancer_1 -Title: "Find AWS EC2 Gateway Load Balancer details, config & state" -Description: "Allows users to query AWS EC2 Gateway Load Balancer details, including its configuration, state, type, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - type, - state_code, - vpc_id, - availability_zones - from - aws_ec2_gateway_load_balancer; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n type,\n state_code,\n vpc_id,\n availability_zones\n\ + from\n aws_ec2_gateway_load_balancer;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Gateway Load Balancer +Title: Find AWS EC2 Gateway Load Balancer details, config & state diff --git a/queries/aws_ec2_gateway_load_balancer_2.yaml b/queries/aws_ec2_gateway_load_balancer_2.yaml index cfab0f9a5..a1556bec3 100755 --- a/queries/aws_ec2_gateway_load_balancer_2.yaml +++ b/queries/aws_ec2_gateway_load_balancer_2.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS EC2 Gateway Load Balancer details, including + its configuration, state, type, and associated tags. ID: aws_ec2_gateway_load_balancer_2 -Title: "List all AWS EC2 Gateway Load Balancer Details" -Description: "Allows users to query AWS EC2 Gateway Load Balancer details, including its configuration, state, type, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - az ->> 'LoadBalancerAddresses' as load_balancer_addresses, - az ->> 'OutpostId' as outpost_id, - az ->> 'SubnetId' as subnet_id, - az ->> 'ZoneName' as zone_name - from - aws_ec2_gateway_load_balancer, - jsonb_array_elements(availability_zones) as az; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n az ->> 'LoadBalancerAddresses' as load_balancer_addresses,\n\ + \ az ->> 'OutpostId' as outpost_id,\n az ->> 'SubnetId' as subnet_id,\n az\ + \ ->> 'ZoneName' as zone_name\nfrom\n aws_ec2_gateway_load_balancer,\n jsonb_array_elements(availability_zones)\ + \ as az;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Gateway Load Balancer +Title: List all AWS EC2 Gateway Load Balancer Details diff --git a/queries/aws_ec2_gateway_load_balancer_3.yaml b/queries/aws_ec2_gateway_load_balancer_3.yaml index 4ebce86af..5d872546e 100755 --- a/queries/aws_ec2_gateway_load_balancer_3.yaml +++ b/queries/aws_ec2_gateway_load_balancer_3.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS EC2 Gateway Load Balancer details, including + its configuration, state, type, and associated tags. ID: aws_ec2_gateway_load_balancer_3 -Title: "Find AWS EC2 Gateway Load Balancer Details and Configuration" -Description: "Allows users to query AWS EC2 Gateway Load Balancer details, including its configuration, state, type, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - count(az ->> 'ZoneName') as zone_count - from - aws_ec2_gateway_load_balancer, - jsonb_array_elements(availability_zones) as az - group by - name - having - count(az ->> 'ZoneName') < 2; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n count(az ->> 'ZoneName') as zone_count\nfrom\n\ + \ aws_ec2_gateway_load_balancer,\n jsonb_array_elements(availability_zones)\ + \ as az\ngroup by\n name\nhaving\n count(az ->> 'ZoneName') < 2;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Gateway Load Balancer +Title: Find AWS EC2 Gateway Load Balancer Details and Configuration diff --git a/queries/aws_ec2_gateway_load_balancer_4.yaml b/queries/aws_ec2_gateway_load_balancer_4.yaml index 98eb7baec..294740618 100755 --- a/queries/aws_ec2_gateway_load_balancer_4.yaml +++ b/queries/aws_ec2_gateway_load_balancer_4.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS EC2 Gateway Load Balancer details, including + its configuration, state, type, and associated tags. ID: aws_ec2_gateway_load_balancer_4 -Title: "Find AWS EC2 Gateway Load Balancer with deletion protection" -Description: "Allows users to query AWS EC2 Gateway Load Balancer details, including its configuration, state, type, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - lb ->> 'Key' as deletion_protection_key, - lb ->> 'Value' as deletion_protection_value - from - aws_ec2_gateway_load_balancer, - jsonb_array_elements(load_balancer_attributes) as lb - where - lb ->> 'Key' = 'deletion_protection.enabled' - and lb ->> 'Value' = 'false'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n lb ->> 'Key' as deletion_protection_key,\n \ + \ lb ->> 'Value' as deletion_protection_value\nfrom\n aws_ec2_gateway_load_balancer,\n\ + \ jsonb_array_elements(load_balancer_attributes) as lb\nwhere\n lb ->> 'Key'\ + \ = 'deletion_protection.enabled'\n and lb ->> 'Value' = 'false';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Gateway Load Balancer +Title: Find AWS EC2 Gateway Load Balancer with deletion protection diff --git a/queries/aws_ec2_gateway_load_balancer_5.yaml b/queries/aws_ec2_gateway_load_balancer_5.yaml index 8bdc8083e..58a0cb9eb 100755 --- a/queries/aws_ec2_gateway_load_balancer_5.yaml +++ b/queries/aws_ec2_gateway_load_balancer_5.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS EC2 Gateway Load Balancer details, including + its configuration, state, type, and associated tags. ID: aws_ec2_gateway_load_balancer_5 -Title: "Find AWS EC2 Gateway Load Balancer Configuration Details" -Description: "Allows users to query AWS EC2 Gateway Load Balancer details, including its configuration, state, type, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - lb ->> 'Key' as load_balancing_cross_zone_key, - lb ->> 'Value' as load_balancing_cross_zone_value - from - aws_ec2_gateway_load_balancer, - jsonb_array_elements(load_balancer_attributes) as lb - where - lb ->> 'Key' = 'load_balancing.cross_zone.enabled' - and lb ->> 'Value' = 'true'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n lb ->> 'Key' as load_balancing_cross_zone_key,\n\ + \ lb ->> 'Value' as load_balancing_cross_zone_value\nfrom\n aws_ec2_gateway_load_balancer,\n\ + \ jsonb_array_elements(load_balancer_attributes) as lb\nwhere\n lb ->> 'Key'\ + \ = 'load_balancing.cross_zone.enabled'\n and lb ->> 'Value' = 'true';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Gateway Load Balancer +Title: Find AWS EC2 Gateway Load Balancer Configuration Details diff --git a/queries/aws_ec2_gateway_load_balancer_6.yaml b/queries/aws_ec2_gateway_load_balancer_6.yaml index 83aff26ae..ac52f6e46 100755 --- a/queries/aws_ec2_gateway_load_balancer_6.yaml +++ b/queries/aws_ec2_gateway_load_balancer_6.yaml @@ -1,25 +1,22 @@ +Description: Allows users to query AWS EC2 Gateway Load Balancer details, including + its configuration, state, type, and associated tags. ID: aws_ec2_gateway_load_balancer_6 -Title: "Find AWS EC2 Gateway Load Balancer Details" -Description: "Allows users to query AWS EC2 Gateway Load Balancer details, including its configuration, state, type, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - jsonb_array_elements_text(security_groups) as attached_security_group - from - aws_ec2_gateway_load_balancer; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n jsonb_array_elements_text(security_groups) as\ + \ attached_security_group\nfrom\n aws_ec2_gateway_load_balancer;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Gateway Load Balancer +Title: Find AWS EC2 Gateway Load Balancer Details diff --git a/queries/aws_ec2_gateway_load_balancer_7.yaml b/queries/aws_ec2_gateway_load_balancer_7.yaml index 6170b9451..7b4db7f4e 100755 --- a/queries/aws_ec2_gateway_load_balancer_7.yaml +++ b/queries/aws_ec2_gateway_load_balancer_7.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS EC2 Gateway Load Balancer details, including + its configuration, state, type, and associated tags. ID: aws_ec2_gateway_load_balancer_7 -Title: "Find AWS EC2 Gateway Load Balancer details, state, type" -Description: "Allows users to query AWS EC2 Gateway Load Balancer details, including its configuration, state, type, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - state_code - from - aws_ec2_gateway_load_balancer - where - state_code <> 'active'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n state_code\nfrom\n aws_ec2_gateway_load_balancer\n\ + where\n state_code <> 'active';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Gateway Load Balancer +Title: Find AWS EC2 Gateway Load Balancer details, state, type diff --git a/queries/aws_ec2_instance_1.yaml b/queries/aws_ec2_instance_1.yaml index 534d71cbc..d56c0fdf2 100755 --- a/queries/aws_ec2_instance_1.yaml +++ b/queries/aws_ec2_instance_1.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS EC2 Instances for comprehensive data on each + instance, including instance type, state, tags, and more. ID: aws_ec2_instance_1 -Title: "List all AWS EC2 Instances with Type and State Info" -Description: "Allows users to query AWS EC2 Instances for comprehensive data on each instance, including instance type, state, tags, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - placement_availability_zone as az, - instance_type, - count(*) - from - aws_ec2_instance - group by - placement_availability_zone, - instance_type; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n placement_availability_zone as az,\n instance_type,\n\ + \ count(*)\nfrom\n aws_ec2_instance\ngroup by\n placement_availability_zone,\n\ + \ instance_type;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Instances with Type and State Info diff --git a/queries/aws_ec2_instance_10.yaml b/queries/aws_ec2_instance_10.yaml index 2e702684b..60f9dc9b2 100755 --- a/queries/aws_ec2_instance_10.yaml +++ b/queries/aws_ec2_instance_10.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS EC2 Instances for comprehensive data on each + instance, including instance type, state, tags, and more. ID: aws_ec2_instance_10 -Title: "Find all AWS EC2 Instances with API Termination Enabled" -Description: "Allows users to query AWS EC2 Instances for comprehensive data on each instance, including instance type, state, tags, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - disable_api_termination - from - aws_ec2_instance - where - not disable_api_termination; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n disable_api_termination\nfrom\n aws_ec2_instance\n\ + where\n not disable_api_termination;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find all AWS EC2 Instances with API Termination Enabled diff --git a/queries/aws_ec2_instance_11.yaml b/queries/aws_ec2_instance_11.yaml index 88ef49825..394f26077 100755 --- a/queries/aws_ec2_instance_11.yaml +++ b/queries/aws_ec2_instance_11.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS EC2 Instances for comprehensive data on each + instance, including instance type, state, tags, and more. ID: aws_ec2_instance_11 -Title: "List all AWS EC2 Instances with Group Details" -Description: "Allows users to query AWS EC2 Instances for comprehensive data on each instance, including instance type, state, tags, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - sg ->> 'GroupId' as group_id, - sg ->> 'GroupName' as group_name - from - aws_ec2_instance - cross join jsonb_array_elements(security_groups) as sg - where - sg ->> 'GroupName' = 'default'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n sg ->> 'GroupId' as group_id,\n sg ->>\ + \ 'GroupName' as group_name\nfrom\n aws_ec2_instance\n cross join jsonb_array_elements(security_groups)\ + \ as sg\nwhere\n sg ->> 'GroupName' = 'default';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Instances with Group Details diff --git a/queries/aws_ec2_instance_12.yaml b/queries/aws_ec2_instance_12.yaml index c45d77872..fc67bd842 100755 --- a/queries/aws_ec2_instance_12.yaml +++ b/queries/aws_ec2_instance_12.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS EC2 Instances for comprehensive data on each + instance, including instance type, state, tags, and more. ID: aws_ec2_instance_12 -Title: "List all AWS EC2 Instances and Volume Encryption Status" -Description: "Allows users to query AWS EC2 Instances for comprehensive data on each instance, including instance type, state, tags, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - i.instance_id, - vols -> 'Ebs' ->> 'VolumeId' as vol_id, - vol.encrypted - from - aws_ec2_instance as i - cross join jsonb_array_elements(block_device_mappings) as vols - join aws_ebs_volume as vol on vol.volume_id = vols -> 'Ebs' ->> 'VolumeId' - where - not vol.encrypted; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n i.instance_id,\n vols -> 'Ebs' ->> 'VolumeId' as vol_id,\n\ + \ vol.encrypted\nfrom\n aws_ec2_instance as i\n cross join jsonb_array_elements(block_device_mappings)\ + \ as vols\n join aws_ebs_volume as vol on vol.volume_id = vols -> 'Ebs' ->> 'VolumeId'\n\ + where\n not vol.encrypted;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Instances and Volume Encryption Status diff --git a/queries/aws_ec2_instance_13.yaml b/queries/aws_ec2_instance_13.yaml index 0bd7fa2c7..1d7f9001b 100755 --- a/queries/aws_ec2_instance_13.yaml +++ b/queries/aws_ec2_instance_13.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS EC2 Instances for comprehensive data on each + instance, including instance type, state, tags, and more. ID: aws_ec2_instance_13 -Title: "Find EC2 Instances with Sensitive Data in User Data" -Description: "Allows users to query AWS EC2 Instances for comprehensive data on each instance, including instance type, state, tags, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - user_data - from - aws_ec2_instance - where - user_data like any (array ['%pass%', '%secret%','%token%','%key%']) - or user_data ~ '(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n user_data\nfrom\n aws_ec2_instance\n\ + where\n user_data like any (array ['%pass%', '%secret%','%token%','%key%'])\n\ + \ or user_data ~ '(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*[@$!%*?&])[A-Za-z\\d@$!%*?&]';" Tags: cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find EC2 Instances with Sensitive Data in User Data diff --git a/queries/aws_ec2_instance_14.yaml b/queries/aws_ec2_instance_14.yaml index e3ce339b0..2575ab6d1 100755 --- a/queries/aws_ec2_instance_14.yaml +++ b/queries/aws_ec2_instance_14.yaml @@ -1,31 +1,27 @@ +Description: Allows users to query AWS EC2 Instances for comprehensive data on each + instance, including instance type, state, tags, and more. ID: aws_ec2_instance_14 -Title: "List All AWS EC2 Instances with Detailed Information" -Description: "Allows users to query AWS EC2 Instances for comprehensive data on each instance, including instance type, state, tags, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - launch_template_data -> 'ImageId' as image_id, - launch_template_data -> 'Placement' as placement, - launch_template_data -> 'DisableApiStop' as disable_api_stop, - launch_template_data -> 'MetadataOptions' as metadata_options, - launch_template_data -> 'NetworkInterfaces' as network_interfaces, - launch_template_data -> 'BlockDeviceMappings' as block_device_mappings, - launch_template_data -> 'CapacityReservationSpecification' as capacity_reservation_specification - from - aws_ec2_instance; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n launch_template_data -> 'ImageId' as\ + \ image_id,\n launch_template_data -> 'Placement' as placement,\n launch_template_data\ + \ -> 'DisableApiStop' as disable_api_stop,\n launch_template_data -> 'MetadataOptions'\ + \ as metadata_options,\n launch_template_data -> 'NetworkInterfaces' as network_interfaces,\n\ + \ launch_template_data -> 'BlockDeviceMappings' as block_device_mappings,\n \ + \ launch_template_data -> 'CapacityReservationSpecification' as capacity_reservation_specification\n\ + from\n aws_ec2_instance;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List All AWS EC2 Instances with Detailed Information diff --git a/queries/aws_ec2_instance_15.yaml b/queries/aws_ec2_instance_15.yaml index 23c1b53d1..ac8c143e7 100755 --- a/queries/aws_ec2_instance_15.yaml +++ b/queries/aws_ec2_instance_15.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS EC2 Instances for comprehensive data on each + instance, including instance type, state, tags, and more. ID: aws_ec2_instance_15 -Title: "List all AWS EC2 Instances with Comprehensive Data" -Description: "Allows users to query AWS EC2 Instances for comprehensive data on each instance, including instance type, state, tags, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - i.instance_id, - i.vpc_id, - i.subnet_id, - s.tags ->> 'Name' as subnet_name - from - aws_ec2_instance as i, - aws_vpc_subnet as s - where - i.subnet_id = s.subnet_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n i.instance_id, \n i.vpc_id, \n i.subnet_id, \n s.tags\ + \ ->> 'Name' as subnet_name\nfrom \n aws_ec2_instance as i, \n aws_vpc_subnet\ + \ as s \nwhere \n i.subnet_id = s.subnet_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Instances with Comprehensive Data diff --git a/queries/aws_ec2_instance_2.yaml b/queries/aws_ec2_instance_2.yaml index aa9c8aa82..95c2e8613 100755 --- a/queries/aws_ec2_instance_2.yaml +++ b/queries/aws_ec2_instance_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS EC2 Instances for comprehensive data on each + instance, including instance type, state, tags, and more. ID: aws_ec2_instance_2 -Title: "List all AWS EC2 Instances and Their States" -Description: "Allows users to query AWS EC2 Instances for comprehensive data on each instance, including instance type, state, tags, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - monitoring_state - from - aws_ec2_instance - where - monitoring_state = 'disabled'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n monitoring_state\nfrom\n aws_ec2_instance\n\ + where\n monitoring_state = 'disabled';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Instances and Their States diff --git a/queries/aws_ec2_instance_3.yaml b/queries/aws_ec2_instance_3.yaml index 70e5b2b78..eae63842f 100755 --- a/queries/aws_ec2_instance_3.yaml +++ b/queries/aws_ec2_instance_3.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS EC2 Instances for comprehensive data on each + instance, including instance type, state, tags, and more. ID: aws_ec2_instance_3 -Title: "List all AWS EC2 Instances with Types and Counts" -Description: "Allows users to query AWS EC2 Instances for comprehensive data on each instance, including instance type, state, tags, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_type, - count(instance_type) as count - from - aws_ec2_instance - group by - instance_type; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_type,\n count(instance_type) as count\nfrom\n\ + \ aws_ec2_instance\ngroup by\n instance_type;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Instances with Types and Counts diff --git a/queries/aws_ec2_instance_4.yaml b/queries/aws_ec2_instance_4.yaml index 4bd06b933..75d707131 100755 --- a/queries/aws_ec2_instance_4.yaml +++ b/queries/aws_ec2_instance_4.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS EC2 Instances for comprehensive data on each + instance, including instance type, state, tags, and more. ID: aws_ec2_instance_4 -Title: "Find AWS EC2 Instances Stopped Over 30 days Ago" -Description: "Allows users to query AWS EC2 Instances for comprehensive data on each instance, including instance type, state, tags, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - instance_state, - launch_time, - state_transition_time - from - aws_ec2_instance - where - instance_state = 'stopped' - and state_transition_time <= (current_date - interval '30' day); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n instance_state,\n launch_time,\n state_transition_time\n\ + from\n aws_ec2_instance\nwhere\n instance_state = 'stopped'\n and state_transition_time\ + \ <= (current_date - interval '30' day);" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find AWS EC2 Instances Stopped Over 30 days Ago diff --git a/queries/aws_ec2_instance_5.yaml b/queries/aws_ec2_instance_5.yaml index b5398f1ba..fcf82bc05 100755 --- a/queries/aws_ec2_instance_5.yaml +++ b/queries/aws_ec2_instance_5.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS EC2 Instances for comprehensive data on each + instance, including instance type, state, tags, and more. ID: aws_ec2_instance_5 -Title: "List all AWS EC2 Instances with Comprehensive Data" -Description: "Allows users to query AWS EC2 Instances for comprehensive data on each instance, including instance type, state, tags, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - tags - from - aws_ec2_instance - where - not tags :: JSONB ? 'application'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n tags\nfrom\n aws_ec2_instance\nwhere\n\ + \ not tags :: JSONB ? 'application';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Instances with Comprehensive Data diff --git a/queries/aws_ec2_instance_6.yaml b/queries/aws_ec2_instance_6.yaml index 1a763a3c5..ce85f7253 100755 --- a/queries/aws_ec2_instance_6.yaml +++ b/queries/aws_ec2_instance_6.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS EC2 Instances for comprehensive data on each + instance, including instance type, state, tags, and more. ID: aws_ec2_instance_6 -Title: "Find all EC2 Instances with Detailed Information" -Description: "Allows users to query AWS EC2 Instances for comprehensive data on each instance, including instance type, state, tags, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - instance_state, - launch_time, - maintenance_options ->> 'AutoRecovery' as auto_recovery - from - aws_ec2_instance; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n instance_state,\n launch_time,\n maintenance_options\ + \ ->> 'AutoRecovery' as auto_recovery\nfrom\n aws_ec2_instance;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find all EC2 Instances with Detailed Information diff --git a/queries/aws_ec2_instance_7.yaml b/queries/aws_ec2_instance_7.yaml index da8a12962..196bf3a46 100755 --- a/queries/aws_ec2_instance_7.yaml +++ b/queries/aws_ec2_instance_7.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS EC2 Instances for comprehensive data on each + instance, including instance type, state, tags, and more. ID: aws_ec2_instance_7 -Title: "List all AWS EC2 instances including detailed data" -Description: "Allows users to query AWS EC2 Instances for comprehensive data on each instance, including instance type, state, tags, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - instance_type, - instance_state, - l ->> 'LicenseConfigurationArn' as license_configuration_arn - from - aws_ec2_instance, - jsonb_array_elements(licenses) as l; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n instance_type,\n instance_state,\n \ + \ l ->> 'LicenseConfigurationArn' as license_configuration_arn\nfrom\n aws_ec2_instance,\n\ + \ jsonb_array_elements(licenses) as l;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 instances including detailed data diff --git a/queries/aws_ec2_instance_8.yaml b/queries/aws_ec2_instance_8.yaml index 87a61a8fe..85e2206e7 100755 --- a/queries/aws_ec2_instance_8.yaml +++ b/queries/aws_ec2_instance_8.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query AWS EC2 Instances for comprehensive data on each + instance, including instance type, state, tags, and more. ID: aws_ec2_instance_8 -Title: "List all AWS EC2 Instances with Detailed Attributes" -Description: "Allows users to query AWS EC2 Instances for comprehensive data on each instance, including instance type, state, tags, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - instance_state, - placement_affinity, - placement_group_id, - placement_group_name, - placement_availability_zone, - placement_host_id, - placement_host_resource_group_arn, - placement_partition_number, - placement_tenancy - from - aws_ec2_instance; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n instance_state,\n placement_affinity,\n\ + \ placement_group_id,\n placement_group_name,\n placement_availability_zone,\n\ + \ placement_host_id,\n placement_host_resource_group_arn,\n placement_partition_number,\n\ + \ placement_tenancy\nfrom\n aws_ec2_instance;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Instances with Detailed Attributes diff --git a/queries/aws_ec2_instance_9.yaml b/queries/aws_ec2_instance_9.yaml index 704225a7b..85b7d8d2b 100755 --- a/queries/aws_ec2_instance_9.yaml +++ b/queries/aws_ec2_instance_9.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS EC2 Instances for comprehensive data on each + instance, including instance type, state, tags, and more. ID: aws_ec2_instance_9 -Title: "List all AWS EC2 Instances with Instance Type Count" -Description: "Allows users to query AWS EC2 Instances for comprehensive data on each instance, including instance type, state, tags, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_type, - count(*) as count - from - aws_ec2_instance - where - instance_type not in ('t2.large', 'm3.medium') - group by - instance_type; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_type,\n count(*) as count\nfrom\n aws_ec2_instance\n\ + where\n instance_type not in ('t2.large', 'm3.medium')\ngroup by\n instance_type;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Instances with Instance Type Count diff --git a/queries/aws_ec2_instance_availability_1.yaml b/queries/aws_ec2_instance_availability_1.yaml index 8a27be0cd..8bd13f268 100755 --- a/queries/aws_ec2_instance_availability_1.yaml +++ b/queries/aws_ec2_instance_availability_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS EC2 Instance Availability and retrieve detailed + information about the availability of EC2 instances in each AWS region. ID: aws_ec2_instance_availability_1 -Title: "List all AWS EC2 Instance Availability by Region" -Description: "Allows users to query AWS EC2 Instance Availability and retrieve detailed information about the availability of EC2 instances in each AWS region." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_type, - location - from - aws_ec2_instance_availability - where - location = 'us-east-1'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_type,\n location\nfrom\n aws_ec2_instance_availability\n\ + where\n location = 'us-east-1';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Instance Availability by Region diff --git a/queries/aws_ec2_instance_availability_2.yaml b/queries/aws_ec2_instance_availability_2.yaml index afe649d4a..5943fa46b 100755 --- a/queries/aws_ec2_instance_availability_2.yaml +++ b/queries/aws_ec2_instance_availability_2.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS EC2 Instance Availability and retrieve detailed + information about the availability of EC2 instances in each AWS region. ID: aws_ec2_instance_availability_2 -Title: "List all AWS EC2 Instance Availability by Region" -Description: "Allows users to query AWS EC2 Instance Availability and retrieve detailed information about the availability of EC2 instances in each AWS region." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_type, - location - from - aws_ec2_instance_availability - where - location = 'af-south' - and instance_type = 'r5.12xlarge'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_type,\n location\nfrom\n aws_ec2_instance_availability\n\ + where\n location = 'af-south'\n and instance_type = 'r5.12xlarge';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS EC2 +Title: List all AWS EC2 Instance Availability by Region diff --git a/queries/aws_ec2_instance_metric_cpu_utilization_1.yaml b/queries/aws_ec2_instance_metric_cpu_utilization_1.yaml index ea75cfef7..03c569fd1 100755 --- a/queries/aws_ec2_instance_metric_cpu_utilization_1.yaml +++ b/queries/aws_ec2_instance_metric_cpu_utilization_1.yaml @@ -1,30 +1,20 @@ +Description: Allows users to query EC2 Instance CPU Utilization metrics from AWS CloudWatch. ID: aws_ec2_instance_metric_cpu_utilization_1 -Title: "Find AWS EC2 Instance CPU Utilization Metrics" -Description: "Allows users to query EC2 Instance CPU Utilization metrics from AWS CloudWatch." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - timestamp, - minimum, - maximum, - average, - sample_count - from - aws_ec2_instance_metric_cpu_utilization - order by - instance_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n timestamp,\n minimum,\n maximum,\n\ + \ average,\n sample_count\nfrom\n aws_ec2_instance_metric_cpu_utilization\n\ + order by\n instance_id,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find AWS EC2 Instance CPU Utilization Metrics diff --git a/queries/aws_ec2_instance_metric_cpu_utilization_2.yaml b/queries/aws_ec2_instance_metric_cpu_utilization_2.yaml index 79f138c97..3976a7a97 100755 --- a/queries/aws_ec2_instance_metric_cpu_utilization_2.yaml +++ b/queries/aws_ec2_instance_metric_cpu_utilization_2.yaml @@ -1,31 +1,21 @@ +Description: Allows users to query EC2 Instance CPU Utilization metrics from AWS CloudWatch. ID: aws_ec2_instance_metric_cpu_utilization_2 -Title: "Find AWS EC2 Instances with High CPU Utilization" -Description: "Allows users to query EC2 Instance CPU Utilization metrics from AWS CloudWatch." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - timestamp, - round(minimum::numeric,2) as min_cpu, - round(maximum::numeric,2) as max_cpu, - round(average::numeric,2) as avg_cpu, - sample_count - from - aws_ec2_instance_metric_cpu_utilization - where average > 80 - order by - instance_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n timestamp,\n round(minimum::numeric,2)\ + \ as min_cpu,\n round(maximum::numeric,2) as max_cpu,\n round(average::numeric,2)\ + \ as avg_cpu,\n sample_count\nfrom\n aws_ec2_instance_metric_cpu_utilization\n\ + where average > 80\norder by\n instance_id,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find AWS EC2 Instances with High CPU Utilization diff --git a/queries/aws_ec2_instance_metric_cpu_utilization_daily_1.yaml b/queries/aws_ec2_instance_metric_cpu_utilization_daily_1.yaml index 2c51adcf4..6e038c130 100755 --- a/queries/aws_ec2_instance_metric_cpu_utilization_daily_1.yaml +++ b/queries/aws_ec2_instance_metric_cpu_utilization_daily_1.yaml @@ -1,30 +1,20 @@ +Description: Allows users to query daily CPU utilization metrics of AWS EC2 instances. ID: aws_ec2_instance_metric_cpu_utilization_daily_1 -Title: "List AWS EC2 Instances Daily CPU Utilization Metrics" -Description: "Allows users to query daily CPU utilization metrics of AWS EC2 instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - timestamp, - minimum, - maximum, - average, - sample_count - from - aws_ec2_instance_metric_cpu_utilization_daily - order by - instance_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n timestamp,\n minimum,\n maximum,\n\ + \ average,\n sample_count\nfrom\n aws_ec2_instance_metric_cpu_utilization_daily\n\ + order by\n instance_id,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List AWS EC2 Instances Daily CPU Utilization Metrics diff --git a/queries/aws_ec2_instance_metric_cpu_utilization_daily_2.yaml b/queries/aws_ec2_instance_metric_cpu_utilization_daily_2.yaml index 2e743873e..7a1d37e8b 100755 --- a/queries/aws_ec2_instance_metric_cpu_utilization_daily_2.yaml +++ b/queries/aws_ec2_instance_metric_cpu_utilization_daily_2.yaml @@ -1,35 +1,25 @@ +Description: Allows users to query daily CPU utilization metrics of AWS EC2 instances. ID: aws_ec2_instance_metric_cpu_utilization_daily_2 -Title: "Find AWS EC2 Instances with High Daily CPU Utilization" -Description: "Allows users to query daily CPU utilization metrics of AWS EC2 instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - timestamp, - round(minimum::numeric,2) as min_cpu, - round(maximum::numeric,2) as max_cpu, - round(average::numeric,2) as avg_cpu, - sample_count - from - aws_ec2_instance_metric_cpu_utilization_daily - where average > 80 - order by - instance_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n timestamp,\n round(minimum::numeric,2)\ + \ as min_cpu,\n round(maximum::numeric,2) as max_cpu,\n round(average::numeric,2)\ + \ as avg_cpu,\n sample_count\nfrom\n aws_ec2_instance_metric_cpu_utilization_daily\n\ + where average > 80\norder by\n instance_id,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find AWS EC2 Instances with High Daily CPU Utilization diff --git a/queries/aws_ec2_instance_metric_cpu_utilization_daily_3.yaml b/queries/aws_ec2_instance_metric_cpu_utilization_daily_3.yaml index 6da90ac48..c0db9a6c7 100755 --- a/queries/aws_ec2_instance_metric_cpu_utilization_daily_3.yaml +++ b/queries/aws_ec2_instance_metric_cpu_utilization_daily_3.yaml @@ -1,31 +1,21 @@ +Description: Allows users to query daily CPU utilization metrics of AWS EC2 instances. ID: aws_ec2_instance_metric_cpu_utilization_daily_3 -Title: "Find Daily CPU Utilization Metrics of AWS EC2 Instances" -Description: "Allows users to query daily CPU utilization metrics of AWS EC2 instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - timestamp, - round(minimum::numeric,2) as min_cpu, - round(maximum::numeric,2) as max_cpu, - round(average::numeric,2) as avg_cpu, - sample_count - from - aws_ec2_instance_metric_cpu_utilization_daily - where average < 1 - order by - instance_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n timestamp,\n round(minimum::numeric,2)\ + \ as min_cpu,\n round(maximum::numeric,2) as max_cpu,\n round(average::numeric,2)\ + \ as avg_cpu,\n sample_count\nfrom\n aws_ec2_instance_metric_cpu_utilization_daily\n\ + where average < 1\norder by\n instance_id,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find Daily CPU Utilization Metrics of AWS EC2 Instances diff --git a/queries/aws_ec2_instance_metric_cpu_utilization_hourly_1.yaml b/queries/aws_ec2_instance_metric_cpu_utilization_hourly_1.yaml index f5c69984d..e11b6f971 100755 --- a/queries/aws_ec2_instance_metric_cpu_utilization_hourly_1.yaml +++ b/queries/aws_ec2_instance_metric_cpu_utilization_hourly_1.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS EC2 Instance CPU Utilization metrics on an + hourly basis. ID: aws_ec2_instance_metric_cpu_utilization_hourly_1 -Title: "Query AWS EC2 Instance CPU Utilization Metrics Hourly" -Description: "Allows users to query AWS EC2 Instance CPU Utilization metrics on an hourly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - timestamp, - minimum, - maximum, - average, - sample_count - from - aws_ec2_instance_metric_cpu_utilization_hourly - order by - instance_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n timestamp,\n minimum,\n maximum,\n\ + \ average,\n sample_count\nfrom\n aws_ec2_instance_metric_cpu_utilization_hourly\n\ + order by\n instance_id,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Instance +Title: Query AWS EC2 Instance CPU Utilization Metrics Hourly diff --git a/queries/aws_ec2_instance_metric_cpu_utilization_hourly_2.yaml b/queries/aws_ec2_instance_metric_cpu_utilization_hourly_2.yaml index 68f71ddca..3b98e4d2c 100755 --- a/queries/aws_ec2_instance_metric_cpu_utilization_hourly_2.yaml +++ b/queries/aws_ec2_instance_metric_cpu_utilization_hourly_2.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query AWS EC2 Instance CPU Utilization metrics on an + hourly basis. ID: aws_ec2_instance_metric_cpu_utilization_hourly_2 -Title: "Find all AWS EC2 Instance CPU Utilization hourly metrics" -Description: "Allows users to query AWS EC2 Instance CPU Utilization metrics on an hourly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - timestamp, - round(minimum::numeric,2) as min_cpu, - round(maximum::numeric,2) as max_cpu, - round(average::numeric,2) as avg_cpu, - sample_count - from - aws_ec2_instance_metric_cpu_utilization_hourly - where average > 80 - order by - instance_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n timestamp,\n round(minimum::numeric,2)\ + \ as min_cpu,\n round(maximum::numeric,2) as max_cpu,\n round(average::numeric,2)\ + \ as avg_cpu,\n sample_count\nfrom\n aws_ec2_instance_metric_cpu_utilization_hourly\n\ + where average > 80\norder by\n instance_id,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find all AWS EC2 Instance CPU Utilization hourly metrics diff --git a/queries/aws_ec2_instance_metric_cpu_utilization_hourly_3.yaml b/queries/aws_ec2_instance_metric_cpu_utilization_hourly_3.yaml index d18bf4c20..c199bdaa9 100755 --- a/queries/aws_ec2_instance_metric_cpu_utilization_hourly_3.yaml +++ b/queries/aws_ec2_instance_metric_cpu_utilization_hourly_3.yaml @@ -1,33 +1,24 @@ +Description: Allows users to query AWS EC2 Instance CPU Utilization metrics on an + hourly basis. ID: aws_ec2_instance_metric_cpu_utilization_hourly_3 -Title: "Find EC2 Instance Hourly CPU Utilization Metrics in AWS" -Description: "Allows users to query AWS EC2 Instance CPU Utilization metrics on an hourly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - timestamp, - round(minimum::numeric,2) as min_cpu, - round(maximum::numeric,2) as max_cpu, - round(average::numeric,2) as avg_cpu, - sample_count - from - aws_ec2_instance_metric_cpu_utilization_hourly - where average < 1 - order by - instance_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n timestamp,\n round(minimum::numeric,2)\ + \ as min_cpu,\n round(maximum::numeric,2) as max_cpu,\n round(average::numeric,2)\ + \ as avg_cpu,\n sample_count\nfrom\n aws_ec2_instance_metric_cpu_utilization_hourly\n\ + where average < 1\norder by\n instance_id,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find EC2 Instance Hourly CPU Utilization Metrics in AWS diff --git a/queries/aws_ec2_instance_type_1.yaml b/queries/aws_ec2_instance_type_1.yaml index caaa15457..59d2c5932 100755 --- a/queries/aws_ec2_instance_type_1.yaml +++ b/queries/aws_ec2_instance_type_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS EC2 Instance Type data, including details about + instance type name, current generation, vCPU, memory, storage, and network performance. ID: aws_ec2_instance_type_1 -Title: "List all AWS EC2 Instance Type Data and Details" -Description: "Allows users to query AWS EC2 Instance Type data, including details about instance type name, current generation, vCPU, memory, storage, and network performance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_type, - dedicated_hosts_supported - from - aws_ec2_instance_type - where - dedicated_hosts_supported; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_type,\n dedicated_hosts_supported\nfrom\n \ + \ aws_ec2_instance_type\nwhere\n dedicated_hosts_supported;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Instance Type +Title: List all AWS EC2 Instance Type Data and Details diff --git a/queries/aws_ec2_instance_type_2.yaml b/queries/aws_ec2_instance_type_2.yaml index dd6b805a9..357fc59d8 100755 --- a/queries/aws_ec2_instance_type_2.yaml +++ b/queries/aws_ec2_instance_type_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS EC2 Instance Type data, including details about + instance type name, current generation, vCPU, memory, storage, and network performance. ID: aws_ec2_instance_type_2 -Title: "Find All AWS EC2 Instance Types and Recovery Support" -Description: "Allows users to query AWS EC2 Instance Type data, including details about instance type name, current generation, vCPU, memory, storage, and network performance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_type, - auto_recovery_supported - from - aws_ec2_instance_type - where - not auto_recovery_supported; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_type,\n auto_recovery_supported\nfrom\n aws_ec2_instance_type\n\ + where\n not auto_recovery_supported;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Instance Type +Title: Find All AWS EC2 Instance Types and Recovery Support diff --git a/queries/aws_ec2_instance_type_3.yaml b/queries/aws_ec2_instance_type_3.yaml index 3d6a9daae..f1ef69129 100755 --- a/queries/aws_ec2_instance_type_3.yaml +++ b/queries/aws_ec2_instance_type_3.yaml @@ -1,32 +1,26 @@ +Description: Allows users to query AWS EC2 Instance Type data, including details about + instance type name, current generation, vCPU, memory, storage, and network performance. ID: aws_ec2_instance_type_3 -Title: "Find AWS EC2 Instance Types with Detailed Specs" -Description: "Allows users to query AWS EC2 Instance Type data, including details about instance type name, current generation, vCPU, memory, storage, and network performance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_type, - dedicated_hosts_supported, - v_cpu_info -> 'DefaultCores' as default_cores, - v_cpu_info -> 'DefaultThreadsPerCore' as default_threads_per_core, - v_cpu_info -> 'DefaultVCpus' as default_vcpus, - v_cpu_info -> 'ValidCores' as valid_cores, - v_cpu_info -> 'ValidThreadsPerCore' as valid_threads_per_core - from - aws_ec2_instance_type - where - v_cpu_info ->> 'DefaultCores' > '24'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_type,\n dedicated_hosts_supported,\n v_cpu_info\ + \ -> 'DefaultCores' as default_cores,\n v_cpu_info -> 'DefaultThreadsPerCore'\ + \ as default_threads_per_core,\n v_cpu_info -> 'DefaultVCpus' as default_vcpus,\n\ + \ v_cpu_info -> 'ValidCores' as valid_cores,\n v_cpu_info -> 'ValidThreadsPerCore'\ + \ as valid_threads_per_core\nfrom\n aws_ec2_instance_type\nwhere\n v_cpu_info\ + \ ->> 'DefaultCores' > '24';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find AWS EC2 Instance Types with Detailed Specs diff --git a/queries/aws_ec2_instance_type_4.yaml b/queries/aws_ec2_instance_type_4.yaml index 2581e0349..f6da717c4 100755 --- a/queries/aws_ec2_instance_type_4.yaml +++ b/queries/aws_ec2_instance_type_4.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS EC2 Instance Type data, including details about + instance type name, current generation, vCPU, memory, storage, and network performance. ID: aws_ec2_instance_type_4 -Title: "Find all AWS EC2 Instance Types with Unsupported Encryption" -Description: "Allows users to query AWS EC2 Instance Type data, including details about instance type name, current generation, vCPU, memory, storage, and network performance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_type, - ebs_info ->> 'EncryptionSupport' as encryption_support - from - aws_ec2_instance_type - where - ebs_info ->> 'EncryptionSupport' = 'unsupported'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_type,\n ebs_info ->> 'EncryptionSupport' as\ + \ encryption_support\nfrom\n aws_ec2_instance_type\nwhere\n ebs_info ->> 'EncryptionSupport'\ + \ = 'unsupported';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find all AWS EC2 Instance Types with Unsupported Encryption diff --git a/queries/aws_ec2_instance_type_5.yaml b/queries/aws_ec2_instance_type_5.yaml index 7ca34526a..98154a11e 100755 --- a/queries/aws_ec2_instance_type_5.yaml +++ b/queries/aws_ec2_instance_type_5.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS EC2 Instance Type data, including details about + instance type name, current generation, vCPU, memory, storage, and network performance. ID: aws_ec2_instance_type_5 -Title: "List all AWS EC2 Instance Types with Free Tier Eligibility" -Description: "Allows users to query AWS EC2 Instance Type data, including details about instance type name, current generation, vCPU, memory, storage, and network performance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_type, - free_tier_eligible - from - aws_ec2_instance_type - where - free_tier_eligible; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_type,\n free_tier_eligible\nfrom\n aws_ec2_instance_type\n\ + where\n free_tier_eligible;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Instance Types with Free Tier Eligibility diff --git a/queries/aws_ec2_key_pair_1.yaml b/queries/aws_ec2_key_pair_1.yaml index 55dd64d9c..b6491716d 100755 --- a/queries/aws_ec2_key_pair_1.yaml +++ b/queries/aws_ec2_key_pair_1.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS EC2 Key Pairs, providing information about + key pairs which are used to securely log into EC2 instances. ID: aws_ec2_key_pair_1 -Title: "List all AWS EC2 Key Pairs with Name and ID" -Description: "Allows users to query AWS EC2 Key Pairs, providing information about key pairs which are used to securely log into EC2 instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - key_name, - key_pair_id, - region - from - aws_ec2_key_pair; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n key_name,\n key_pair_id,\n region\nfrom\n aws_ec2_key_pair;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Key Pairs with Name and ID diff --git a/queries/aws_ec2_key_pair_2.yaml b/queries/aws_ec2_key_pair_2.yaml index 84ea1064c..b9c671a75 100755 --- a/queries/aws_ec2_key_pair_2.yaml +++ b/queries/aws_ec2_key_pair_2.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS EC2 Key Pairs, providing information about + key pairs which are used to securely log into EC2 instances. ID: aws_ec2_key_pair_2 -Title: "List all AWS EC2 Key Pairs to Securely Log Into EC2 Instances" -Description: "Allows users to query AWS EC2 Key Pairs, providing information about key pairs which are used to securely log into EC2 instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - key_name, - tags - from - aws_ec2_key_pair - where - not tags :: JSONB ? 'owner'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n key_name,\n tags\nfrom\n aws_ec2_key_pair\nwhere\n\ + \ not tags :: JSONB ? 'owner';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Key Pairs +Title: List all AWS EC2 Key Pairs to Securely Log Into EC2 Instances diff --git a/queries/aws_ec2_launch_configuration_1.yaml b/queries/aws_ec2_launch_configuration_1.yaml index 37d75d1dd..3f5717897 100755 --- a/queries/aws_ec2_launch_configuration_1.yaml +++ b/queries/aws_ec2_launch_configuration_1.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query AWS EC2 Launch Configurations to gain insights + into their configurations, metadata, and associated instances. ID: aws_ec2_launch_configuration_1 -Title: "List all AWS EC2 Launch Configurations and Metadata" -Description: "Allows users to query AWS EC2 Launch Configurations to gain insights into their configurations, metadata, and associated instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - created_time, - associate_public_ip_address, - ebs_optimized, - image_id, - instance_monitoring_enabled, - instance_type, - key_name - from - aws_ec2_launch_configuration; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n created_time,\n associate_public_ip_address,\n\ + \ ebs_optimized,\n image_id,\n instance_monitoring_enabled,\n instance_type,\n\ + \ key_name\nfrom\n aws_ec2_launch_configuration;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Launch Configurations and Metadata diff --git a/queries/aws_ec2_launch_configuration_2.yaml b/queries/aws_ec2_launch_configuration_2.yaml index 9823218e5..5ff06ca72 100755 --- a/queries/aws_ec2_launch_configuration_2.yaml +++ b/queries/aws_ec2_launch_configuration_2.yaml @@ -1,23 +1,19 @@ +Description: Allows users to query AWS EC2 Launch Configurations to gain insights + into their configurations, metadata, and associated instances. ID: aws_ec2_launch_configuration_2 -Title: "List all AWS EC2 Launch Configurations and Metadata" -Description: "Allows users to query AWS EC2 Launch Configurations to gain insights into their configurations, metadata, and associated instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - iam_instance_profile - from - aws_ec2_launch_configuration; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n iam_instance_profile\nfrom\n aws_ec2_launch_configuration;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Launch Configurations and Metadata diff --git a/queries/aws_ec2_launch_configuration_3.yaml b/queries/aws_ec2_launch_configuration_3.yaml index 4d35fb06c..19984b77e 100755 --- a/queries/aws_ec2_launch_configuration_3.yaml +++ b/queries/aws_ec2_launch_configuration_3.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS EC2 Launch Configurations to gain insights + into their configurations, metadata, and associated instances. ID: aws_ec2_launch_configuration_3 -Title: "Find AWS EC2 Launch Configurations and Metadata" -Description: "Allows users to query AWS EC2 Launch Configurations to gain insights into their configurations, metadata, and associated instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - associate_public_ip_address - from - aws_ec2_launch_configuration - where - associate_public_ip_address; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n associate_public_ip_address\nfrom\n aws_ec2_launch_configuration\n\ + where\n associate_public_ip_address;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find AWS EC2 Launch Configurations and Metadata diff --git a/queries/aws_ec2_launch_configuration_4.yaml b/queries/aws_ec2_launch_configuration_4.yaml index f1c945b70..943c81ad7 100755 --- a/queries/aws_ec2_launch_configuration_4.yaml +++ b/queries/aws_ec2_launch_configuration_4.yaml @@ -1,23 +1,20 @@ +Description: Allows users to query AWS EC2 Launch Configurations to gain insights + into their configurations, metadata, and associated instances. ID: aws_ec2_launch_configuration_4 -Title: "Find AWS EC2 Launch Configurations and Security Groups" -Description: "Allows users to query AWS EC2 Launch Configurations to gain insights into their configurations, metadata, and associated instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - jsonb_array_elements_text(security_groups) as security_groups - from - aws_ec2_launch_configuration; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n jsonb_array_elements_text(security_groups) as\ + \ security_groups\nfrom\n aws_ec2_launch_configuration;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find AWS EC2 Launch Configurations and Security Groups diff --git a/queries/aws_ec2_launch_configuration_5.yaml b/queries/aws_ec2_launch_configuration_5.yaml index 130704921..d184d1974 100755 --- a/queries/aws_ec2_launch_configuration_5.yaml +++ b/queries/aws_ec2_launch_configuration_5.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS EC2 Launch Configurations to gain insights + into their configurations, metadata, and associated instances. ID: aws_ec2_launch_configuration_5 -Title: "Find AWS EC2 Launch Configurations With Sensitive Data" -Description: "Allows users to query AWS EC2 Launch Configurations to gain insights into their configurations, metadata, and associated instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - user_data - from - aws_ec2_launch_configuration - where - user_data like any (array ['%pass%', '%secret%','%token%','%key%']) - or user_data ~ '(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n user_data\nfrom\n aws_ec2_launch_configuration\n\ + where\n user_data like any (array ['%pass%', '%secret%','%token%','%key%'])\n\ + \ or user_data ~ '(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*[@$!%*?&])[A-Za-z\\d@$!%*?&]';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find AWS EC2 Launch Configurations With Sensitive Data diff --git a/queries/aws_ec2_launch_template_1.yaml b/queries/aws_ec2_launch_template_1.yaml index 6ee42f106..893d364af 100755 --- a/queries/aws_ec2_launch_template_1.yaml +++ b/queries/aws_ec2_launch_template_1.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS EC2 Launch Templates to retrieve detailed information, + including the associated AMI, instance type, key pair, security groups, and user + data. ID: aws_ec2_launch_template_1 -Title: "List all AWS EC2 Launch Templates and Details" -Description: "Allows users to query AWS EC2 Launch Templates to retrieve detailed information, including the associated AMI, instance type, key pair, security groups, and user data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - launch_template_name, - launch_template_id, - created_time, - created_by, - default_version_number, - latest_version_number - from - aws_ec2_launch_template; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n launch_template_name,\n launch_template_id,\n created_time,\n\ + \ created_by,\n default_version_number,\n latest_version_number\nfrom\n aws_ec2_launch_template;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Launch Templates and Details diff --git a/queries/aws_ec2_launch_template_2.yaml b/queries/aws_ec2_launch_template_2.yaml index e8a20efb5..672832e04 100755 --- a/queries/aws_ec2_launch_template_2.yaml +++ b/queries/aws_ec2_launch_template_2.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS EC2 Launch Templates to retrieve detailed information, + including the associated AMI, instance type, key pair, security groups, and user + data. ID: aws_ec2_launch_template_2 -Title: "Find AWS EC2 Launch Templates with detailed information" -Description: "Allows users to query AWS EC2 Launch Templates to retrieve detailed information, including the associated AMI, instance type, key pair, security groups, and user data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - launch_template_name, - launch_template_id, - create_time, - created_by - from - aws_ec2_launch_template - where - created_by like '%turbot'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n launch_template_name,\n launch_template_id,\n create_time,\n\ + \ created_by\nfrom\n aws_ec2_launch_template\nwhere\n created_by like '%turbot';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Launch Templates +Title: Find AWS EC2 Launch Templates with detailed information diff --git a/queries/aws_ec2_launch_template_3.yaml b/queries/aws_ec2_launch_template_3.yaml index 7ea411fd2..c0ec7e607 100755 --- a/queries/aws_ec2_launch_template_3.yaml +++ b/queries/aws_ec2_launch_template_3.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query AWS EC2 Launch Templates to retrieve detailed information, + including the associated AMI, instance type, key pair, security groups, and user + data. ID: aws_ec2_launch_template_3 -Title: "List all AWS EC2 Launch Templates with Details" -Description: "Allows users to query AWS EC2 Launch Templates to retrieve detailed information, including the associated AMI, instance type, key pair, security groups, and user data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - launch_template_name, - launch_template_id, - create_time - from - aws_ec2_launch_template - where - create_time >= now() - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n launch_template_name,\n launch_template_id,\n create_time\n\ + from\n aws_ec2_launch_template\nwhere\n create_time >= now() - interval '30'\ + \ day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Launch Templates with Details diff --git a/queries/aws_ec2_launch_template_version_1.yaml b/queries/aws_ec2_launch_template_version_1.yaml index 06941e150..474536bbc 100755 --- a/queries/aws_ec2_launch_template_version_1.yaml +++ b/queries/aws_ec2_launch_template_version_1.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS EC2 Launch Template Versions, providing details + about each version of an Amazon EC2 launch template. ID: aws_ec2_launch_template_version_1 -Title: "List all AWS EC2 Launch Template Versions and their Details" -Description: "Allows users to query AWS EC2 Launch Template Versions, providing details about each version of an Amazon EC2 launch template." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - launch_template_name, - launch_template_id, - created_by, - default_version, - version_description, - version_number - from - aws_ec2_launch_template_version; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n launch_template_name,\n launch_template_id,\n created_by,\n\ + \ default_version,\n version_description,\n version_number\nfrom\n aws_ec2_launch_template_version;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Launch Template Versions and their Details diff --git a/queries/aws_ec2_launch_template_version_2.yaml b/queries/aws_ec2_launch_template_version_2.yaml index 0d154c43c..0bf4c83d0 100755 --- a/queries/aws_ec2_launch_template_version_2.yaml +++ b/queries/aws_ec2_launch_template_version_2.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query AWS EC2 Launch Template Versions, providing details + about each version of an Amazon EC2 launch template. ID: aws_ec2_launch_template_version_2 -Title: "List AWS EC2 Launch Template Version Details" -Description: "Allows users to query AWS EC2 Launch Template Versions, providing details about each version of an Amazon EC2 launch template." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - launch_template_name, - launch_template_id, - create_time, - created_by, - version_description, - version_number - from - aws_ec2_launch_template_version - where - created_by like '%turbot'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n launch_template_name,\n launch_template_id,\n create_time,\n\ + \ created_by,\n version_description,\n version_number\nfrom\n aws_ec2_launch_template_version\n\ + where\n created_by like '%turbot';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List AWS EC2 Launch Template Version Details diff --git a/queries/aws_ec2_launch_template_version_3.yaml b/queries/aws_ec2_launch_template_version_3.yaml index c72d485e1..106a2b22d 100755 --- a/queries/aws_ec2_launch_template_version_3.yaml +++ b/queries/aws_ec2_launch_template_version_3.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS EC2 Launch Template Versions, providing details + about each version of an Amazon EC2 launch template. ID: aws_ec2_launch_template_version_3 -Title: "Find AWS EC2 Launch Template Versions Details" -Description: "Allows users to query AWS EC2 Launch Template Versions, providing details about each version of an Amazon EC2 launch template." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - launch_template_name, - launch_template_id, - create_time, - default_version, - version_number - from - aws_ec2_launch_template_version - where - create_time >= now() - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n launch_template_name,\n launch_template_id,\n create_time,\n\ + \ default_version,\n version_number\nfrom\n aws_ec2_launch_template_version\n\ + where\n create_time >= now() - interval '30' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find AWS EC2 Launch Template Versions Details diff --git a/queries/aws_ec2_launch_template_version_4.yaml b/queries/aws_ec2_launch_template_version_4.yaml index 4a699d46a..585bf81fa 100755 --- a/queries/aws_ec2_launch_template_version_4.yaml +++ b/queries/aws_ec2_launch_template_version_4.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS EC2 Launch Template Versions, providing details + about each version of an Amazon EC2 launch template. ID: aws_ec2_launch_template_version_4 -Title: "List all AWS EC2 Launch Template Versions" -Description: "Allows users to query AWS EC2 Launch Template Versions, providing details about each version of an Amazon EC2 launch template." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - launch_template_name, - launch_template_id, - create_time, - default_version, - version_number - from - aws_ec2_launch_template_version - where - default_version; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n launch_template_name,\n launch_template_id,\n create_time,\n\ + \ default_version,\n version_number\nfrom\n aws_ec2_launch_template_version\n\ + where\n default_version;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon EC2 +Title: List all AWS EC2 Launch Template Versions diff --git a/queries/aws_ec2_launch_template_version_5.yaml b/queries/aws_ec2_launch_template_version_5.yaml index d0f47d9af..df087661a 100755 --- a/queries/aws_ec2_launch_template_version_5.yaml +++ b/queries/aws_ec2_launch_template_version_5.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS EC2 Launch Template Versions, providing details + about each version of an Amazon EC2 launch template. ID: aws_ec2_launch_template_version_5 -Title: "List all AWS EC2 Launch Template Versions" -Description: "Allows users to query AWS EC2 Launch Template Versions, providing details about each version of an Amazon EC2 launch template." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - launch_template_id, - count(version_number) as number_of_versions - from - aws_ec2_launch_template_version - group by - launch_template_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n launch_template_id,\n count(version_number) as number_of_versions\n\ + from\n aws_ec2_launch_template_version\ngroup by\n launch_template_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Launch Template Versions diff --git a/queries/aws_ec2_launch_template_version_6.yaml b/queries/aws_ec2_launch_template_version_6.yaml index fb503aa50..3c5381e92 100755 --- a/queries/aws_ec2_launch_template_version_6.yaml +++ b/queries/aws_ec2_launch_template_version_6.yaml @@ -1,51 +1,42 @@ +Description: Allows users to query AWS EC2 Launch Template Versions, providing details + about each version of an Amazon EC2 launch template. ID: aws_ec2_launch_template_version_6 -Title: "List AWS EC2 Launch Template Versions with Details" -Description: "Allows users to query AWS EC2 Launch Template Versions, providing details about each version of an Amazon EC2 launch template." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - launch_template_name, - launch_template_id, - version_number, - launch_template_data -> 'BlockDeviceMappings' as block_device_mappings, - launch_template_data -> 'CapacityReservationSpecification' as capacity_reservation_specification, - launch_template_data -> 'CpuOptions' as cpu_options, - launch_template_data -> 'CreditSpecification' as credit_specification, - launch_template_data -> 'DisableApiStop' as disable_api_stop, - launch_template_data -> 'DisableApiTermination' as disable_api_termination, - launch_template_data -> 'EbsOptimized' as ebs_optimized, - launch_template_data -> 'ElasticGpuSpecifications' as elastic_gpu_specifications, - launch_template_data -> 'ElasticInferenceAccelerators' as elastic_inference_accelerators, - launch_template_data -> 'EnclaveOptions' as enclave_options, - launch_template_data -> 'IamInstanceProfile' as iam_instance_profile, - launch_template_data -> 'ImageId' as image_id, - launch_template_data -> 'InstanceInitiatedShutdownBehavior' as instance_initiated_shutdown_behavior, - launch_template_data -> 'InstanceRequirements' as instance_requirements, - launch_template_data -> 'InstanceType' as instance_type, - launch_template_data -> 'KernelId' as kernel_id, - launch_template_data -> 'LicenseSpecifications' as license_specifications, - launch_template_data -> 'MaintenanceOptions' as maintenance_options, - launch_template_data -> 'MetadataOptions' as metadata_options, - launch_template_data -> 'Monitoring' as monitoring, - launch_template_data -> 'NetworkInterfaces' as network_interfaces, - launch_template_data -> 'PrivateDnsNameOptions' as private_dns_name_options, - launch_template_data -> 'RamDiskId' as ram_disk_id, - launch_template_data -> 'SecurityGroupIds' as security_group_ids, - launch_template_data -> 'SecurityGroups' as security_groups, - launch_template_data -> 'TagSpecifications' as tag_specifications, - launch_template_data -> 'UserData' as user_data - from - aws_ec2_launch_template_version; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n launch_template_name,\n launch_template_id,\n version_number,\n\ + \ launch_template_data -> 'BlockDeviceMappings' as block_device_mappings,\n \ + \ launch_template_data -> 'CapacityReservationSpecification' as capacity_reservation_specification,\n\ + \ launch_template_data -> 'CpuOptions' as cpu_options,\n launch_template_data\ + \ -> 'CreditSpecification' as credit_specification,\n launch_template_data ->\ + \ 'DisableApiStop' as disable_api_stop,\n launch_template_data -> 'DisableApiTermination'\ + \ as disable_api_termination,\n launch_template_data -> 'EbsOptimized' as ebs_optimized,\n\ + \ launch_template_data -> 'ElasticGpuSpecifications' as elastic_gpu_specifications,\n\ + \ launch_template_data -> 'ElasticInferenceAccelerators' as elastic_inference_accelerators,\n\ + \ launch_template_data -> 'EnclaveOptions' as enclave_options,\n launch_template_data\ + \ -> 'IamInstanceProfile' as iam_instance_profile,\n launch_template_data ->\ + \ 'ImageId' as image_id,\n launch_template_data -> 'InstanceInitiatedShutdownBehavior'\ + \ as instance_initiated_shutdown_behavior,\n launch_template_data -> 'InstanceRequirements'\ + \ as instance_requirements,\n launch_template_data -> 'InstanceType' as instance_type,\n\ + \ launch_template_data -> 'KernelId' as kernel_id,\n launch_template_data ->\ + \ 'LicenseSpecifications' as license_specifications,\n launch_template_data ->\ + \ 'MaintenanceOptions' as maintenance_options,\n launch_template_data -> 'MetadataOptions'\ + \ as metadata_options,\n launch_template_data -> 'Monitoring' as monitoring,\n\ + \ launch_template_data -> 'NetworkInterfaces' as network_interfaces,\n launch_template_data\ + \ -> 'PrivateDnsNameOptions' as private_dns_name_options,\n launch_template_data\ + \ -> 'RamDiskId' as ram_disk_id,\n launch_template_data -> 'SecurityGroupIds'\ + \ as security_group_ids,\n launch_template_data -> 'SecurityGroups' as security_groups,\n\ + \ launch_template_data -> 'TagSpecifications' as tag_specifications,\n launch_template_data\ + \ -> 'UserData' as user_data\nfrom\n aws_ec2_launch_template_version;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List AWS EC2 Launch Template Versions with Details diff --git a/queries/aws_ec2_launch_template_version_7.yaml b/queries/aws_ec2_launch_template_version_7.yaml index 3a4be6ee4..3847a1dc0 100755 --- a/queries/aws_ec2_launch_template_version_7.yaml +++ b/queries/aws_ec2_launch_template_version_7.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS EC2 Launch Template Versions, providing details + about each version of an Amazon EC2 launch template. ID: aws_ec2_launch_template_version_7 -Title: "List all AWS EC2 Launch Template Versions and Details" -Description: "Allows users to query AWS EC2 Launch Template Versions, providing details about each version of an Amazon EC2 launch template." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - launch_template_name, - launch_template_id, - version_number, - version_description, - ebs_optimized - from - aws_ec2_launch_template_version - where - ebs_optimized; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n launch_template_name,\n launch_template_id,\n version_number,\n\ + \ version_description,\n ebs_optimized\nfrom\n aws_ec2_launch_template_version\n\ + where\n ebs_optimized;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Launch Template Versions and Details diff --git a/queries/aws_ec2_launch_template_version_8.yaml b/queries/aws_ec2_launch_template_version_8.yaml index 45a4adefd..896055869 100755 --- a/queries/aws_ec2_launch_template_version_8.yaml +++ b/queries/aws_ec2_launch_template_version_8.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS EC2 Launch Template Versions, providing details + about each version of an Amazon EC2 launch template. ID: aws_ec2_launch_template_version_8 -Title: "List all AWS EC2 Launch Template Versions" -Description: "Allows users to query AWS EC2 Launch Template Versions, providing details about each version of an Amazon EC2 launch template." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - launch_template_name, - launch_template_id, - version_number, - version_description, - disable_api_termination - from - aws_ec2_launch_template_version - where - disable_api_termination; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n launch_template_name,\n launch_template_id,\n version_number,\n\ + \ version_description,\n disable_api_termination\nfrom\n aws_ec2_launch_template_version\n\ + where\n disable_api_termination;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Launch Template Versions diff --git a/queries/aws_ec2_launch_template_version_9.yaml b/queries/aws_ec2_launch_template_version_9.yaml index a46f31ee1..72675d247 100755 --- a/queries/aws_ec2_launch_template_version_9.yaml +++ b/queries/aws_ec2_launch_template_version_9.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS EC2 Launch Template Versions, providing details + about each version of an Amazon EC2 launch template. ID: aws_ec2_launch_template_version_9 -Title: "Find AWS EC2 Launch Template Versions and Details" -Description: "Allows users to query AWS EC2 Launch Template Versions, providing details about each version of an Amazon EC2 launch template." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - launch_template_name, - launch_template_id, - version_number, - disable_api_stop - from - aws_ec2_launch_template_version - where - disable_api_stop; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n launch_template_name,\n launch_template_id,\n version_number,\n\ + \ disable_api_stop\nfrom\n aws_ec2_launch_template_version\nwhere\n disable_api_stop;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find AWS EC2 Launch Template Versions and Details diff --git a/queries/aws_ec2_load_balancer_listener_1.yaml b/queries/aws_ec2_load_balancer_listener_1.yaml index 1eaccf390..066132751 100755 --- a/queries/aws_ec2_load_balancer_listener_1.yaml +++ b/queries/aws_ec2_load_balancer_listener_1.yaml @@ -1,25 +1,19 @@ +Description: Allows users to query AWS EC2 Load Balancer Listener data, which provides + information about listeners for an Application Load Balancer or Network Load Balancer. ID: aws_ec2_load_balancer_listener_1 -Title: "Find AWS EC2 Load Balancer Listeners" -Description: "Allows users to query AWS EC2 Load Balancer Listener data, which provides information about listeners for an Application Load Balancer or Network Load Balancer." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - arn, - port, - protocol - from - aws_ec2_load_balancer_listener; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n arn,\n port,\n protocol\nfrom\n aws_ec2_load_balancer_listener;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Load Balancer +Title: Find AWS EC2 Load Balancer Listeners diff --git a/queries/aws_ec2_load_balancer_listener_2.yaml b/queries/aws_ec2_load_balancer_listener_2.yaml index 14d71dd5f..02184dc6f 100755 --- a/queries/aws_ec2_load_balancer_listener_2.yaml +++ b/queries/aws_ec2_load_balancer_listener_2.yaml @@ -1,29 +1,25 @@ +Description: Allows users to query AWS EC2 Load Balancer Listener data, which provides + information about listeners for an Application Load Balancer or Network Load Balancer. ID: aws_ec2_load_balancer_listener_2 -Title: "List all AWS EC2 Load Balancer Listeners" -Description: "Allows users to query AWS EC2 Load Balancer Listener data, which provides information about listeners for an Application Load Balancer or Network Load Balancer." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - arn, - action ->> 'AuthenticateCognitoConfig' as authenticate_cognito_config, - action ->> 'AuthenticateOidcConfig' as authenticate_Oidc_config, - action ->> 'FixedResponseConfig' as fixed_response_config, - action -> 'ForwardConfig' -> 'TargetGroupStickinessConfig' ->> 'DurationSeconds' as duration_seconds, - action -> 'ForwardConfig' -> 'TargetGroupStickinessConfig' ->> 'Enabled' as target_group_stickiness_config_enabled - from - aws_ec2_load_balancer_listener - cross join jsonb_array_elements(default_actions) as action; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n arn,\n action ->> 'AuthenticateCognitoConfig'\ + \ as authenticate_cognito_config,\n action ->> 'AuthenticateOidcConfig' as authenticate_Oidc_config,\n\ + \ action ->> 'FixedResponseConfig' as fixed_response_config,\n action -> 'ForwardConfig'\ + \ -> 'TargetGroupStickinessConfig' ->> 'DurationSeconds' as duration_seconds,\n\ + \ action -> 'ForwardConfig' -> 'TargetGroupStickinessConfig' ->> 'Enabled' as\ + \ target_group_stickiness_config_enabled\nfrom\n aws_ec2_load_balancer_listener\n\ + \ cross join jsonb_array_elements(default_actions) as action;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Load Balancer Listeners diff --git a/queries/aws_ec2_load_balancer_listener_3.yaml b/queries/aws_ec2_load_balancer_listener_3.yaml index 5f08c8603..70f970c87 100755 --- a/queries/aws_ec2_load_balancer_listener_3.yaml +++ b/queries/aws_ec2_load_balancer_listener_3.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS EC2 Load Balancer Listener data, which provides + information about listeners for an Application Load Balancer or Network Load Balancer. ID: aws_ec2_load_balancer_listener_3 -Title: "Find AWS EC2 Load Balancer Listeners by Protocol" -Description: "Allows users to query AWS EC2 Load Balancer Listener data, which provides information about listeners for an Application Load Balancer or Network Load Balancer." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - arn, - port, - protocol - from - aws_ec2_load_balancer_listener - where - protocol = 'HTTP'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n arn,\n port,\n protocol\nfrom\n aws_ec2_load_balancer_listener\n\ + where\n protocol = 'HTTP';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Load Balancer +Title: Find AWS EC2 Load Balancer Listeners by Protocol diff --git a/queries/aws_ec2_load_balancer_listener_rule_1.yaml b/queries/aws_ec2_load_balancer_listener_rule_1.yaml index 2b7b78692..5b8da2864 100755 --- a/queries/aws_ec2_load_balancer_listener_rule_1.yaml +++ b/queries/aws_ec2_load_balancer_listener_rule_1.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS EC2 Load Balancer Listener Rules, providing + detailed information on rule actions, conditions, and priority. ID: aws_ec2_load_balancer_listener_rule_1 -Title: "Find AWS EC2 Load Balancer Listener Rules Details" -Description: "Allows users to query AWS EC2 Load Balancer Listener Rules, providing detailed information on rule actions, conditions, and priority." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - listener_arn, - priority, - is_default, - region - from - aws_ec2_load_balancer_listener_rule - where - arn = 'arn:aws:elasticloadbalancing:us-east-1:123456789098:listener-rule/app/test53333/f7cc8cdc44ff910b/c9418b57592205f0/a8fe6d8842838dfa'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n listener_arn,\n priority,\n is_default,\n \ + \ region\nfrom\n aws_ec2_load_balancer_listener_rule\nwhere\n arn = 'arn:aws:elasticloadbalancing:us-east-1:123456789098:listener-rule/app/test53333/f7cc8cdc44ff910b/c9418b57592205f0/a8fe6d8842838dfa';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Load Balancer +Title: Find AWS EC2 Load Balancer Listener Rules Details diff --git a/queries/aws_ec2_load_balancer_listener_rule_2.yaml b/queries/aws_ec2_load_balancer_listener_rule_2.yaml index 626319c07..bdd11830f 100755 --- a/queries/aws_ec2_load_balancer_listener_rule_2.yaml +++ b/queries/aws_ec2_load_balancer_listener_rule_2.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS EC2 Load Balancer Listener Rules, providing + detailed information on rule actions, conditions, and priority. ID: aws_ec2_load_balancer_listener_rule_2 -Title: "Find AWS EC2 Load Balancer Listener Rules: Actions & Conditions" -Description: "Allows users to query AWS EC2 Load Balancer Listener Rules, providing detailed information on rule actions, conditions, and priority." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - priority, - is_default, - actions, - conditions - from - aws_ec2_load_balancer_listener_rule - where - listener_arn = 'arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/70d7923f8398b272'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n priority,\n is_default,\n actions,\n conditions\n\ + from\n aws_ec2_load_balancer_listener_rule\nwhere\n listener_arn = 'arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/70d7923f8398b272';" Tags: cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Load Balancer +Title: 'Find AWS EC2 Load Balancer Listener Rules: Actions & Conditions' diff --git a/queries/aws_ec2_load_balancer_listener_rule_3.yaml b/queries/aws_ec2_load_balancer_listener_rule_3.yaml index c00cb4bdf..308395455 100755 --- a/queries/aws_ec2_load_balancer_listener_rule_3.yaml +++ b/queries/aws_ec2_load_balancer_listener_rule_3.yaml @@ -1,35 +1,26 @@ +Description: Allows users to query AWS EC2 Load Balancer Listener Rules, providing + detailed information on rule actions, conditions, and priority. ID: aws_ec2_load_balancer_listener_rule_3 -Title: "Find All AWS EC2 Load Balancer Listener Rules Details" -Description: "Allows users to query AWS EC2 Load Balancer Listener Rules, providing detailed information on rule actions, conditions, and priority." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - a ->> 'Type' as action_type, - a ->> 'Order' as action_order, - a ->> 'TargetGroupArn' as target_group_arn, - a -> 'RedirectConfig' as redirect_config, - a -> 'ForwardConfig' as forward_config, - a -> 'FixedResponseConfig' as fixed_response_config, - a -> 'AuthenticateOidcConfig' as authenticate_oidc_config, - a -> 'AuthenticateCognitoConfig' as authenticate_cognito_config - from - aws_ec2_load_balancer_listener_rule, - jsonb_array_elements(actions) as a - where - listener_arn = 'arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/70d7923f8398b272'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n a ->> 'Type' as action_type,\n a ->> 'Order'\ + \ as action_order,\n a ->> 'TargetGroupArn' as target_group_arn,\n a -> 'RedirectConfig'\ + \ as redirect_config,\n a -> 'ForwardConfig' as forward_config,\n a -> 'FixedResponseConfig'\ + \ as fixed_response_config,\n a -> 'AuthenticateOidcConfig' as authenticate_oidc_config,\n\ + \ a -> 'AuthenticateCognitoConfig' as authenticate_cognito_config\nfrom\n aws_ec2_load_balancer_listener_rule,\n\ + \ jsonb_array_elements(actions) as a\nwhere\n listener_arn = 'arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/70d7923f8398b272';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Load Balancer +Title: Find All AWS EC2 Load Balancer Listener Rules Details diff --git a/queries/aws_ec2_load_balancer_listener_rule_4.yaml b/queries/aws_ec2_load_balancer_listener_rule_4.yaml index f673d12ac..8b758b293 100755 --- a/queries/aws_ec2_load_balancer_listener_rule_4.yaml +++ b/queries/aws_ec2_load_balancer_listener_rule_4.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS EC2 Load Balancer Listener Rules, providing + detailed information on rule actions, conditions, and priority. ID: aws_ec2_load_balancer_listener_rule_4 -Title: "List all AWS EC2 Load Balancer Listener Rules" -Description: "Allows users to query AWS EC2 Load Balancer Listener Rules, providing detailed information on rule actions, conditions, and priority." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - listener_arn, - priority - from - aws_ec2_load_balancer_listener_rule - where - listener_arn = 'arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/70d7923f8398b272' - and is_default = true; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n listener_arn,\n priority\nfrom\n aws_ec2_load_balancer_listener_rule\n\ + where\n listener_arn = 'arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/70d7923f8398b272'\n\ + \ and is_default = true;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Load Balancer +Title: List all AWS EC2 Load Balancer Listener Rules diff --git a/queries/aws_ec2_load_balancer_listener_rule_5.yaml b/queries/aws_ec2_load_balancer_listener_rule_5.yaml index 9480ad100..64966a226 100755 --- a/queries/aws_ec2_load_balancer_listener_rule_5.yaml +++ b/queries/aws_ec2_load_balancer_listener_rule_5.yaml @@ -1,33 +1,24 @@ +Description: Allows users to query AWS EC2 Load Balancer Listener Rules, providing + detailed information on rule actions, conditions, and priority. ID: aws_ec2_load_balancer_listener_rule_5 -Title: "List all AWS EC2 Load Balancer Listener Rules" -Description: "Allows users to query AWS EC2 Load Balancer Listener Rules, providing detailed information on rule actions, conditions, and priority." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.arn, - r.listener_arn, - l.load_balancer_arn, - l.protocol as listener_protocol, - l.ssl_policy, - r.priority, - r.is_default, - r.actions, - r.conditions - from - aws_ec2_load_balancer_listener_rule as r - join aws_ec2_load_balancer_listener as l on r.listener_arn = l.arn; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n r.arn,\n r.listener_arn,\n l.load_balancer_arn,\n \ + \ l.protocol as listener_protocol,\n l.ssl_policy,\n r.priority,\n r.is_default,\n\ + \ r.actions,\n r.conditions\nfrom\n aws_ec2_load_balancer_listener_rule as\ + \ r\n join aws_ec2_load_balancer_listener as l on r.listener_arn = l.arn;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Load Balancer Listener Rules diff --git a/queries/aws_ec2_load_balancer_listener_rule_6.yaml b/queries/aws_ec2_load_balancer_listener_rule_6.yaml index ad7c81dff..24f9e9675 100755 --- a/queries/aws_ec2_load_balancer_listener_rule_6.yaml +++ b/queries/aws_ec2_load_balancer_listener_rule_6.yaml @@ -1,35 +1,24 @@ +Description: Allows users to query AWS EC2 Load Balancer Listener Rules, providing + detailed information on rule actions, conditions, and priority. ID: aws_ec2_load_balancer_listener_rule_6 -Title: "List AWS EC2 Load Balancer Listener Rules with Conditions & Actions" -Description: "Allows users to query AWS EC2 Load Balancer Listener Rules, providing detailed information on rule actions, conditions, and priority." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.arn, - r.listener_arn, - l.load_balancer_arn, - l.protocol as listener_protocol, - l.ssl_policy, - a.canonical_hosted_zone_id, - a.dns_name, - a.ip_address_type, - r.priority, - r.is_default, - r.actions, - r.conditions - from - aws_ec2_load_balancer_listener_rule as r - join aws_ec2_load_balancer_listener as l on r.listener_arn = l.arn - join aws_ec2_application_load_balancer as a on l.load_balancer_arn = a.arn; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n r.arn,\n r.listener_arn,\n l.load_balancer_arn,\n \ + \ l.protocol as listener_protocol,\n l.ssl_policy,\n a.canonical_hosted_zone_id,\n\ + \ a.dns_name,\n a.ip_address_type,\n r.priority,\n r.is_default,\n r.actions,\n\ + \ r.conditions\nfrom\n aws_ec2_load_balancer_listener_rule as r\n join aws_ec2_load_balancer_listener\ + \ as l on r.listener_arn = l.arn\n join aws_ec2_application_load_balancer as\ + \ a on l.load_balancer_arn = a.arn;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List AWS EC2 Load Balancer Listener Rules with Conditions & Actions diff --git a/queries/aws_ec2_managed_prefix_list_1.yaml b/queries/aws_ec2_managed_prefix_list_1.yaml index 5ec0ddddb..7566e885e 100755 --- a/queries/aws_ec2_managed_prefix_list_1.yaml +++ b/queries/aws_ec2_managed_prefix_list_1.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS EC2 Managed Prefix Lists, providing information + about IP address ranges (CIDRs), permissions, and associated metadata. ID: aws_ec2_managed_prefix_list_1 -Title: "List AWS EC2 Managed Prefix Lists and Metadata" -Description: "Allows users to query AWS EC2 Managed Prefix Lists, providing information about IP address ranges (CIDRs), permissions, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - arn, - state, - owner_id - from - aws_ec2_managed_prefix_list; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n arn,\n state,\n owner_id\nfrom\n aws_ec2_managed_prefix_list;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List AWS EC2 Managed Prefix Lists and Metadata diff --git a/queries/aws_ec2_managed_prefix_list_2.yaml b/queries/aws_ec2_managed_prefix_list_2.yaml index 4a9d25f97..ed71a4f04 100755 --- a/queries/aws_ec2_managed_prefix_list_2.yaml +++ b/queries/aws_ec2_managed_prefix_list_2.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS EC2 Managed Prefix Lists, providing information + about IP address ranges (CIDRs), permissions, and associated metadata. ID: aws_ec2_managed_prefix_list_2 -Title: "List all AWS EC2 Managed Prefix Lists with SQL" -Description: "Allows users to query AWS EC2 Managed Prefix Lists, providing information about IP address ranges (CIDRs), permissions, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - arn, - state, - owner_id - from - aws_ec2_managed_prefix_list - where - owner_id <> 'AWS'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n arn,\n state,\n owner_id\nfrom\n aws_ec2_managed_prefix_list\n\ + where\n owner_id <> 'AWS';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Managed Prefix Lists with SQL diff --git a/queries/aws_ec2_managed_prefix_list_3.yaml b/queries/aws_ec2_managed_prefix_list_3.yaml index f12bc7077..1e0904626 100755 --- a/queries/aws_ec2_managed_prefix_list_3.yaml +++ b/queries/aws_ec2_managed_prefix_list_3.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS EC2 Managed Prefix Lists, providing information + about IP address ranges (CIDRs), permissions, and associated metadata. ID: aws_ec2_managed_prefix_list_3 -Title: "Find AWS EC2 Managed Prefix Lists by IP Address Family" -Description: "Allows users to query AWS EC2 Managed Prefix Lists, providing information about IP address ranges (CIDRs), permissions, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - address_family - from - aws_ec2_managed_prefix_list - where - address_family = 'IPv6'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n address_family\nfrom\n aws_ec2_managed_prefix_list\n\ + where\n address_family = 'IPv6';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find AWS EC2 Managed Prefix Lists by IP Address Family diff --git a/queries/aws_ec2_managed_prefix_list_4.yaml b/queries/aws_ec2_managed_prefix_list_4.yaml index 530fa0f59..7975fbc07 100755 --- a/queries/aws_ec2_managed_prefix_list_4.yaml +++ b/queries/aws_ec2_managed_prefix_list_4.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query AWS EC2 Managed Prefix Lists, providing information + about IP address ranges (CIDRs), permissions, and associated metadata. ID: aws_ec2_managed_prefix_list_4 -Title: "List AWS EC2 Managed Prefix List Details" -Description: "Allows users to query AWS EC2 Managed Prefix Lists, providing information about IP address ranges (CIDRs), permissions, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - arn, - state, - owner_id - from - aws_ec2_managed_prefix_list - where - id in ('pl-03a3e735e3467c0c4', 'pl-4ca54025'); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n arn,\n state,\n owner_id\nfrom\n aws_ec2_managed_prefix_list\n\ + where\n id in ('pl-03a3e735e3467c0c4', 'pl-4ca54025');" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List AWS EC2 Managed Prefix List Details diff --git a/queries/aws_ec2_managed_prefix_list_5.yaml b/queries/aws_ec2_managed_prefix_list_5.yaml index 8a7eeafe4..3c23fa558 100755 --- a/queries/aws_ec2_managed_prefix_list_5.yaml +++ b/queries/aws_ec2_managed_prefix_list_5.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS EC2 Managed Prefix Lists, providing information + about IP address ranges (CIDRs), permissions, and associated metadata. ID: aws_ec2_managed_prefix_list_5 -Title: "List all AWS EC2 Managed Prefix Lists with details" -Description: "Allows users to query AWS EC2 Managed Prefix Lists, providing information about IP address ranges (CIDRs), permissions, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - arn, - state, - owner_id - from - aws_ec2_managed_prefix_list - where - name in ('testPrefix', 'com.amazonaws.us-east-2.dynamodb'); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n arn,\n state,\n owner_id\nfrom\n aws_ec2_managed_prefix_list\n\ + where\n name in ('testPrefix', 'com.amazonaws.us-east-2.dynamodb');" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Managed Prefix Lists with details diff --git a/queries/aws_ec2_managed_prefix_list_6.yaml b/queries/aws_ec2_managed_prefix_list_6.yaml index 1cc5b283d..fec10ffce 100755 --- a/queries/aws_ec2_managed_prefix_list_6.yaml +++ b/queries/aws_ec2_managed_prefix_list_6.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query AWS EC2 Managed Prefix Lists, providing information + about IP address ranges (CIDRs), permissions, and associated metadata. ID: aws_ec2_managed_prefix_list_6 -Title: "Find AWS EC2 Managed Prefix Lists with permissions" -Description: "Allows users to query AWS EC2 Managed Prefix Lists, providing information about IP address ranges (CIDRs), permissions, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - arn, - state, - owner_id - from - aws_ec2_managed_prefix_list - where - owner_id = '632901234528'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n arn,\n state,\n owner_id\nfrom\n aws_ec2_managed_prefix_list\n\ + where\n owner_id = '632901234528';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find AWS EC2 Managed Prefix Lists with permissions diff --git a/queries/aws_ec2_managed_prefix_list_entry_1.yaml b/queries/aws_ec2_managed_prefix_list_entry_1.yaml index d261e794b..9f5d1229c 100755 --- a/queries/aws_ec2_managed_prefix_list_entry_1.yaml +++ b/queries/aws_ec2_managed_prefix_list_entry_1.yaml @@ -1,24 +1,20 @@ +Description: Allows users to query AWS EC2 Managed Prefix List Entries, providing + details such as the CIDR block, description, and the prefix list ID. This table + is useful for understanding the IP address ranges included in a managed prefix list. ID: aws_ec2_managed_prefix_list_entry_1 -Title: "List AWS EC2 Managed Prefix List Entry Details" -Description: "Allows users to query AWS EC2 Managed Prefix List Entries, providing details such as the CIDR block, description, and the prefix list ID. This table is useful for understanding the IP address ranges included in a managed prefix list." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - prefix_list_id, - cidr, - description - from - aws_ec2_managed_prefix_list_entry; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n prefix_list_id,\n cidr,\n description\nfrom\n aws_ec2_managed_prefix_list_entry;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List AWS EC2 Managed Prefix List Entry Details diff --git a/queries/aws_ec2_managed_prefix_list_entry_2.yaml b/queries/aws_ec2_managed_prefix_list_entry_2.yaml index 2c1b10d1e..1bd05d9df 100755 --- a/queries/aws_ec2_managed_prefix_list_entry_2.yaml +++ b/queries/aws_ec2_managed_prefix_list_entry_2.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS EC2 Managed Prefix List Entries, providing + details such as the CIDR block, description, and the prefix list ID. This table + is useful for understanding the IP address ranges included in a managed prefix list. ID: aws_ec2_managed_prefix_list_entry_2 -Title: "Find AWS EC2 Managed Prefix List Entries with Details" -Description: "Allows users to query AWS EC2 Managed Prefix List Entries, providing details such as the CIDR block, description, and the prefix list ID. This table is useful for understanding the IP address ranges included in a managed prefix list." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - l.name, - l.id, - e.cidr, - e.description, - l.state, - l.owner_id - from - aws_ec2_managed_prefix_list_entry as e, - aws_ec2_managed_prefix_list as l - where - l.owner_id <> 'AWS'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n l.name,\n l.id,\n e.cidr,\n e.description,\n l.state,\n\ + \ l.owner_id\nfrom\n aws_ec2_managed_prefix_list_entry as e,\n aws_ec2_managed_prefix_list\ + \ as l\nwhere\n l.owner_id <> 'AWS';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find AWS EC2 Managed Prefix List Entries with Details diff --git a/queries/aws_ec2_managed_prefix_list_entry_3.yaml b/queries/aws_ec2_managed_prefix_list_entry_3.yaml index f26588d15..cf0d46710 100755 --- a/queries/aws_ec2_managed_prefix_list_entry_3.yaml +++ b/queries/aws_ec2_managed_prefix_list_entry_3.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS EC2 Managed Prefix List Entries, providing + details such as the CIDR block, description, and the prefix list ID. This table + is useful for understanding the IP address ranges included in a managed prefix list. ID: aws_ec2_managed_prefix_list_entry_3 -Title: "List AWS EC2 Managed Prefix List Entries with Details" -Description: "Allows users to query AWS EC2 Managed Prefix List Entries, providing details such as the CIDR block, description, and the prefix list ID. This table is useful for understanding the IP address ranges included in a managed prefix list." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - prefix_list_id, - count(cidr) as numbers_of_entries - from - aws_ec2_managed_prefix_list_entry - group by - prefix_list_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n prefix_list_id,\n count(cidr) as numbers_of_entries\n\ + from\n aws_ec2_managed_prefix_list_entry\ngroup by\n prefix_list_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List AWS EC2 Managed Prefix List Entries with Details diff --git a/queries/aws_ec2_network_interface_1.yaml b/queries/aws_ec2_network_interface_1.yaml index 70a1b98c4..e7a6b4e8c 100755 --- a/queries/aws_ec2_network_interface_1.yaml +++ b/queries/aws_ec2_network_interface_1.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS EC2 Network Interfaces and provides comprehensive + details about each interface, including its associated instances, security groups, + and subnet information. ID: aws_ec2_network_interface_1 -Title: "Find all AWS EC2 Network Interfaces & Associated Details" -Description: "Allows users to query AWS EC2 Network Interfaces and provides comprehensive details about each interface, including its associated instances, security groups, and subnet information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - network_interface_id, - interface_type, - description, - private_ip_address, - association_public_ip, - mac_address - from - aws_ec2_network_interface; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n network_interface_id,\n interface_type,\n description,\n\ + \ private_ip_address,\n association_public_ip,\n mac_address\nfrom\n aws_ec2_network_interface;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find all AWS EC2 Network Interfaces & Associated Details diff --git a/queries/aws_ec2_network_interface_2.yaml b/queries/aws_ec2_network_interface_2.yaml index 52b6f0187..f43c22dd3 100755 --- a/queries/aws_ec2_network_interface_2.yaml +++ b/queries/aws_ec2_network_interface_2.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS EC2 Network Interfaces and provides comprehensive + details about each interface, including its associated instances, security groups, + and subnet information. ID: aws_ec2_network_interface_2 -Title: "Find AWS EC2 Network Interfaces and Details" -Description: "Allows users to query AWS EC2 Network Interfaces and provides comprehensive details about each interface, including its associated instances, security groups, and subnet information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - network_interface_id, - interface_type, - description, - private_ip_address, - association_public_ip, - mac_address - from - aws_ec2_network_interface - where - private_ip_address :: cidr <<= '10.66.0.0/16'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n network_interface_id,\n interface_type,\n description,\n\ + \ private_ip_address,\n association_public_ip,\n mac_address\nfrom\n aws_ec2_network_interface\n\ + where\n private_ip_address :: cidr <<= '10.66.0.0/16';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find AWS EC2 Network Interfaces and Details diff --git a/queries/aws_ec2_network_interface_3.yaml b/queries/aws_ec2_network_interface_3.yaml index 5f34fc464..c538df615 100755 --- a/queries/aws_ec2_network_interface_3.yaml +++ b/queries/aws_ec2_network_interface_3.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS EC2 Network Interfaces and provides comprehensive + details about each interface, including its associated instances, security groups, + and subnet information. ID: aws_ec2_network_interface_3 -Title: "Find Details of AWS EC2 Network Interfaces" -Description: "Allows users to query AWS EC2 Network Interfaces and provides comprehensive details about each interface, including its associated instances, security groups, and subnet information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - interface_type, - count(interface_type) as count - from - aws_ec2_network_interface - group by - interface_type - order by - count desc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n interface_type,\n count(interface_type) as count\nfrom\n\ + \ aws_ec2_network_interface\ngroup by\n interface_type\norder by\n count desc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find Details of AWS EC2 Network Interfaces diff --git a/queries/aws_ec2_network_interface_4.yaml b/queries/aws_ec2_network_interface_4.yaml index e719df560..c5a401d08 100755 --- a/queries/aws_ec2_network_interface_4.yaml +++ b/queries/aws_ec2_network_interface_4.yaml @@ -1,29 +1,25 @@ +Description: Allows users to query AWS EC2 Network Interfaces and provides comprehensive + details about each interface, including its associated instances, security groups, + and subnet information. ID: aws_ec2_network_interface_4 -Title: "List all AWS EC2 Network Interfaces and Associated Details" -Description: "Allows users to query AWS EC2 Network Interfaces and provides comprehensive details about each interface, including its associated instances, security groups, and subnet information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - network_interface_id as eni, - sg ->> 'GroupId' as "security group id", - sg ->> 'GroupName' as "security group name" - from - aws_ec2_network_interface - cross join jsonb_array_elements(groups) as sg - order by - eni; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n network_interface_id as eni,\n sg ->> 'GroupId' as \"\ + security group id\",\n sg ->> 'GroupName' as \"security group name\"\nfrom\n\ + \ aws_ec2_network_interface\n cross join jsonb_array_elements(groups) as sg\n\ + order by\n eni;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Network Interfaces and Associated Details diff --git a/queries/aws_ec2_network_interface_5.yaml b/queries/aws_ec2_network_interface_5.yaml index 3fd6bc8db..fd6776717 100755 --- a/queries/aws_ec2_network_interface_5.yaml +++ b/queries/aws_ec2_network_interface_5.yaml @@ -1,33 +1,24 @@ +Description: Allows users to query AWS EC2 Network Interfaces and provides comprehensive + details about each interface, including its associated instances, security groups, + and subnet information. ID: aws_ec2_network_interface_5 -Title: "Find AWS EC2 Network Interfaces and Details" -Description: "Allows users to query AWS EC2 Network Interfaces and provides comprehensive details about each interface, including its associated instances, security groups, and subnet information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - e.network_interface_id, - v.vpc_id, - v.is_default, - v.cidr_block, - v.state, - v.account_id, - v.region - from - aws_ec2_network_interface e, - aws_vpc v - where - e.vpc_id = v.vpc_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n e.network_interface_id,\n v.vpc_id,\n v.is_default,\n\ + \ v.cidr_block,\n v.state,\n v.account_id,\n v.region\nfrom\n aws_ec2_network_interface\ + \ e,\n aws_vpc v\nwhere \n e.vpc_id = v.vpc_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find AWS EC2 Network Interfaces and Details diff --git a/queries/aws_ec2_network_load_balancer_1.yaml b/queries/aws_ec2_network_load_balancer_1.yaml index 3178af29e..0e74e5b11 100755 --- a/queries/aws_ec2_network_load_balancer_1.yaml +++ b/queries/aws_ec2_network_load_balancer_1.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS EC2 Network Load Balancer data including configuration, + status, and other related information. ID: aws_ec2_network_load_balancer_1 -Title: "List all AWS EC2 Network Load Balancer Configurations" -Description: "Allows users to query AWS EC2 Network Load Balancer data including configuration, status, and other related information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - count(az ->> 'ZoneName') as zone_count - from - aws_ec2_network_load_balancer - cross join jsonb_array_elements(availability_zones) as az - group by - name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n count(az ->> 'ZoneName') as zone_count\nfrom\n\ + \ aws_ec2_network_load_balancer\n cross join jsonb_array_elements(availability_zones)\ + \ as az\ngroup by\n name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Network Load Balancer +Title: List all AWS EC2 Network Load Balancer Configurations diff --git a/queries/aws_ec2_network_load_balancer_2.yaml b/queries/aws_ec2_network_load_balancer_2.yaml index bd99f567c..2b04d0b2a 100755 --- a/queries/aws_ec2_network_load_balancer_2.yaml +++ b/queries/aws_ec2_network_load_balancer_2.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS EC2 Network Load Balancer data including configuration, + status, and other related information. ID: aws_ec2_network_load_balancer_2 -Title: "Find AWS EC2 Network Load Balancer Configuration and Status" -Description: "Allows users to query AWS EC2 Network Load Balancer data including configuration, status, and other related information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - lb ->> 'Key' as cross_zone, - lb ->> 'Value' as cross_zone_value - from - aws_ec2_network_load_balancer - cross join jsonb_array_elements(load_balancer_attributes) as lb - where - lb ->> 'Key' = 'load_balancing.cross_zone.enabled' - and lb ->> 'Value' = 'false'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n lb ->> 'Key' as cross_zone,\n lb ->> 'Value'\ + \ as cross_zone_value\nfrom\n aws_ec2_network_load_balancer\n cross join jsonb_array_elements(load_balancer_attributes)\ + \ as lb\nwhere\n lb ->> 'Key' = 'load_balancing.cross_zone.enabled'\n and lb\ + \ ->> 'Value' = 'false';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Network Load Balancer +Title: Find AWS EC2 Network Load Balancer Configuration and Status diff --git a/queries/aws_ec2_network_load_balancer_3.yaml b/queries/aws_ec2_network_load_balancer_3.yaml index f26ca0592..97f9dbe6a 100755 --- a/queries/aws_ec2_network_load_balancer_3.yaml +++ b/queries/aws_ec2_network_load_balancer_3.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS EC2 Network Load Balancer data including configuration, + status, and other related information. ID: aws_ec2_network_load_balancer_3 -Title: "Find AWS EC2 NLB with Access Logs Disabled" -Description: "Allows users to query AWS EC2 Network Load Balancer data including configuration, status, and other related information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - lb ->> 'Key' as logging_key, - lb ->> 'Value' as logging_value - from - aws_ec2_network_load_balancer - cross join jsonb_array_elements(load_balancer_attributes) as lb - where - lb ->> 'Key' = 'access_logs.s3.enabled' - and lb ->> 'Value' = 'false'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n lb ->> 'Key' as logging_key,\n lb ->> 'Value'\ + \ as logging_value\nfrom\n aws_ec2_network_load_balancer\n cross join jsonb_array_elements(load_balancer_attributes)\ + \ as lb\nwhere\n lb ->> 'Key' = 'access_logs.s3.enabled'\n and lb ->> 'Value'\ + \ = 'false';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Network Load Balancer +Title: Find AWS EC2 NLB with Access Logs Disabled diff --git a/queries/aws_ec2_network_load_balancer_4.yaml b/queries/aws_ec2_network_load_balancer_4.yaml index 0154fa43b..709b21a2d 100755 --- a/queries/aws_ec2_network_load_balancer_4.yaml +++ b/queries/aws_ec2_network_load_balancer_4.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS EC2 Network Load Balancer data including configuration, + status, and other related information. ID: aws_ec2_network_load_balancer_4 -Title: "List all AWS EC2 Network Load Balancer Deletion Protection" -Description: "Allows users to query AWS EC2 Network Load Balancer data including configuration, status, and other related information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - lb ->> 'Key' as deletion_protection_key, - lb ->> 'Value' as deletion_protection_value - from - aws_ec2_network_load_balancer - cross join jsonb_array_elements(load_balancer_attributes) as lb - where - lb ->> 'Key' = 'deletion_protection.enabled' - and lb ->> 'Value' = 'false'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n lb ->> 'Key' as deletion_protection_key,\n \ + \ lb ->> 'Value' as deletion_protection_value\nfrom\n aws_ec2_network_load_balancer\n\ + \ cross join jsonb_array_elements(load_balancer_attributes) as lb\nwhere\n lb\ + \ ->> 'Key' = 'deletion_protection.enabled'\n and lb ->> 'Value' = 'false';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Network Load Balancer +Title: List all AWS EC2 Network Load Balancer Deletion Protection diff --git a/queries/aws_ec2_network_load_balancer_metric_net_flow_count_1.yaml b/queries/aws_ec2_network_load_balancer_metric_net_flow_count_1.yaml index 98383ce0c..4e94d4a0e 100755 --- a/queries/aws_ec2_network_load_balancer_metric_net_flow_count_1.yaml +++ b/queries/aws_ec2_network_load_balancer_metric_net_flow_count_1.yaml @@ -1,33 +1,24 @@ +Description: Allows users to query AWS EC2 Network Load Balancer Metrics for net flow + count data. This includes information such as the number of new or terminated flows + per minute from a network load balancer. ID: aws_ec2_network_load_balancer_metric_net_flow_count_1 -Title: "Query AWS EC2 Network Load Balancer Net Flow Counts" -Description: "Allows users to query AWS EC2 Network Load Balancer Metrics for net flow count data. This includes information such as the number of new or terminated flows per minute from a network load balancer." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - metric_name, - namespace, - maximum, - minimum, - sample_count, - timestamp - from - aws_ec2_network_load_balancer_metric_net_flow_count - order by - name, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n metric_name,\n namespace,\n maximum,\n minimum,\n\ + \ sample_count,\n timestamp\nfrom\n aws_ec2_network_load_balancer_metric_net_flow_count\n\ + order by\n name,\n timestamp;" Tags: cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Network Load Balancer +Title: Query AWS EC2 Network Load Balancer Net Flow Counts diff --git a/queries/aws_ec2_network_load_balancer_metric_net_flow_count_2.yaml b/queries/aws_ec2_network_load_balancer_metric_net_flow_count_2.yaml index 2161c86c7..87c3a1c3b 100755 --- a/queries/aws_ec2_network_load_balancer_metric_net_flow_count_2.yaml +++ b/queries/aws_ec2_network_load_balancer_metric_net_flow_count_2.yaml @@ -1,36 +1,24 @@ +Description: Allows users to query AWS EC2 Network Load Balancer Metrics for net flow + count data. This includes information such as the number of new or terminated flows + per minute from a network load balancer. ID: aws_ec2_network_load_balancer_metric_net_flow_count_2 -Title: "Find AWS EC2 Network Load Balancer Net Flow Counts" -Description: "Allows users to query AWS EC2 Network Load Balancer Metrics for net flow count data. This includes information such as the number of new or terminated flows per minute from a network load balancer." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - metric_name, - namespace, - maximum, - minimum, - average, - sample_count, - timestamp - from - aws_ec2_network_load_balancer_metric_net_flow_count - where - average < 100 - order by - name, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n metric_name,\n namespace,\n maximum,\n minimum,\n\ + \ average,\n sample_count,\n timestamp\nfrom\n aws_ec2_network_load_balancer_metric_net_flow_count\n\ + where\n average < 100\norder by\n name,\n timestamp;" Tags: cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Network Load Balancer +Title: Find AWS EC2 Network Load Balancer Net Flow Counts diff --git a/queries/aws_ec2_network_load_balancer_metric_net_flow_count_daily_1.yaml b/queries/aws_ec2_network_load_balancer_metric_net_flow_count_daily_1.yaml index 36a7f6700..ac7ed276a 100755 --- a/queries/aws_ec2_network_load_balancer_metric_net_flow_count_daily_1.yaml +++ b/queries/aws_ec2_network_load_balancer_metric_net_flow_count_daily_1.yaml @@ -1,35 +1,26 @@ +Description: Allows users to query Network Load Balancer Metrics in EC2, specifically + the daily net flow count, providing insights into network traffic patterns and potential + anomalies. ID: aws_ec2_network_load_balancer_metric_net_flow_count_daily_1 -Title: "Find Network Load Balancer Metrics and Traffic Patterns" -Description: "Allows users to query Network Load Balancer Metrics in EC2, specifically the daily net flow count, providing insights into network traffic patterns and potential anomalies." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - metric_name, - namespace, - maximum, - minimum, - sample_count, - timestamp - from - aws_ec2_network_load_balancer_metric_net_flow_count_daily - order by - name, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n metric_name,\n namespace,\n maximum,\n minimum,\n\ + \ sample_count,\n timestamp\nfrom\n aws_ec2_network_load_balancer_metric_net_flow_count_daily\n\ + order by\n name,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Network Load Balancer +Title: Find Network Load Balancer Metrics and Traffic Patterns diff --git a/queries/aws_ec2_network_load_balancer_metric_net_flow_count_daily_2.yaml b/queries/aws_ec2_network_load_balancer_metric_net_flow_count_daily_2.yaml index feb5203d0..c4f1647ed 100755 --- a/queries/aws_ec2_network_load_balancer_metric_net_flow_count_daily_2.yaml +++ b/queries/aws_ec2_network_load_balancer_metric_net_flow_count_daily_2.yaml @@ -1,36 +1,24 @@ +Description: Allows users to query Network Load Balancer Metrics in EC2, specifically + the daily net flow count, providing insights into network traffic patterns and potential + anomalies. ID: aws_ec2_network_load_balancer_metric_net_flow_count_daily_2 -Title: "List Network Load Balancer Metrics in EC2 Daily" -Description: "Allows users to query Network Load Balancer Metrics in EC2, specifically the daily net flow count, providing insights into network traffic patterns and potential anomalies." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - metric_name, - namespace, - maximum, - minimum, - average, - sample_count, - timestamp - from - aws_ec2_network_load_balancer_metric_net_flow_count_daily - where - average < 100 - order by - name, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n metric_name,\n namespace,\n maximum,\n minimum,\n\ + \ average,\n sample_count,\n timestamp\nfrom\n aws_ec2_network_load_balancer_metric_net_flow_count_daily\n\ + where\n average < 100\norder by\n name,\n timestamp;" Tags: cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Network Load Balancer +Title: List Network Load Balancer Metrics in EC2 Daily diff --git a/queries/aws_ec2_regional_settings_1.yaml b/queries/aws_ec2_regional_settings_1.yaml index f2fb7faf4..9a1fa0614 100755 --- a/queries/aws_ec2_regional_settings_1.yaml +++ b/queries/aws_ec2_regional_settings_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS EC2 regional settings, including default EBS + encryption and default EBS encryption KMS key. ID: aws_ec2_regional_settings_1 -Title: "List AWS EC2 Regional Settings including EBS Encryption" -Description: "Allows users to query AWS EC2 regional settings, including default EBS encryption and default EBS encryption KMS key." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - default_ebs_encryption_enabled, - default_ebs_encryption_key, - title, - region - from - aws_ec2_regional_settings; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n default_ebs_encryption_enabled,\n default_ebs_encryption_key,\n\ + \ title,\n region\nfrom\n aws_ec2_regional_settings;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List AWS EC2 Regional Settings including EBS Encryption diff --git a/queries/aws_ec2_regional_settings_2.yaml b/queries/aws_ec2_regional_settings_2.yaml index ea3b7d5ab..27437b1a7 100755 --- a/queries/aws_ec2_regional_settings_2.yaml +++ b/queries/aws_ec2_regional_settings_2.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS EC2 regional settings, including default EBS + encryption and default EBS encryption KMS key. ID: aws_ec2_regional_settings_2 -Title: "List all AWS EC2 Regional Settings including EBS encryption" -Description: "Allows users to query AWS EC2 regional settings, including default EBS encryption and default EBS encryption KMS key." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - default_ebs_encryption_enabled, - default_ebs_encryption_key, - title, - region - from - aws_ec2_regional_settings - where - region = 'ap-south-1'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n default_ebs_encryption_enabled,\n default_ebs_encryption_key,\n\ + \ title,\n region\nfrom\n aws_ec2_regional_settings\nwhere\n region = 'ap-south-1';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Regional Settings including EBS encryption diff --git a/queries/aws_ec2_regional_settings_3.yaml b/queries/aws_ec2_regional_settings_3.yaml index 41d1587f3..6503af220 100755 --- a/queries/aws_ec2_regional_settings_3.yaml +++ b/queries/aws_ec2_regional_settings_3.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS EC2 regional settings, including default EBS + encryption and default EBS encryption KMS key. ID: aws_ec2_regional_settings_3 -Title: "List All AWS EC2 Regions With Encryption Settings" -Description: "Allows users to query AWS EC2 regional settings, including default EBS encryption and default EBS encryption KMS key." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - region, - default_ebs_encryption_enabled, - default_ebs_encryption_key - from - aws_ec2_regional_settings - where - default_ebs_encryption_enabled; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n region,\n default_ebs_encryption_enabled,\n default_ebs_encryption_key\n\ + from\n aws_ec2_regional_settings\nwhere\n default_ebs_encryption_enabled;" Tags: cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List All AWS EC2 Regions With Encryption Settings diff --git a/queries/aws_ec2_reserved_instance_1.yaml b/queries/aws_ec2_reserved_instance_1.yaml index 47fcfb494..6068af389 100755 --- a/queries/aws_ec2_reserved_instance_1.yaml +++ b/queries/aws_ec2_reserved_instance_1.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS EC2 Reserved Instances to gather comprehensive + insights on the reserved instances, such as their configurations, state, and associated + tags. ID: aws_ec2_reserved_instance_1 -Title: "Find AWS EC2 Reserved Instances: Configurations and State" -Description: "Allows users to query AWS EC2 Reserved Instances to gather comprehensive insights on the reserved instances, such as their configurations, state, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - reserved_instance_id, - arn, - instance_type, - instance_state, - currency_code, - CAST(fixed_price AS varchar), - offering_class, scope, - CAST(usage_price AS varchar) - from - aws_ec2_reserved_instance; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n reserved_instance_id,\n arn,\n instance_type,\n instance_state,\n\ + \ currency_code,\n CAST(fixed_price AS varchar),\n offering_class, scope,\n\ + \ CAST(usage_price AS varchar)\nfrom\n aws_ec2_reserved_instance;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: 'Find AWS EC2 Reserved Instances: Configurations and State' diff --git a/queries/aws_ec2_reserved_instance_2.yaml b/queries/aws_ec2_reserved_instance_2.yaml index 07354e644..8ae4de43f 100755 --- a/queries/aws_ec2_reserved_instance_2.yaml +++ b/queries/aws_ec2_reserved_instance_2.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS EC2 Reserved Instances to gather comprehensive + insights on the reserved instances, such as their configurations, state, and associated + tags. ID: aws_ec2_reserved_instance_2 -Title: "Find AWS EC2 Reserved Instances by Type" -Description: "Allows users to query AWS EC2 Reserved Instances to gather comprehensive insights on the reserved instances, such as their configurations, state, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_type, - count(instance_count) as count - from - aws_ec2_reserved_instance - group by - instance_type; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_type,\n count(instance_count) as count\nfrom\n\ + \ aws_ec2_reserved_instance\ngroup by\n instance_type;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find AWS EC2 Reserved Instances by Type diff --git a/queries/aws_ec2_reserved_instance_3.yaml b/queries/aws_ec2_reserved_instance_3.yaml index 0d3af6fc1..82597cdd7 100755 --- a/queries/aws_ec2_reserved_instance_3.yaml +++ b/queries/aws_ec2_reserved_instance_3.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS EC2 Reserved Instances to gather comprehensive + insights on the reserved instances, such as their configurations, state, and associated + tags. ID: aws_ec2_reserved_instance_3 -Title: "List all AWS EC2 Reserved Instances and their configurations" -Description: "Allows users to query AWS EC2 Reserved Instances to gather comprehensive insights on the reserved instances, such as their configurations, state, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_type, - count(*) as count - from - aws_ec2_reserved_instance - where - instance_type not in ('t2.large', 'm3.medium') - group by - instance_type; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_type,\n count(*) as count\nfrom\n aws_ec2_reserved_instance\n\ + where\n instance_type not in ('t2.large', 'm3.medium')\ngroup by\n instance_type;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Reserved Instances +Title: List all AWS EC2 Reserved Instances and their configurations diff --git a/queries/aws_ec2_reserved_instance_4.yaml b/queries/aws_ec2_reserved_instance_4.yaml index a96702505..676660d59 100755 --- a/queries/aws_ec2_reserved_instance_4.yaml +++ b/queries/aws_ec2_reserved_instance_4.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS EC2 Reserved Instances to gather comprehensive + insights on the reserved instances, such as their configurations, state, and associated + tags. ID: aws_ec2_reserved_instance_4 -Title: "List all AWS EC2 Reserved Instances and configurations" -Description: "Allows users to query AWS EC2 Reserved Instances to gather comprehensive insights on the reserved instances, such as their configurations, state, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - reserved_instance_id, - instance_type, - offering_class - from - aws_ec2_reserved_instance - where - offering_class = 'standard'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n reserved_instance_id,\n instance_type,\n offering_class\n\ + from\n aws_ec2_reserved_instance\nwhere\n offering_class = 'standard';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Reserved Instances and configurations diff --git a/queries/aws_ec2_reserved_instance_5.yaml b/queries/aws_ec2_reserved_instance_5.yaml index e198f74b3..6ffc6f447 100755 --- a/queries/aws_ec2_reserved_instance_5.yaml +++ b/queries/aws_ec2_reserved_instance_5.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS EC2 Reserved Instances to gather comprehensive + insights on the reserved instances, such as their configurations, state, and associated + tags. ID: aws_ec2_reserved_instance_5 -Title: "Find AWS EC2 Reserved Instances and Their Configurations" -Description: "Allows users to query AWS EC2 Reserved Instances to gather comprehensive insights on the reserved instances, such as their configurations, state, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - reserved_instance_id, - instance_type, - instance_state - from - aws_ec2_reserved_instance - where - instance_state = 'active'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n reserved_instance_id,\n instance_type,\n instance_state\n\ + from\n aws_ec2_reserved_instance\nwhere\n instance_state = 'active';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find AWS EC2 Reserved Instances and Their Configurations diff --git a/queries/aws_ec2_spot_price_1.yaml b/queries/aws_ec2_spot_price_1.yaml index 3d0a18e72..9ec7be605 100755 --- a/queries/aws_ec2_spot_price_1.yaml +++ b/queries/aws_ec2_spot_price_1.yaml @@ -1,37 +1,26 @@ +Description: Allows users to query AWS EC2 Spot Price data, including information + about the instance type, product description, spot price, and the date and time + the price was set. ID: aws_ec2_spot_price_1 -Title: "Find AWS EC2 Spot Price Data for Specific Instances" -Description: "Allows users to query AWS EC2 Spot Price data, including information about the instance type, product description, spot price, and the date and time the price was set." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - availability_zone, - instance_type, - product_description, - spot_price::numeric as spot_price, - create_timestamp as start_time, - lead(create_timestamp, 1, now()) over (partition by instance_type, availability_zone, product_description order by create_timestamp) as stop_time - from - aws_ec2_spot_price - where - instance_type = 'm5.4xlarge' - and product_description = 'Linux/UNIX' - and availability_zone in - ( - 'eu-west-3a', - 'eu-west-3b' - ) - and start_time = now() - interval '1' month - and end_time = now() - interval '1' minute; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n availability_zone,\n instance_type,\n product_description,\n\ + \ spot_price::numeric as spot_price,\n create_timestamp as start_time,\n lead(create_timestamp,\ + \ 1, now()) over (partition by instance_type, availability_zone, product_description\ + \ order by create_timestamp) as stop_time\nfrom\n aws_ec2_spot_price\nwhere\n\ + \ instance_type = 'm5.4xlarge'\n and product_description = 'Linux/UNIX'\n and\ + \ availability_zone in\n (\n 'eu-west-3a',\n 'eu-west-3b'\n )\n and start_time\ + \ = now() - interval '1' month\n and end_time = now() - interval '1' minute;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find AWS EC2 Spot Price Data for Specific Instances diff --git a/queries/aws_ec2_ssl_policy_1.yaml b/queries/aws_ec2_ssl_policy_1.yaml index d83bdafe2..cb359f6d9 100755 --- a/queries/aws_ec2_ssl_policy_1.yaml +++ b/queries/aws_ec2_ssl_policy_1.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS EC2 SSL Policies to retrieve detailed information + about SSL policies used in AWS EC2 Load Balancers. ID: aws_ec2_ssl_policy_1 -Title: "Find AWS EC2 SSL Policies Used in Load Balancers" -Description: "Allows users to query AWS EC2 SSL Policies to retrieve detailed information about SSL policies used in AWS EC2 Load Balancers." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - ssl_protocols - from - aws_ec2_ssl_policy; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n ssl_protocols\nfrom\n aws_ec2_ssl_policy;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find AWS EC2 SSL Policies Used in Load Balancers diff --git a/queries/aws_ec2_ssl_policy_2.yaml b/queries/aws_ec2_ssl_policy_2.yaml index db13e6563..2e3bd8954 100755 --- a/queries/aws_ec2_ssl_policy_2.yaml +++ b/queries/aws_ec2_ssl_policy_2.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS EC2 SSL Policies to retrieve detailed information + about SSL policies used in AWS EC2 Load Balancers. ID: aws_ec2_ssl_policy_2 -Title: "Find AWS EC2 SSL Policies Used in Load Balancers" -Description: "Allows users to query AWS EC2 SSL Policies to retrieve detailed information about SSL policies used in AWS EC2 Load Balancers." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - ssl_policy - from - aws_ec2_load_balancer_listener listener - join - aws_ec2_ssl_policy ssl_policy - on - listener.ssl_policy = ssl_policy.Name - where - ssl_policy.ciphers @> '[{"Name":"DES-CBC3-SHA"}]'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n ssl_policy\nfrom\n aws_ec2_load_balancer_listener\ + \ listener\njoin \n aws_ec2_ssl_policy ssl_policy\non\n listener.ssl_policy\ + \ = ssl_policy.Name\nwhere\n ssl_policy.ciphers @> '[{\"Name\":\"DES-CBC3-SHA\"\ + }]';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find AWS EC2 SSL Policies Used in Load Balancers diff --git a/queries/aws_ec2_target_group_1.yaml b/queries/aws_ec2_target_group_1.yaml index a3a539b82..e97b7f1ac 100755 --- a/queries/aws_ec2_target_group_1.yaml +++ b/queries/aws_ec2_target_group_1.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS EC2 Target Groups and provides information + about each Target Group within an AWS account. ID: aws_ec2_target_group_1 -Title: "Find EC2 Target Groups in AWS Account" -Description: "Allows users to query AWS EC2 Target Groups and provides information about each Target Group within an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - target_group_name, - target_type, - load_balancer_arns, - vpc_id - from - aws_ec2_target_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n target_group_name,\n target_type,\n load_balancer_arns,\n\ + \ vpc_id\nfrom\n aws_ec2_target_group;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find EC2 Target Groups in AWS Account diff --git a/queries/aws_ec2_target_group_2.yaml b/queries/aws_ec2_target_group_2.yaml index 6476dcdc0..65644b2c5 100755 --- a/queries/aws_ec2_target_group_2.yaml +++ b/queries/aws_ec2_target_group_2.yaml @@ -1,32 +1,22 @@ +Description: Allows users to query AWS EC2 Target Groups and provides information + about each Target Group within an AWS account. ID: aws_ec2_target_group_2 -Title: "Find AWS EC2 Target Groups with Health Check Info" -Description: "Allows users to query AWS EC2 Target Groups and provides information about each Target Group within an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - health_check_enabled, - protocol, - matcher_http_code, - healthy_threshold_count, - unhealthy_threshold_count, - health_check_enabled, - health_check_interval_seconds, - health_check_path, - health_check_port, - health_check_protocol, - health_check_timeout_seconds - from - aws_ec2_target_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n health_check_enabled,\n protocol,\n matcher_http_code,\n\ + \ healthy_threshold_count,\n unhealthy_threshold_count,\n health_check_enabled,\n\ + \ health_check_interval_seconds,\n health_check_path,\n health_check_port,\n\ + \ health_check_protocol,\n health_check_timeout_seconds\nfrom\n aws_ec2_target_group;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find AWS EC2 Target Groups with Health Check Info diff --git a/queries/aws_ec2_target_group_3.yaml b/queries/aws_ec2_target_group_3.yaml index ec8d2508b..6ca05bba0 100755 --- a/queries/aws_ec2_target_group_3.yaml +++ b/queries/aws_ec2_target_group_3.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS EC2 Target Groups and provides information + about each Target Group within an AWS account. ID: aws_ec2_target_group_3 -Title: "List all AWS EC2 Target Groups and Relevant Details" -Description: "Allows users to query AWS EC2 Target Groups and provides information about each Target Group within an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - target_group_name, - target_type, - target -> 'Target' ->> 'AvailabilityZone' as availability_zone, - target -> 'Target' ->> 'Id' as id, - target -> 'Target' ->> 'Port' as port - from - aws_ec2_target_group - cross join jsonb_array_elements(target_health_descriptions) as target; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n target_group_name,\n target_type,\n target -> 'Target'\ + \ ->> 'AvailabilityZone' as availability_zone,\n target -> 'Target' ->> 'Id'\ + \ as id,\n target -> 'Target' ->> 'Port' as port\nfrom\n aws_ec2_target_group\n\ + \ cross join jsonb_array_elements(target_health_descriptions) as target;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS EC2 +Title: List all AWS EC2 Target Groups and Relevant Details diff --git a/queries/aws_ec2_target_group_4.yaml b/queries/aws_ec2_target_group_4.yaml index 4e856e479..319671f23 100755 --- a/queries/aws_ec2_target_group_4.yaml +++ b/queries/aws_ec2_target_group_4.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS EC2 Target Groups and provides information + about each Target Group within an AWS account. ID: aws_ec2_target_group_4 -Title: "Find all AWS EC2 Target Groups and their states" -Description: "Allows users to query AWS EC2 Target Groups and provides information about each Target Group within an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - target_group_name, - target_type, - target -> 'TargetHealth' ->> 'Description' as description, - target -> 'TargetHealth' ->> 'Reason' reason, - target -> 'TargetHealth' ->> 'State' as state - from - aws_ec2_target_group - cross join jsonb_array_elements(target_health_descriptions) as target; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n target_group_name,\n target_type,\n target -> 'TargetHealth'\ + \ ->> 'Description' as description,\n target -> 'TargetHealth' ->> 'Reason' reason,\n\ + \ target -> 'TargetHealth' ->> 'State' as state\nfrom\n aws_ec2_target_group\n\ + \ cross join jsonb_array_elements(target_health_descriptions) as target;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: Find all AWS EC2 Target Groups and their states diff --git a/queries/aws_ec2_transit_gateway_1.yaml b/queries/aws_ec2_transit_gateway_1.yaml index 02464c654..fe0b68458 100755 --- a/queries/aws_ec2_transit_gateway_1.yaml +++ b/queries/aws_ec2_transit_gateway_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS EC2 Transit Gateway resources for detailed + information on configuration, status, and associations. ID: aws_ec2_transit_gateway_1 -Title: "List all AWS EC2 Transit Gateway configurations and statuses" -Description: "Allows users to query AWS EC2 Transit Gateway resources for detailed information on configuration, status, and associations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - transit_gateway_id, - state, - owner_id, - creation_time - from - aws_ec2_transit_gateway; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n transit_gateway_id,\n state,\n owner_id,\n creation_time\n\ + from\n aws_ec2_transit_gateway;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Transit Gateway +Title: List all AWS EC2 Transit Gateway configurations and statuses diff --git a/queries/aws_ec2_transit_gateway_2.yaml b/queries/aws_ec2_transit_gateway_2.yaml index 214090973..b3a8e202c 100755 --- a/queries/aws_ec2_transit_gateway_2.yaml +++ b/queries/aws_ec2_transit_gateway_2.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS EC2 Transit Gateway resources for detailed + information on configuration, status, and associations. ID: aws_ec2_transit_gateway_2 -Title: "Find AWS EC2 Transit Gateway Configuration Details" -Description: "Allows users to query AWS EC2 Transit Gateway resources for detailed information on configuration, status, and associations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - transit_gateway_id, - auto_accept_shared_attachments - from - aws_ec2_transit_gateway - where - auto_accept_shared_attachments = 'enable'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n transit_gateway_id,\n auto_accept_shared_attachments\n\ + from\n aws_ec2_transit_gateway\nwhere\n auto_accept_shared_attachments = 'enable';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Transit Gateway +Title: Find AWS EC2 Transit Gateway Configuration Details diff --git a/queries/aws_ec2_transit_gateway_3.yaml b/queries/aws_ec2_transit_gateway_3.yaml index c7327a7b9..8166736a6 100755 --- a/queries/aws_ec2_transit_gateway_3.yaml +++ b/queries/aws_ec2_transit_gateway_3.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS EC2 Transit Gateway resources for detailed + information on configuration, status, and associations. ID: aws_ec2_transit_gateway_3 -Title: "Find AWS EC2 Transit Gateway Configuration and Status" -Description: "Allows users to query AWS EC2 Transit Gateway resources for detailed information on configuration, status, and associations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - association_default_route_table_id, - count(transit_gateway_id) as transit_gateway - from - aws_ec2_transit_gateway - group by - association_default_route_table_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n association_default_route_table_id,\n count(transit_gateway_id)\ + \ as transit_gateway\nfrom\n aws_ec2_transit_gateway\ngroup by\n association_default_route_table_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Transit Gateway +Title: Find AWS EC2 Transit Gateway Configuration and Status diff --git a/queries/aws_ec2_transit_gateway_4.yaml b/queries/aws_ec2_transit_gateway_4.yaml index 4a8f33276..978e63700 100755 --- a/queries/aws_ec2_transit_gateway_4.yaml +++ b/queries/aws_ec2_transit_gateway_4.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS EC2 Transit Gateway resources for detailed + information on configuration, status, and associations. ID: aws_ec2_transit_gateway_4 -Title: "Find AWS EC2 Transit Gateway Details" -Description: "Allows users to query AWS EC2 Transit Gateway resources for detailed information on configuration, status, and associations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - transit_gateway_id, - tags - from - aws_ec2_transit_gateway - where - not tags :: JSONB ? 'application'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n transit_gateway_id,\n tags\nfrom\n aws_ec2_transit_gateway\n\ + where\n not tags :: JSONB ? 'application';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Transit Gateway +Title: Find AWS EC2 Transit Gateway Details diff --git a/queries/aws_ec2_transit_gateway_route_1.yaml b/queries/aws_ec2_transit_gateway_route_1.yaml index 50cb9bf6c..b1dd3e590 100755 --- a/queries/aws_ec2_transit_gateway_route_1.yaml +++ b/queries/aws_ec2_transit_gateway_route_1.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS EC2 Transit Gateway Routes for detailed information + about each route, including the destination CIDR block, the route''s current state, + and the transit gateway attachments. ID: aws_ec2_transit_gateway_route_1 -Title: "Find AWS EC2 Transit Gateway Routes Information" -Description: "Allows users to query AWS EC2 Transit Gateway Routes for detailed information about each route, including the destination CIDR block, the route''s current state, and the transit gateway attachments." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - transit_gateway_route_table_id, - destination_cidr_block, - prefix_list_id, - state, - type - from - aws_ec2_transit_gateway_route; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n transit_gateway_route_table_id,\n destination_cidr_block,\n\ + \ prefix_list_id,\n state,\n type\nfrom\n aws_ec2_transit_gateway_route;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Transit Gateway +Title: Find AWS EC2 Transit Gateway Routes Information diff --git a/queries/aws_ec2_transit_gateway_route_2.yaml b/queries/aws_ec2_transit_gateway_route_2.yaml index 2e86ed118..85a23b094 100755 --- a/queries/aws_ec2_transit_gateway_route_2.yaml +++ b/queries/aws_ec2_transit_gateway_route_2.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS EC2 Transit Gateway Routes for detailed information + about each route, including the destination CIDR block, the route''s current state, + and the transit gateway attachments. ID: aws_ec2_transit_gateway_route_2 -Title: "Find All AWS EC2 Transit Gateway Routes by State" -Description: "Allows users to query AWS EC2 Transit Gateway Routes for detailed information about each route, including the destination CIDR block, the route''s current state, and the transit gateway attachments." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - transit_gateway_route_table_id, - destination_cidr_block, - state, - type - from - aws_ec2_transit_gateway_route - where - state = 'active'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n transit_gateway_route_table_id,\n destination_cidr_block,\n\ + \ state,\n type\nfrom\n aws_ec2_transit_gateway_route\nwhere\n state = 'active';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Transit Gateway +Title: Find All AWS EC2 Transit Gateway Routes by State diff --git a/queries/aws_ec2_transit_gateway_route_table_1.yaml b/queries/aws_ec2_transit_gateway_route_table_1.yaml index ef662dee6..cd5839c82 100755 --- a/queries/aws_ec2_transit_gateway_route_table_1.yaml +++ b/queries/aws_ec2_transit_gateway_route_table_1.yaml @@ -1,25 +1,22 @@ +Description: Allows users to query AWS EC2 Transit Gateway Route Tables and retrieve + detailed information about each route table, including its ID, state, transit gateway + ID, and other associated metadata. ID: aws_ec2_transit_gateway_route_table_1 -Title: "List all AWS EC2 Transit Gateway Route Tables with Details" -Description: "Allows users to query AWS EC2 Transit Gateway Route Tables and retrieve detailed information about each route table, including its ID, state, transit gateway ID, and other associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - transit_gateway_route_table_id, - transit_gateway_id, - default_association_route_table, - default_propagation_route_table - from - aws_ec2_transit_gateway_route_table; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n transit_gateway_route_table_id,\n transit_gateway_id,\n\ + \ default_association_route_table,\n default_propagation_route_table\nfrom\n\ + \ aws_ec2_transit_gateway_route_table;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Transit Gateway +Title: List all AWS EC2 Transit Gateway Route Tables with Details diff --git a/queries/aws_ec2_transit_gateway_route_table_2.yaml b/queries/aws_ec2_transit_gateway_route_table_2.yaml index 8deb03d75..ea880d8fd 100755 --- a/queries/aws_ec2_transit_gateway_route_table_2.yaml +++ b/queries/aws_ec2_transit_gateway_route_table_2.yaml @@ -1,27 +1,24 @@ +Description: Allows users to query AWS EC2 Transit Gateway Route Tables and retrieve + detailed information about each route table, including its ID, state, transit gateway + ID, and other associated metadata. ID: aws_ec2_transit_gateway_route_table_2 -Title: "List all AWS EC2 Transit Gateway Route Tables by ID and State" -Description: "Allows users to query AWS EC2 Transit Gateway Route Tables and retrieve detailed information about each route table, including its ID, state, transit gateway ID, and other associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - transit_gateway_id, - count(transit_gateway_route_table_id) as transit_gateway_route_table_count - from - aws_ec2_transit_gateway_route_table - group by - transit_gateway_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n transit_gateway_id,\n count(transit_gateway_route_table_id)\ + \ as transit_gateway_route_table_count\nfrom\n aws_ec2_transit_gateway_route_table\n\ + group by\n transit_gateway_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Transit Gateway +Title: List all AWS EC2 Transit Gateway Route Tables by ID and State diff --git a/queries/aws_ec2_transit_gateway_vpc_attachment_1.yaml b/queries/aws_ec2_transit_gateway_vpc_attachment_1.yaml index 590087678..25a7a1055 100755 --- a/queries/aws_ec2_transit_gateway_vpc_attachment_1.yaml +++ b/queries/aws_ec2_transit_gateway_vpc_attachment_1.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS EC2 Transit Gateway VPC Attachments for details + such as the attachment state, creation time, and more. ID: aws_ec2_transit_gateway_vpc_attachment_1 -Title: "List all AWS EC2 Transit Gateway VPC Attachments" -Description: "Allows users to query AWS EC2 Transit Gateway VPC Attachments for details such as the attachment state, creation time, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - transit_gateway_attachment_id, - transit_gateway_id, - state, - transit_gateway_owner_id, - creation_time, - association_state - from - aws_ec2_transit_gateway_vpc_attachment; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n transit_gateway_attachment_id,\n transit_gateway_id,\n\ + \ state,\n transit_gateway_owner_id,\n creation_time,\n association_state\n\ + from\n aws_ec2_transit_gateway_vpc_attachment;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 +Title: List all AWS EC2 Transit Gateway VPC Attachments diff --git a/queries/aws_ec2_transit_gateway_vpc_attachment_2.yaml b/queries/aws_ec2_transit_gateway_vpc_attachment_2.yaml index 770ae5462..5dc609d75 100755 --- a/queries/aws_ec2_transit_gateway_vpc_attachment_2.yaml +++ b/queries/aws_ec2_transit_gateway_vpc_attachment_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS EC2 Transit Gateway VPC Attachments for details + such as the attachment state, creation time, and more. ID: aws_ec2_transit_gateway_vpc_attachment_2 -Title: "List all AWS EC2 Transit Gateway VPC Attachments by Resource Type" -Description: "Allows users to query AWS EC2 Transit Gateway VPC Attachments for details such as the attachment state, creation time, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - resource_type, - count(transit_gateway_attachment_id) as count - from - aws_ec2_transit_gateway_vpc_attachment - group by - resource_type; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n resource_type,\n count(transit_gateway_attachment_id)\ + \ as count\nfrom\n aws_ec2_transit_gateway_vpc_attachment\ngroup by\n resource_type;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EC2 Transit Gateway +Title: List all AWS EC2 Transit Gateway VPC Attachments by Resource Type diff --git a/queries/aws_ecr_image_1.yaml b/queries/aws_ecr_image_1.yaml index e86f61413..b2875d14f 100755 --- a/queries/aws_ecr_image_1.yaml +++ b/queries/aws_ecr_image_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query Amazon Elastic Container Registry (ECR) Images + and retrieve detailed information about each image, including image tags, push timestamps, + image sizes, and more. ID: aws_ecr_image_1 -Title: "List all Amazon ECR Images with Detailed Information" -Description: "Allows users to query Amazon Elastic Container Registry (ECR) Images and retrieve detailed information about each image, including image tags, push timestamps, image sizes, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - repository_name, - image_digest, - image_pushed_at, - image_size_in_bytes, - registry_id, - image_scan_status, - image_tags - from - aws_ecr_image; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n repository_name,\n image_digest,\n image_pushed_at,\n\ + \ image_size_in_bytes,\n registry_id,\n image_scan_status,\n image_tags\n\ + from\n aws_ecr_image;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon ECR +Title: List all Amazon ECR Images with Detailed Information diff --git a/queries/aws_ecr_image_2.yaml b/queries/aws_ecr_image_2.yaml index 261cac10a..c5e300ad9 100755 --- a/queries/aws_ecr_image_2.yaml +++ b/queries/aws_ecr_image_2.yaml @@ -1,25 +1,23 @@ +Description: Allows users to query Amazon Elastic Container Registry (ECR) Images + and retrieve detailed information about each image, including image tags, push timestamps, + image sizes, and more. ID: aws_ecr_image_2 -Title: "List all Amazon ECR Images with Detailed Information" -Description: "Allows users to query Amazon Elastic Container Registry (ECR) Images and retrieve detailed information about each image, including image tags, push timestamps, image sizes, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - repository_name, - image_scan_findings_summary ->> 'FindingSeverityCounts' as finding_severity_counts, - image_scan_findings_summary ->> 'ImageScanCompletedAt' as image_scan_completed_at, - image_scan_findings_summary ->> 'VulnerabilitySourceUpdatedAt' as vulnerability_source_updated_at - from - aws_ecr_image; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n repository_name,\n image_scan_findings_summary ->> 'FindingSeverityCounts'\ + \ as finding_severity_counts,\n image_scan_findings_summary ->> 'ImageScanCompletedAt'\ + \ as image_scan_completed_at,\n image_scan_findings_summary ->> 'VulnerabilitySourceUpdatedAt'\ + \ as vulnerability_source_updated_at\nfrom\n aws_ecr_image;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Container Registry +Title: List all Amazon ECR Images with Detailed Information diff --git a/queries/aws_ecr_image_3.yaml b/queries/aws_ecr_image_3.yaml index 39f335fb5..81dc4a76b 100755 --- a/queries/aws_ecr_image_3.yaml +++ b/queries/aws_ecr_image_3.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query Amazon Elastic Container Registry (ECR) Images + and retrieve detailed information about each image, including image tags, push timestamps, + image sizes, and more. ID: aws_ecr_image_3 -Title: "List all Amazon ECR Images and Retrieve Detailed Info" -Description: "Allows users to query Amazon Elastic Container Registry (ECR) Images and retrieve detailed information about each image, including image tags, push timestamps, image sizes, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - repository_name, - registry_id, - image_digest, - image_tags - from - aws_ecr_image; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n repository_name,\n registry_id,\n image_digest,\n \ + \ image_tags\nfrom\n aws_ecr_image;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Elastic Container Registry +Title: List all Amazon ECR Images and Retrieve Detailed Info diff --git a/queries/aws_ecr_image_4.yaml b/queries/aws_ecr_image_4.yaml index 99a51d9ee..b859aeef2 100755 --- a/queries/aws_ecr_image_4.yaml +++ b/queries/aws_ecr_image_4.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query Amazon Elastic Container Registry (ECR) Images + and retrieve detailed information about each image, including image tags, push timestamps, + image sizes, and more. ID: aws_ecr_image_4 -Title: "List All Amazon ECR Images and Their Details" -Description: "Allows users to query Amazon Elastic Container Registry (ECR) Images and retrieve detailed information about each image, including image tags, push timestamps, image sizes, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - repository_name, - image_digest, - image_pushed_at, - image_size_in_bytes - from - aws_ecr_image - where - image_pushed_at >= now() - interval '10' day - and - repository_name = 'test1'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n repository_name,\n image_digest,\n image_pushed_at,\n\ + \ image_size_in_bytes\nfrom\n aws_ecr_image\nwhere\n image_pushed_at >= now()\ + \ - interval '10' day\nand\n repository_name = 'test1';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Elastic Container Registry +Title: List All Amazon ECR Images and Their Details diff --git a/queries/aws_ecr_image_5.yaml b/queries/aws_ecr_image_5.yaml index 9a5509b48..a8b2198be 100755 --- a/queries/aws_ecr_image_5.yaml +++ b/queries/aws_ecr_image_5.yaml @@ -1,32 +1,25 @@ +Description: Allows users to query Amazon Elastic Container Registry (ECR) Images + and retrieve detailed information about each image, including image tags, push timestamps, + image sizes, and more. ID: aws_ecr_image_5 -Title: "Find all Amazon ECR Images and Retrieve Detailed Info" -Description: "Allows users to query Amazon Elastic Container Registry (ECR) Images and retrieve detailed information about each image, including image tags, push timestamps, image sizes, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - i.repository_name as repository_name, - r.repository_uri as repository_uri, - i.image_digest as image_digest, - i.image_tags as image_tags - from - aws_ecr_image as i, - aws_ecr_repository as r - where - i.repository_name = r.repository_name - and - r.created_at >= now() - interval '20' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n i.repository_name as repository_name,\n r.repository_uri\ + \ as repository_uri,\n i.image_digest as image_digest,\n i.image_tags as image_tags\n\ + from\n aws_ecr_image as i,\n aws_ecr_repository as r\nwhere\n i.repository_name\ + \ = r.repository_name\nand\n r.created_at >= now() - interval '20' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Elastic Container Registry +Title: Find all Amazon ECR Images and Retrieve Detailed Info diff --git a/queries/aws_ecr_image_6.yaml b/queries/aws_ecr_image_6.yaml index 0f168bb8c..5c13fe9c4 100755 --- a/queries/aws_ecr_image_6.yaml +++ b/queries/aws_ecr_image_6.yaml @@ -1,33 +1,25 @@ +Description: Allows users to query Amazon Elastic Container Registry (ECR) Images + and retrieve detailed information about each image, including image tags, push timestamps, + image sizes, and more. ID: aws_ecr_image_6 -Title: "Find Amazon ECR Images and Retrieve Detailed Information" -Description: "Allows users to query Amazon Elastic Container Registry (ECR) Images and retrieve detailed information about each image, including image tags, push timestamps, image sizes, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - i.repository_name as repository_name, - r.repository_uri as repository_uri, - i.image_digest as image_digest, - i.image_tags as image_tags, - s ->> 'Effect' as effect, - s ->> 'Action' as action, - s ->> 'Condition' as condition, - s ->> 'Principal' as principal - from - aws_ecr_image as i, - aws_ecr_repository as r, - jsonb_array_elements(r.policy -> 'Statement') as s - where - i.repository_name = r.repository_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n i.repository_name as repository_name,\n r.repository_uri\ + \ as repository_uri,\n i.image_digest as image_digest,\n i.image_tags as image_tags,\n\ + \ s ->> 'Effect' as effect,\n s ->> 'Action' as action,\n s ->> 'Condition'\ + \ as condition,\n s ->> 'Principal' as principal\nfrom\n aws_ecr_image as i,\n\ + \ aws_ecr_repository as r,\n jsonb_array_elements(r.policy -> 'Statement') as\ + \ s\nwhere\n i.repository_name = r.repository_name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Elastic Container Registry +Title: Find Amazon ECR Images and Retrieve Detailed Information diff --git a/queries/aws_ecr_image_7.yaml b/queries/aws_ecr_image_7.yaml index d3c082868..7dee9fa0b 100755 --- a/queries/aws_ecr_image_7.yaml +++ b/queries/aws_ecr_image_7.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query Amazon Elastic Container Registry (ECR) Images + and retrieve detailed information about each image, including image tags, push timestamps, + image sizes, and more. ID: aws_ecr_image_7 -Title: "List all Amazon ECR Images with Details" -Description: "Allows users to query Amazon Elastic Container Registry (ECR) Images and retrieve detailed information about each image, including image tags, push timestamps, image sizes, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - artifact_name, - artifact_type, - metadata, - results - from - trivy_scan_artifact as a, - aws_ecr_image as i - where - artifact_name = image_uri - and repository_name = 'hello'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n artifact_name,\n artifact_type,\n metadata,\n results\n\ + from\n trivy_scan_artifact as a,\n aws_ecr_image as i\nwhere\n artifact_name\ + \ = image_uri\n and repository_name = 'hello';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Elastic Container Registry +Title: List all Amazon ECR Images with Details diff --git a/queries/aws_ecr_image_scan_finding_1.yaml b/queries/aws_ecr_image_scan_finding_1.yaml index 5cfcce7db..a11301dc7 100755 --- a/queries/aws_ecr_image_scan_finding_1.yaml +++ b/queries/aws_ecr_image_scan_finding_1.yaml @@ -1,38 +1,27 @@ +Description: Allows users to query Amazon ECR Image Scan Findings to retrieve detailed + information about image scan findings, including attributes such as the severity + of the finding, description, and package name where the vulnerability was found. ID: aws_ecr_image_scan_finding_1 -Title: "Find all AWS ECR Image Scan Findings Details" -Description: "Allows users to query Amazon ECR Image Scan Findings to retrieve detailed information about image scan findings, including attributes such as the severity of the finding, description, and package name where the vulnerability was found." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - repository_name, - image_tag, - name, - severity, - description, - attributes, - uri, - image_scan_status, - image_scan_completed_at, - vulnerability_source_updated_at - from - aws_ecr_image_scan_finding - where - repository_name = 'my-repo' - and image_tag = 'my-image-tag'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n repository_name,\n image_tag,\n name,\n severity,\n\ + \ description,\n attributes,\n uri,\n image_scan_status,\n image_scan_completed_at,\n\ + \ vulnerability_source_updated_at\nfrom\n aws_ecr_image_scan_finding\nwhere\n\ + \ repository_name = 'my-repo'\n and image_tag = 'my-image-tag';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Container Registry +Title: Find all AWS ECR Image Scan Findings Details diff --git a/queries/aws_ecr_image_scan_finding_2.yaml b/queries/aws_ecr_image_scan_finding_2.yaml index 45d356012..2fd09cbdf 100755 --- a/queries/aws_ecr_image_scan_finding_2.yaml +++ b/queries/aws_ecr_image_scan_finding_2.yaml @@ -1,39 +1,25 @@ +Description: Allows users to query Amazon ECR Image Scan Findings to retrieve detailed + information about image scan findings, including attributes such as the severity + of the finding, description, and package name where the vulnerability was found. ID: aws_ecr_image_scan_finding_2 -Title: "Find Amazon ECR Image Scan Findings for Recent Images" -Description: "Allows users to query Amazon ECR Image Scan Findings to retrieve detailed information about image scan findings, including attributes such as the severity of the finding, description, and package name where the vulnerability was found." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - f.repository_name, - f.image_tag, - f.name, - f.severity, - jsonb_pretty(f.attributes) as attributes - from - ( - select - repository_name, - jsonb_array_elements_text(image_tags) as image_tag - from - aws_ecr_image as i - where - i.image_pushed_at > now() - interval '24' hour - ) - images - left outer join - aws_ecr_image_scan_finding as f - on images.repository_name = f.repository_name - and images.image_tag = f.image_tag; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n f.repository_name,\n f.image_tag,\n f.name,\n f.severity,\n\ + \ jsonb_pretty(f.attributes) as attributes\nfrom\n (\n select\n repository_name,\n\ + \ jsonb_array_elements_text(image_tags) as image_tag\n from\n aws_ecr_image\ + \ as i\n where\n i.image_pushed_at > now() - interval '24' hour\n )\n\ + \ images\n left outer join\n aws_ecr_image_scan_finding as f\n on images.repository_name\ + \ = f.repository_name\n and images.image_tag = f.image_tag;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon ECR +Title: Find Amazon ECR Image Scan Findings for Recent Images diff --git a/queries/aws_ecr_registry_scanning_configuration_1.yaml b/queries/aws_ecr_registry_scanning_configuration_1.yaml index 4823bc31b..d2ee10e96 100755 --- a/queries/aws_ecr_registry_scanning_configuration_1.yaml +++ b/queries/aws_ecr_registry_scanning_configuration_1.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query AWS ECR Registry Scanning Configuration at the + private registry level on a per-region basis. ID: aws_ecr_registry_scanning_configuration_1 -Title: "List AWS ECR Registry Scanning Configurations by Region" -Description: "Allows users to query AWS ECR Registry Scanning Configuration at the private registry level on a per-region basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - registry_id, - jsonb_pretty(scanning_configuration), - region - from - aws_ecr_registry_scanning_configuration; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n registry_id,\n jsonb_pretty(scanning_configuration),\n\ + \ region\nfrom\n aws_ecr_registry_scanning_configuration;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ECR +Title: List AWS ECR Registry Scanning Configurations by Region diff --git a/queries/aws_ecr_registry_scanning_configuration_2.yaml b/queries/aws_ecr_registry_scanning_configuration_2.yaml index 305c0eb18..4e639c3e5 100755 --- a/queries/aws_ecr_registry_scanning_configuration_2.yaml +++ b/queries/aws_ecr_registry_scanning_configuration_2.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS ECR Registry Scanning Configuration at the + private registry level on a per-region basis. ID: aws_ecr_registry_scanning_configuration_2 -Title: "Find AWS ECR Registry Scanning Configuration per Region" -Description: "Allows users to query AWS ECR Registry Scanning Configuration at the private registry level on a per-region basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - registry_id, - jsonb_pretty(scanning_configuration), - region - from - aws_ecr_registry_scanning_configuration - where - region = 'ap-south-1'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n registry_id,\n jsonb_pretty(scanning_configuration),\n\ + \ region\nfrom\n aws_ecr_registry_scanning_configuration\nwhere\n region =\ + \ 'ap-south-1';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ECR +Title: Find AWS ECR Registry Scanning Configuration per Region diff --git a/queries/aws_ecr_registry_scanning_configuration_3.yaml b/queries/aws_ecr_registry_scanning_configuration_3.yaml index 2a99992a1..61e22086e 100755 --- a/queries/aws_ecr_registry_scanning_configuration_3.yaml +++ b/queries/aws_ecr_registry_scanning_configuration_3.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS ECR Registry Scanning Configuration at the + private registry level on a per-region basis. ID: aws_ecr_registry_scanning_configuration_3 -Title: "Query AWS ECR Registry Scanning Configuration by Region" -Description: "Allows users to query AWS ECR Registry Scanning Configuration at the private registry level on a per-region basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - registry_id, - region - from - aws_ecr_registry_scanning_configuration - where - scanning_configuration ->> 'ScanType' = 'ENHANCED' - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n registry_id,\n region\nfrom\n aws_ecr_registry_scanning_configuration\n\ + where\n scanning_configuration ->> 'ScanType' = 'ENHANCED'" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ECR Registry +Title: Query AWS ECR Registry Scanning Configuration by Region diff --git a/queries/aws_ecr_repository_1.yaml b/queries/aws_ecr_repository_1.yaml index 674315e09..9eb69459a 100755 --- a/queries/aws_ecr_repository_1.yaml +++ b/queries/aws_ecr_repository_1.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS Elastic Container Registry (ECR) Repositories + and retrieve detailed information about each repository. ID: aws_ecr_repository_1 -Title: "List all AWS ECR Repositories and Retrieve Details" -Description: "Allows users to query AWS Elastic Container Registry (ECR) Repositories and retrieve detailed information about each repository." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - repository_name, - registry_id, - arn, - repository_uri, - created_at, - region, - account_id - from - aws_ecr_repository; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n repository_name,\n registry_id,\n arn,\n repository_uri,\n\ + \ created_at,\n region,\n account_id\nfrom\n aws_ecr_repository;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Container Registry +Title: List all AWS ECR Repositories and Retrieve Details diff --git a/queries/aws_ecr_repository_10.yaml b/queries/aws_ecr_repository_10.yaml index 05ec54cec..ed19b6471 100755 --- a/queries/aws_ecr_repository_10.yaml +++ b/queries/aws_ecr_repository_10.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS Elastic Container Registry (ECR) Repositories + and retrieve detailed information about each repository. ID: aws_ecr_repository_10 -Title: "List all AWS ECR Repositories with Detailed Information" -Description: "Allows users to query AWS Elastic Container Registry (ECR) Repositories and retrieve detailed information about each repository." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - repository_name, - r ->> 'RepositoryArn' as repository_arn, - r ->> 'ScanFrequency' as scan_frequency - from - aws_ecr_repository, - jsonb_array_elements(repository_scanning_configuration -> 'ScanningConfigurations') as r - where - r ->> 'ScanFrequency' = 'MANUAL'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n repository_name,\n r ->> 'RepositoryArn' as repository_arn,\n\ + \ r ->> 'ScanFrequency' as scan_frequency\nfrom\n aws_ecr_repository,\n jsonb_array_elements(repository_scanning_configuration\ + \ -> 'ScanningConfigurations') as r\nwhere\n r ->> 'ScanFrequency' = 'MANUAL';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Container Registry (ECR) +Title: List all AWS ECR Repositories with Detailed Information diff --git a/queries/aws_ecr_repository_11.yaml b/queries/aws_ecr_repository_11.yaml index 9b7ad6c46..bd5d1f4b8 100755 --- a/queries/aws_ecr_repository_11.yaml +++ b/queries/aws_ecr_repository_11.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Elastic Container Registry (ECR) Repositories + and retrieve detailed information about each repository. ID: aws_ecr_repository_11 -Title: "List AWS ECR Repositories and their Scan Status" -Description: "Allows users to query AWS Elastic Container Registry (ECR) Repositories and retrieve detailed information about each repository." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - repository_name, - r ->> 'RepositoryArn' as repository_arn, - r ->> 'ScanOnPush' as scan_on_push - from - aws_ecr_repository, - jsonb_array_elements(repository_scanning_configuration -> 'ScanningConfigurations') as r - where - r ->> 'ScanOnPush' = 'false'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n repository_name,\n r ->> 'RepositoryArn' as repository_arn,\n\ + \ r ->> 'ScanOnPush' as scan_on_push\nfrom\n aws_ecr_repository,\n jsonb_array_elements(repository_scanning_configuration\ + \ -> 'ScanningConfigurations') as r\nwhere\n r ->> 'ScanOnPush' = 'false';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Container Registry +Title: List AWS ECR Repositories and their Scan Status diff --git a/queries/aws_ecr_repository_2.yaml b/queries/aws_ecr_repository_2.yaml index 9e3067ae7..a75797b18 100755 --- a/queries/aws_ecr_repository_2.yaml +++ b/queries/aws_ecr_repository_2.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query AWS Elastic Container Registry (ECR) Repositories + and retrieve detailed information about each repository. ID: aws_ecr_repository_2 -Title: "Find AWS ECR Repositories with AES256 Encryption" -Description: "Allows users to query AWS Elastic Container Registry (ECR) Repositories and retrieve detailed information about each repository." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - repository_name, - encryption_configuration ->> 'EncryptionType' as encryption_type, - encryption_configuration ->> 'KmsKey' as kms_key - from - aws_ecr_repository - where - encryption_configuration ->> 'EncryptionType' = 'AES256'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n repository_name,\n encryption_configuration ->> 'EncryptionType'\ + \ as encryption_type,\n encryption_configuration ->> 'KmsKey' as kms_key\nfrom\n\ + \ aws_ecr_repository\nwhere\n encryption_configuration ->> 'EncryptionType'\ + \ = 'AES256';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Container Registry +Title: Find AWS ECR Repositories with AES256 Encryption diff --git a/queries/aws_ecr_repository_3.yaml b/queries/aws_ecr_repository_3.yaml index 049605c3c..a0070ea85 100755 --- a/queries/aws_ecr_repository_3.yaml +++ b/queries/aws_ecr_repository_3.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS Elastic Container Registry (ECR) Repositories + and retrieve detailed information about each repository. ID: aws_ecr_repository_3 -Title: "Find AWS ECR Repositories Not Scanning on Push" -Description: "Allows users to query AWS Elastic Container Registry (ECR) Repositories and retrieve detailed information about each repository." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - repository_name, - image_scanning_configuration ->> 'ScanOnPush' as scan_on_push - from - aws_ecr_repository - where - image_scanning_configuration ->> 'ScanOnPush' = 'false'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n repository_name,\n image_scanning_configuration ->>\ + \ 'ScanOnPush' as scan_on_push\nfrom\n aws_ecr_repository\nwhere\n image_scanning_configuration\ + \ ->> 'ScanOnPush' = 'false';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Container Registry +Title: Find AWS ECR Repositories Not Scanning on Push diff --git a/queries/aws_ecr_repository_4.yaml b/queries/aws_ecr_repository_4.yaml index 50a5def0e..38fc0d17e 100755 --- a/queries/aws_ecr_repository_4.yaml +++ b/queries/aws_ecr_repository_4.yaml @@ -1,32 +1,24 @@ +Description: Allows users to query AWS Elastic Container Registry (ECR) Repositories + and retrieve detailed information about each repository. ID: aws_ecr_repository_4 -Title: "List All AWS ECR Repositories and Retrieve Details" -Description: "Allows users to query AWS Elastic Container Registry (ECR) Repositories and retrieve detailed information about each repository." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.repository_name as repository_name, - i.image_digest as image_digest, - i.image_tags as image_tags, - i.image_pushed_at as image_pushed_at, - i.image_size_in_bytes as image_size_in_bytes, - i.last_recorded_pull_time as last_recorded_pull_time, - i.registry_id as registry_id, - i.image_scan_status as image_scan_status - from - aws_ecr_repository as r, - aws_ecr_image as i - where - r.repository_name = i.repository_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n r.repository_name as repository_name,\n i.image_digest\ + \ as image_digest,\n i.image_tags as image_tags,\n i.image_pushed_at as image_pushed_at,\n\ + \ i.image_size_in_bytes as image_size_in_bytes,\n i.last_recorded_pull_time\ + \ as last_recorded_pull_time,\n i.registry_id as registry_id,\n i.image_scan_status\ + \ as image_scan_status\nfrom\n aws_ecr_repository as r,\n aws_ecr_image as i\n\ + where\n r.repository_name = i.repository_name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Container Registry +Title: List All AWS ECR Repositories and Retrieve Details diff --git a/queries/aws_ecr_repository_5.yaml b/queries/aws_ecr_repository_5.yaml index 1498828d0..458b333bf 100755 --- a/queries/aws_ecr_repository_5.yaml +++ b/queries/aws_ecr_repository_5.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS Elastic Container Registry (ECR) Repositories + and retrieve detailed information about each repository. ID: aws_ecr_repository_5 -Title: "Find AWS ECR Repositories with Failed Image Scans" -Description: "Allows users to query AWS Elastic Container Registry (ECR) Repositories and retrieve detailed information about each repository." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.repository_name as repository_name, - i.image_digest as image_digest, - i.image_scan_status as image_scan_status - from - aws_ecr_repository as r, - aws_ecr_image as i - where - r.repository_name = i.repository_name - and i.image_scan_status ->> 'Status' = 'FAILED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n r.repository_name as repository_name,\n i.image_digest\ + \ as image_digest,\n i.image_scan_status as image_scan_status\nfrom\n aws_ecr_repository\ + \ as r,\n aws_ecr_image as i\nwhere\n r.repository_name = i.repository_name\n\ + \ and i.image_scan_status ->> 'Status' = 'FAILED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Container Registry +Title: Find AWS ECR Repositories with Failed Image Scans diff --git a/queries/aws_ecr_repository_6.yaml b/queries/aws_ecr_repository_6.yaml index 9a8a61861..c9530abe9 100755 --- a/queries/aws_ecr_repository_6.yaml +++ b/queries/aws_ecr_repository_6.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Elastic Container Registry (ECR) Repositories + and retrieve detailed information about each repository. ID: aws_ecr_repository_6 -Title: "List all AWS ECR Repositories with Immutable Tags" -Description: "Allows users to query AWS Elastic Container Registry (ECR) Repositories and retrieve detailed information about each repository." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - repository_name, - image_tag_mutability - from - aws_ecr_repository - where - image_tag_mutability = 'IMMUTABLE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n repository_name,\n image_tag_mutability\nfrom\n aws_ecr_repository\n\ + where\n image_tag_mutability = 'IMMUTABLE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Container Registry +Title: List all AWS ECR Repositories with Immutable Tags diff --git a/queries/aws_ecr_repository_7.yaml b/queries/aws_ecr_repository_7.yaml index c15722cce..be2e566aa 100755 --- a/queries/aws_ecr_repository_7.yaml +++ b/queries/aws_ecr_repository_7.yaml @@ -1,34 +1,25 @@ +Description: Allows users to query AWS Elastic Container Registry (ECR) Repositories + and retrieve detailed information about each repository. ID: aws_ecr_repository_7 -Title: "List all AWS ECR Repositories and Retrieve Detailed Information" -Description: "Allows users to query AWS Elastic Container Registry (ECR) Repositories and retrieve detailed information about each repository." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - repository_name, - r -> 'selection' ->> 'tagStatus' as tag_status, - r -> 'selection' ->> 'countType' as count_type - from - aws_ecr_repository, - jsonb_array_elements(lifecycle_policy -> 'rules') as r - where - ( - (r -> 'selection' ->> 'tagStatus' <> 'untagged') - and ( - r -> 'selection' ->> 'countType' <> 'sinceImagePushed' - ) - ); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n repository_name,\n r -> 'selection' ->> 'tagStatus'\ + \ as tag_status,\n r -> 'selection' ->> 'countType' as count_type\nfrom\n aws_ecr_repository,\n\ + \ jsonb_array_elements(lifecycle_policy -> 'rules') as r\nwhere\n (\n (r\ + \ -> 'selection' ->> 'tagStatus' <> 'untagged')\n and (\n r -> 'selection'\ + \ ->> 'countType' <> 'sinceImagePushed'\n )\n );" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Container Registry +Title: List all AWS ECR Repositories and Retrieve Detailed Information diff --git a/queries/aws_ecr_repository_8.yaml b/queries/aws_ecr_repository_8.yaml index 2cdebec79..341991ed6 100755 --- a/queries/aws_ecr_repository_8.yaml +++ b/queries/aws_ecr_repository_8.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS Elastic Container Registry (ECR) Repositories + and retrieve detailed information about each repository. ID: aws_ecr_repository_8 -Title: "Find AWS ECR Repositories Details with SQL Query" -Description: "Allows users to query AWS Elastic Container Registry (ECR) Repositories and retrieve detailed information about each repository." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - p as principal, - a as action, - s ->> 'Effect' as effect, - s -> 'Condition' as conditions - from - aws_ecr_repository, - jsonb_array_elements(policy -> 'Statement') as s, - jsonb_array_elements_text(s -> 'Principal' -> 'AWS') as p, - jsonb_array_elements_text(s -> 'Action') as a - where - s ->> 'Effect' = 'Allow' - and a in ('*', 'ecr:*'); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n p as principal,\n a as action,\n s ->> 'Effect'\ + \ as effect,\n s -> 'Condition' as conditions\nfrom\n aws_ecr_repository,\n\ + \ jsonb_array_elements(policy -> 'Statement') as s,\n jsonb_array_elements_text(s\ + \ -> 'Principal' -> 'AWS') as p,\n jsonb_array_elements_text(s -> 'Action') as\ + \ a\nwhere\n s ->> 'Effect' = 'Allow'\n and a in ('*', 'ecr:*');" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Container Registry +Title: Find AWS ECR Repositories Details with SQL Query diff --git a/queries/aws_ecr_repository_9.yaml b/queries/aws_ecr_repository_9.yaml index 36c671f2e..4ea29621f 100755 --- a/queries/aws_ecr_repository_9.yaml +++ b/queries/aws_ecr_repository_9.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Elastic Container Registry (ECR) Repositories + and retrieve detailed information about each repository. ID: aws_ecr_repository_9 -Title: "Find All Repositories in AWS ECR with Details" -Description: "Allows users to query AWS Elastic Container Registry (ECR) Repositories and retrieve detailed information about each repository." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - repository_name, - r ->> 'AppliedScanFilters' as applied_scan_filters, - r ->> 'RepositoryArn' as repository_arn, - r ->> 'ScanFrequency' as scan_frequency, - r ->> 'ScanOnPush' as scan_on_push - from - aws_ecr_repository, - jsonb_array_elements(repository_scanning_configuration -> 'ScanningConfigurations') as r; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n repository_name,\n r ->> 'AppliedScanFilters' as applied_scan_filters,\n\ + \ r ->> 'RepositoryArn' as repository_arn,\n r ->> 'ScanFrequency' as scan_frequency,\n\ + \ r ->> 'ScanOnPush' as scan_on_push\nfrom\n aws_ecr_repository,\n jsonb_array_elements(repository_scanning_configuration\ + \ -> 'ScanningConfigurations') as r;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Container Registry +Title: Find All Repositories in AWS ECR with Details diff --git a/queries/aws_ecrpublic_repository_1.yaml b/queries/aws_ecrpublic_repository_1.yaml index db7d7fa3d..45a1dbf41 100755 --- a/queries/aws_ecrpublic_repository_1.yaml +++ b/queries/aws_ecrpublic_repository_1.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS Elastic Container Registry Public Repository + to get detailed information about each ECR public repository within an AWS account. ID: aws_ecrpublic_repository_1 -Title: "Find all AWS Elastic Container Registry Public Repositories" -Description: "Allows users to query AWS Elastic Container Registry Public Repository to get detailed information about each ECR public repository within an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - repository_name, - registry_id, - arn, - repository_uri, - created_at, - region, - account_id - from - aws_ecrpublic_repository; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n repository_name,\n registry_id,\n arn,\n repository_uri,\n\ + \ created_at,\n region,\n account_id\nfrom\n aws_ecrpublic_repository;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Container Registry Public +Title: Find all AWS Elastic Container Registry Public Repositories diff --git a/queries/aws_ecrpublic_repository_2.yaml b/queries/aws_ecrpublic_repository_2.yaml index e94348444..b03398e55 100755 --- a/queries/aws_ecrpublic_repository_2.yaml +++ b/queries/aws_ecrpublic_repository_2.yaml @@ -1,34 +1,25 @@ +Description: Allows users to query AWS Elastic Container Registry Public Repository + to get detailed information about each ECR public repository within an AWS account. ID: aws_ecrpublic_repository_2 -Title: "Query Detailed Info for AWS ECR Public Repositories" -Description: "Allows users to query AWS Elastic Container Registry Public Repository to get detailed information about each ECR public repository within an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - p as principal, - a as action, - s ->> 'Effect' as effect, - s -> 'Condition' as conditions - from - aws_ecrpublic_repository, - jsonb_array_elements(policy -> 'Statement') as s, - jsonb_array_elements_text(s -> 'Principal' -> 'AWS') as p, - jsonb_array_elements_text(s -> 'Action') as a - where - s ->> 'Effect' = 'Allow' - and a in ('*', 'ecr-public:*'); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n p as principal,\n a as action,\n s ->> 'Effect'\ + \ as effect,\n s -> 'Condition' as conditions\nfrom\n aws_ecrpublic_repository,\n\ + \ jsonb_array_elements(policy -> 'Statement') as s,\n jsonb_array_elements_text(s\ + \ -> 'Principal' -> 'AWS') as p,\n jsonb_array_elements_text(s -> 'Action') as\ + \ a\nwhere\n s ->> 'Effect' = 'Allow'\n and a in ('*', 'ecr-public:*');" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Container Registry Public +Title: Query Detailed Info for AWS ECR Public Repositories diff --git a/queries/aws_ecs_cluster_1.yaml b/queries/aws_ecs_cluster_1.yaml index a6cb36731..9571bfee1 100755 --- a/queries/aws_ecs_cluster_1.yaml +++ b/queries/aws_ecs_cluster_1.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS ECS Clusters to retrieve detailed information + about each cluster''s configuration, status, and associated resources. ID: aws_ecs_cluster_1 -Title: "List AWS ECS Clusters and Their Configuration Status" -Description: "Allows users to query AWS ECS Clusters to retrieve detailed information about each cluster''s configuration, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_arn, - cluster_name, - active_services_count, - attachments, - attachments_status, - status - from - aws_ecs_cluster; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_arn,\n cluster_name,\n active_services_count,\n\ + \ attachments,\n attachments_status,\n status\nfrom\n aws_ecs_cluster;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ECS +Title: List AWS ECS Clusters and Their Configuration Status diff --git a/queries/aws_ecs_cluster_2.yaml b/queries/aws_ecs_cluster_2.yaml index 64eccc3fb..04914c547 100755 --- a/queries/aws_ecs_cluster_2.yaml +++ b/queries/aws_ecs_cluster_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS ECS Clusters to retrieve detailed information + about each cluster''s configuration, status, and associated resources. ID: aws_ecs_cluster_2 -Title: "Find AWS ECS Clusters with Detailed Information" -Description: "Allows users to query AWS ECS Clusters to retrieve detailed information about each cluster''s configuration, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_arn, - status - from - aws_ecs_cluster - where - status = 'FAILED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_arn,\n status\nfrom\n aws_ecs_cluster\nwhere\n\ + \ status = 'FAILED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ECS +Title: Find AWS ECS Clusters with Detailed Information diff --git a/queries/aws_ecs_cluster_3.yaml b/queries/aws_ecs_cluster_3.yaml index 619f2f09c..f72a6c75c 100755 --- a/queries/aws_ecs_cluster_3.yaml +++ b/queries/aws_ecs_cluster_3.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS ECS Clusters to retrieve detailed information + about each cluster''s configuration, status, and associated resources. ID: aws_ecs_cluster_3 -Title: "List all AWS ECS Clusters with detailed configuration and status" -Description: "Allows users to query AWS ECS Clusters to retrieve detailed information about each cluster''s configuration, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_arn, - attachment ->> 'id' as attachment_id, - attachment ->> 'status' as attachment_status, - attachment ->> 'type' as attachment_type - from - aws_ecs_cluster, - jsonb_array_elements(attachments) as attachment; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_arn,\n attachment ->> 'id' as attachment_id,\n\ + \ attachment ->> 'status' as attachment_status,\n attachment ->> 'type' as attachment_type\n\ + from\n aws_ecs_cluster,\n jsonb_array_elements(attachments) as attachment;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ECS +Title: List all AWS ECS Clusters with detailed configuration and status diff --git a/queries/aws_ecs_cluster_4.yaml b/queries/aws_ecs_cluster_4.yaml index fbba2c17e..1d6b7b682 100755 --- a/queries/aws_ecs_cluster_4.yaml +++ b/queries/aws_ecs_cluster_4.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS ECS Clusters to retrieve detailed information + about each cluster''s configuration, status, and associated resources. ID: aws_ecs_cluster_4 -Title: "Find AWS ECS Clusters Configuration and Status" -Description: "Allows users to query AWS ECS Clusters to retrieve detailed information about each cluster''s configuration, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_arn, - setting ->> 'Name' as name, - setting ->> 'Value' as value - from - aws_ecs_cluster, - jsonb_array_elements(settings) as setting - where - setting ->> 'Value' = 'disabled'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_arn,\n setting ->> 'Name' as name,\n setting\ + \ ->> 'Value' as value\nfrom\n aws_ecs_cluster,\n jsonb_array_elements(settings)\ + \ as setting\nwhere\n setting ->> 'Value' = 'disabled';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ECS +Title: Find AWS ECS Clusters Configuration and Status diff --git a/queries/aws_ecs_cluster_metric_cpu_utilization_1.yaml b/queries/aws_ecs_cluster_metric_cpu_utilization_1.yaml index 12d73186f..69d773a76 100755 --- a/queries/aws_ecs_cluster_metric_cpu_utilization_1.yaml +++ b/queries/aws_ecs_cluster_metric_cpu_utilization_1.yaml @@ -1,30 +1,21 @@ +Description: Allows users to query ECS Cluster CPU Utilization Metrics for a specified + period. ID: aws_ecs_cluster_metric_cpu_utilization_1 -Title: "Find AWS ECS Cluster CPU Utilization Metrics for a Period" -Description: "Allows users to query ECS Cluster CPU Utilization Metrics for a specified period." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_name, - timestamp, - minimum, - maximum, - average, - sample_count - from - aws_ecs_cluster_metric_cpu_utilization - order by - cluster_name, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_name,\n timestamp,\n minimum,\n maximum,\n\ + \ average,\n sample_count\nfrom\n aws_ecs_cluster_metric_cpu_utilization\n\ + order by\n cluster_name,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ECS +Title: Find AWS ECS Cluster CPU Utilization Metrics for a Period diff --git a/queries/aws_ecs_cluster_metric_cpu_utilization_2.yaml b/queries/aws_ecs_cluster_metric_cpu_utilization_2.yaml index ef767b423..a642ada0c 100755 --- a/queries/aws_ecs_cluster_metric_cpu_utilization_2.yaml +++ b/queries/aws_ecs_cluster_metric_cpu_utilization_2.yaml @@ -1,34 +1,24 @@ +Description: Allows users to query ECS Cluster CPU Utilization Metrics for a specified + period. ID: aws_ecs_cluster_metric_cpu_utilization_2 -Title: "Find ECS Cluster CPU Utilization Metrics Over Period" -Description: "Allows users to query ECS Cluster CPU Utilization Metrics for a specified period." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_name, - timestamp, - round(minimum::numeric,2) as min_cpu, - round(maximum::numeric,2) as max_cpu, - round(average::numeric,2) as avg_cpu, - sample_count - from - aws_ecs_cluster_metric_cpu_utilization - where - average > 80 - order by - cluster_name, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_name,\n timestamp,\n round(minimum::numeric,2)\ + \ as min_cpu,\n round(maximum::numeric,2) as max_cpu,\n round(average::numeric,2)\ + \ as avg_cpu,\n sample_count\nfrom\n aws_ecs_cluster_metric_cpu_utilization\n\ + where\n average > 80\norder by\n cluster_name,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ECS +Title: Find ECS Cluster CPU Utilization Metrics Over Period diff --git a/queries/aws_ecs_cluster_metric_cpu_utilization_daily_1.yaml b/queries/aws_ecs_cluster_metric_cpu_utilization_daily_1.yaml index 324635275..829f0cd9c 100755 --- a/queries/aws_ecs_cluster_metric_cpu_utilization_daily_1.yaml +++ b/queries/aws_ecs_cluster_metric_cpu_utilization_daily_1.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS Elastic Container Service (ECS) Cluster Metrics, + specifically CPU utilization on a daily basis. ID: aws_ecs_cluster_metric_cpu_utilization_daily_1 -Title: "List all AWS ECS Cluster Metrics for Daily CPU Utilization" -Description: "Allows users to query AWS Elastic Container Service (ECS) Cluster Metrics, specifically CPU utilization on a daily basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_name, - timestamp, - minimum, - maximum, - average, - sample_count - from - aws_ecs_cluster_metric_cpu_utilization_daily - order by - cluster_name, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_name,\n timestamp,\n minimum,\n maximum,\n\ + \ average,\n sample_count\nfrom\n aws_ecs_cluster_metric_cpu_utilization_daily\n\ + order by\n cluster_name,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Container Service +Title: List all AWS ECS Cluster Metrics for Daily CPU Utilization diff --git a/queries/aws_ecs_cluster_metric_cpu_utilization_daily_2.yaml b/queries/aws_ecs_cluster_metric_cpu_utilization_daily_2.yaml index 5d2cf679d..930f5f4bf 100755 --- a/queries/aws_ecs_cluster_metric_cpu_utilization_daily_2.yaml +++ b/queries/aws_ecs_cluster_metric_cpu_utilization_daily_2.yaml @@ -1,32 +1,22 @@ +Description: Allows users to query AWS Elastic Container Service (ECS) Cluster Metrics, + specifically CPU utilization on a daily basis. ID: aws_ecs_cluster_metric_cpu_utilization_daily_2 -Title: "List all AWS ECS Cluster Metrics for Daily CPU Utilization" -Description: "Allows users to query AWS Elastic Container Service (ECS) Cluster Metrics, specifically CPU utilization on a daily basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_name, - timestamp, - round(minimum::numeric,2) as min_cpu, - round(maximum::numeric,2) as max_cpu, - round(average::numeric,2) as avg_cpu, - sample_count - from - aws_ecs_cluster_metric_cpu_utilization_daily - where - average > 80 - order by - cluster_name, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_name,\n timestamp,\n round(minimum::numeric,2)\ + \ as min_cpu,\n round(maximum::numeric,2) as max_cpu,\n round(average::numeric,2)\ + \ as avg_cpu,\n sample_count\nfrom\n aws_ecs_cluster_metric_cpu_utilization_daily\n\ + where\n average > 80\norder by\n cluster_name,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Container Service +Title: List all AWS ECS Cluster Metrics for Daily CPU Utilization diff --git a/queries/aws_ecs_cluster_metric_cpu_utilization_daily_3.yaml b/queries/aws_ecs_cluster_metric_cpu_utilization_daily_3.yaml index 32b519b50..85305acf9 100755 --- a/queries/aws_ecs_cluster_metric_cpu_utilization_daily_3.yaml +++ b/queries/aws_ecs_cluster_metric_cpu_utilization_daily_3.yaml @@ -1,32 +1,22 @@ +Description: Allows users to query AWS Elastic Container Service (ECS) Cluster Metrics, + specifically CPU utilization on a daily basis. ID: aws_ecs_cluster_metric_cpu_utilization_daily_3 -Title: "Find AWS ECS Cluster Daily CPU Utilization Metrics" -Description: "Allows users to query AWS Elastic Container Service (ECS) Cluster Metrics, specifically CPU utilization on a daily basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_name, - timestamp, - round(minimum::numeric,2) as min_cpu, - round(maximum::numeric,2) as max_cpu, - round(average::numeric,2) as avg_cpu, - sample_count - from - aws_ecs_cluster_metric_cpu_utilization_daily - where - average < 1 - order by - cluster_name, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_name,\n timestamp,\n round(minimum::numeric,2)\ + \ as min_cpu,\n round(maximum::numeric,2) as max_cpu,\n round(average::numeric,2)\ + \ as avg_cpu,\n sample_count\nfrom\n aws_ecs_cluster_metric_cpu_utilization_daily\n\ + where\n average < 1\norder by\n cluster_name,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Container Service +Title: Find AWS ECS Cluster Daily CPU Utilization Metrics diff --git a/queries/aws_ecs_cluster_metric_cpu_utilization_hourly_1.yaml b/queries/aws_ecs_cluster_metric_cpu_utilization_hourly_1.yaml index 796c1a5b9..7d8de07ff 100755 --- a/queries/aws_ecs_cluster_metric_cpu_utilization_hourly_1.yaml +++ b/queries/aws_ecs_cluster_metric_cpu_utilization_hourly_1.yaml @@ -1,30 +1,21 @@ +Description: Allows users to query AWS ECS Cluster CPU Utilization Metrics on an hourly + basis. ID: aws_ecs_cluster_metric_cpu_utilization_hourly_1 -Title: "List AWS ECS Cluster Hourly CPU Utilization Metrics" -Description: "Allows users to query AWS ECS Cluster CPU Utilization Metrics on an hourly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_name, - timestamp, - minimum, - maximum, - average, - sample_count - from - aws_ecs_cluster_metric_cpu_utilization_hourly - order by - cluster_name, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_name,\n timestamp,\n minimum,\n maximum,\n\ + \ average,\n sample_count\nfrom\n aws_ecs_cluster_metric_cpu_utilization_hourly\n\ + order by\n cluster_name,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon ECS +Title: List AWS ECS Cluster Hourly CPU Utilization Metrics diff --git a/queries/aws_ecs_cluster_metric_cpu_utilization_hourly_2.yaml b/queries/aws_ecs_cluster_metric_cpu_utilization_hourly_2.yaml index 8cedccb8d..004f0ee1e 100755 --- a/queries/aws_ecs_cluster_metric_cpu_utilization_hourly_2.yaml +++ b/queries/aws_ecs_cluster_metric_cpu_utilization_hourly_2.yaml @@ -1,32 +1,22 @@ +Description: Allows users to query AWS ECS Cluster CPU Utilization Metrics on an hourly + basis. ID: aws_ecs_cluster_metric_cpu_utilization_hourly_2 -Title: "List AWS ECS Cluster CPU Utilization Metrics Hourly" -Description: "Allows users to query AWS ECS Cluster CPU Utilization Metrics on an hourly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_name, - timestamp, - round(minimum::numeric,2) as min_cpu, - round(maximum::numeric,2) as max_cpu, - round(average::numeric,2) as avg_cpu, - sample_count - from - aws_ecs_cluster_metric_cpu_utilization_hourly - where - average > 80 - order by - cluster_name, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_name,\n timestamp,\n round(minimum::numeric,2)\ + \ as min_cpu,\n round(maximum::numeric,2) as max_cpu,\n round(average::numeric,2)\ + \ as avg_cpu,\n sample_count\nfrom\n aws_ecs_cluster_metric_cpu_utilization_hourly\n\ + where\n average > 80\norder by\n cluster_name,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ECS +Title: List AWS ECS Cluster CPU Utilization Metrics Hourly diff --git a/queries/aws_ecs_cluster_metric_cpu_utilization_hourly_3.yaml b/queries/aws_ecs_cluster_metric_cpu_utilization_hourly_3.yaml index 2a97bed8c..5dda4e614 100755 --- a/queries/aws_ecs_cluster_metric_cpu_utilization_hourly_3.yaml +++ b/queries/aws_ecs_cluster_metric_cpu_utilization_hourly_3.yaml @@ -1,32 +1,22 @@ +Description: Allows users to query AWS ECS Cluster CPU Utilization Metrics on an hourly + basis. ID: aws_ecs_cluster_metric_cpu_utilization_hourly_3 -Title: "Find AWS ECS Cluster CPU Utilization Metrics Hourly" -Description: "Allows users to query AWS ECS Cluster CPU Utilization Metrics on an hourly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_name, - timestamp, - round(minimum::numeric,2) as min_cpu, - round(maximum::numeric,2) as max_cpu, - round(average::numeric,2) as avg_cpu, - sample_count - from - aws_ecs_cluster_metric_cpu_utilization_hourly - where - average < 1 - order by - cluster_name, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_name,\n timestamp,\n round(minimum::numeric,2)\ + \ as min_cpu,\n round(maximum::numeric,2) as max_cpu,\n round(average::numeric,2)\ + \ as avg_cpu,\n sample_count\nfrom\n aws_ecs_cluster_metric_cpu_utilization_hourly\n\ + where\n average < 1\norder by\n cluster_name,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ECS +Title: Find AWS ECS Cluster CPU Utilization Metrics Hourly diff --git a/queries/aws_ecs_container_instance_1.yaml b/queries/aws_ecs_container_instance_1.yaml index cb790e595..233b6c1a7 100755 --- a/queries/aws_ecs_container_instance_1.yaml +++ b/queries/aws_ecs_container_instance_1.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS ECS Container Instance to retrieve data about + the Amazon Elastic Container Service (ECS) container instances. This includes information + about the container instance ARN, status, running tasks count, pending tasks count, + agent connected status, and more. ID: aws_ecs_container_instance_1 -Title: "Find All Running and Pending Tasks for AWS ECS Instances" -Description: "Allows users to query AWS ECS Container Instance to retrieve data about the Amazon Elastic Container Service (ECS) container instances. This includes information about the container instance ARN, status, running tasks count, pending tasks count, agent connected status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - ec2_instance_id, - status, - status_reason, - running_tasks_count, - pending_tasks_count - from - aws_ecs_container_instance; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n ec2_instance_id,\n status,\n status_reason,\n\ + \ running_tasks_count,\n pending_tasks_count\nfrom\n aws_ecs_container_instance;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Elastic Container Service (ECS) +Title: Find All Running and Pending Tasks for AWS ECS Instances diff --git a/queries/aws_ecs_container_instance_2.yaml b/queries/aws_ecs_container_instance_2.yaml index b8fb5f9f4..779679270 100755 --- a/queries/aws_ecs_container_instance_2.yaml +++ b/queries/aws_ecs_container_instance_2.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query AWS ECS Container Instance to retrieve data about + the Amazon Elastic Container Service (ECS) container instances. This includes information + about the container instance ARN, status, running tasks count, pending tasks count, + agent connected status, and more. ID: aws_ecs_container_instance_2 -Title: "Find All AWS ECS Container Instances with Registration Failed" -Description: "Allows users to query AWS ECS Container Instance to retrieve data about the Amazon Elastic Container Service (ECS) container instances. This includes information about the container instance ARN, status, running tasks count, pending tasks count, agent connected status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - status, - status_reason - from - aws_ecs_container_instance - where - status = 'REGISTRATION_FAILED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n status,\n status_reason\nfrom\n aws_ecs_container_instance\n\ + where\n status = 'REGISTRATION_FAILED';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Container Service +Title: Find All AWS ECS Container Instances with Registration Failed diff --git a/queries/aws_ecs_container_instance_3.yaml b/queries/aws_ecs_container_instance_3.yaml index 8030d2e6f..bde5d5260 100755 --- a/queries/aws_ecs_container_instance_3.yaml +++ b/queries/aws_ecs_container_instance_3.yaml @@ -1,26 +1,23 @@ +Description: Allows users to query AWS ECS Container Instance to retrieve data about + the Amazon Elastic Container Service (ECS) container instances. This includes information + about the container instance ARN, status, running tasks count, pending tasks count, + agent connected status, and more. ID: aws_ecs_container_instance_3 -Title: "List all AWS ECS Container Instances with SQL" -Description: "Allows users to query AWS ECS Container Instance to retrieve data about the Amazon Elastic Container Service (ECS) container instances. This includes information about the container instance ARN, status, running tasks count, pending tasks count, agent connected status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - attachment ->> 'id' as attachment_id, - attachment ->> 'status' as attachment_status, - attachment ->> 'type' as attachment_type - from - aws_ecs_container_instance, - jsonb_array_elements(attachments) as attachment; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n attachment ->> 'id' as attachment_id,\n attachment\ + \ ->> 'status' as attachment_status,\n attachment ->> 'type' as attachment_type\n\ + from\n aws_ecs_container_instance,\n jsonb_array_elements(attachments) as attachment;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Elastic Container Service +Title: List all AWS ECS Container Instances with SQL diff --git a/queries/aws_ecs_container_instance_4.yaml b/queries/aws_ecs_container_instance_4.yaml index 7b577c9fe..b63135506 100755 --- a/queries/aws_ecs_container_instance_4.yaml +++ b/queries/aws_ecs_container_instance_4.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query AWS ECS Container Instance to retrieve data about + the Amazon Elastic Container Service (ECS) container instances. This includes information + about the container instance ARN, status, running tasks count, pending tasks count, + agent connected status, and more. ID: aws_ecs_container_instance_4 -Title: "Find AWS ECS Container Instances with Specific AMI IDs" -Description: "Allows users to query AWS ECS Container Instance to retrieve data about the Amazon Elastic Container Service (ECS) container instances. This includes information about the container instance ARN, status, running tasks count, pending tasks count, agent connected status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - setting ->> 'Name' as name, - setting ->> 'Value' as value - from - aws_ecs_container_instance, - jsonb_array_elements(attributes) as setting - where - setting ->> 'Name' = 'ecs.ami-id' and - setting ->> 'Value' = 'ami-0babb0c4a4e5769b8'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n setting ->> 'Name' as name,\n setting ->> 'Value'\ + \ as value\nfrom\n aws_ecs_container_instance,\n jsonb_array_elements(attributes)\ + \ as setting\nwhere\n setting ->> 'Name' = 'ecs.ami-id' and\n setting ->> 'Value'\ + \ = 'ami-0babb0c4a4e5769b8';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Elastic Container Service +Title: Find AWS ECS Container Instances with Specific AMI IDs diff --git a/queries/aws_ecs_service_1.yaml b/queries/aws_ecs_service_1.yaml index 26096176a..1eb7f3af9 100755 --- a/queries/aws_ecs_service_1.yaml +++ b/queries/aws_ecs_service_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Elastic Container Service (ECS) to retrieve + information about the services within the ECS clusters. ID: aws_ecs_service_1 -Title: "List all services within AWS Elastic Container Service" -Description: "Allows users to query AWS Elastic Container Service (ECS) to retrieve information about the services within the ECS clusters." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service_name, - arn, - cluster_arn, - task_definition, - status - from - aws_ecs_service; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service_name,\n arn,\n cluster_arn,\n task_definition,\n\ + \ status\nfrom\n aws_ecs_service;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Container Service +Title: List all services within AWS Elastic Container Service diff --git a/queries/aws_ecs_service_2.yaml b/queries/aws_ecs_service_2.yaml index 1cdad04ca..3a48e0fc2 100755 --- a/queries/aws_ecs_service_2.yaml +++ b/queries/aws_ecs_service_2.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS Elastic Container Service (ECS) to retrieve + information about the services within the ECS clusters. ID: aws_ecs_service_2 -Title: "List all AWS ECS services in clusters" -Description: "Allows users to query AWS Elastic Container Service (ECS) to retrieve information about the services within the ECS clusters." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service_name, - arn, - launch_type, - platform_version - from - aws_ecs_service - where - launch_type = 'FARGATE' - and platform_version is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service_name,\n arn,\n launch_type,\n platform_version\n\ + from\n aws_ecs_service\nwhere\n launch_type = 'FARGATE'\n and platform_version\ + \ is not null;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Container Service +Title: List all AWS ECS services in clusters diff --git a/queries/aws_ecs_service_3.yaml b/queries/aws_ecs_service_3.yaml index 2a16cecac..242e21e84 100755 --- a/queries/aws_ecs_service_3.yaml +++ b/queries/aws_ecs_service_3.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Elastic Container Service (ECS) to retrieve + information about the services within the ECS clusters. ID: aws_ecs_service_3 -Title: "List all inactive services in AWS ECS clusters" -Description: "Allows users to query AWS Elastic Container Service (ECS) to retrieve information about the services within the ECS clusters." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service_name, - arn, - status - from - aws_ecs_service - where - status = 'INACTIVE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service_name,\n arn,\n status\nfrom\n aws_ecs_service\n\ + where\n status = 'INACTIVE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Container Service +Title: List all inactive services in AWS ECS clusters diff --git a/queries/aws_ecs_task_1.yaml b/queries/aws_ecs_task_1.yaml index 020961b6b..d5fc0229a 100755 --- a/queries/aws_ecs_task_1.yaml +++ b/queries/aws_ecs_task_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS ECS Tasks to obtain detailed information about + each task, including its status, task definition, cluster, and other related metadata. ID: aws_ecs_task_1 -Title: "List all AWS ECS Tasks with their Status and Metadata" -Description: "Allows users to query AWS ECS Tasks to obtain detailed information about each task, including its status, task definition, cluster, and other related metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_name, - desired_status, - launch_type, - task_arn - from - aws_ecs_task; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_name,\n desired_status,\n launch_type,\n task_arn\n\ + from\n aws_ecs_task;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ECS +Title: List all AWS ECS Tasks with their Status and Metadata diff --git a/queries/aws_ecs_task_2.yaml b/queries/aws_ecs_task_2.yaml index a77810bcc..997821518 100755 --- a/queries/aws_ecs_task_2.yaml +++ b/queries/aws_ecs_task_2.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS ECS Tasks to obtain detailed information about + each task, including its status, task definition, cluster, and other related metadata. ID: aws_ecs_task_2 -Title: "List all AWS ECS Tasks with Status, Definition, and Metadata" -Description: "Allows users to query AWS ECS Tasks to obtain detailed information about each task, including its status, task definition, cluster, and other related metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_name, - task_arn, - a ->> 'Id' as attachment_id, - a ->> 'Status' as attachment_status, - a ->> 'Type' as attachment_type, - jsonb_pretty(a -> 'Details') as attachment_details - from - aws_ecs_task, - jsonb_array_elements(attachments) as a; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_name,\n task_arn,\n a ->> 'Id' as attachment_id,\n\ + \ a ->> 'Status' as attachment_status,\n a ->> 'Type' as attachment_type,\n\ + \ jsonb_pretty(a -> 'Details') as attachment_details\nfrom\n aws_ecs_task,\n\ + \ jsonb_array_elements(attachments) as a;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ECS +Title: List all AWS ECS Tasks with Status, Definition, and Metadata diff --git a/queries/aws_ecs_task_3.yaml b/queries/aws_ecs_task_3.yaml index 6ef3be52d..040f9bcd3 100755 --- a/queries/aws_ecs_task_3.yaml +++ b/queries/aws_ecs_task_3.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS ECS Tasks to obtain detailed information about + each task, including its status, task definition, cluster, and other related metadata. ID: aws_ecs_task_3 -Title: "List all AWS ECS Tasks with Detailed Metadata" -Description: "Allows users to query AWS ECS Tasks to obtain detailed information about each task, including its status, task definition, cluster, and other related metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_name, - task_arn, - protection ->> 'ProtectionEnabled' as protection_enabled, - protection ->> 'ExpirationDate' as protection_expiration_date - from - aws_ecs_task; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_name,\n task_arn,\n protection ->> 'ProtectionEnabled'\ + \ as protection_enabled,\n protection ->> 'ExpirationDate' as protection_expiration_date\n\ + from\n aws_ecs_task;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ECS +Title: List all AWS ECS Tasks with Detailed Metadata diff --git a/queries/aws_ecs_task_definition_1.yaml b/queries/aws_ecs_task_definition_1.yaml index 614a929e9..3a3c6676e 100755 --- a/queries/aws_ecs_task_definition_1.yaml +++ b/queries/aws_ecs_task_definition_1.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS ECS Task Definitions to gain insights into + the configuration of running tasks in an ECS service. The table provides details + such as task definition ARN, family, network mode, revision, status, and more. ID: aws_ecs_task_definition_1 -Title: "List AWS ECS Task Definitions to Gain Service Insights" -Description: "Allows users to query AWS ECS Task Definitions to gain insights into the configuration of running tasks in an ECS service. The table provides details such as task definition ARN, family, network mode, revision, status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - task_definition_arn, - cpu, - network_mode, - title, - status, - tags - from - aws_ecs_task_definition; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n task_definition_arn,\n cpu,\n network_mode,\n title,\n\ + \ status,\n tags\nfrom\n aws_ecs_task_definition;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ECS +Title: List AWS ECS Task Definitions to Gain Service Insights diff --git a/queries/aws_ecs_task_definition_2.yaml b/queries/aws_ecs_task_definition_2.yaml index ce954daa0..6816a13b5 100755 --- a/queries/aws_ecs_task_definition_2.yaml +++ b/queries/aws_ecs_task_definition_2.yaml @@ -1,25 +1,23 @@ +Description: Allows users to query AWS ECS Task Definitions to gain insights into + the configuration of running tasks in an ECS service. The table provides details + such as task definition ARN, family, network mode, revision, status, and more. ID: aws_ecs_task_definition_2 -Title: "Find AWS ECS Task Definitions Configuration Details" -Description: "Allows users to query AWS ECS Task Definitions to gain insights into the configuration of running tasks in an ECS service. The table provides details such as task definition ARN, family, network mode, revision, status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - task_definition_arn, - jsonb_array_length(container_definitions) as num_of_conatiners - from - aws_ecs_task_definition; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n task_definition_arn,\n jsonb_array_length(container_definitions)\ + \ as num_of_conatiners\nfrom\n aws_ecs_task_definition;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ECS +Title: Find AWS ECS Task Definitions Configuration Details diff --git a/queries/aws_ecs_task_definition_3.yaml b/queries/aws_ecs_task_definition_3.yaml index 8ce301675..698700145 100755 --- a/queries/aws_ecs_task_definition_3.yaml +++ b/queries/aws_ecs_task_definition_3.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS ECS Task Definitions to gain insights into + the configuration of running tasks in an ECS service. The table provides details + such as task definition ARN, family, network mode, revision, status, and more. ID: aws_ecs_task_definition_3 -Title: "List all AWS ECS Task Definitions with Privileged Containers" -Description: "Allows users to query AWS ECS Task Definitions to gain insights into the configuration of running tasks in an ECS service. The table provides details such as task definition ARN, family, network mode, revision, status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - task_definition_arn, - cd ->> 'Privileged' as privileged, - cd ->> 'Name' as container_name - from - aws_ecs_task_definition, - jsonb_array_elements(container_definitions) as cd - where - cd ->> 'Privileged' = 'true'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n task_definition_arn,\n cd ->> 'Privileged' as privileged,\n\ + \ cd ->> 'Name' as container_name\nfrom\n aws_ecs_task_definition,\n jsonb_array_elements(container_definitions)\ + \ as cd\nwhere\n cd ->> 'Privileged' = 'true';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ECS +Title: List all AWS ECS Task Definitions with Privileged Containers diff --git a/queries/aws_ecs_task_definition_4.yaml b/queries/aws_ecs_task_definition_4.yaml index 34319e329..c849bd806 100755 --- a/queries/aws_ecs_task_definition_4.yaml +++ b/queries/aws_ecs_task_definition_4.yaml @@ -1,29 +1,25 @@ +Description: Allows users to query AWS ECS Task Definitions to gain insights into + the configuration of running tasks in an ECS service. The table provides details + such as task definition ARN, family, network mode, revision, status, and more. ID: aws_ecs_task_definition_4 -Title: "Find AWS ECS Task Definitions Without Log Config" -Description: "Allows users to query AWS ECS Task Definitions to gain insights into the configuration of running tasks in an ECS service. The table provides details such as task definition ARN, family, network mode, revision, status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - task_definition_arn, - cd ->> 'Name' as container_name, - cd ->> 'LogConfiguration' as log_configuration - from - aws_ecs_task_definition, - jsonb_array_elements(container_definitions) as cd - where - cd ->> 'LogConfiguration' is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n task_definition_arn,\n cd ->> 'Name' as container_name,\n\ + \ cd ->> 'LogConfiguration' as log_configuration\nfrom\n aws_ecs_task_definition,\n\ + \ jsonb_array_elements(container_definitions) as cd\nwhere\n cd ->> 'LogConfiguration'\ + \ is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ECS +Title: Find AWS ECS Task Definitions Without Log Config diff --git a/queries/aws_efs_access_point_1.yaml b/queries/aws_efs_access_point_1.yaml index 51897c397..ecb301e7b 100755 --- a/queries/aws_efs_access_point_1.yaml +++ b/queries/aws_efs_access_point_1.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query Amazon EFS Access Points, providing detailed information + about each access point''s configuration, including the file system it is associated + with, its access point ID, and other related metadata. ID: aws_efs_access_point_1 -Title: "List all Amazon EFS Access Points Configurations" -Description: "Allows users to query Amazon EFS Access Points, providing detailed information about each access point''s configuration, including the file system it is associated with, its access point ID, and other related metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - access_point_id, - access_point_arn, - file_system_id, - life_cycle_state, - owner_id, - root_directory - from - aws_efs_access_point; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n access_point_id,\n access_point_arn,\n file_system_id,\n\ + \ life_cycle_state,\n owner_id,\n root_directory\nfrom\n aws_efs_access_point;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon EFS +Title: List all Amazon EFS Access Points Configurations diff --git a/queries/aws_efs_access_point_2.yaml b/queries/aws_efs_access_point_2.yaml index ee10784b9..1396c77e4 100755 --- a/queries/aws_efs_access_point_2.yaml +++ b/queries/aws_efs_access_point_2.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query Amazon EFS Access Points, providing detailed information + about each access point''s configuration, including the file system it is associated + with, its access point ID, and other related metadata. ID: aws_efs_access_point_2 -Title: "Find all Detailed Info About AWS EFS Access Points" -Description: "Allows users to query Amazon EFS Access Points, providing detailed information about each access point''s configuration, including the file system it is associated with, its access point ID, and other related metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - access_point_id, - file_system_id, - owner_id, - root_directory - from - aws_efs_access_point - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n access_point_id,\n file_system_id,\n owner_id,\n\ + \ root_directory\nfrom\n aws_efs_access_point" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon EFS +Title: Find all Detailed Info About AWS EFS Access Points diff --git a/queries/aws_efs_access_point_3.yaml b/queries/aws_efs_access_point_3.yaml index bdaa6694a..7c50315ae 100755 --- a/queries/aws_efs_access_point_3.yaml +++ b/queries/aws_efs_access_point_3.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query Amazon EFS Access Points, providing detailed information + about each access point''s configuration, including the file system it is associated + with, its access point ID, and other related metadata. ID: aws_efs_access_point_3 -Title: "List all Amazon EFS Access Points with State 'Error'" -Description: "Allows users to query Amazon EFS Access Points, providing detailed information about each access point''s configuration, including the file system it is associated with, its access point ID, and other related metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - access_point_id, - life_cycle_state, - file_system_id, - owner_id, - root_directory - from - aws_efs_access_point - where - life_cycle_state = 'error'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n access_point_id,\n life_cycle_state,\n file_system_id,\n\ + \ owner_id,\n root_directory\nfrom\n aws_efs_access_point\nwhere\n life_cycle_state\ + \ = 'error';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon EFS +Title: List all Amazon EFS Access Points with State 'Error' diff --git a/queries/aws_efs_file_system_1.yaml b/queries/aws_efs_file_system_1.yaml index dc343e1ca..f31bc5215 100755 --- a/queries/aws_efs_file_system_1.yaml +++ b/queries/aws_efs_file_system_1.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query AWS Elastic File System (EFS) file systems, providing + detailed information about each file system such as its ID, ARN, creation token, + performance mode, and lifecycle state. ID: aws_efs_file_system_1 -Title: "Find EFS File Systems with Details from AWS" -Description: "Allows users to query AWS Elastic File System (EFS) file systems, providing detailed information about each file system such as its ID, ARN, creation token, performance mode, and lifecycle state." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - file_system_id, - owner_id, - automatic_backups, - creation_token, - creation_time, - life_cycle_state, - number_of_mount_targets, - performance_mode, - throughput_mode - from - aws_efs_file_system; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n file_system_id,\n owner_id,\n automatic_backups,\n\ + \ creation_token,\n creation_time,\n life_cycle_state,\n number_of_mount_targets,\n\ + \ performance_mode,\n throughput_mode\nfrom\n aws_efs_file_system;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic File System +Title: Find EFS File Systems with Details from AWS diff --git a/queries/aws_efs_file_system_2.yaml b/queries/aws_efs_file_system_2.yaml index 7ca28451a..731ba2ca6 100755 --- a/queries/aws_efs_file_system_2.yaml +++ b/queries/aws_efs_file_system_2.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Elastic File System (EFS) file systems, providing + detailed information about each file system such as its ID, ARN, creation token, + performance mode, and lifecycle state. ID: aws_efs_file_system_2 -Title: "Find AWS EFS file systems with detailed information" -Description: "Allows users to query AWS Elastic File System (EFS) file systems, providing detailed information about each file system such as its ID, ARN, creation token, performance mode, and lifecycle state." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - file_system_id, - encrypted, - kms_key_id, - region - from - aws_efs_file_system - where - not encrypted; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n file_system_id,\n encrypted,\n kms_key_id,\n region\n\ + from\n aws_efs_file_system\nwhere\n not encrypted;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic File System +Title: Find AWS EFS file systems with detailed information diff --git a/queries/aws_efs_file_system_3.yaml b/queries/aws_efs_file_system_3.yaml index 4abcdc541..36ea10389 100755 --- a/queries/aws_efs_file_system_3.yaml +++ b/queries/aws_efs_file_system_3.yaml @@ -1,26 +1,23 @@ +Description: Allows users to query AWS Elastic File System (EFS) file systems, providing + detailed information about each file system such as its ID, ARN, creation token, + performance mode, and lifecycle state. ID: aws_efs_file_system_3 -Title: "Find detailed info about AWS EFS file systems" -Description: "Allows users to query AWS Elastic File System (EFS) file systems, providing detailed information about each file system such as its ID, ARN, creation token, performance mode, and lifecycle state." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - file_system_id, - size_in_bytes ->> 'Value' as data_size, - size_in_bytes ->> 'Timestamp' as data_size_timestamp, - size_in_bytes ->> 'ValueInIA' as data_size_infrequent_access_storage, - size_in_bytes ->> 'ValueInStandard' as data_size_standard_storage - from - aws_efs_file_system; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n file_system_id,\n size_in_bytes ->> 'Value' as data_size,\n\ + \ size_in_bytes ->> 'Timestamp' as data_size_timestamp,\n size_in_bytes ->>\ + \ 'ValueInIA' as data_size_infrequent_access_storage,\n size_in_bytes ->> 'ValueInStandard'\ + \ as data_size_standard_storage\nfrom\n aws_efs_file_system;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic File System +Title: Find detailed info about AWS EFS file systems diff --git a/queries/aws_efs_file_system_4.yaml b/queries/aws_efs_file_system_4.yaml index ea5f9cd0b..e3acc9e70 100755 --- a/queries/aws_efs_file_system_4.yaml +++ b/queries/aws_efs_file_system_4.yaml @@ -1,33 +1,26 @@ +Description: Allows users to query AWS Elastic File System (EFS) file systems, providing + detailed information about each file system such as its ID, ARN, creation token, + performance mode, and lifecycle state. ID: aws_efs_file_system_4 -Title: "Find AWS EFS File System with Specific Client Root Access" -Description: "Allows users to query AWS Elastic File System (EFS) file systems, providing detailed information about each file system such as its ID, ARN, creation token, performance mode, and lifecycle state." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - p as principal, - a as action, - s ->> 'Effect' as effect, - s -> 'Condition' as conditions - from - aws_efs_file_system, - jsonb_array_elements(policy_std -> 'Statement') as s, - jsonb_array_elements_text(s -> 'Principal' -> 'AWS') as p, - jsonb_array_elements_text(s -> 'Action') as a - where - a in ('elasticfilesystem:clientrootaccess'); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n p as principal,\n a as action,\n s ->> 'Effect'\ + \ as effect,\n s -> 'Condition' as conditions\nfrom\n aws_efs_file_system,\n\ + \ jsonb_array_elements(policy_std -> 'Statement') as s,\n jsonb_array_elements_text(s\ + \ -> 'Principal' -> 'AWS') as p,\n jsonb_array_elements_text(s -> 'Action') as\ + \ a\nwhere\n a in ('elasticfilesystem:clientrootaccess');" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic File System +Title: Find AWS EFS File System with Specific Client Root Access diff --git a/queries/aws_efs_file_system_5.yaml b/queries/aws_efs_file_system_5.yaml index ce52f9a4c..5bb704408 100755 --- a/queries/aws_efs_file_system_5.yaml +++ b/queries/aws_efs_file_system_5.yaml @@ -1,39 +1,26 @@ +Description: Allows users to query AWS Elastic File System (EFS) file systems, providing + detailed information about each file system such as its ID, ARN, creation token, + performance mode, and lifecycle state. ID: aws_efs_file_system_5 -Title: "List all AWS EFS File Systems with Detailed Information" -Description: "Allows users to query AWS Elastic File System (EFS) file systems, providing detailed information about each file system such as its ID, ARN, creation token, performance mode, and lifecycle state." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title - from - aws_efs_file_system - where - title not in ( - select - title - from - aws_efs_file_system, - jsonb_array_elements(policy_std -> 'Statement') as s, - jsonb_array_elements_text(s -> 'Principal' -> 'AWS') as p, - jsonb_array_elements_text(s -> 'Action') as a, - jsonb_array_elements_text( - s -> 'Condition' -> 'Bool' -> 'aws:securetransport' - ) as ssl - where - p = '*' - and s ->> 'Effect' = 'Deny' - and ssl :: bool = false - ); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title\nfrom\n aws_efs_file_system\nwhere\n title not\ + \ in (\n select\n title\n from\n aws_efs_file_system,\n jsonb_array_elements(policy_std\ + \ -> 'Statement') as s,\n jsonb_array_elements_text(s -> 'Principal' -> 'AWS')\ + \ as p,\n jsonb_array_elements_text(s -> 'Action') as a,\n jsonb_array_elements_text(\n\ + \ s -> 'Condition' -> 'Bool' -> 'aws:securetransport'\n ) as ssl\n\ + \ where\n p = '*'\n and s ->> 'Effect' = 'Deny'\n and ssl ::\ + \ bool = false\n );" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic File System +Title: List all AWS EFS File Systems with Detailed Information diff --git a/queries/aws_efs_file_system_6.yaml b/queries/aws_efs_file_system_6.yaml index 65fb9d0a6..00a1cce82 100755 --- a/queries/aws_efs_file_system_6.yaml +++ b/queries/aws_efs_file_system_6.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS Elastic File System (EFS) file systems, providing + detailed information about each file system such as its ID, ARN, creation token, + performance mode, and lifecycle state. ID: aws_efs_file_system_6 -Title: "List AWS EFS file systems with automatic backups enabled" -Description: "Allows users to query AWS Elastic File System (EFS) file systems, providing detailed information about each file system such as its ID, ARN, creation token, performance mode, and lifecycle state." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - automatic_backups, - arn, - file_system_id - from - aws_efs_file_system - where - automatic_backups = 'enabled'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n automatic_backups,\n arn,\n file_system_id\n\ + from\n aws_efs_file_system\nwhere\n automatic_backups = 'enabled';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic File System (EFS) +Title: List AWS EFS file systems with automatic backups enabled diff --git a/queries/aws_efs_mount_target_1.yaml b/queries/aws_efs_mount_target_1.yaml index e769feecd..a50557992 100755 --- a/queries/aws_efs_mount_target_1.yaml +++ b/queries/aws_efs_mount_target_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS EFS Mount Targets for detailed information + about each mount target''s configuration, status, and associated resources. ID: aws_efs_mount_target_1 -Title: "Find AWS EFS Mount Targets Configuration and Status" -Description: "Allows users to query AWS EFS Mount Targets for detailed information about each mount target''s configuration, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - mount_target_id, - file_system_id, - life_cycle_state, - availability_zone_id, - availability_zone_name - from - aws_efs_mount_target; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n mount_target_id,\n file_system_id,\n life_cycle_state,\n\ + \ availability_zone_id,\n availability_zone_name\nfrom\n aws_efs_mount_target;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EFS +Title: Find AWS EFS Mount Targets Configuration and Status diff --git a/queries/aws_efs_mount_target_2.yaml b/queries/aws_efs_mount_target_2.yaml index 7ecad43af..1fd398d86 100755 --- a/queries/aws_efs_mount_target_2.yaml +++ b/queries/aws_efs_mount_target_2.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS EFS Mount Targets for detailed information + about each mount target''s configuration, status, and associated resources. ID: aws_efs_mount_target_2 -Title: "Find AWS EFS Mount Targets Configuration and Status" -Description: "Allows users to query AWS EFS Mount Targets for detailed information about each mount target''s configuration, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - mount_target_id, - network_interface_id, - subnet_id, - vpc_id - from - aws_efs_mount_target; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n mount_target_id,\n network_interface_id,\n subnet_id,\n\ + \ vpc_id\nfrom\n aws_efs_mount_target;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EFS Mount Targets +Title: Find AWS EFS Mount Targets Configuration and Status diff --git a/queries/aws_eks_addon_1.yaml b/queries/aws_eks_addon_1.yaml index ce0c1901f..0fa282860 100755 --- a/queries/aws_eks_addon_1.yaml +++ b/queries/aws_eks_addon_1.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS EKS Add-Ons to retrieve information about add-ons + associated with each Amazon EKS cluster. ID: aws_eks_addon_1 -Title: "Find AWS EKS Add-Ons Information" -Description: "Allows users to query AWS EKS Add-Ons to retrieve information about add-ons associated with each Amazon EKS cluster." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - addon_name, - arn, - addon_version, - cluster_name, - status, - service_account_role_arn - from - aws_eks_addon; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n addon_name,\n arn,\n addon_version,\n cluster_name,\n\ + \ status,\n service_account_role_arn\nfrom\n aws_eks_addon;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon EKS +Title: Find AWS EKS Add-Ons Information diff --git a/queries/aws_eks_addon_2.yaml b/queries/aws_eks_addon_2.yaml index a98284fa4..22c6e6720 100755 --- a/queries/aws_eks_addon_2.yaml +++ b/queries/aws_eks_addon_2.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS EKS Add-Ons to retrieve information about add-ons + associated with each Amazon EKS cluster. ID: aws_eks_addon_2 -Title: "Find all AWS EKS add-ons associated with EKS clusters" -Description: "Allows users to query AWS EKS Add-Ons to retrieve information about add-ons associated with each Amazon EKS cluster." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - addon_name, - arn, - cluster_name, - status - from - aws_eks_addon - where - status <> 'ACTIVE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n addon_name,\n arn,\n cluster_name,\n status\nfrom\n\ + \ aws_eks_addon\nwhere\n status <> 'ACTIVE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon EKS +Title: Find all AWS EKS add-ons associated with EKS clusters diff --git a/queries/aws_eks_addon_3.yaml b/queries/aws_eks_addon_3.yaml index 3aa6e31b7..1a5e7693a 100755 --- a/queries/aws_eks_addon_3.yaml +++ b/queries/aws_eks_addon_3.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS EKS Add-Ons to retrieve information about add-ons + associated with each Amazon EKS cluster. ID: aws_eks_addon_3 -Title: "List all Add-Ons Associated with Each Amazon EKS Cluster" -Description: "Allows users to query AWS EKS Add-Ons to retrieve information about add-ons associated with each Amazon EKS cluster." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_name, - count(addon_name) as addon_count - from - aws_eks_addon - group by - cluster_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_name,\n count(addon_name) as addon_count\nfrom\n\ + \ aws_eks_addon\ngroup by\n cluster_name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon EKS +Title: List all Add-Ons Associated with Each Amazon EKS Cluster diff --git a/queries/aws_eks_addon_version_1.yaml b/queries/aws_eks_addon_version_1.yaml index 9460577f6..ee1375ba0 100755 --- a/queries/aws_eks_addon_version_1.yaml +++ b/queries/aws_eks_addon_version_1.yaml @@ -1,24 +1,18 @@ +Description: Allows users to query AWS EKS Add-On Versions. ID: aws_eks_addon_version_1 -Title: "List AWS EKS Add-On Versions" -Description: "Allows users to query AWS EKS Add-On Versions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - addon_name, - addon_version, - type - from - aws_eks_addon_version; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n addon_name,\n addon_version,\n type\nfrom\n aws_eks_addon_version;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EKS +Title: List AWS EKS Add-On Versions diff --git a/queries/aws_eks_addon_version_2.yaml b/queries/aws_eks_addon_version_2.yaml index 9f7fb4ce6..173f760a6 100755 --- a/queries/aws_eks_addon_version_2.yaml +++ b/queries/aws_eks_addon_version_2.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS EKS Add-On Versions. ID: aws_eks_addon_version_2 -Title: "List All AWS EKS Add-On Versions and Their Counts" -Description: "Allows users to query AWS EKS Add-On Versions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - addon_name, - count(addon_version) as addon_version_count - from - aws_eks_addon_version - group by - addon_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n addon_name,\n count(addon_version) as addon_version_count\n\ + from\n aws_eks_addon_version\ngroup by\n addon_name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EKS +Title: List All AWS EKS Add-On Versions and Their Counts diff --git a/queries/aws_eks_addon_version_3.yaml b/queries/aws_eks_addon_version_3.yaml index c3be2e23f..eaa0553e1 100755 --- a/queries/aws_eks_addon_version_3.yaml +++ b/queries/aws_eks_addon_version_3.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS EKS Add-On Versions. ID: aws_eks_addon_version_3 -Title: "Find AWS EKS Add-On Versions" -Description: "Allows users to query AWS EKS Add-On Versions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - addon_name, - addon_version, - addon_configuration -> '$defs' -> 'extraVolumeTags' ->> 'description' as addon_configuration_def_description, - addon_configuration -> '$defs' -> 'extraVolumeTags' -> 'propertyNames' as addon_configuration_def_property_names, - addon_configuration -> '$defs' -> 'extraVolumeTags' -> 'patternProperties' as addon_configuration_def_pattern_properties, - addon_configuration -> 'properties' as addon_configuration_properties - from - aws_eks_addon_version limit 10; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n addon_name,\n addon_version,\n addon_configuration\ + \ -> '$defs' -> 'extraVolumeTags' ->> 'description' as addon_configuration_def_description,\n\ + \ addon_configuration -> '$defs' -> 'extraVolumeTags' -> 'propertyNames' as addon_configuration_def_property_names,\n\ + \ addon_configuration -> '$defs' -> 'extraVolumeTags' -> 'patternProperties'\ + \ as addon_configuration_def_pattern_properties,\n addon_configuration -> 'properties'\ + \ as addon_configuration_properties\nfrom\n aws_eks_addon_version limit 10;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EKS +Title: Find AWS EKS Add-On Versions diff --git a/queries/aws_eks_cluster_1.yaml b/queries/aws_eks_cluster_1.yaml index bc90c2492..b48205b2f 100755 --- a/queries/aws_eks_cluster_1.yaml +++ b/queries/aws_eks_cluster_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Elastic Kubernetes Service Cluster data, including + cluster configurations, statuses, and associated metadata. ID: aws_eks_cluster_1 -Title: "Query AWS EKS Cluster Configuration and Statuses" -Description: "Allows users to query AWS Elastic Kubernetes Service Cluster data, including cluster configurations, statuses, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - endpoint, - identity, - status - from - aws_eks_cluster; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n endpoint,\n identity,\n status\nfrom\n\ + \ aws_eks_cluster;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Kubernetes Service +Title: Query AWS EKS Cluster Configuration and Statuses diff --git a/queries/aws_eks_cluster_2.yaml b/queries/aws_eks_cluster_2.yaml index 5af18cad9..9312a266b 100755 --- a/queries/aws_eks_cluster_2.yaml +++ b/queries/aws_eks_cluster_2.yaml @@ -1,31 +1,27 @@ +Description: Allows users to query AWS Elastic Kubernetes Service Cluster data, including + cluster configurations, statuses, and associated metadata. ID: aws_eks_cluster_2 -Title: "Find AWS EKS Cluster Configurations and Metadata" -Description: "Allows users to query AWS Elastic Kubernetes Service Cluster data, including cluster configurations, statuses, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - resources_vpc_config ->> 'ClusterSecurityGroupId' as cluster_security_group_id, - resources_vpc_config ->> 'EndpointPrivateAccess' as endpoint_private_access, - resources_vpc_config ->> 'EndpointPublicAccess' as endpoint_public_access, - resources_vpc_config ->> 'PublicAccessCidrs' as public_access_cidrs, - resources_vpc_config ->> 'SecurityGroupIds' as security_group_ids, - resources_vpc_config -> 'SubnetIds' as subnet_ids, - resources_vpc_config ->> 'VpcId' as vpc_id - from - aws_eks_cluster; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n resources_vpc_config ->> 'ClusterSecurityGroupId'\ + \ as cluster_security_group_id,\n resources_vpc_config ->> 'EndpointPrivateAccess'\ + \ as endpoint_private_access,\n resources_vpc_config ->> 'EndpointPublicAccess'\ + \ as endpoint_public_access,\n resources_vpc_config ->> 'PublicAccessCidrs' as\ + \ public_access_cidrs,\n resources_vpc_config ->> 'SecurityGroupIds' as security_group_ids,\n\ + \ resources_vpc_config -> 'SubnetIds' as subnet_ids,\n resources_vpc_config\ + \ ->> 'VpcId' as vpc_id\nfrom\n aws_eks_cluster;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Kubernetes Service +Title: Find AWS EKS Cluster Configurations and Metadata diff --git a/queries/aws_eks_cluster_3.yaml b/queries/aws_eks_cluster_3.yaml index 47b52b472..a40a02467 100755 --- a/queries/aws_eks_cluster_3.yaml +++ b/queries/aws_eks_cluster_3.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Elastic Kubernetes Service Cluster data, including + cluster configurations, statuses, and associated metadata. ID: aws_eks_cluster_3 -Title: "Find AWS EKS Cluster Configurations and Statuses" -Description: "Allows users to query AWS Elastic Kubernetes Service Cluster data, including cluster configurations, statuses, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - i ->> 'Enabled' as enabled, - i ->> 'Types' as types - from - aws_eks_cluster, - jsonb_array_elements(logging -> 'ClusterLogging') as i - where - i ->> 'Enabled' = 'false'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n i ->> 'Enabled' as enabled,\n i ->> 'Types'\ + \ as types\nfrom\n aws_eks_cluster,\n jsonb_array_elements(logging -> 'ClusterLogging')\ + \ as i\nwhere\n i ->> 'Enabled' = 'false';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Kubernetes Service +Title: Find AWS EKS Cluster Configurations and Statuses diff --git a/queries/aws_eks_cluster_4.yaml b/queries/aws_eks_cluster_4.yaml index 074199b30..5d314b97c 100755 --- a/queries/aws_eks_cluster_4.yaml +++ b/queries/aws_eks_cluster_4.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Elastic Kubernetes Service Cluster data, including + cluster configurations, statuses, and associated metadata. ID: aws_eks_cluster_4 -Title: "Find AWS EKS Cluster Configurations and Statuses" -Description: "Allows users to query AWS Elastic Kubernetes Service Cluster data, including cluster configurations, statuses, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - version - from - aws_eks_cluster - where - version <> '1.19'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n version\nfrom\n aws_eks_cluster\nwhere\n\ + \ version <> '1.19';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Kubernetes Service +Title: Find AWS EKS Cluster Configurations and Statuses diff --git a/queries/aws_eks_fargate_profile_1.yaml b/queries/aws_eks_fargate_profile_1.yaml index 02413841b..20b3acc6d 100755 --- a/queries/aws_eks_fargate_profile_1.yaml +++ b/queries/aws_eks_fargate_profile_1.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS EKS Fargate Profiles and retrieve data such + as the Fargate profile name, ARN, status, and more. ID: aws_eks_fargate_profile_1 -Title: "List all AWS EKS Fargate Profiles and their Details" -Description: "Allows users to query AWS EKS Fargate Profiles and retrieve data such as the Fargate profile name, ARN, status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - fargate_profile_name, - fargate_profile_arn, - cluster_name, - created_at, - status, - tags - from - aws_eks_fargate_profile; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n fargate_profile_name,\n fargate_profile_arn,\n cluster_name,\n\ + \ created_at,\n status,\n tags\nfrom\n aws_eks_fargate_profile;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EKS +Title: List all AWS EKS Fargate Profiles and their Details diff --git a/queries/aws_eks_fargate_profile_2.yaml b/queries/aws_eks_fargate_profile_2.yaml index fbd91a5e2..ff6838cca 100755 --- a/queries/aws_eks_fargate_profile_2.yaml +++ b/queries/aws_eks_fargate_profile_2.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS EKS Fargate Profiles and retrieve data such + as the Fargate profile name, ARN, status, and more. ID: aws_eks_fargate_profile_2 -Title: "List all AWS EKS Fargate Profiles by name, ARN, and status" -Description: "Allows users to query AWS EKS Fargate Profiles and retrieve data such as the Fargate profile name, ARN, status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - fargate_profile_name, - fargate_profile_arn, - cluster_name, - created_at, - status - from - aws_eks_fargate_profile - where - status <> 'ACTIVE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n fargate_profile_name,\n fargate_profile_arn,\n cluster_name,\n\ + \ created_at,\n status\nfrom\n aws_eks_fargate_profile\nwhere\n status <>\ + \ 'ACTIVE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EKS +Title: List all AWS EKS Fargate Profiles by name, ARN, and status diff --git a/queries/aws_eks_fargate_profile_3.yaml b/queries/aws_eks_fargate_profile_3.yaml index b38aa06ff..56fef9beb 100755 --- a/queries/aws_eks_fargate_profile_3.yaml +++ b/queries/aws_eks_fargate_profile_3.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS EKS Fargate Profiles and retrieve data such + as the Fargate profile name, ARN, status, and more. ID: aws_eks_fargate_profile_3 -Title: "Find AWS EKS Fargate Profile Details with SQL" -Description: "Allows users to query AWS EKS Fargate Profiles and retrieve data such as the Fargate profile name, ARN, status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - f.fargate_profile_name, - f.cluster_name, - f.status as fargate_profile_status, - s.availability_zone, - s.available_ip_address_count, - s.cidr_block, - s.vpc_id - from - aws_eks_fargate_profile as f, - aws_vpc_subnet as s, - jsonb_array_elements(f.subnets) as subnet_id - where - s.subnet_id = subnet_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n f.fargate_profile_name,\n f.cluster_name,\n f.status\ + \ as fargate_profile_status,\n s.availability_zone,\n s.available_ip_address_count,\n\ + \ s.cidr_block,\n s.vpc_id\nfrom\n aws_eks_fargate_profile as f,\n aws_vpc_subnet\ + \ as s,\n jsonb_array_elements(f.subnets) as subnet_id\nwhere\n s.subnet_id\ + \ = subnet_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EKS +Title: Find AWS EKS Fargate Profile Details with SQL diff --git a/queries/aws_eks_fargate_profile_4.yaml b/queries/aws_eks_fargate_profile_4.yaml index e9f01938c..470d622ec 100755 --- a/queries/aws_eks_fargate_profile_4.yaml +++ b/queries/aws_eks_fargate_profile_4.yaml @@ -1,34 +1,26 @@ +Description: Allows users to query AWS EKS Fargate Profiles and retrieve data such + as the Fargate profile name, ARN, status, and more. ID: aws_eks_fargate_profile_4 -Title: "List AWS EKS Fargate Profiles with Details" -Description: "Allows users to query AWS EKS Fargate Profiles and retrieve data such as the Fargate profile name, ARN, status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - c.name as cluster_name, - c.arn as cluster_arn, - c.version as cluster_version, - f.fargate_profile_name as fargate_profile_name, - f.fargate_profile_arn as fargate_profile_arn, - f.created_at as created_at, - f.pod_execution_role_arn as pod_execution_role_arn, - f.status as fargate_profile_status - from - aws_eks_fargate_profile as f, - aws_eks_cluster as c - where - c.version::float > 1.19 and f.cluster_name = c.name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n c.name as cluster_name,\n c.arn as cluster_arn,\n c.version\ + \ as cluster_version,\n f.fargate_profile_name as fargate_profile_name,\n f.fargate_profile_arn\ + \ as fargate_profile_arn,\n f.created_at as created_at,\n f.pod_execution_role_arn\ + \ as pod_execution_role_arn,\n f.status as fargate_profile_status\nfrom\n aws_eks_fargate_profile\ + \ as f,\n aws_eks_cluster as c\nwhere\n c.version::float > 1.19 and f.cluster_name\ + \ = c.name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EKS +Title: List AWS EKS Fargate Profiles with Details diff --git a/queries/aws_eks_identity_provider_config_1.yaml b/queries/aws_eks_identity_provider_config_1.yaml index 8d08d7345..22d669b6d 100755 --- a/queries/aws_eks_identity_provider_config_1.yaml +++ b/queries/aws_eks_identity_provider_config_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query Amazon EKS Identity Provider Configurations for + detailed information about the identity provider configurations for Amazon EKS clusters. ID: aws_eks_identity_provider_config_1 -Title: "Find Amazon EKS Identity Providers' Configurations" -Description: "Allows users to query Amazon EKS Identity Provider Configurations for detailed information about the identity provider configurations for Amazon EKS clusters." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - cluster_name, - tags, - status - from - aws_eks_identity_provider_config; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n cluster_name,\n tags,\n status\nfrom\n\ + \ aws_eks_identity_provider_config;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon EKS +Title: Find Amazon EKS Identity Providers' Configurations diff --git a/queries/aws_eks_identity_provider_config_2.yaml b/queries/aws_eks_identity_provider_config_2.yaml index 34beda465..f29e80ba8 100755 --- a/queries/aws_eks_identity_provider_config_2.yaml +++ b/queries/aws_eks_identity_provider_config_2.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query Amazon EKS Identity Provider Configurations for + detailed information about the identity provider configurations for Amazon EKS clusters. ID: aws_eks_identity_provider_config_2 -Title: "Find all Amazon EKS Identity Provider Configurations" -Description: "Allows users to query Amazon EKS Identity Provider Configurations for detailed information about the identity provider configurations for Amazon EKS clusters." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - cluster_name, - type - from - aws_eks_identity_provider_config - where - type = 'oidc'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n cluster_name,\n type\nfrom\n aws_eks_identity_provider_config\n\ + where \n type = 'oidc';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon EKS +Title: Find all Amazon EKS Identity Provider Configurations diff --git a/queries/aws_eks_node_group_1.yaml b/queries/aws_eks_node_group_1.yaml index 6fa0e73a1..a30f36b55 100755 --- a/queries/aws_eks_node_group_1.yaml +++ b/queries/aws_eks_node_group_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS EKS Node Group data, providing information + about each node group within an AWS Elastic Kubernetes Service (EKS) cluster. ID: aws_eks_node_group_1 -Title: "List all node groups in AWS EKS clusters using SQL" -Description: "Allows users to query AWS EKS Node Group data, providing information about each node group within an AWS Elastic Kubernetes Service (EKS) cluster." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - nodegroup_name, - arn, - created_at, - cluster_name, - status - from - aws_eks_node_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n nodegroup_name,\n arn,\n created_at,\n cluster_name,\n\ + \ status\nfrom\n aws_eks_node_group;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EKS +Title: List all node groups in AWS EKS clusters using SQL diff --git a/queries/aws_eks_node_group_2.yaml b/queries/aws_eks_node_group_2.yaml index 687ab61fe..794c029a7 100755 --- a/queries/aws_eks_node_group_2.yaml +++ b/queries/aws_eks_node_group_2.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS EKS Node Group data, providing information + about each node group within an AWS Elastic Kubernetes Service (EKS) cluster. ID: aws_eks_node_group_2 -Title: "List all AWS EKS Node Group data within a cluster" -Description: "Allows users to query AWS EKS Node Group data, providing information about each node group within an AWS Elastic Kubernetes Service (EKS) cluster." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - nodegroup_name, - arn, - created_at, - cluster_name, - status - from - aws_eks_node_group - where - status <> 'ACTIVE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n nodegroup_name,\n arn,\n created_at,\n cluster_name,\n\ + \ status\nfrom\n aws_eks_node_group\nwhere\n status <> 'ACTIVE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Kubernetes Service (EKS) +Title: List all AWS EKS Node Group data within a cluster diff --git a/queries/aws_eks_node_group_3.yaml b/queries/aws_eks_node_group_3.yaml index 7acfdb753..e4a604c4e 100755 --- a/queries/aws_eks_node_group_3.yaml +++ b/queries/aws_eks_node_group_3.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query AWS EKS Node Group data, providing information + about each node group within an AWS Elastic Kubernetes Service (EKS) cluster. ID: aws_eks_node_group_3 -Title: "List all AWS EKS Node Groups with Health Information" -Description: "Allows users to query AWS EKS Node Group data, providing information about each node group within an AWS Elastic Kubernetes Service (EKS) cluster." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - nodegroup_name, - cluster_name, - jsonb_pretty(health) as health - from - aws_eks_node_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n nodegroup_name,\n cluster_name,\n jsonb_pretty(health)\ + \ as health\nfrom\n aws_eks_node_group;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Kubernetes Service +Title: List all AWS EKS Node Groups with Health Information diff --git a/queries/aws_eks_node_group_4.yaml b/queries/aws_eks_node_group_4.yaml index c5ba6fb55..ef0f8e5da 100755 --- a/queries/aws_eks_node_group_4.yaml +++ b/queries/aws_eks_node_group_4.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query AWS EKS Node Group data, providing information + about each node group within an AWS Elastic Kubernetes Service (EKS) cluster. ID: aws_eks_node_group_4 -Title: "List all AWS EKS Node Groups with Template Info" -Description: "Allows users to query AWS EKS Node Group data, providing information about each node group within an AWS Elastic Kubernetes Service (EKS) cluster." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - nodegroup_name, - cluster_name, - jsonb_pretty(launch_template) as launch_template - from - aws_eks_node_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n nodegroup_name,\n cluster_name,\n jsonb_pretty(launch_template)\ + \ as launch_template\nfrom\n aws_eks_node_group;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EKS +Title: List all AWS EKS Node Groups with Template Info diff --git a/queries/aws_elastic_beanstalk_application_1.yaml b/queries/aws_elastic_beanstalk_application_1.yaml index 4147273c3..84f5c1b64 100755 --- a/queries/aws_elastic_beanstalk_application_1.yaml +++ b/queries/aws_elastic_beanstalk_application_1.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Elastic Beanstalk Applications to obtain details + about their configurations, versions, environment, and other metadata. ID: aws_elastic_beanstalk_application_1 -Title: "Find AWS Elastic Beanstalk Application Details" -Description: "Allows users to query AWS Elastic Beanstalk Applications to obtain details about their configurations, versions, environment, and other metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - description, - date_created, - date_updated, - versions - from - aws_elastic_beanstalk_application; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n description,\n date_created,\n date_updated,\n\ + \ versions\nfrom\n aws_elastic_beanstalk_application;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Beanstalk +Title: Find AWS Elastic Beanstalk Application Details diff --git a/queries/aws_elastic_beanstalk_application_2.yaml b/queries/aws_elastic_beanstalk_application_2.yaml index 90a7d55c7..6db2fff4b 100755 --- a/queries/aws_elastic_beanstalk_application_2.yaml +++ b/queries/aws_elastic_beanstalk_application_2.yaml @@ -1,25 +1,22 @@ +Description: Allows users to query AWS Elastic Beanstalk Applications to obtain details + about their configurations, versions, environment, and other metadata. ID: aws_elastic_beanstalk_application_2 -Title: "List all AWS Elastic Beanstalk Application Configurations" -Description: "Allows users to query AWS Elastic Beanstalk Applications to obtain details about their configurations, versions, environment, and other metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - resource_lifecycle_config ->> 'ServiceRole' as role, - resource_lifecycle_config -> 'VersionLifecycleConfig' ->> 'MaxAgeRule' as max_age_rule, - resource_lifecycle_config -> 'VersionLifecycleConfig' ->> 'MaxCountRule' as max_count_rule - from - aws_elastic_beanstalk_application; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n resource_lifecycle_config ->> 'ServiceRole'\ + \ as role,\n resource_lifecycle_config -> 'VersionLifecycleConfig' ->> 'MaxAgeRule'\ + \ as max_age_rule,\n resource_lifecycle_config -> 'VersionLifecycleConfig' ->>\ + \ 'MaxCountRule' as max_count_rule\nfrom\n aws_elastic_beanstalk_application;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Beanstalk +Title: List all AWS Elastic Beanstalk Application Configurations diff --git a/queries/aws_elastic_beanstalk_application_version_1.yaml b/queries/aws_elastic_beanstalk_application_version_1.yaml index 4c1f45984..3e9ffc9c4 100755 --- a/queries/aws_elastic_beanstalk_application_version_1.yaml +++ b/queries/aws_elastic_beanstalk_application_version_1.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS Elastic Beanstalk Application Versions to obtain + details about their configurations, environments, and other metadata. ID: aws_elastic_beanstalk_application_version_1 -Title: "Find Elastic Beanstalk Application Versions Details" -Description: "Allows users to query AWS Elastic Beanstalk Application Versions to obtain details about their configurations, environments, and other metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - application_name, - application_version_arn, - version_label, - description, - date_created, - date_updated, - source_bundle - from - aws_elastic_beanstalk_application_version; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n application_name,\n application_version_arn,\n version_label,\n\ + \ description,\n date_created,\n date_updated,\n source_bundle\nfrom\n aws_elastic_beanstalk_application_version;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Beanstalk +Title: Find Elastic Beanstalk Application Versions Details diff --git a/queries/aws_elastic_beanstalk_application_version_2.yaml b/queries/aws_elastic_beanstalk_application_version_2.yaml index d9ce415cc..99b1a39a3 100755 --- a/queries/aws_elastic_beanstalk_application_version_2.yaml +++ b/queries/aws_elastic_beanstalk_application_version_2.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Elastic Beanstalk Application Versions to obtain + details about their configurations, environments, and other metadata. ID: aws_elastic_beanstalk_application_version_2 -Title: "List all details of AWS Elastic Beanstalk Versions" -Description: "Allows users to query AWS Elastic Beanstalk Application Versions to obtain details about their configurations, environments, and other metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - application_name, - application_version_arn, - version_label, - date_updated - from - aws_elastic_beanstalk_application_version - order by - date_updated desc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n application_name,\n application_version_arn,\n version_label,\n\ + \ date_updated\nfrom\n aws_elastic_beanstalk_application_version\norder by\n\ + \ date_updated desc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Beanstalk +Title: List all details of AWS Elastic Beanstalk Versions diff --git a/queries/aws_elastic_beanstalk_application_version_3.yaml b/queries/aws_elastic_beanstalk_application_version_3.yaml index af14a3e9e..9839f0513 100755 --- a/queries/aws_elastic_beanstalk_application_version_3.yaml +++ b/queries/aws_elastic_beanstalk_application_version_3.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS Elastic Beanstalk Application Versions to obtain + details about their configurations, environments, and other metadata. ID: aws_elastic_beanstalk_application_version_3 -Title: "List AWS Elastic Beanstalk Application Versions Details" -Description: "Allows users to query AWS Elastic Beanstalk Application Versions to obtain details about their configurations, environments, and other metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - application_name, - application_version_arn, - version_label, - status - from - aws_elastic_beanstalk_application_version - where - status = 'Processed'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n application_name,\n application_version_arn,\n version_label,\n\ + \ status\nfrom\n aws_elastic_beanstalk_application_version\nwhere\n status\ + \ = 'Processed';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Elastic Beanstalk +Title: List AWS Elastic Beanstalk Application Versions Details diff --git a/queries/aws_elastic_beanstalk_application_version_4.yaml b/queries/aws_elastic_beanstalk_application_version_4.yaml index d6d0261c8..d8a8578d2 100755 --- a/queries/aws_elastic_beanstalk_application_version_4.yaml +++ b/queries/aws_elastic_beanstalk_application_version_4.yaml @@ -1,30 +1,21 @@ +Description: Allows users to query AWS Elastic Beanstalk Application Versions to obtain + details about their configurations, environments, and other metadata. ID: aws_elastic_beanstalk_application_version_4 -Title: "List all AWS Elastic Beanstalk App Version Details" -Description: "Allows users to query AWS Elastic Beanstalk Application Versions to obtain details about their configurations, environments, and other metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - application_name, - application_version_arn, - version_label, - description, - date_created, - date_updated, - source_bundle - from - aws_elastic_beanstalk_application_version - where - application_name = 'my-application'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n application_name,\n application_version_arn,\n version_label,\n\ + \ description,\n date_created,\n date_updated,\n source_bundle\nfrom\n aws_elastic_beanstalk_application_version\n\ + where\n application_name = 'my-application';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Beanstalk +Title: List all AWS Elastic Beanstalk App Version Details diff --git a/queries/aws_elastic_beanstalk_application_version_5.yaml b/queries/aws_elastic_beanstalk_application_version_5.yaml index 2547ee7be..b66e955f4 100755 --- a/queries/aws_elastic_beanstalk_application_version_5.yaml +++ b/queries/aws_elastic_beanstalk_application_version_5.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS Elastic Beanstalk Application Versions to obtain + details about their configurations, environments, and other metadata. ID: aws_elastic_beanstalk_application_version_5 -Title: "Find Elastic Beanstalk App Version Details and Metadata" -Description: "Allows users to query AWS Elastic Beanstalk Application Versions to obtain details about their configurations, environments, and other metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - application_name, - application_version_arn, - version_label, - tags - from - aws_elastic_beanstalk_application_version - where - tags ->> 'Environment' = 'Production'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n application_name,\n application_version_arn,\n version_label,\n\ + \ tags\nfrom\n aws_elastic_beanstalk_application_version\nwhere\n tags ->>\ + \ 'Environment' = 'Production';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Elastic Beanstalk +Title: Find Elastic Beanstalk App Version Details and Metadata diff --git a/queries/aws_elastic_beanstalk_application_version_6.yaml b/queries/aws_elastic_beanstalk_application_version_6.yaml index 9d5a54b2c..80b03fefc 100755 --- a/queries/aws_elastic_beanstalk_application_version_6.yaml +++ b/queries/aws_elastic_beanstalk_application_version_6.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS Elastic Beanstalk Application Versions to obtain + details about their configurations, environments, and other metadata. ID: aws_elastic_beanstalk_application_version_6 -Title: "List all AWS Elastic Beanstalk Application Versions Details" -Description: "Allows users to query AWS Elastic Beanstalk Application Versions to obtain details about their configurations, environments, and other metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - application_name, - application_version_arn, - version_label - from - aws_elastic_beanstalk_application_version - where - source_build_information ->> 'SourceRepository' = 'CodeCommit'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n application_name,\n application_version_arn,\n version_label\n\ + from\n aws_elastic_beanstalk_application_version\nwhere\n source_build_information\ + \ ->> 'SourceRepository' = 'CodeCommit';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Beanstalk +Title: List all AWS Elastic Beanstalk Application Versions Details diff --git a/queries/aws_elastic_beanstalk_environment_1.yaml b/queries/aws_elastic_beanstalk_environment_1.yaml index 8733b2614..7e91f4e92 100755 --- a/queries/aws_elastic_beanstalk_environment_1.yaml +++ b/queries/aws_elastic_beanstalk_environment_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Elastic Beanstalk Environments to gain insights + into their configuration, status, health, related applications, and other metadata. ID: aws_elastic_beanstalk_environment_1 -Title: "List all AWS Elastic Beanstalk Environment Details" -Description: "Allows users to query AWS Elastic Beanstalk Environments to gain insights into their configuration, status, health, related applications, and other metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - environment_id, - environment_name, - application_name, - arn, - tier - from - aws_elastic_beanstalk_environment; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n environment_id,\n environment_name,\n application_name,\n\ + \ arn,\n tier\nfrom\n aws_elastic_beanstalk_environment;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Beanstalk +Title: List all AWS Elastic Beanstalk Environment Details diff --git a/queries/aws_elastic_beanstalk_environment_2.yaml b/queries/aws_elastic_beanstalk_environment_2.yaml index d1f94a520..c26ea7f46 100755 --- a/queries/aws_elastic_beanstalk_environment_2.yaml +++ b/queries/aws_elastic_beanstalk_environment_2.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS Elastic Beanstalk Environments to gain insights + into their configuration, status, health, related applications, and other metadata. ID: aws_elastic_beanstalk_environment_2 -Title: "Find AWS Elastic Beanstalk Environments and Operations" -Description: "Allows users to query AWS Elastic Beanstalk Environments to gain insights into their configuration, status, health, related applications, and other metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - environment_name, - abortable_operation_in_progress - from - aws_elastic_beanstalk_environment - where - abortable_operation_in_progress = 'true'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n environment_name,\n abortable_operation_in_progress\n\ + from\n aws_elastic_beanstalk_environment\nwhere\n abortable_operation_in_progress\ + \ = 'true';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Beanstalk +Title: Find AWS Elastic Beanstalk Environments and Operations diff --git a/queries/aws_elastic_beanstalk_environment_3.yaml b/queries/aws_elastic_beanstalk_environment_3.yaml index 5663573db..ded1b54d4 100755 --- a/queries/aws_elastic_beanstalk_environment_3.yaml +++ b/queries/aws_elastic_beanstalk_environment_3.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Elastic Beanstalk Environments to gain insights + into their configuration, status, health, related applications, and other metadata. ID: aws_elastic_beanstalk_environment_3 -Title: "Find AWS Elastic Beanstalk Environments with Health Status Red" -Description: "Allows users to query AWS Elastic Beanstalk Environments to gain insights into their configuration, status, health, related applications, and other metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - environment_name, - application_name, - environment_id, - health - from - aws_elastic_beanstalk_environment - where - health = 'Red'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n environment_name,\n application_name,\n environment_id,\n\ + \ health\nfrom\n aws_elastic_beanstalk_environment\nwhere\n health = 'Red';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Beanstalk +Title: Find AWS Elastic Beanstalk Environments with Health Status Red diff --git a/queries/aws_elastic_beanstalk_environment_4.yaml b/queries/aws_elastic_beanstalk_environment_4.yaml index 598f25755..7bb21c193 100755 --- a/queries/aws_elastic_beanstalk_environment_4.yaml +++ b/queries/aws_elastic_beanstalk_environment_4.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Elastic Beanstalk Environments to gain insights + into their configuration, status, health, related applications, and other metadata. ID: aws_elastic_beanstalk_environment_4 -Title: "Find all AWS Elastic Beanstalk Environments' Health Status" -Description: "Allows users to query AWS Elastic Beanstalk Environments to gain insights into their configuration, status, health, related applications, and other metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - environment_name, - health_status - from - aws_elastic_beanstalk_environment - where - health_status = 'Suspended'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n environment_name,\n health_status\nfrom\n aws_elastic_beanstalk_environment\n\ + where\n health_status = 'Suspended';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Beanstalk +Title: Find all AWS Elastic Beanstalk Environments' Health Status diff --git a/queries/aws_elastic_beanstalk_environment_5.yaml b/queries/aws_elastic_beanstalk_environment_5.yaml index 876f9c95e..683c579f2 100755 --- a/queries/aws_elastic_beanstalk_environment_5.yaml +++ b/queries/aws_elastic_beanstalk_environment_5.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS Elastic Beanstalk Environments to gain insights + into their configuration, status, health, related applications, and other metadata. ID: aws_elastic_beanstalk_environment_5 -Title: "List All AWS Elastic Beanstalk Environment Configurations and Status" -Description: "Allows users to query AWS Elastic Beanstalk Environments to gain insights into their configuration, status, health, related applications, and other metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - environment_name, - a ->> 'ActionDescription' as action_description, - a ->> 'ActionId' as action_id, - a ->> 'ActionType' as action_type, - a ->> 'Status' as action_status, - a ->> 'WindowStartTime' as action_window_start_time - from - aws_elastic_beanstalk_environment, - jsonb_array_elements(managed_actions) as a; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n environment_name,\n a ->> 'ActionDescription' as action_description,\n\ + \ a ->> 'ActionId' as action_id,\n a ->> 'ActionType' as action_type,\n a ->>\ + \ 'Status' as action_status,\n a ->> 'WindowStartTime' as action_window_start_time\n\ + from\n aws_elastic_beanstalk_environment,\n jsonb_array_elements(managed_actions)\ + \ as a;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Beanstalk +Title: List All AWS Elastic Beanstalk Environment Configurations and Status diff --git a/queries/aws_elastic_beanstalk_environment_6.yaml b/queries/aws_elastic_beanstalk_environment_6.yaml index df829dc1c..0a4133dd0 100755 --- a/queries/aws_elastic_beanstalk_environment_6.yaml +++ b/queries/aws_elastic_beanstalk_environment_6.yaml @@ -1,37 +1,29 @@ +Description: Allows users to query AWS Elastic Beanstalk Environments to gain insights + into their configuration, status, health, related applications, and other metadata. ID: aws_elastic_beanstalk_environment_6 -Title: "List all AWS Elastic Beanstalk Environments with Metadata" -Description: "Allows users to query AWS Elastic Beanstalk Environments to gain insights into their configuration, status, health, related applications, and other metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - environment_name, - application_name, - c ->> 'DateCreated' as date_created, - c ->> 'DateUpdated' as date_updated, - c ->> 'DeploymentStatus' as deployment_status, - c ->> 'Description' as description, - c -> 'OptionSettings' ->> 'Namespace' as option_settings_namespace, - c -> 'OptionSettings' ->> 'OptionName' as option_name, - c -> 'OptionSettings' ->> 'ResourceName' as option_resource_name, - c -> 'OptionSettings' ->> 'Value' as option_value, - c ->> 'PlatformArn' as platform_arn, - c ->> 'SolutionStackName' as solution_stack_name, - c ->> 'TemplateName' as template_name - from - aws_elastic_beanstalk_environment, - jsonb_array_elements(configuration_settings) as c; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n environment_name,\n application_name,\n c ->> 'DateCreated'\ + \ as date_created,\n c ->> 'DateUpdated' as date_updated,\n c ->> 'DeploymentStatus'\ + \ as deployment_status,\n c ->> 'Description' as description,\n c -> 'OptionSettings'\ + \ ->> 'Namespace' as option_settings_namespace,\n c -> 'OptionSettings' ->> 'OptionName'\ + \ as option_name,\n c -> 'OptionSettings' ->> 'ResourceName' as option_resource_name,\n\ + \ c -> 'OptionSettings' ->> 'Value' as option_value,\n c ->> 'PlatformArn' as\ + \ platform_arn,\n c ->> 'SolutionStackName' as solution_stack_name,\n c ->>\ + \ 'TemplateName' as template_name\nfrom\n aws_elastic_beanstalk_environment,\n\ + \ jsonb_array_elements(configuration_settings) as c;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic Beanstalk +Title: List all AWS Elastic Beanstalk Environments with Metadata diff --git a/queries/aws_elasticache_cluster_1.yaml b/queries/aws_elasticache_cluster_1.yaml index 3912e80b3..5f39ea15a 100755 --- a/queries/aws_elasticache_cluster_1.yaml +++ b/queries/aws_elasticache_cluster_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query Amazon ElastiCache Cluster data, providing information + about each ElastiCache Cluster within the AWS account. ID: aws_elasticache_cluster_1 -Title: "List all AWS ElastiCache Clusters with Encryption Disabled" -Description: "Allows users to query Amazon ElastiCache Cluster data, providing information about each ElastiCache Cluster within the AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_cluster_id, - cache_node_type, - at_rest_encryption_enabled - from - aws_elasticache_cluster - where - not at_rest_encryption_enabled; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_cluster_id,\n cache_node_type,\n at_rest_encryption_enabled\n\ + from\n aws_elasticache_cluster\nwhere\n not at_rest_encryption_enabled;" Tags: cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache +Title: List all AWS ElastiCache Clusters with Encryption Disabled diff --git a/queries/aws_elasticache_cluster_2.yaml b/queries/aws_elasticache_cluster_2.yaml index d272c1a2a..4377075e8 100755 --- a/queries/aws_elasticache_cluster_2.yaml +++ b/queries/aws_elasticache_cluster_2.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query Amazon ElastiCache Cluster data, providing information + about each ElastiCache Cluster within the AWS account. ID: aws_elasticache_cluster_2 -Title: "Find Amazon ElastiCache Cluster Information within AWS" -Description: "Allows users to query Amazon ElastiCache Cluster data, providing information about each ElastiCache Cluster within the AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_cluster_id, - preferred_availability_zone - from - aws_elasticache_cluster - where - preferred_availability_zone <> 'Multiple'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_cluster_id,\n preferred_availability_zone\nfrom\n\ + \ aws_elasticache_cluster\nwhere\n preferred_availability_zone <> 'Multiple';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon ElastiCache +Title: Find Amazon ElastiCache Cluster Information within AWS diff --git a/queries/aws_elasticache_cluster_3.yaml b/queries/aws_elasticache_cluster_3.yaml index 1ebd1d0e7..d9b989897 100755 --- a/queries/aws_elasticache_cluster_3.yaml +++ b/queries/aws_elasticache_cluster_3.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query Amazon ElastiCache Cluster data, providing information + about each ElastiCache Cluster within the AWS account. ID: aws_elasticache_cluster_3 -Title: "Query Amazon ElastiCache Cluster Data with SQL" -Description: "Allows users to query Amazon ElastiCache Cluster data, providing information about each ElastiCache Cluster within the AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_cluster_id, - cache_node_type, - transit_encryption_enabled - from - aws_elasticache_cluster - where - not transit_encryption_enabled; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_cluster_id,\n cache_node_type,\n transit_encryption_enabled\n\ + from\n aws_elasticache_cluster\nwhere\n not transit_encryption_enabled;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon ElastiCache +Title: Query Amazon ElastiCache Cluster Data with SQL diff --git a/queries/aws_elasticache_cluster_4.yaml b/queries/aws_elasticache_cluster_4.yaml index 7ee1b867a..32f112e9f 100755 --- a/queries/aws_elasticache_cluster_4.yaml +++ b/queries/aws_elasticache_cluster_4.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query Amazon ElastiCache Cluster data, providing information + about each ElastiCache Cluster within the AWS account. ID: aws_elasticache_cluster_4 -Title: "List all Amazon ElastiCache Cluster data in AWS account" -Description: "Allows users to query Amazon ElastiCache Cluster data, providing information about each ElastiCache Cluster within the AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_node_type, - count(*) as count - from - aws_elasticache_cluster - where - cache_node_type not in ('cache.m5.large', 'cache.m4.4xlarge') - group by - cache_node_type; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_node_type,\n count(*) as count\nfrom\n aws_elasticache_cluster\n\ + where\n cache_node_type not in ('cache.m5.large', 'cache.m4.4xlarge')\ngroup\ + \ by\n cache_node_type;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon ElastiCache +Title: List all Amazon ElastiCache Cluster data in AWS account diff --git a/queries/aws_elasticache_cluster_5.yaml b/queries/aws_elasticache_cluster_5.yaml index e1278a745..49eed4488 100755 --- a/queries/aws_elasticache_cluster_5.yaml +++ b/queries/aws_elasticache_cluster_5.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query Amazon ElastiCache Cluster data, providing information + about each ElastiCache Cluster within the AWS account. ID: aws_elasticache_cluster_5 -Title: "Find Inactive Amazon ElastiCache Clusters" -Description: "Allows users to query Amazon ElastiCache Cluster data, providing information about each ElastiCache Cluster within the AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_cluster_id, - cache_cluster_status, - notification_configuration ->> 'TopicArn' as topic_arn, - notification_configuration ->> 'TopicStatus' as topic_status - from - aws_elasticache_cluster - where - notification_configuration ->> 'TopicStatus' = 'inactive'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_cluster_id,\n cache_cluster_status,\n notification_configuration\ + \ ->> 'TopicArn' as topic_arn,\n notification_configuration ->> 'TopicStatus'\ + \ as topic_status\nfrom\n aws_elasticache_cluster\nwhere\n notification_configuration\ + \ ->> 'TopicStatus' = 'inactive';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon ElastiCache +Title: Find Inactive Amazon ElastiCache Clusters diff --git a/queries/aws_elasticache_cluster_6.yaml b/queries/aws_elasticache_cluster_6.yaml index 1718ccffa..631430076 100755 --- a/queries/aws_elasticache_cluster_6.yaml +++ b/queries/aws_elasticache_cluster_6.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query Amazon ElastiCache Cluster data, providing information + about each ElastiCache Cluster within the AWS account. ID: aws_elasticache_cluster_6 -Title: "List All Amazon ElastiCache Clusters with Security Details" -Description: "Allows users to query Amazon ElastiCache Cluster data, providing information about each ElastiCache Cluster within the AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_cluster_id, - sg ->> 'SecurityGroupId' as security_group_id, - sg ->> 'Status' as status - from - aws_elasticache_cluster, - jsonb_array_elements(security_groups) as sg; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_cluster_id,\n sg ->> 'SecurityGroupId' as security_group_id,\n\ + \ sg ->> 'Status' as status\nfrom\n aws_elasticache_cluster,\n jsonb_array_elements(security_groups)\ + \ as sg;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache +Title: List All Amazon ElastiCache Clusters with Security Details diff --git a/queries/aws_elasticache_cluster_7.yaml b/queries/aws_elasticache_cluster_7.yaml index fca001e56..8c7da1e46 100755 --- a/queries/aws_elasticache_cluster_7.yaml +++ b/queries/aws_elasticache_cluster_7.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query Amazon ElastiCache Cluster data, providing information + about each ElastiCache Cluster within the AWS account. ID: aws_elasticache_cluster_7 -Title: "List all information about each ElastiCache Cluster" -Description: "Allows users to query Amazon ElastiCache Cluster data, providing information about each ElastiCache Cluster within the AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_cluster_id, - cache_node_type, - cache_cluster_status, - snapshot_retention_limit - from - aws_elasticache_cluster - where - snapshot_retention_limit is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_cluster_id,\n cache_node_type,\n cache_cluster_status,\n\ + \ snapshot_retention_limit\nfrom\n aws_elasticache_cluster\nwhere\n snapshot_retention_limit\ + \ is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache +Title: List all information about each ElastiCache Cluster diff --git a/queries/aws_elasticache_parameter_group_1.yaml b/queries/aws_elasticache_parameter_group_1.yaml index b4000579d..dc1b70402 100755 --- a/queries/aws_elasticache_parameter_group_1.yaml +++ b/queries/aws_elasticache_parameter_group_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Elasticache Parameter Groups, providing detailed + information about each group''s configurations, parameters, and associated metadata. ID: aws_elasticache_parameter_group_1 -Title: "Find AWS Elasticache Parameter Groups configurations" -Description: "Allows users to query AWS Elasticache Parameter Groups, providing detailed information about each group''s configurations, parameters, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_parameter_group_name, - description, - cache_parameter_group_family, - description, - is_global - from - aws_elasticache_parameter_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_parameter_group_name,\n description,\n cache_parameter_group_family,\n\ + \ description,\n is_global\nfrom\n aws_elasticache_parameter_group;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elasticache +Title: Find AWS Elasticache Parameter Groups configurations diff --git a/queries/aws_elasticache_parameter_group_2.yaml b/queries/aws_elasticache_parameter_group_2.yaml index f9e71e680..a47aa41ca 100755 --- a/queries/aws_elasticache_parameter_group_2.yaml +++ b/queries/aws_elasticache_parameter_group_2.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS Elasticache Parameter Groups, providing detailed + information about each group''s configurations, parameters, and associated metadata. ID: aws_elasticache_parameter_group_2 -Title: "Find AWS Elasticache Parameter Groups and Configurations" -Description: "Allows users to query AWS Elasticache Parameter Groups, providing detailed information about each group''s configurations, parameters, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_parameter_group_family, - count(*) as count - from - aws_elasticache_parameter_group - where - cache_parameter_group_family not in ('redis5.0', 'memcached1.5') - group by - cache_parameter_group_family; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_parameter_group_family,\n count(*) as count\n\ + from\n aws_elasticache_parameter_group\nwhere\n cache_parameter_group_family\ + \ not in ('redis5.0', 'memcached1.5')\ngroup by\n cache_parameter_group_family;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elasticache +Title: Find AWS Elasticache Parameter Groups and Configurations diff --git a/queries/aws_elasticache_redis_metric_cache_hits_hourly_1.yaml b/queries/aws_elasticache_redis_metric_cache_hits_hourly_1.yaml index 9f69149fc..7a2adaeae 100755 --- a/queries/aws_elasticache_redis_metric_cache_hits_hourly_1.yaml +++ b/queries/aws_elasticache_redis_metric_cache_hits_hourly_1.yaml @@ -1,31 +1,21 @@ +Description: Allows users to query Amazon ElastiCache Redis Cache Hits on an hourly + basis. ID: aws_elasticache_redis_metric_cache_hits_hourly_1 -Title: "List All AWS ElastiCache Redis Cache Hits Hourly" -Description: "Allows users to query Amazon ElastiCache Redis Cache Hits on an hourly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_cluster_id, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_elasticache_redis_metric_cache_hits_hourly - order by - cache_cluster_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_cluster_id,\n timestamp,\n minimum,\n maximum,\n\ + \ average,\n sum,\n sample_count\nfrom\n aws_elasticache_redis_metric_cache_hits_hourly\n\ + order by\n cache_cluster_id,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache +Title: List All AWS ElastiCache Redis Cache Hits Hourly diff --git a/queries/aws_elasticache_redis_metric_cache_hits_hourly_2.yaml b/queries/aws_elasticache_redis_metric_cache_hits_hourly_2.yaml index 8bbc922c6..3fc6b16d8 100755 --- a/queries/aws_elasticache_redis_metric_cache_hits_hourly_2.yaml +++ b/queries/aws_elasticache_redis_metric_cache_hits_hourly_2.yaml @@ -1,32 +1,24 @@ +Description: Allows users to query Amazon ElastiCache Redis Cache Hits on an hourly + basis. ID: aws_elasticache_redis_metric_cache_hits_hourly_2 -Title: "List All Amazon ElastiCache Redis Hourly Cache Hits" -Description: "Allows users to query Amazon ElastiCache Redis Cache Hits on an hourly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_cluster_id, - timestamp, - round(sum::numeric,2) as sum_cachehits, - round(average::numeric,2) as average_cachehits, - sample_count - from - aws_elasticache_redis_metric_cache_hits_hourly - where sum < 10 - order by - cache_cluster_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_cluster_id,\n timestamp,\n round(sum::numeric,2)\ + \ as sum_cachehits,\n round(average::numeric,2) as average_cachehits,\n sample_count\n\ + from\n aws_elasticache_redis_metric_cache_hits_hourly\nwhere sum < 10\norder\ + \ by\n cache_cluster_id,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon ElastiCache +Title: List All Amazon ElastiCache Redis Hourly Cache Hits diff --git a/queries/aws_elasticache_redis_metric_cache_hits_hourly_3.yaml b/queries/aws_elasticache_redis_metric_cache_hits_hourly_3.yaml index 03e5ee65d..eae1ae7b4 100755 --- a/queries/aws_elasticache_redis_metric_cache_hits_hourly_3.yaml +++ b/queries/aws_elasticache_redis_metric_cache_hits_hourly_3.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query Amazon ElastiCache Redis Cache Hits on an hourly + basis. ID: aws_elasticache_redis_metric_cache_hits_hourly_3 -Title: "Find hourly Amazon ElastiCache Redis Cache Hits" -Description: "Allows users to query Amazon ElastiCache Redis Cache Hits on an hourly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_cluster_id, - timestamp, - round(minimum::numeric,2) as min_cachehits, - round(maximum::numeric,2) as max_cachehits, - round(average::numeric,2) as avg_cachehits, - sample_count - from - aws_elasticache_redis_metric_cache_hits_hourly - where average < 100 - order by - cache_cluster_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_cluster_id,\n timestamp,\n round(minimum::numeric,2)\ + \ as min_cachehits,\n round(maximum::numeric,2) as max_cachehits,\n round(average::numeric,2)\ + \ as avg_cachehits,\n sample_count\nfrom\n aws_elasticache_redis_metric_cache_hits_hourly\n\ + where average < 100\norder by\n cache_cluster_id,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache Redis +Title: Find hourly Amazon ElastiCache Redis Cache Hits diff --git a/queries/aws_elasticache_redis_metric_curr_connections_hourly_1.yaml b/queries/aws_elasticache_redis_metric_curr_connections_hourly_1.yaml index 35fe9407e..b3a6a490e 100755 --- a/queries/aws_elasticache_redis_metric_curr_connections_hourly_1.yaml +++ b/queries/aws_elasticache_redis_metric_curr_connections_hourly_1.yaml @@ -1,31 +1,21 @@ +Description: Allows users to query ElastiCache Redis current connections metrics on + an hourly basis. ID: aws_elasticache_redis_metric_curr_connections_hourly_1 -Title: "List all Redis current connections metrics hourly" -Description: "Allows users to query ElastiCache Redis current connections metrics on an hourly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_cluster_id, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_elasticache_redis_metric_curr_connections_hourly - order by - cache_cluster_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_cluster_id,\n timestamp,\n minimum,\n maximum,\n\ + \ average,\n sum,\n sample_count\nfrom\n aws_elasticache_redis_metric_curr_connections_hourly\n\ + order by\n cache_cluster_id,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache +Title: List all Redis current connections metrics hourly diff --git a/queries/aws_elasticache_redis_metric_curr_connections_hourly_2.yaml b/queries/aws_elasticache_redis_metric_curr_connections_hourly_2.yaml index e7e27148f..1dca6dc82 100755 --- a/queries/aws_elasticache_redis_metric_curr_connections_hourly_2.yaml +++ b/queries/aws_elasticache_redis_metric_curr_connections_hourly_2.yaml @@ -1,33 +1,25 @@ +Description: Allows users to query ElastiCache Redis current connections metrics on + an hourly basis. ID: aws_elasticache_redis_metric_curr_connections_hourly_2 -Title: "Find ElastiCache Redis Current Hourly Connections" -Description: "Allows users to query ElastiCache Redis current connections metrics on an hourly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_cluster_id, - timestamp, - round(minimum::numeric,2) as min_currconnections, - round(maximum::numeric,2) as max_currconnections, - round(average::numeric,2) as avg_currconnections, - sample_count - from - aws_elasticache_redis_metric_curr_connections_hourly - where average > 100 - order by - cache_cluster_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_cluster_id,\n timestamp,\n round(minimum::numeric,2)\ + \ as min_currconnections,\n round(maximum::numeric,2) as max_currconnections,\n\ + \ round(average::numeric,2) as avg_currconnections,\n sample_count\nfrom\n \ + \ aws_elasticache_redis_metric_curr_connections_hourly\nwhere average > 100\n\ + order by\n cache_cluster_id,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache +Title: Find ElastiCache Redis Current Hourly Connections diff --git a/queries/aws_elasticache_redis_metric_engine_cpu_utilization_daily_1.yaml b/queries/aws_elasticache_redis_metric_engine_cpu_utilization_daily_1.yaml index 06b8eff18..f1e761c85 100755 --- a/queries/aws_elasticache_redis_metric_engine_cpu_utilization_daily_1.yaml +++ b/queries/aws_elasticache_redis_metric_engine_cpu_utilization_daily_1.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query ElastiCache Redis Metrics and provides daily statistics + for Engine CPU Utilization. ID: aws_elasticache_redis_metric_engine_cpu_utilization_daily_1 -Title: "List all AWS ElastiCache Redis Engine CPU Utilization Metrics" -Description: "Allows users to query ElastiCache Redis Metrics and provides daily statistics for Engine CPU Utilization." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_cluster_id, - timestamp, - minimum, - maximum, - average, - sample_count - from - aws_elasticache_redis_metric_engine_cpu_utilization_daily - order by - cache_cluster_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_cluster_id,\n timestamp,\n minimum,\n maximum,\n\ + \ average,\n sample_count\nfrom\n aws_elasticache_redis_metric_engine_cpu_utilization_daily\n\ + order by\n cache_cluster_id,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache Redis +Title: List all AWS ElastiCache Redis Engine CPU Utilization Metrics diff --git a/queries/aws_elasticache_redis_metric_engine_cpu_utilization_daily_2.yaml b/queries/aws_elasticache_redis_metric_engine_cpu_utilization_daily_2.yaml index 602133967..790d82230 100755 --- a/queries/aws_elasticache_redis_metric_engine_cpu_utilization_daily_2.yaml +++ b/queries/aws_elasticache_redis_metric_engine_cpu_utilization_daily_2.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query ElastiCache Redis Metrics and provides daily statistics + for Engine CPU Utilization. ID: aws_elasticache_redis_metric_engine_cpu_utilization_daily_2 -Title: "Find ElastiCache Redis CPU Utilization Metrics Daily" -Description: "Allows users to query ElastiCache Redis Metrics and provides daily statistics for Engine CPU Utilization." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_cluster_id, - timestamp, - round(minimum::numeric,2) as min_cpu, - round(maximum::numeric,2) as max_cpu, - round(average::numeric,2) as avg_cpu, - sample_count - from - aws_elasticache_redis_metric_engine_cpu_utilization_daily - where average > 80 - order by - cache_cluster_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_cluster_id,\n timestamp,\n round(minimum::numeric,2)\ + \ as min_cpu,\n round(maximum::numeric,2) as max_cpu,\n round(average::numeric,2)\ + \ as avg_cpu,\n sample_count\nfrom\n aws_elasticache_redis_metric_engine_cpu_utilization_daily\n\ + where average > 80\norder by\n cache_cluster_id,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache +Title: Find ElastiCache Redis CPU Utilization Metrics Daily diff --git a/queries/aws_elasticache_redis_metric_engine_cpu_utilization_daily_3.yaml b/queries/aws_elasticache_redis_metric_engine_cpu_utilization_daily_3.yaml index 40a95c246..836131eba 100755 --- a/queries/aws_elasticache_redis_metric_engine_cpu_utilization_daily_3.yaml +++ b/queries/aws_elasticache_redis_metric_engine_cpu_utilization_daily_3.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query ElastiCache Redis Metrics and provides daily statistics + for Engine CPU Utilization. ID: aws_elasticache_redis_metric_engine_cpu_utilization_daily_3 -Title: "List All AWS ElastiCache Redis Engine CPU Utilization Daily" -Description: "Allows users to query ElastiCache Redis Metrics and provides daily statistics for Engine CPU Utilization." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_cluster_id, - timestamp, - round(minimum::numeric,2) as min_cpu, - round(maximum::numeric,2) as max_cpu, - round(average::numeric,2) as avg_cpu, - sample_count - from - aws_elasticache_redis_metric_engine_cpu_utilization_daily - where average < 2 - order by - cache_cluster_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_cluster_id,\n timestamp,\n round(minimum::numeric,2)\ + \ as min_cpu,\n round(maximum::numeric,2) as max_cpu,\n round(average::numeric,2)\ + \ as avg_cpu,\n sample_count\nfrom\n aws_elasticache_redis_metric_engine_cpu_utilization_daily\n\ + where average < 2\norder by\n cache_cluster_id,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache +Title: List All AWS ElastiCache Redis Engine CPU Utilization Daily diff --git a/queries/aws_elasticache_redis_metric_engine_cpu_utilization_hourly_1.yaml b/queries/aws_elasticache_redis_metric_engine_cpu_utilization_hourly_1.yaml index 8ff097a25..eaf71bea9 100755 --- a/queries/aws_elasticache_redis_metric_engine_cpu_utilization_hourly_1.yaml +++ b/queries/aws_elasticache_redis_metric_engine_cpu_utilization_hourly_1.yaml @@ -1,30 +1,21 @@ +Description: Allows users to query hourly CPU utilization metrics for AWS ElastiCache + Redis. ID: aws_elasticache_redis_metric_engine_cpu_utilization_hourly_1 -Title: "List hourly CPU utilization metrics for ElastiCache Redis" -Description: "Allows users to query hourly CPU utilization metrics for AWS ElastiCache Redis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_cluster_id, - timestamp, - minimum, - maximum, - average, - sample_count - from - aws_elasticache_redis_metric_engine_cpu_utilization_hourly - order by - cache_cluster_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_cluster_id,\n timestamp,\n minimum,\n maximum,\n\ + \ average,\n sample_count\nfrom\n aws_elasticache_redis_metric_engine_cpu_utilization_hourly\n\ + order by\n cache_cluster_id,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache Redis +Title: List hourly CPU utilization metrics for ElastiCache Redis diff --git a/queries/aws_elasticache_redis_metric_engine_cpu_utilization_hourly_2.yaml b/queries/aws_elasticache_redis_metric_engine_cpu_utilization_hourly_2.yaml index 4637dd61d..a84d56e31 100755 --- a/queries/aws_elasticache_redis_metric_engine_cpu_utilization_hourly_2.yaml +++ b/queries/aws_elasticache_redis_metric_engine_cpu_utilization_hourly_2.yaml @@ -1,33 +1,24 @@ +Description: Allows users to query hourly CPU utilization metrics for AWS ElastiCache + Redis. ID: aws_elasticache_redis_metric_engine_cpu_utilization_hourly_2 -Title: "List All Hourly CPU Utilization Metrics for AWS ElastiCache Redis" -Description: "Allows users to query hourly CPU utilization metrics for AWS ElastiCache Redis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_cluster_id, - timestamp, - round(minimum::numeric,2) as min_cpu, - round(maximum::numeric,2) as max_cpu, - round(average::numeric,2) as avg_cpu, - sample_count - from - aws_elasticache_redis_metric_engine_cpu_utilization_hourly - where average > 80 - order by - cache_cluster_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_cluster_id,\n timestamp,\n round(minimum::numeric,2)\ + \ as min_cpu,\n round(maximum::numeric,2) as max_cpu,\n round(average::numeric,2)\ + \ as avg_cpu,\n sample_count\nfrom\n aws_elasticache_redis_metric_engine_cpu_utilization_hourly\n\ + where average > 80\norder by\n cache_cluster_id,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache Redis +Title: List All Hourly CPU Utilization Metrics for AWS ElastiCache Redis diff --git a/queries/aws_elasticache_redis_metric_engine_cpu_utilization_hourly_3.yaml b/queries/aws_elasticache_redis_metric_engine_cpu_utilization_hourly_3.yaml index 7fba6234a..c09e113c8 100755 --- a/queries/aws_elasticache_redis_metric_engine_cpu_utilization_hourly_3.yaml +++ b/queries/aws_elasticache_redis_metric_engine_cpu_utilization_hourly_3.yaml @@ -1,33 +1,24 @@ +Description: Allows users to query hourly CPU utilization metrics for AWS ElastiCache + Redis. ID: aws_elasticache_redis_metric_engine_cpu_utilization_hourly_3 -Title: "List all hourly CPU utilization metrics for ElastiCache Redis" -Description: "Allows users to query hourly CPU utilization metrics for AWS ElastiCache Redis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_cluster_id, - timestamp, - round(minimum::numeric,2) as min_cpu, - round(maximum::numeric,2) as max_cpu, - round(average::numeric,2) as avg_cpu, - sample_count - from - aws_elasticache_redis_metric_engine_cpu_utilization_hourly - where average < 2 - order by - cache_cluster_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_cluster_id,\n timestamp,\n round(minimum::numeric,2)\ + \ as min_cpu,\n round(maximum::numeric,2) as max_cpu,\n round(average::numeric,2)\ + \ as avg_cpu,\n sample_count\nfrom\n aws_elasticache_redis_metric_engine_cpu_utilization_hourly\n\ + where average < 2\norder by\n cache_cluster_id,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache +Title: List all hourly CPU utilization metrics for ElastiCache Redis diff --git a/queries/aws_elasticache_redis_metric_get_type_cmds_hourly_1.yaml b/queries/aws_elasticache_redis_metric_get_type_cmds_hourly_1.yaml index a4a2ad13e..f25634972 100755 --- a/queries/aws_elasticache_redis_metric_get_type_cmds_hourly_1.yaml +++ b/queries/aws_elasticache_redis_metric_get_type_cmds_hourly_1.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query ElastiCache Redis Metrics on an hourly basis. This + includes information on GET type commands executed in the selected ElastiCache Redis + cluster during the last hour. ID: aws_elasticache_redis_metric_get_type_cmds_hourly_1 -Title: "List all ElastiCache Redis Metrics on GET Commands Hourly" -Description: "Allows users to query ElastiCache Redis Metrics on an hourly basis. This includes information on GET type commands executed in the selected ElastiCache Redis cluster during the last hour." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_cluster_id, - timestamp, - minimum, - maximum, - average, - sample_count - from - aws_elasticache_redis_metric_get_type_cmds_hourly - order by - cache_cluster_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_cluster_id,\n timestamp,\n minimum,\n maximum,\n\ + \ average,\n sample_count\nfrom\n aws_elasticache_redis_metric_get_type_cmds_hourly\n\ + order by\n cache_cluster_id,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache +Title: List all ElastiCache Redis Metrics on GET Commands Hourly diff --git a/queries/aws_elasticache_redis_metric_get_type_cmds_hourly_2.yaml b/queries/aws_elasticache_redis_metric_get_type_cmds_hourly_2.yaml index 3e198c4fb..e5a281908 100755 --- a/queries/aws_elasticache_redis_metric_get_type_cmds_hourly_2.yaml +++ b/queries/aws_elasticache_redis_metric_get_type_cmds_hourly_2.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query ElastiCache Redis Metrics on an hourly basis. This + includes information on GET type commands executed in the selected ElastiCache Redis + cluster during the last hour. ID: aws_elasticache_redis_metric_get_type_cmds_hourly_2 -Title: "List ElastiCache Redis GET Commands Executed Hourly" -Description: "Allows users to query ElastiCache Redis Metrics on an hourly basis. This includes information on GET type commands executed in the selected ElastiCache Redis cluster during the last hour." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_cluster_id, - timestamp, - round(minimum::numeric,2) as min_gettypecmds, - round(maximum::numeric,2) as max_gettypecmds, - round(average::numeric,2) as avg_gettypecmds, - round(sum::numeric,2) as sum_gettypecmds - from - aws_elasticache_redis_metric_get_type_cmds_hourly - where sum > 100 - order by - cache_cluster_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_cluster_id,\n timestamp,\n round(minimum::numeric,2)\ + \ as min_gettypecmds,\n round(maximum::numeric,2) as max_gettypecmds,\n round(average::numeric,2)\ + \ as avg_gettypecmds,\n round(sum::numeric,2) as sum_gettypecmds\nfrom\n aws_elasticache_redis_metric_get_type_cmds_hourly\n\ + where sum > 100\norder by\n cache_cluster_id,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache +Title: List ElastiCache Redis GET Commands Executed Hourly diff --git a/queries/aws_elasticache_redis_metric_list_based_cmds_hourly_1.yaml b/queries/aws_elasticache_redis_metric_list_based_cmds_hourly_1.yaml index ecd2f95d1..4bb58224a 100755 --- a/queries/aws_elasticache_redis_metric_list_based_cmds_hourly_1.yaml +++ b/queries/aws_elasticache_redis_metric_list_based_cmds_hourly_1.yaml @@ -1,31 +1,21 @@ +Description: Allows users to query ElastiCache Redis Metrics on an hourly basis, providing + data on list-based commands executed in the ElastiCache Redis environment. ID: aws_elasticache_redis_metric_list_based_cmds_hourly_1 -Title: "List All ElastiCache Redis List-Based Command Metrics" -Description: "Allows users to query ElastiCache Redis Metrics on an hourly basis, providing data on list-based commands executed in the ElastiCache Redis environment." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_cluster_id, - timestamp, - minimum, - maximum, - average, - sample_count, - sum - from - aws_elasticache_redis_metric_list_based_cmds_hourly - order by - cache_cluster_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_cluster_id,\n timestamp,\n minimum,\n maximum,\n\ + \ average,\n sample_count,\n sum\nfrom\n aws_elasticache_redis_metric_list_based_cmds_hourly\n\ + order by\n cache_cluster_id,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache Redis +Title: List All ElastiCache Redis List-Based Command Metrics diff --git a/queries/aws_elasticache_redis_metric_list_based_cmds_hourly_2.yaml b/queries/aws_elasticache_redis_metric_list_based_cmds_hourly_2.yaml index b04383ce0..f53271145 100755 --- a/queries/aws_elasticache_redis_metric_list_based_cmds_hourly_2.yaml +++ b/queries/aws_elasticache_redis_metric_list_based_cmds_hourly_2.yaml @@ -1,33 +1,25 @@ +Description: Allows users to query ElastiCache Redis Metrics on an hourly basis, providing + data on list-based commands executed in the ElastiCache Redis environment. ID: aws_elasticache_redis_metric_list_based_cmds_hourly_2 -Title: "List All Hourly AWS ElastiCache Redis List-based Metrics" -Description: "Allows users to query ElastiCache Redis Metrics on an hourly basis, providing data on list-based commands executed in the ElastiCache Redis environment." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_cluster_id, - timestamp, - round(minimum::numeric,2) as min_listbasedcmds, - round(maximum::numeric,2) as max_listbasedcmds, - round(average::numeric,2) as avg_listbasedcmds, - round(sum::numeric,2) as sum_listbasedcmds - from - aws_elasticache_redis_metric_list_based_cmds_hourly - where sum > 100 - order by - cache_cluster_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_cluster_id,\n timestamp,\n round(minimum::numeric,2)\ + \ as min_listbasedcmds,\n round(maximum::numeric,2) as max_listbasedcmds,\n \ + \ round(average::numeric,2) as avg_listbasedcmds,\n round(sum::numeric,2) as\ + \ sum_listbasedcmds\nfrom\n aws_elasticache_redis_metric_list_based_cmds_hourly\n\ + where sum > 100\norder by\n cache_cluster_id,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache Redis +Title: List All Hourly AWS ElastiCache Redis List-based Metrics diff --git a/queries/aws_elasticache_redis_metric_new_connections_hourly_1.yaml b/queries/aws_elasticache_redis_metric_new_connections_hourly_1.yaml index 006225f82..a00fee5d8 100755 --- a/queries/aws_elasticache_redis_metric_new_connections_hourly_1.yaml +++ b/queries/aws_elasticache_redis_metric_new_connections_hourly_1.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query AWS ElastiCache Redis Metrics to get hourly data + on new connections. ID: aws_elasticache_redis_metric_new_connections_hourly_1 -Title: "List hourly AWS ElastiCache Redis new connection metrics" -Description: "Allows users to query AWS ElastiCache Redis Metrics to get hourly data on new connections." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_cluster_id, - timestamp, - minimum, - maximum, - average - from - aws_elasticache_redis_metric_new_connections_hourly - order by - cache_cluster_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_cluster_id,\n timestamp,\n minimum,\n maximum,\n\ + \ average\nfrom\n aws_elasticache_redis_metric_new_connections_hourly\norder\ + \ by\n cache_cluster_id,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS ElastiCache +Title: List hourly AWS ElastiCache Redis new connection metrics diff --git a/queries/aws_elasticache_redis_metric_new_connections_hourly_2.yaml b/queries/aws_elasticache_redis_metric_new_connections_hourly_2.yaml index d7f56b5f0..bac2dd1f9 100755 --- a/queries/aws_elasticache_redis_metric_new_connections_hourly_2.yaml +++ b/queries/aws_elasticache_redis_metric_new_connections_hourly_2.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS ElastiCache Redis Metrics to get hourly data + on new connections. ID: aws_elasticache_redis_metric_new_connections_hourly_2 -Title: "List hourly AWS ElastiCache Redis new connections" -Description: "Allows users to query AWS ElastiCache Redis Metrics to get hourly data on new connections." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_cluster_id, - timestamp, - round(minimum::numeric,2) as min_newconnections, - round(maximum::numeric,2) as max_newconnections, - round(average::numeric,2) as avg_newconnections, - round(sum::numeric,2) as sum_newconnections - from - aws_elasticache_redis_metric_new_connections_hourly - where sum > 10 - order by - cache_cluster_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_cluster_id,\n timestamp,\n round(minimum::numeric,2)\ + \ as min_newconnections,\n round(maximum::numeric,2) as max_newconnections,\n\ + \ round(average::numeric,2) as avg_newconnections,\n round(sum::numeric,2) as\ + \ sum_newconnections\nfrom\n aws_elasticache_redis_metric_new_connections_hourly\n\ + where sum > 10\norder by\n cache_cluster_id,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache +Title: List hourly AWS ElastiCache Redis new connections diff --git a/queries/aws_elasticache_replication_group_1.yaml b/queries/aws_elasticache_replication_group_1.yaml index 556e99955..b85a84c60 100755 --- a/queries/aws_elasticache_replication_group_1.yaml +++ b/queries/aws_elasticache_replication_group_1.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS ElastiCache Replication Groups to retrieve + information related to their configuration, status, and associated resources. ID: aws_elasticache_replication_group_1 -Title: "List all AWS ElastiCache Replication Groups with SQL" -Description: "Allows users to query AWS ElastiCache Replication Groups to retrieve information related to their configuration, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - replication_group_id, - description, - cache_node_type, - cluster_enabled, - auth_token_enabled, - automatic_failover - from - aws_elasticache_replication_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n replication_group_id,\n description,\n cache_node_type,\n\ + \ cluster_enabled,\n auth_token_enabled,\n automatic_failover\nfrom\n aws_elasticache_replication_group;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache +Title: List all AWS ElastiCache Replication Groups with SQL diff --git a/queries/aws_elasticache_replication_group_2.yaml b/queries/aws_elasticache_replication_group_2.yaml index b87475bfb..fe78ff80b 100755 --- a/queries/aws_elasticache_replication_group_2.yaml +++ b/queries/aws_elasticache_replication_group_2.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS ElastiCache Replication Groups to retrieve + information related to their configuration, status, and associated resources. ID: aws_elasticache_replication_group_2 -Title: "List AWS ElastiCache Replication Groups Configuration" -Description: "Allows users to query AWS ElastiCache Replication Groups to retrieve information related to their configuration, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - replication_group_id, - cache_node_type, - at_rest_encryption_enabled - from - aws_elasticache_replication_group - where - not at_rest_encryption_enabled; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n replication_group_id,\n cache_node_type,\n at_rest_encryption_enabled\n\ + from\n aws_elasticache_replication_group\nwhere\n not at_rest_encryption_enabled;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache +Title: List AWS ElastiCache Replication Groups Configuration diff --git a/queries/aws_elasticache_replication_group_3.yaml b/queries/aws_elasticache_replication_group_3.yaml index 608259323..a9c0364a3 100755 --- a/queries/aws_elasticache_replication_group_3.yaml +++ b/queries/aws_elasticache_replication_group_3.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS ElastiCache Replication Groups to retrieve + information related to their configuration, status, and associated resources. ID: aws_elasticache_replication_group_3 -Title: "Find AWS ElastiCache Replication Groups Configuration" -Description: "Allows users to query AWS ElastiCache Replication Groups to retrieve information related to their configuration, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - replication_group_id, - cache_node_type, - multi_az - from - aws_elasticache_replication_group - where - multi_az = 'disabled'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n replication_group_id,\n cache_node_type,\n multi_az\n\ + from\n aws_elasticache_replication_group\nwhere\n multi_az = 'disabled';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache +Title: Find AWS ElastiCache Replication Groups Configuration diff --git a/queries/aws_elasticache_replication_group_4.yaml b/queries/aws_elasticache_replication_group_4.yaml index 0771397df..ad1c5a9b1 100755 --- a/queries/aws_elasticache_replication_group_4.yaml +++ b/queries/aws_elasticache_replication_group_4.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS ElastiCache Replication Groups to retrieve + information related to their configuration, status, and associated resources. ID: aws_elasticache_replication_group_4 -Title: "List all AWS ElastiCache Replication Groups with Config and Status" -Description: "Allows users to query AWS ElastiCache Replication Groups to retrieve information related to their configuration, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - replication_group_id, - snapshot_retention_limit, - snapshot_window, - snapshotting_cluster_id - from - aws_elasticache_replication_group - where - snapshot_retention_limit < 30; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n replication_group_id,\n snapshot_retention_limit,\n\ + \ snapshot_window,\n snapshotting_cluster_id\nfrom\n aws_elasticache_replication_group\n\ + where\n snapshot_retention_limit < 30;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache +Title: List all AWS ElastiCache Replication Groups with Config and Status diff --git a/queries/aws_elasticache_replication_group_5.yaml b/queries/aws_elasticache_replication_group_5.yaml index b9f9e1a41..779f31cb2 100755 --- a/queries/aws_elasticache_replication_group_5.yaml +++ b/queries/aws_elasticache_replication_group_5.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS ElastiCache Replication Groups to retrieve + information related to their configuration, status, and associated resources. ID: aws_elasticache_replication_group_5 -Title: "List all AWS ElastiCache Replication Groups Configurations" -Description: "Allows users to query AWS ElastiCache Replication Groups to retrieve information related to their configuration, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_node_type, - count (*) - from - aws_elasticache_replication_group - group by - cache_node_type; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_node_type,\n count (*)\nfrom\n aws_elasticache_replication_group\n\ + group by\n cache_node_type;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache +Title: List all AWS ElastiCache Replication Groups Configurations diff --git a/queries/aws_elasticache_replication_group_6.yaml b/queries/aws_elasticache_replication_group_6.yaml index 6f59018ce..d72aa649f 100755 --- a/queries/aws_elasticache_replication_group_6.yaml +++ b/queries/aws_elasticache_replication_group_6.yaml @@ -1,23 +1,20 @@ +Description: Allows users to query AWS ElastiCache Replication Groups to retrieve + information related to their configuration, status, and associated resources. ID: aws_elasticache_replication_group_6 -Title: "Find AWS ElastiCache Replication Groups and Status" -Description: "Allows users to query AWS ElastiCache Replication Groups to retrieve information related to their configuration, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - replication_group_id, - jsonb_array_elements_text(member_clusters) as member_clusters - from - aws_elasticache_replication_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n replication_group_id,\n jsonb_array_elements_text(member_clusters)\ + \ as member_clusters\nfrom\n aws_elasticache_replication_group;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache +Title: Find AWS ElastiCache Replication Groups and Status diff --git a/queries/aws_elasticache_reserved_cache_node_1.yaml b/queries/aws_elasticache_reserved_cache_node_1.yaml index 56b40965d..aef3c371e 100755 --- a/queries/aws_elasticache_reserved_cache_node_1.yaml +++ b/queries/aws_elasticache_reserved_cache_node_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS ElastiCache Reserved Cache Nodes to gather + details such as the reservation status, start time, duration, and associated metadata. ID: aws_elasticache_reserved_cache_node_1 -Title: "List all AWS ElastiCache Reserved Cache Nodes details" -Description: "Allows users to query AWS ElastiCache Reserved Cache Nodes to gather details such as the reservation status, start time, duration, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - reserved_cache_node_id, - arn, - reserved_cache_nodes_offering_id, - state, - cache_node_type - from - aws_elasticache_reserved_cache_node; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n reserved_cache_node_id,\n arn,\n reserved_cache_nodes_offering_id,\n\ + \ state,\n cache_node_type\nfrom\n aws_elasticache_reserved_cache_node;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache +Title: List all AWS ElastiCache Reserved Cache Nodes details diff --git a/queries/aws_elasticache_reserved_cache_node_2.yaml b/queries/aws_elasticache_reserved_cache_node_2.yaml index 347764347..6da92fa01 100755 --- a/queries/aws_elasticache_reserved_cache_node_2.yaml +++ b/queries/aws_elasticache_reserved_cache_node_2.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS ElastiCache Reserved Cache Nodes to gather + details such as the reservation status, start time, duration, and associated metadata. ID: aws_elasticache_reserved_cache_node_2 -Title: "Find AWS ElastiCache Reserved Cache Node Details" -Description: "Allows users to query AWS ElastiCache Reserved Cache Nodes to gather details such as the reservation status, start time, duration, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - reserved_cache_node_id, - arn, - reserved_cache_nodes_offering_id, - state, - cache_node_type - from - aws_elasticache_reserved_cache_node - where - offering_type = 'All Upfront'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n reserved_cache_node_id,\n arn,\n reserved_cache_nodes_offering_id,\n\ + \ state,\n cache_node_type\nfrom\n aws_elasticache_reserved_cache_node\nwhere\n\ + \ offering_type = 'All Upfront';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache +Title: Find AWS ElastiCache Reserved Cache Node Details diff --git a/queries/aws_elasticache_reserved_cache_node_3.yaml b/queries/aws_elasticache_reserved_cache_node_3.yaml index f85a59723..674f8103d 100755 --- a/queries/aws_elasticache_reserved_cache_node_3.yaml +++ b/queries/aws_elasticache_reserved_cache_node_3.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS ElastiCache Reserved Cache Nodes to gather + details such as the reservation status, start time, duration, and associated metadata. ID: aws_elasticache_reserved_cache_node_3 -Title: "List AWS ElastiCache Reserved Cache Nodes with Details" -Description: "Allows users to query AWS ElastiCache Reserved Cache Nodes to gather details such as the reservation status, start time, duration, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - reserved_cache_node_id, - arn, - reserved_cache_nodes_offering_id, - state, - cache_node_type - from - aws_elasticache_reserved_cache_node - order by - duration desc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n reserved_cache_node_id,\n arn,\n reserved_cache_nodes_offering_id,\n\ + \ state,\n cache_node_type\nfrom\n aws_elasticache_reserved_cache_node\norder\ + \ by\n duration desc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache +Title: List AWS ElastiCache Reserved Cache Nodes with Details diff --git a/queries/aws_elasticache_reserved_cache_node_4.yaml b/queries/aws_elasticache_reserved_cache_node_4.yaml index 2ba5d58ba..211931d07 100755 --- a/queries/aws_elasticache_reserved_cache_node_4.yaml +++ b/queries/aws_elasticache_reserved_cache_node_4.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS ElastiCache Reserved Cache Nodes to gather + details such as the reservation status, start time, duration, and associated metadata. ID: aws_elasticache_reserved_cache_node_4 -Title: "List all AWS ElastiCache Reserved Cache Nodes" -Description: "Allows users to query AWS ElastiCache Reserved Cache Nodes to gather details such as the reservation status, start time, duration, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - reserved_cache_node_id, - arn, - reserved_cache_nodes_offering_id, - state, - cache_node_type - from - aws_elasticache_reserved_cache_node - order by - usage_price desc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n reserved_cache_node_id,\n arn,\n reserved_cache_nodes_offering_id,\n\ + \ state,\n cache_node_type\nfrom\n aws_elasticache_reserved_cache_node\norder\ + \ by\n usage_price desc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache +Title: List all AWS ElastiCache Reserved Cache Nodes diff --git a/queries/aws_elasticache_reserved_cache_node_5.yaml b/queries/aws_elasticache_reserved_cache_node_5.yaml index c0e0b1f49..af0ad969d 100755 --- a/queries/aws_elasticache_reserved_cache_node_5.yaml +++ b/queries/aws_elasticache_reserved_cache_node_5.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS ElastiCache Reserved Cache Nodes to gather + details such as the reservation status, start time, duration, and associated metadata. ID: aws_elasticache_reserved_cache_node_5 -Title: "Find AWS ElastiCache Reserved Cache Nodes Details" -Description: "Allows users to query AWS ElastiCache Reserved Cache Nodes to gather details such as the reservation status, start time, duration, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - reserved_cache_node_id, - arn, - reserved_cache_nodes_offering_id, - state, - cache_node_type - from - aws_elasticache_reserved_cache_node - where - state <> 'active'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n reserved_cache_node_id,\n arn,\n reserved_cache_nodes_offering_id,\n\ + \ state,\n cache_node_type\nfrom\n aws_elasticache_reserved_cache_node\nwhere\n\ + \ state <> 'active';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache +Title: Find AWS ElastiCache Reserved Cache Nodes Details diff --git a/queries/aws_elasticache_subnet_group_1.yaml b/queries/aws_elasticache_subnet_group_1.yaml index 587fd5f9e..563e9be86 100755 --- a/queries/aws_elasticache_subnet_group_1.yaml +++ b/queries/aws_elasticache_subnet_group_1.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS ElastiCache Subnet Groups, providing details + about each subnet group within their ElastiCache service, including the associated + VPC, subnets, and status. ID: aws_elasticache_subnet_group_1 -Title: "List all AWS ElastiCache Subnet Groups and Details" -Description: "Allows users to query AWS ElastiCache Subnet Groups, providing details about each subnet group within their ElastiCache service, including the associated VPC, subnets, and status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cache_subnet_group_name, - cache_subnet_group_description, - region, - account_id - from - aws_elasticache_subnet_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cache_subnet_group_name,\n cache_subnet_group_description,\n\ + \ region,\n account_id\nfrom\n aws_elasticache_subnet_group;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache +Title: List all AWS ElastiCache Subnet Groups and Details diff --git a/queries/aws_elasticache_subnet_group_2.yaml b/queries/aws_elasticache_subnet_group_2.yaml index 00edb61b2..409be9cbc 100755 --- a/queries/aws_elasticache_subnet_group_2.yaml +++ b/queries/aws_elasticache_subnet_group_2.yaml @@ -1,28 +1,25 @@ +Description: Allows users to query AWS ElastiCache Subnet Groups, providing details + about each subnet group within their ElastiCache service, including the associated + VPC, subnets, and status. ID: aws_elasticache_subnet_group_2 -Title: "List all AWS ElastiCache Subnet Groups and Details" -Description: "Allows users to query AWS ElastiCache Subnet Groups, providing details about each subnet group within their ElastiCache service, including the associated VPC, subnets, and status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - vpc_id, - sub -> 'SubnetAvailabilityZone' ->> 'Name' as subnet_availability_zone, - sub ->> 'SubnetIdentifier' as subnet_identifier, - sub ->> 'SubnetOutpost' as subnet_outpost - from - aws_elasticache_subnet_group, - jsonb_array_elements(subnets) as sub; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n vpc_id,\n sub -> 'SubnetAvailabilityZone' ->> 'Name'\ + \ as subnet_availability_zone,\n sub ->> 'SubnetIdentifier' as subnet_identifier,\n\ + \ sub ->> 'SubnetOutpost' as subnet_outpost\nfrom\n aws_elasticache_subnet_group,\n\ + \ jsonb_array_elements(subnets) as sub;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache +Title: List all AWS ElastiCache Subnet Groups and Details diff --git a/queries/aws_elasticache_subnet_group_3.yaml b/queries/aws_elasticache_subnet_group_3.yaml index b56a415cf..fd7a4ed40 100755 --- a/queries/aws_elasticache_subnet_group_3.yaml +++ b/queries/aws_elasticache_subnet_group_3.yaml @@ -1,27 +1,24 @@ +Description: Allows users to query AWS ElastiCache Subnet Groups, providing details + about each subnet group within their ElastiCache service, including the associated + VPC, subnets, and status. ID: aws_elasticache_subnet_group_3 -Title: "Find AWS ElastiCache Subnet Groups and VPC Details" -Description: "Allows users to query AWS ElastiCache Subnet Groups, providing details about each subnet group within their ElastiCache service, including the associated VPC, subnets, and status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - c.cache_cluster_id, - sg.cache_subnet_group_name, - sg.vpc_id - from - aws_elasticache_subnet_group as sg - join aws_elasticache_cluster as c on sg.cache_subnet_group_name = c.cache_subnet_group_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n c.cache_cluster_id,\n sg.cache_subnet_group_name,\n\ + \ sg.vpc_id\nfrom\n aws_elasticache_subnet_group as sg\n join aws_elasticache_cluster\ + \ as c on sg.cache_subnet_group_name = c.cache_subnet_group_name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - ElastiCache +Title: Find AWS ElastiCache Subnet Groups and VPC Details diff --git a/queries/aws_elasticsearch_domain_1.yaml b/queries/aws_elasticsearch_domain_1.yaml index 6b04c0d64..e3a6d0f1a 100755 --- a/queries/aws_elasticsearch_domain_1.yaml +++ b/queries/aws_elasticsearch_domain_1.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS Elasticsearch Service Domains for detailed + information related to the configuration, status, and access policies of the Elasticsearch + domains. ID: aws_elasticsearch_domain_1 -Title: "Find all AWS Elasticsearch Service Domain details using SQL" -Description: "Allows users to query AWS Elasticsearch Service Domains for detailed information related to the configuration, status, and access policies of the Elasticsearch domains." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - domain_id, - arn, - elasticsearch_version, - created - from - aws_elasticsearch_domain; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n domain_id,\n arn,\n elasticsearch_version,\n\ + \ created\nfrom\n aws_elasticsearch_domain;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elasticsearch Service +Title: Find all AWS Elasticsearch Service Domain details using SQL diff --git a/queries/aws_elasticsearch_domain_2.yaml b/queries/aws_elasticsearch_domain_2.yaml index d17c404d9..c262e9d57 100755 --- a/queries/aws_elasticsearch_domain_2.yaml +++ b/queries/aws_elasticsearch_domain_2.yaml @@ -1,31 +1,27 @@ +Description: Allows users to query AWS Elasticsearch Service Domains for detailed + information related to the configuration, status, and access policies of the Elasticsearch + domains. ID: aws_elasticsearch_domain_2 -Title: "List all AWS Elasticsearch Service Domains with Disabled Encryption" -Description: "Allows users to query AWS Elasticsearch Service Domains for detailed information related to the configuration, status, and access policies of the Elasticsearch domains." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - domain_id, - encryption_at_rest_options ->> 'Enabled' as enabled, - encryption_at_rest_options ->> 'KmsKeyId' as kms_key_id - from - aws_elasticsearch_domain - where - encryption_at_rest_options ->> 'Enabled' = 'false'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n domain_id,\n encryption_at_rest_options\ + \ ->> 'Enabled' as enabled,\n encryption_at_rest_options ->> 'KmsKeyId' as kms_key_id\n\ + from\n aws_elasticsearch_domain\nwhere\n encryption_at_rest_options ->> 'Enabled'\ + \ = 'false';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elasticsearch Service +Title: List all AWS Elasticsearch Service Domains with Disabled Encryption diff --git a/queries/aws_elasticsearch_domain_3.yaml b/queries/aws_elasticsearch_domain_3.yaml index b6f580bae..452aaba08 100755 --- a/queries/aws_elasticsearch_domain_3.yaml +++ b/queries/aws_elasticsearch_domain_3.yaml @@ -1,30 +1,25 @@ +Description: Allows users to query AWS Elasticsearch Service Domains for detailed + information related to the configuration, status, and access policies of the Elasticsearch + domains. ID: aws_elasticsearch_domain_3 -Title: "List all AWS Elasticsearch Service Domains with Configuration" -Description: "Allows users to query AWS Elasticsearch Service Domains for detailed information related to the configuration, status, and access policies of the Elasticsearch domains." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - domain_id, - ebs_options ->> 'VolumeSize' as volume_size, - ebs_options ->> 'VolumeType' as volume_type, - ebs_options ->> 'EBSEnabled' as ebs_enabled - from - aws_elasticsearch_domain - where - ebs_options ->> 'EBSEnabled' = 'true'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n domain_id,\n ebs_options ->> 'VolumeSize'\ + \ as volume_size,\n ebs_options ->> 'VolumeType' as volume_type,\n ebs_options\ + \ ->> 'EBSEnabled' as ebs_enabled\nfrom\n aws_elasticsearch_domain\nwhere\n \ + \ ebs_options ->> 'EBSEnabled' = 'true';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elasticsearch Service +Title: List all AWS Elasticsearch Service Domains with Configuration diff --git a/queries/aws_elasticsearch_domain_4.yaml b/queries/aws_elasticsearch_domain_4.yaml index 59753fe24..7c981fe71 100755 --- a/queries/aws_elasticsearch_domain_4.yaml +++ b/queries/aws_elasticsearch_domain_4.yaml @@ -1,30 +1,26 @@ +Description: Allows users to query AWS Elasticsearch Service Domains for detailed + information related to the configuration, status, and access policies of the Elasticsearch + domains. ID: aws_elasticsearch_domain_4 -Title: "List all AWS Elasticsearch Service Domains configuration" -Description: "Allows users to query AWS Elasticsearch Service Domains for detailed information related to the configuration, status, and access policies of the Elasticsearch domains." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - vpc_options ->> 'AvailabilityZones' as availability_zones, - vpc_options ->> 'SecurityGroupIds' as security_group_ids, - vpc_options ->> 'SubnetIds' as subnet_ids, - vpc_options ->> 'VPCId' as vpc_id - from - aws_elasticsearch_domain - where - vpc_options ->> 'AvailabilityZones' is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n vpc_options ->> 'AvailabilityZones' as\ + \ availability_zones,\n vpc_options ->> 'SecurityGroupIds' as security_group_ids,\n\ + \ vpc_options ->> 'SubnetIds' as subnet_ids,\n vpc_options ->> 'VPCId' as vpc_id\n\ + from\n aws_elasticsearch_domain\nwhere\n vpc_options ->> 'AvailabilityZones'\ + \ is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elasticsearch Service +Title: List all AWS Elasticsearch Service Domains configuration diff --git a/queries/aws_elasticsearch_domain_5.yaml b/queries/aws_elasticsearch_domain_5.yaml index fdc895e54..27cb4e8d8 100755 --- a/queries/aws_elasticsearch_domain_5.yaml +++ b/queries/aws_elasticsearch_domain_5.yaml @@ -1,27 +1,24 @@ +Description: Allows users to query AWS Elasticsearch Service Domains for detailed + information related to the configuration, status, and access policies of the Elasticsearch + domains. ID: aws_elasticsearch_domain_5 -Title: "Find AWS Elasticsearch Domain Configuration and Status" -Description: "Allows users to query AWS Elasticsearch Service Domains for detailed information related to the configuration, status, and access policies of the Elasticsearch domains." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - domain_id, - elasticsearch_cluster_config ->> 'InstanceType' as instance_type, - elasticsearch_cluster_config ->> 'InstanceCount' as instance_count - from - aws_elasticsearch_domain; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n domain_id,\n elasticsearch_cluster_config\ + \ ->> 'InstanceType' as instance_type,\n elasticsearch_cluster_config ->> 'InstanceCount'\ + \ as instance_count\nfrom\n aws_elasticsearch_domain;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elasticsearch Service +Title: Find AWS Elasticsearch Domain Configuration and Status diff --git a/queries/aws_elasticsearch_domain_6.yaml b/queries/aws_elasticsearch_domain_6.yaml index a215d0d13..7a38abeb8 100755 --- a/queries/aws_elasticsearch_domain_6.yaml +++ b/queries/aws_elasticsearch_domain_6.yaml @@ -1,33 +1,26 @@ +Description: Allows users to query AWS Elasticsearch Service Domains for detailed + information related to the configuration, status, and access policies of the Elasticsearch + domains. ID: aws_elasticsearch_domain_6 -Title: "Find AWS Elasticsearch Service Domain Config and Status" -Description: "Allows users to query AWS Elasticsearch Service Domains for detailed information related to the configuration, status, and access policies of the Elasticsearch domains." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - p as principal, - a as action, - s ->> 'Effect' as effect - from - aws_elasticsearch_domain, - jsonb_array_elements(policy_std -> 'Statement') as s, - jsonb_array_elements_text(s -> 'Principal' -> 'AWS') as p, - jsonb_array_elements_text(s -> 'Action') as a - where - p = '*' - and s ->> 'Effect' = 'Allow'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n p as principal,\n a as action,\n s\ + \ ->> 'Effect' as effect\nfrom\n aws_elasticsearch_domain,\n jsonb_array_elements(policy_std\ + \ -> 'Statement') as s,\n jsonb_array_elements_text(s -> 'Principal' -> 'AWS')\ + \ as p,\n jsonb_array_elements_text(s -> 'Action') as a\nwhere\n p = '*'\n \ + \ and s ->> 'Effect' = 'Allow';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elasticsearch Service +Title: Find AWS Elasticsearch Service Domain Config and Status diff --git a/queries/aws_elasticsearch_domain_7.yaml b/queries/aws_elasticsearch_domain_7.yaml index d079cc530..c672e9192 100755 --- a/queries/aws_elasticsearch_domain_7.yaml +++ b/queries/aws_elasticsearch_domain_7.yaml @@ -1,28 +1,25 @@ +Description: Allows users to query AWS Elasticsearch Service Domains for detailed + information related to the configuration, status, and access policies of the Elasticsearch + domains. ID: aws_elasticsearch_domain_7 -Title: "Find AWS Elasticsearch Service Domain Details" -Description: "Allows users to query AWS Elasticsearch Service Domains for detailed information related to the configuration, status, and access policies of the Elasticsearch domains." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - domain_id, - log_publishing_options - from - aws_elasticsearch_domain; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n domain_id,\n log_publishing_options\n\ + from\n aws_elasticsearch_domain;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elasticsearch Service +Title: Find AWS Elasticsearch Service Domain Details diff --git a/queries/aws_elasticsearch_domain_8.yaml b/queries/aws_elasticsearch_domain_8.yaml index 299d3ec09..411a52138 100755 --- a/queries/aws_elasticsearch_domain_8.yaml +++ b/queries/aws_elasticsearch_domain_8.yaml @@ -1,27 +1,25 @@ +Description: Allows users to query AWS Elasticsearch Service Domains for detailed + information related to the configuration, status, and access policies of the Elasticsearch + domains. ID: aws_elasticsearch_domain_8 -Title: "Find AWS Elasticsearch Service Domain Configuration" -Description: "Allows users to query AWS Elasticsearch Service Domains for detailed information related to the configuration, status, and access policies of the Elasticsearch domains." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - domain_id, - log_publishing_options -> 'SEARCH_SLOW_LOGS' -> 'Enabled' as enabled, - log_publishing_options -> 'SEARCH_SLOW_LOGS' -> 'CloudWatchLogsLogGroupArn' as cloud_watch_logs_log_group_arn - from - aws_elasticsearch_domain; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n domain_id,\n log_publishing_options\ + \ -> 'SEARCH_SLOW_LOGS' -> 'Enabled' as enabled,\n log_publishing_options ->\ + \ 'SEARCH_SLOW_LOGS' -> 'CloudWatchLogsLogGroupArn' as cloud_watch_logs_log_group_arn\n\ + from\n aws_elasticsearch_domain;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elasticsearch Service +Title: Find AWS Elasticsearch Service Domain Configuration diff --git a/queries/aws_emr_block_public_access_configuration_1.yaml b/queries/aws_emr_block_public_access_configuration_1.yaml index 32aa19177..613adefd5 100755 --- a/queries/aws_emr_block_public_access_configuration_1.yaml +++ b/queries/aws_emr_block_public_access_configuration_1.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS EMR Block Public Access Configuration to retrieve + details about the block public access configurations for EMR clusters. ID: aws_emr_block_public_access_configuration_1 -Title: "Find AWS EMR Block Public Access Configuration Details" -Description: "Allows users to query AWS EMR Block Public Access Configuration to retrieve details about the block public access configurations for EMR clusters." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - created_by_arn, - block_public_security_group_rules, - creation_date, - classification, - permitted_public_security_group_rule_ranges - from - aws_emr_block_public_access_configuration - order by - created_by_arn, - creation_date; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n created_by_arn,\n block_public_security_group_rules,\n\ + \ creation_date,\n classification,\n permitted_public_security_group_rule_ranges\n\ + from\n aws_emr_block_public_access_configuration\norder by\n created_by_arn,\n\ + \ creation_date;" Tags: cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EMR +Title: Find AWS EMR Block Public Access Configuration Details diff --git a/queries/aws_emr_block_public_access_configuration_2.yaml b/queries/aws_emr_block_public_access_configuration_2.yaml index 8cb085f12..c10b24eca 100755 --- a/queries/aws_emr_block_public_access_configuration_2.yaml +++ b/queries/aws_emr_block_public_access_configuration_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS EMR Block Public Access Configuration to retrieve + details about the block public access configurations for EMR clusters. ID: aws_emr_block_public_access_configuration_2 -Title: "List AWS EMR Block Public Access Configuration Details" -Description: "Allows users to query AWS EMR Block Public Access Configuration to retrieve details about the block public access configurations for EMR clusters." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - created_by_arn, - creation_date - from - aws_emr_block_public_access_configuration - where - block_public_security_group_rules; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n created_by_arn,\n creation_date\nfrom\n aws_emr_block_public_access_configuration\n\ + where\n block_public_security_group_rules;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS EMR +Title: List AWS EMR Block Public Access Configuration Details diff --git a/queries/aws_emr_block_public_access_configuration_3.yaml b/queries/aws_emr_block_public_access_configuration_3.yaml index b785834a3..359f60bc2 100755 --- a/queries/aws_emr_block_public_access_configuration_3.yaml +++ b/queries/aws_emr_block_public_access_configuration_3.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query AWS EMR Block Public Access Configuration to retrieve + details about the block public access configurations for EMR clusters. ID: aws_emr_block_public_access_configuration_3 -Title: "Find AWS EMR Block Public Access Configurations" -Description: "Allows users to query AWS EMR Block Public Access Configuration to retrieve details about the block public access configurations for EMR clusters." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - created_by_arn, - creation_date, - rules ->> 'MaxRange' as max_range, - rules ->> 'MinRange' as min_range - from - aws_emr_block_public_access_configuration - cross join jsonb_array_elements(permitted_public_security_group_rule_ranges) as rules; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n created_by_arn,\n creation_date,\n rules ->> 'MaxRange'\ + \ as max_range,\n rules ->> 'MinRange' as min_range\nfrom\n aws_emr_block_public_access_configuration\n\ + \ cross join jsonb_array_elements(permitted_public_security_group_rule_ranges)\ + \ as rules;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EMR Block Public Access Configuration +Title: Find AWS EMR Block Public Access Configurations diff --git a/queries/aws_emr_block_public_access_configuration_4.yaml b/queries/aws_emr_block_public_access_configuration_4.yaml index 3156dedee..71aa57bbb 100755 --- a/queries/aws_emr_block_public_access_configuration_4.yaml +++ b/queries/aws_emr_block_public_access_configuration_4.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS EMR Block Public Access Configuration to retrieve + details about the block public access configurations for EMR clusters. ID: aws_emr_block_public_access_configuration_4 -Title: "Find AWS EMR Block Public Access Configuration Details" -Description: "Allows users to query AWS EMR Block Public Access Configuration to retrieve details about the block public access configurations for EMR clusters." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - created_by_arn, - creation_date - from - aws_emr_block_public_access_configuration - where - date_part('day', now() - creation_date) < 90; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n created_by_arn,\n creation_date\nfrom\n aws_emr_block_public_access_configuration\n\ + where\n date_part('day', now() - creation_date) < 90;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EMR +Title: Find AWS EMR Block Public Access Configuration Details diff --git a/queries/aws_emr_cluster_1.yaml b/queries/aws_emr_cluster_1.yaml index b6f5ad409..7b43ab876 100755 --- a/queries/aws_emr_cluster_1.yaml +++ b/queries/aws_emr_cluster_1.yaml @@ -1,27 +1,19 @@ +Description: Allows users to query AWS Elastic MapReduce Cluster data. ID: aws_emr_cluster_1 -Title: "List all AWS Elastic MapReduce Cluster data" -Description: "Allows users to query AWS Elastic MapReduce Cluster data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - cluster_arn, - name, - auto_terminate, - status ->> 'State' as state, - tags - from - aws_emr_cluster; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n cluster_arn,\n name,\n auto_terminate,\n status\ + \ ->> 'State' as state,\n tags\nfrom\n aws_emr_cluster;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic MapReduce +Title: List all AWS Elastic MapReduce Cluster data diff --git a/queries/aws_emr_cluster_2.yaml b/queries/aws_emr_cluster_2.yaml index 5b4f568c3..0badacfe5 100755 --- a/queries/aws_emr_cluster_2.yaml +++ b/queries/aws_emr_cluster_2.yaml @@ -1,26 +1,19 @@ +Description: Allows users to query AWS Elastic MapReduce Cluster data. ID: aws_emr_cluster_2 -Title: "Find AWS EMR Clusters That Do Not Auto-Terminate" -Description: "Allows users to query AWS Elastic MapReduce Cluster data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - cluster_arn, - auto_terminate - from - aws_emr_cluster - where - not auto_terminate; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n cluster_arn,\n auto_terminate\nfrom\n aws_emr_cluster\n\ + where\n not auto_terminate;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic MapReduce +Title: Find AWS EMR Clusters That Do Not Auto-Terminate diff --git a/queries/aws_emr_cluster_3.yaml b/queries/aws_emr_cluster_3.yaml index f312002d0..194715bca 100755 --- a/queries/aws_emr_cluster_3.yaml +++ b/queries/aws_emr_cluster_3.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Elastic MapReduce Cluster data. ID: aws_emr_cluster_3 -Title: "Find AWS Elastic MapReduce Clusters with Errors" -Description: "Allows users to query AWS Elastic MapReduce Cluster data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - name, - status ->> 'State' as state, - status -> 'StateChangeReason' ->> 'Message' as state_change_reason - from - aws_emr_cluster - where - status ->> 'State' = 'TERMINATED_WITH_ERRORS'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n name,\n status ->> 'State' as state,\n status\ + \ -> 'StateChangeReason' ->> 'Message' as state_change_reason\nfrom\n aws_emr_cluster\n\ + where\n status ->> 'State' = 'TERMINATED_WITH_ERRORS';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic MapReduce +Title: Find AWS Elastic MapReduce Clusters with Errors diff --git a/queries/aws_emr_cluster_4.yaml b/queries/aws_emr_cluster_4.yaml index 18f069d3d..2e224e205 100755 --- a/queries/aws_emr_cluster_4.yaml +++ b/queries/aws_emr_cluster_4.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Elastic MapReduce Cluster data. ID: aws_emr_cluster_4 -Title: "Find AWS Elastic MapReduce Cluster Data" -Description: "Allows users to query AWS Elastic MapReduce Cluster data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - cluster_arn, - a ->> 'Name' as application_name, - a ->> 'Version' as application_version - from - aws_emr_cluster, - jsonb_array_elements(applications) as a; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n cluster_arn,\n a ->> 'Name' as application_name,\n\ + \ a ->> 'Version' as application_version\nfrom\n aws_emr_cluster,\n jsonb_array_elements(applications)\ + \ as a;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic MapReduce +Title: Find AWS Elastic MapReduce Cluster Data diff --git a/queries/aws_emr_cluster_5.yaml b/queries/aws_emr_cluster_5.yaml index 8054b6850..84e56f243 100755 --- a/queries/aws_emr_cluster_5.yaml +++ b/queries/aws_emr_cluster_5.yaml @@ -1,26 +1,19 @@ +Description: Allows users to query AWS Elastic MapReduce Cluster data. ID: aws_emr_cluster_5 -Title: "Find AWS Elastic MapReduce Cluster Data" -Description: "Allows users to query AWS Elastic MapReduce Cluster data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - cluster_arn, - log_uri - from - aws_emr_cluster - where - log_uri is null - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n cluster_arn,\n log_uri\nfrom\n aws_emr_cluster\n\ + where\n log_uri is null" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic MapReduce +Title: Find AWS Elastic MapReduce Cluster Data diff --git a/queries/aws_emr_cluster_6.yaml b/queries/aws_emr_cluster_6.yaml index 3ba362b20..4c0c018ec 100755 --- a/queries/aws_emr_cluster_6.yaml +++ b/queries/aws_emr_cluster_6.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Elastic MapReduce Cluster data. ID: aws_emr_cluster_6 -Title: "Find AWS EMR Cluster Data with Specific Log URIs" -Description: "Allows users to query AWS Elastic MapReduce Cluster data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - cluster_arn, - log_uri, - log_encryption_kms_key_id - from - aws_emr_cluster - where - log_uri is not null and log_encryption_kms_key_id is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n cluster_arn,\n log_uri,\n log_encryption_kms_key_id\n\ + from\n aws_emr_cluster\nwhere\n log_uri is not null and log_encryption_kms_key_id\ + \ is null;" Tags: cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Elastic MapReduce +Title: Find AWS EMR Cluster Data with Specific Log URIs diff --git a/queries/aws_emr_cluster_metric_is_idle_1.yaml b/queries/aws_emr_cluster_metric_is_idle_1.yaml index 97f69c560..af1d39c00 100755 --- a/queries/aws_emr_cluster_metric_is_idle_1.yaml +++ b/queries/aws_emr_cluster_metric_is_idle_1.yaml @@ -1,30 +1,20 @@ +Description: Allows users to query AWS EMR Cluster Metrics to determine if a cluster + is idle. ID: aws_emr_cluster_metric_is_idle_1 -Title: "Find Idle Status of AWS EMR Cluster Metrics" -Description: "Allows users to query AWS EMR Cluster Metrics to determine if a cluster is idle." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - timestamp, - minimum, - maximum, - average, - sample_count - from - aws_emr_cluster_metric_is_idle - order by - id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n timestamp,\n minimum,\n maximum,\n average,\n\ + \ sample_count\nfrom\n aws_emr_cluster_metric_is_idle\norder by\n id,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EMR +Title: Find Idle Status of AWS EMR Cluster Metrics diff --git a/queries/aws_emr_instance_1.yaml b/queries/aws_emr_instance_1.yaml index df8450fa5..d7a1eac67 100755 --- a/queries/aws_emr_instance_1.yaml +++ b/queries/aws_emr_instance_1.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS EMR Instances for detailed information about + the status, configuration, and other metadata of each instance. ID: aws_emr_instance_1 -Title: "Find all AWS EMR Instances for status and configuration" -Description: "Allows users to query AWS EMR Instances for detailed information about the status, configuration, and other metadata of each instance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - cluster_id, - ec2_instance_id, - instance_type, - private_dns_name, - private_ip_address - from - aws_emr_instance; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n cluster_id,\n ec2_instance_id,\n instance_type,\n\ + \ private_dns_name,\n private_ip_address\nfrom\n aws_emr_instance;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EMR +Title: Find all AWS EMR Instances for status and configuration diff --git a/queries/aws_emr_instance_2.yaml b/queries/aws_emr_instance_2.yaml index 1a8dc0c7e..723df57ff 100755 --- a/queries/aws_emr_instance_2.yaml +++ b/queries/aws_emr_instance_2.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS EMR Instances for detailed information about + the status, configuration, and other metadata of each instance. ID: aws_emr_instance_2 -Title: "Find detailed AWS EMR Instances status and configuration" -Description: "Allows users to query AWS EMR Instances for detailed information about the status, configuration, and other metadata of each instance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - ec2_instance_id, - instance_type - from - aws_emr_instance - where - instance_type = 'm2.4xlarge'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n ec2_instance_id,\n instance_type\nfrom\n aws_emr_instance\n\ + where\n instance_type = 'm2.4xlarge';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EMR +Title: Find detailed AWS EMR Instances status and configuration diff --git a/queries/aws_emr_instance_3.yaml b/queries/aws_emr_instance_3.yaml index 8baadd16d..44a147fe0 100755 --- a/queries/aws_emr_instance_3.yaml +++ b/queries/aws_emr_instance_3.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS EMR Instances for detailed information about + the status, configuration, and other metadata of each instance. ID: aws_emr_instance_3 -Title: "Find all AWS EMR Instances with Detailed Information" -Description: "Allows users to query AWS EMR Instances for detailed information about the status, configuration, and other metadata of each instance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - ec2_instance_id, - instance_type - from - aws_emr_instance - where - cluster_id = 'j-21HIX5R2NZMXJ'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n ec2_instance_id,\n instance_type\nfrom\n aws_emr_instance\n\ + where\n cluster_id = 'j-21HIX5R2NZMXJ';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EMR +Title: Find all AWS EMR Instances with Detailed Information diff --git a/queries/aws_emr_instance_4.yaml b/queries/aws_emr_instance_4.yaml index 5010667a5..defa925e8 100755 --- a/queries/aws_emr_instance_4.yaml +++ b/queries/aws_emr_instance_4.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS EMR Instances for detailed information about + the status, configuration, and other metadata of each instance. ID: aws_emr_instance_4 -Title: "Query AWS EMR Instances and Detailed Metadata" -Description: "Allows users to query AWS EMR Instances for detailed information about the status, configuration, and other metadata of each instance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - ec2_instance_id, - instance_type, - v -> 'Device' as device, - v -> 'VolumeId' as volume_id - from - aws_emr_instance, - jsonb_array_elements(ebs_volumes) as v - where - ei.id = 'ci-ULCFS2ZN0FK7'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n ec2_instance_id,\n instance_type,\n v -> 'Device'\ + \ as device,\n v -> 'VolumeId' as volume_id\nfrom\n aws_emr_instance,\n jsonb_array_elements(ebs_volumes)\ + \ as v\nwhere\n ei.id = 'ci-ULCFS2ZN0FK7';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EMR +Title: Query AWS EMR Instances and Detailed Metadata diff --git a/queries/aws_emr_instance_fleet_1.yaml b/queries/aws_emr_instance_fleet_1.yaml index eae03d5d8..6096120e7 100755 --- a/queries/aws_emr_instance_fleet_1.yaml +++ b/queries/aws_emr_instance_fleet_1.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS EMR Instance Fleets to obtain detailed information + about each instance fleet, including its configuration, instance type specifications, + target capacities, and associated metadata. ID: aws_emr_instance_fleet_1 -Title: "List all AWS EMR Instance Fleets with Configuration Details" -Description: "Allows users to query AWS EMR Instance Fleets to obtain detailed information about each instance fleet, including its configuration, instance type specifications, target capacities, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - arn, - cluster_id, - instance_fleet_type, - state - from - aws_emr_instance_fleet; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n arn,\n cluster_id,\n instance_fleet_type,\n\ + \ state\nfrom\n aws_emr_instance_fleet;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EMR +Title: List all AWS EMR Instance Fleets with Configuration Details diff --git a/queries/aws_emr_instance_fleet_2.yaml b/queries/aws_emr_instance_fleet_2.yaml index 75cb5c9ac..34ad4fd22 100755 --- a/queries/aws_emr_instance_fleet_2.yaml +++ b/queries/aws_emr_instance_fleet_2.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS EMR Instance Fleets to obtain detailed information + about each instance fleet, including its configuration, instance type specifications, + target capacities, and associated metadata. ID: aws_emr_instance_fleet_2 -Title: "List all AWS EMR Instance Fleets with Configuration Details" -Description: "Allows users to query AWS EMR Instance Fleets to obtain detailed information about each instance fleet, including its configuration, instance type specifications, target capacities, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_id, - c.name as cluster_name, - c.state as cluster_state - from - aws_emr_instance_fleet as f, - aws_emr_cluster as c - where - f.cluster_id = c.id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_id,\n c.name as cluster_name,\n c.state as\ + \ cluster_state\nfrom\n aws_emr_instance_fleet as f,\n aws_emr_cluster as c\n\ + where\n f.cluster_id = c.id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EMR +Title: List all AWS EMR Instance Fleets with Configuration Details diff --git a/queries/aws_emr_instance_fleet_3.yaml b/queries/aws_emr_instance_fleet_3.yaml index 394937d52..9268d2f31 100755 --- a/queries/aws_emr_instance_fleet_3.yaml +++ b/queries/aws_emr_instance_fleet_3.yaml @@ -1,26 +1,23 @@ +Description: Allows users to query AWS EMR Instance Fleets to obtain detailed information + about each instance fleet, including its configuration, instance type specifications, + target capacities, and associated metadata. ID: aws_emr_instance_fleet_3 -Title: "List all AWS EMR Instance Fleets and Their Capabilities" -Description: "Allows users to query AWS EMR Instance Fleets to obtain detailed information about each instance fleet, including its configuration, instance type specifications, target capacities, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_id, - provisioned_on_demand_capacity, - target_on_demand_capacity - from - aws_emr_instance_fleet; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_id,\n provisioned_on_demand_capacity,\n target_on_demand_capacity\n\ + from\n aws_emr_instance_fleet;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EMR Instance Fleet +Title: List all AWS EMR Instance Fleets and Their Capabilities diff --git a/queries/aws_emr_instance_group_1.yaml b/queries/aws_emr_instance_group_1.yaml index 6ea8b11cd..2e9525041 100755 --- a/queries/aws_emr_instance_group_1.yaml +++ b/queries/aws_emr_instance_group_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS EMR Instance Groups to fetch details about + each instance group within an EMR cluster. ID: aws_emr_instance_group_1 -Title: "Find AWS EMR Instance Groups within a Cluster" -Description: "Allows users to query AWS EMR Instance Groups to fetch details about each instance group within an EMR cluster." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - arn, - cluster_id, - instance_group_type, - state - from - aws_emr_instance_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n arn,\n cluster_id,\n instance_group_type,\n\ + \ state\nfrom\n aws_emr_instance_group;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EMR +Title: Find AWS EMR Instance Groups within a Cluster diff --git a/queries/aws_emr_instance_group_2.yaml b/queries/aws_emr_instance_group_2.yaml index 0a955f818..a2d2b339e 100755 --- a/queries/aws_emr_instance_group_2.yaml +++ b/queries/aws_emr_instance_group_2.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS EMR Instance Groups to fetch details about + each instance group within an EMR cluster. ID: aws_emr_instance_group_2 -Title: "List AWS EMR instance groups within clusters" -Description: "Allows users to query AWS EMR Instance Groups to fetch details about each instance group within an EMR cluster." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - ig.id as instance_group_id, - ig.cluster_id, - c.name as cluster_name, - ig.instance_type - from - aws_emr_instance_group as ig, - aws_emr_cluster as c - where - ig.cluster_id = c.id - and ig.instance_group_type = 'MASTER'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n ig.id as instance_group_id,\n ig.cluster_id,\n c.name\ + \ as cluster_name,\n ig.instance_type\nfrom\n aws_emr_instance_group as ig,\n\ + \ aws_emr_cluster as c\nwhere\n ig.cluster_id = c.id\n and ig.instance_group_type\ + \ = 'MASTER';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EMR +Title: List AWS EMR instance groups within clusters diff --git a/queries/aws_emr_instance_group_3.yaml b/queries/aws_emr_instance_group_3.yaml index 73920423e..7e9cdec34 100755 --- a/queries/aws_emr_instance_group_3.yaml +++ b/queries/aws_emr_instance_group_3.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS EMR Instance Groups to fetch details about + each instance group within an EMR cluster. ID: aws_emr_instance_group_3 -Title: "List All AWS EMR Instance Groups and Running Instances" -Description: "Allows users to query AWS EMR Instance Groups to fetch details about each instance group within an EMR cluster." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_id, - sum(running_instance_count) as running_instance_count - from - aws_emr_instance_group - where - state = 'RUNNING' - group by cluster_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_id,\n sum(running_instance_count) as running_instance_count\n\ + from\n aws_emr_instance_group\nwhere\n state = 'RUNNING'\ngroup by cluster_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS EMR +Title: List All AWS EMR Instance Groups and Running Instances diff --git a/queries/aws_emr_security_configuration_1.yaml b/queries/aws_emr_security_configuration_1.yaml index 7290baf08..1ffe3f32d 100755 --- a/queries/aws_emr_security_configuration_1.yaml +++ b/queries/aws_emr_security_configuration_1.yaml @@ -1,30 +1,28 @@ +Description: Allows users to query AWS EMR (Amazon Elastic MapReduce) Security Configurations. + This table provides information about security settings and configurations that + can be applied to EMR clusters, managing encryption, authentication, and authorization. + These configurations are crucial for ensuring the secure handling of data, protecting + sensitive information, and complying with various data security standards and regulations. ID: aws_emr_security_configuration_1 -Title: "Find AWS EMR Security Configurations Details" -Description: "Allows users to query AWS EMR (Amazon Elastic MapReduce) Security Configurations. This table provides information about security settings and configurations that can be applied to EMR clusters, managing encryption, authentication, and authorization. These configurations are crucial for ensuring the secure handling of data, protecting sensitive information, and complying with various data security standards and regulations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - creation_date_time, - encryption_configuration, - instance_metadata_service_configuration, - security_configuration - from - aws_emr_security_configuration; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n creation_date_time,\n encryption_configuration,\n\ + \ instance_metadata_service_configuration,\n security_configuration\nfrom\n\ + \ aws_emr_security_configuration;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EMR +Title: Find AWS EMR Security Configurations Details diff --git a/queries/aws_emr_security_configuration_2.yaml b/queries/aws_emr_security_configuration_2.yaml index 9018a0cd1..eb5ffb224 100755 --- a/queries/aws_emr_security_configuration_2.yaml +++ b/queries/aws_emr_security_configuration_2.yaml @@ -1,28 +1,26 @@ +Description: Allows users to query AWS EMR (Amazon Elastic MapReduce) Security Configurations. + This table provides information about security settings and configurations that + can be applied to EMR clusters, managing encryption, authentication, and authorization. + These configurations are crucial for ensuring the secure handling of data, protecting + sensitive information, and complying with various data security standards and regulations. ID: aws_emr_security_configuration_2 -Title: "List EMR Security Configs from Last 30 Days" -Description: "Allows users to query AWS EMR (Amazon Elastic MapReduce) Security Configurations. This table provides information about security settings and configurations that can be applied to EMR clusters, managing encryption, authentication, and authorization. These configurations are crucial for ensuring the secure handling of data, protecting sensitive information, and complying with various data security standards and regulations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - creation_date_time, - security_configuration - from - aws_emr_security_configuration - where - creation_date_time >= now() - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n creation_date_time,\n security_configuration\n\ + from\n aws_emr_security_configuration\nwhere\n creation_date_time >= now() -\ + \ interval '30' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EMR +Title: List EMR Security Configs from Last 30 Days diff --git a/queries/aws_emr_security_configuration_3.yaml b/queries/aws_emr_security_configuration_3.yaml index fdad48e53..dedc865de 100755 --- a/queries/aws_emr_security_configuration_3.yaml +++ b/queries/aws_emr_security_configuration_3.yaml @@ -1,32 +1,34 @@ +Description: Allows users to query AWS EMR (Amazon Elastic MapReduce) Security Configurations. + This table provides information about security settings and configurations that + can be applied to EMR clusters, managing encryption, authentication, and authorization. + These configurations are crucial for ensuring the secure handling of data, protecting + sensitive information, and complying with various data security standards and regulations. ID: aws_emr_security_configuration_3 -Title: "List all AWS EMR Security Configurations using SQL" -Description: "Allows users to query AWS EMR (Amazon Elastic MapReduce) Security Configurations. This table provides information about security settings and configurations that can be applied to EMR clusters, managing encryption, authentication, and authorization. These configurations are crucial for ensuring the secure handling of data, protecting sensitive information, and complying with various data security standards and regulations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - creation_date_time, - encryption_configuration -> 'AtRestEncryptionConfiguration' -> 'LocalDiskEncryptionConfiguration' ->> 'AwsKmsKey' as aws_kms_key, - encryption_configuration -> 'AtRestEncryptionConfiguration' -> 'LocalDiskEncryptionConfiguration' ->> 'EnableEbsEncryption' as enable_ebs_encryption, - encryption_configuration -> 'AtRestEncryptionConfiguration' -> 'LocalDiskEncryptionConfiguration' ->> 'EncryptionKeyProviderType' as encryption_key_provider_type, - encryption_configuration -> 'S3EncryptionConfiguration' as s3_encryption_configuration, - encryption_configuration ->> 'EnableAtRestEncryption' as enable_at_rest_encryption, - encryption_configuration ->> 'EnableInTransitEncryption' as enable_in_transit_encryption, - encryption_configuration -> 'InTransitEncryptionConfiguration' as in_transit_encryption_configuration - from - aws_emr_security_configuration; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n creation_date_time,\n encryption_configuration\ + \ -> 'AtRestEncryptionConfiguration' -> 'LocalDiskEncryptionConfiguration' ->>\ + \ 'AwsKmsKey' as aws_kms_key,\n encryption_configuration -> 'AtRestEncryptionConfiguration'\ + \ -> 'LocalDiskEncryptionConfiguration' ->> 'EnableEbsEncryption' as enable_ebs_encryption,\n\ + \ encryption_configuration -> 'AtRestEncryptionConfiguration' -> 'LocalDiskEncryptionConfiguration'\ + \ ->> 'EncryptionKeyProviderType' as encryption_key_provider_type,\n encryption_configuration\ + \ -> 'S3EncryptionConfiguration' as s3_encryption_configuration,\n encryption_configuration\ + \ ->> 'EnableAtRestEncryption' as enable_at_rest_encryption,\n encryption_configuration\ + \ ->> 'EnableInTransitEncryption' as enable_in_transit_encryption,\n encryption_configuration\ + \ -> 'InTransitEncryptionConfiguration' as in_transit_encryption_configuration\n\ + from\n aws_emr_security_configuration;" Tags: cloud_data_security: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EMR +Title: List all AWS EMR Security Configurations using SQL diff --git a/queries/aws_eventbridge_bus_1.yaml b/queries/aws_eventbridge_bus_1.yaml index 2278218d2..1db076f90 100755 --- a/queries/aws_eventbridge_bus_1.yaml +++ b/queries/aws_eventbridge_bus_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS EventBridge Buses for detailed information + about each bus, including its name, ARN, policy, and more. ID: aws_eventbridge_bus_1 -Title: "Find all AWS EventBridge Buses and their Details" -Description: "Allows users to query AWS EventBridge Buses for detailed information about each bus, including its name, ARN, policy, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - jsonb_pretty(policy) as policy, - jsonb_pretty(policy_std) as policy_std - from - aws_eventbridge_bus; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n jsonb_pretty(policy) as policy,\n jsonb_pretty(policy_std)\ + \ as policy_std\nfrom\n aws_eventbridge_bus;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EventBridge +Title: Find all AWS EventBridge Buses and their Details diff --git a/queries/aws_eventbridge_rule_1.yaml b/queries/aws_eventbridge_rule_1.yaml index 5c13947d2..374b9a7e1 100755 --- a/queries/aws_eventbridge_rule_1.yaml +++ b/queries/aws_eventbridge_rule_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS EventBridge Rule to access information regarding + the EventBridge rules defined within an AWS account. ID: aws_eventbridge_rule_1 -Title: "Find EventBridge Rule Information in AWS Account" -Description: "Allows users to query AWS EventBridge Rule to access information regarding the EventBridge rules defined within an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - state, - created_by, - event_bus_name - from - aws_eventbridge_rule; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n state,\n created_by,\n event_bus_name\n\ + from\n aws_eventbridge_rule;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EventBridge +Title: Find EventBridge Rule Information in AWS Account diff --git a/queries/aws_eventbridge_rule_2.yaml b/queries/aws_eventbridge_rule_2.yaml index 2a370abd3..c003e442c 100755 --- a/queries/aws_eventbridge_rule_2.yaml +++ b/queries/aws_eventbridge_rule_2.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS EventBridge Rule to access information regarding + the EventBridge rules defined within an AWS account. ID: aws_eventbridge_rule_2 -Title: "Find all AWS EventBridge Rules not enabled" -Description: "Allows users to query AWS EventBridge Rule to access information regarding the EventBridge rules defined within an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - state, - created_by - from - aws_eventbridge_rule - where - state != 'ENABLED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n state,\n created_by\nfrom\n aws_eventbridge_rule\n\ + where\n state != 'ENABLED';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EventBridge +Title: Find all AWS EventBridge Rules not enabled diff --git a/queries/aws_eventbridge_rule_3.yaml b/queries/aws_eventbridge_rule_3.yaml index 9cc6db0be..64e610315 100755 --- a/queries/aws_eventbridge_rule_3.yaml +++ b/queries/aws_eventbridge_rule_3.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS EventBridge Rule to access information regarding + the EventBridge rules defined within an AWS account. ID: aws_eventbridge_rule_3 -Title: "Find AWS EventBridge Rules using SQL" -Description: "Allows users to query AWS EventBridge Rule to access information regarding the EventBridge rules defined within an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - cd ->> 'Id' as target_id, - cd ->> 'Arn' as target_arn, - cd ->> 'RoleArn' as role_arn - from - aws_eventbridge_rule, - jsonb_array_elements(targets) as cd; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n cd ->> 'Id' as target_id,\n cd ->> 'Arn' as\ + \ target_arn,\n cd ->> 'RoleArn' as role_arn\nfrom\n aws_eventbridge_rule,\n\ + \ jsonb_array_elements(targets) as cd;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - EventBridge +Title: Find AWS EventBridge Rules using SQL diff --git a/queries/aws_fms_app_list_1.yaml b/queries/aws_fms_app_list_1.yaml index 808f3691b..fcb6f1466 100755 --- a/queries/aws_fms_app_list_1.yaml +++ b/queries/aws_fms_app_list_1.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS Firewall Manager Applications to obtain comprehensive + details about each application, including application ID, protocol, source and destination + IP ranges, and source and destination ports. ID: aws_fms_app_list_1 -Title: "Find AWS Firewall Manager Application Details" -Description: "Allows users to query AWS Firewall Manager Applications to obtain comprehensive details about each application, including application ID, protocol, source and destination IP ranges, and source and destination ports." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - list_name, - list_id, - arn, - create_time - from - aws_fms_app_list; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n list_name,\n list_id,\n arn,\n create_time\nfrom\n\ + \ aws_fms_app_list;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Firewall Manager +Title: Find AWS Firewall Manager Application Details diff --git a/queries/aws_fms_app_list_2.yaml b/queries/aws_fms_app_list_2.yaml index ce2d93e1e..a2623baf8 100755 --- a/queries/aws_fms_app_list_2.yaml +++ b/queries/aws_fms_app_list_2.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Firewall Manager Applications to obtain comprehensive + details about each application, including application ID, protocol, source and destination + IP ranges, and source and destination ports. ID: aws_fms_app_list_2 -Title: "Find AWS Firewall Manager Application Details in Last 30 Days" -Description: "Allows users to query AWS Firewall Manager Applications to obtain comprehensive details about each application, including application ID, protocol, source and destination IP ranges, and source and destination ports." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - list_name, - list_id, - arn, - create_time - from - aws_fms_app_list - where - create_time >= now() - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n list_name,\n list_id,\n arn,\n create_time\nfrom\n\ + \ aws_fms_app_list\nwhere\n create_time >= now() - interval '30' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Firewall Manager +Title: Find AWS Firewall Manager Application Details in Last 30 Days diff --git a/queries/aws_fms_app_list_3.yaml b/queries/aws_fms_app_list_3.yaml index 7176843a6..4ef3da5eb 100755 --- a/queries/aws_fms_app_list_3.yaml +++ b/queries/aws_fms_app_list_3.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS Firewall Manager Applications to obtain comprehensive + details about each application, including application ID, protocol, source and destination + IP ranges, and source and destination ports. ID: aws_fms_app_list_3 -Title: "Query AWS Firewall Manager Applications with Details" -Description: "Allows users to query AWS Firewall Manager Applications to obtain comprehensive details about each application, including application ID, protocol, source and destination IP ranges, and source and destination ports." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - list_name, - list_id, - a ->> 'AppName' as app_name, - a ->> 'Port' as port, - a ->> 'Protocol' as protocol - from - aws_fms_app_list, - jsonb_array_elements(apps_list -> 'AppsList') as a; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n list_name,\n list_id,\n a ->> 'AppName' as app_name,\n\ + \ a ->> 'Port' as port,\n a ->> 'Protocol' as protocol\nfrom\n aws_fms_app_list,\n\ + \ jsonb_array_elements(apps_list -> 'AppsList') as a;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Firewall Manager +Title: Query AWS Firewall Manager Applications with Details diff --git a/queries/aws_fms_policy_1.yaml b/queries/aws_fms_policy_1.yaml index d6d6b5898..0446dbdc0 100755 --- a/queries/aws_fms_policy_1.yaml +++ b/queries/aws_fms_policy_1.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query AWS Firewall Manager Policies using SQL. This table + provides information about each AWS Firewall Manager (FMS) policy in an AWS account. + It can be used to gain insights into policy details such as the policy name, ID, + resource type, security service type, and more. ID: aws_fms_policy_1 -Title: "List All AWS Firewall Manager Policy Details" -Description: "Allows users to query AWS Firewall Manager Policies using SQL. This table provides information about each AWS Firewall Manager (FMS) policy in an AWS account. It can be used to gain insights into policy details such as the policy name, ID, resource type, security service type, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - policy_name, - policy_id, - arn, - policy_description, - resource_type - from - aws_fms_policy; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n policy_name,\n policy_id,\n arn,\n policy_description,\n\ + \ resource_type\nfrom\n aws_fms_policy;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Firewall Manager +Title: List All AWS Firewall Manager Policy Details diff --git a/queries/aws_fms_policy_2.yaml b/queries/aws_fms_policy_2.yaml index a8e7778b6..d28ab1b51 100755 --- a/queries/aws_fms_policy_2.yaml +++ b/queries/aws_fms_policy_2.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS Firewall Manager Policies using SQL. This table + provides information about each AWS Firewall Manager (FMS) policy in an AWS account. + It can be used to gain insights into policy details such as the policy name, ID, + resource type, security service type, and more. ID: aws_fms_policy_2 -Title: "Find AWS Firewall Manager Policies with SQL" -Description: "Allows users to query AWS Firewall Manager Policies using SQL. This table provides information about each AWS Firewall Manager (FMS) policy in an AWS account. It can be used to gain insights into policy details such as the policy name, ID, resource type, security service type, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - policy_name, - policy_id, - arn, - policy_description, - resource_type, - remediation_enabled - from - aws_fms_policy - where - remediation_enabled; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n policy_name,\n policy_id,\n arn,\n policy_description,\n\ + \ resource_type,\n remediation_enabled\nfrom\n aws_fms_policy\nwhere\n remediation_enabled;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Firewall Manager +Title: Find AWS Firewall Manager Policies with SQL diff --git a/queries/aws_fms_policy_3.yaml b/queries/aws_fms_policy_3.yaml index 39d2a812a..634985705 100755 --- a/queries/aws_fms_policy_3.yaml +++ b/queries/aws_fms_policy_3.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Firewall Manager Policies using SQL. This table + provides information about each AWS Firewall Manager (FMS) policy in an AWS account. + It can be used to gain insights into policy details such as the policy name, ID, + resource type, security service type, and more. ID: aws_fms_policy_3 -Title: "List all AWS Firewall Manager Policies and Details" -Description: "Allows users to query AWS Firewall Manager Policies using SQL. This table provides information about each AWS Firewall Manager (FMS) policy in an AWS account. It can be used to gain insights into policy details such as the policy name, ID, resource type, security service type, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - policy_name, - resource_type, - count(policy_id) as policy_applied - from - aws_fms_policy - group by - policy_name, - resource_type; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n policy_name,\n resource_type,\n count(policy_id) as\ + \ policy_applied\nfrom\n aws_fms_policy\ngroup by\n policy_name,\n resource_type;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Firewall Manager +Title: List all AWS Firewall Manager Policies and Details diff --git a/queries/aws_fms_policy_4.yaml b/queries/aws_fms_policy_4.yaml index 3e85bf785..10afa836d 100755 --- a/queries/aws_fms_policy_4.yaml +++ b/queries/aws_fms_policy_4.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query AWS Firewall Manager Policies using SQL. This table + provides information about each AWS Firewall Manager (FMS) policy in an AWS account. + It can be used to gain insights into policy details such as the policy name, ID, + resource type, security service type, and more. ID: aws_fms_policy_4 -Title: "List AWS Firewall Manager (FMS) Policies Details" -Description: "Allows users to query AWS Firewall Manager Policies using SQL. This table provides information about each AWS Firewall Manager (FMS) policy in an AWS account. It can be used to gain insights into policy details such as the policy name, ID, resource type, security service type, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - policy_name, - policy_id, - policy_status - from - aws_fms_policy - where - policy_status <> 'ACTIVE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n policy_name,\n policy_id,\n policy_status\nfrom\n \ + \ aws_fms_policy\nwhere\n policy_status <> 'ACTIVE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Firewall Manager +Title: List AWS Firewall Manager (FMS) Policies Details diff --git a/queries/aws_fsx_file_system_1.yaml b/queries/aws_fsx_file_system_1.yaml index 5cb5e8bbd..992386c84 100755 --- a/queries/aws_fsx_file_system_1.yaml +++ b/queries/aws_fsx_file_system_1.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS FSx File Systems to gather information about + the file system''s details, including its lifecycle, type, storage capacity, and + associated tags. ID: aws_fsx_file_system_1 -Title: "List AWS FSx File Systems details including lifecycle" -Description: "Allows users to query AWS FSx File Systems to gather information about the file system''s details, including its lifecycle, type, storage capacity, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - file_system_id, - arn, - dns_name, - owner_id, - creation_time, - lifecycle, - storage_capacity - from - aws_fsx_file_system; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n file_system_id,\n arn,\n dns_name,\n owner_id,\n \ + \ creation_time,\n lifecycle,\n storage_capacity\nfrom\n aws_fsx_file_system;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - FSx +Title: List AWS FSx File Systems details including lifecycle diff --git a/queries/aws_fsx_file_system_2.yaml b/queries/aws_fsx_file_system_2.yaml index c0fe40c8d..20bf5bb23 100755 --- a/queries/aws_fsx_file_system_2.yaml +++ b/queries/aws_fsx_file_system_2.yaml @@ -1,30 +1,25 @@ +Description: Allows users to query AWS FSx File Systems to gather information about + the file system''s details, including its lifecycle, type, storage capacity, and + associated tags. ID: aws_fsx_file_system_2 -Title: "List AWS FSx File Systems and Details" -Description: "Allows users to query AWS FSx File Systems to gather information about the file system''s details, including its lifecycle, type, storage capacity, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - file_system_id, - kms_key_id, - region - from - aws_fsx_file_system - where - kms_key_id is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n file_system_id,\n kms_key_id,\n region\nfrom\n aws_fsx_file_system\n\ + where\n kms_key_id is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - FSx +Title: List AWS FSx File Systems and Details diff --git a/queries/aws_glacier_vault_1.yaml b/queries/aws_glacier_vault_1.yaml index c7f84c401..1928167f5 100755 --- a/queries/aws_glacier_vault_1.yaml +++ b/queries/aws_glacier_vault_1.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS Glacier Vaults for detailed information on + each vault, including the vault''s name, ARN, creation date, number of archives, + size of archives, and more. ID: aws_glacier_vault_1 -Title: "List all AWS Glacier Vault details with SQL Query" -Description: "Allows users to query AWS Glacier Vaults for detailed information on each vault, including the vault''s name, ARN, creation date, number of archives, size of archives, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - vault_name, - creation_date, - last_inventory_date, - number_of_archives, - size_in_bytes - from - aws_glacier_vault; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n vault_name,\n creation_date,\n last_inventory_date,\n\ + \ number_of_archives,\n size_in_bytes\nfrom\n aws_glacier_vault;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Glacier +Title: List all AWS Glacier Vault details with SQL Query diff --git a/queries/aws_glacier_vault_2.yaml b/queries/aws_glacier_vault_2.yaml index 2b04421c8..fa81e07a2 100755 --- a/queries/aws_glacier_vault_2.yaml +++ b/queries/aws_glacier_vault_2.yaml @@ -1,32 +1,24 @@ +Description: Allows users to query AWS Glacier Vaults for detailed information on + each vault, including the vault''s name, ARN, creation date, number of archives, + size of archives, and more. ID: aws_glacier_vault_2 -Title: "Find all AWS Glacier Vaults and Detailed Information" -Description: "Allows users to query AWS Glacier Vaults for detailed information on each vault, including the vault''s name, ARN, creation date, number of archives, size of archives, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - p as principal, - a as action, - s ->> 'Effect' as effect, - s -> 'Condition' as conditions - from - aws_glacier_vault, - jsonb_array_elements(policy_std -> 'Statement') as s, - jsonb_array_elements_text(s -> 'Principal' -> 'AWS') as p, - jsonb_array_elements_text(s -> 'Action') as a - where - s ->> 'Effect' = 'Allow' - and a in ('*', 'glacier:*'); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n p as principal,\n a as action,\n s ->> 'Effect'\ + \ as effect,\n s -> 'Condition' as conditions\nfrom\n aws_glacier_vault,\n \ + \ jsonb_array_elements(policy_std -> 'Statement') as s,\n jsonb_array_elements_text(s\ + \ -> 'Principal' -> 'AWS') as p,\n jsonb_array_elements_text(s -> 'Action') as\ + \ a\nwhere\n s ->> 'Effect' = 'Allow'\n and a in ('*', 'glacier:*');" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Glacier +Title: Find all AWS Glacier Vaults and Detailed Information diff --git a/queries/aws_glacier_vault_3.yaml b/queries/aws_glacier_vault_3.yaml index e271dda30..3fdc0df17 100755 --- a/queries/aws_glacier_vault_3.yaml +++ b/queries/aws_glacier_vault_3.yaml @@ -1,32 +1,24 @@ +Description: Allows users to query AWS Glacier Vaults for detailed information on + each vault, including the vault''s name, ARN, creation date, number of archives, + size of archives, and more. ID: aws_glacier_vault_3 -Title: "List AWS Glacier Vaults with Detailed Information" -Description: "Allows users to query AWS Glacier Vaults for detailed information on each vault, including the vault''s name, ARN, creation date, number of archives, size of archives, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - p as principal, - a as action, - s ->> 'Effect' as effect, - s -> 'Condition' as conditions - from - aws_glacier_vault, - jsonb_array_elements(policy_std -> 'Statement') as s, - jsonb_array_elements_text(s -> 'Principal' -> 'AWS') as p, - jsonb_array_elements_text(s -> 'Action') as a - where - p = '*' - and s ->> 'Effect' = 'Allow'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n p as principal,\n a as action,\n s ->> 'Effect'\ + \ as effect,\n s -> 'Condition' as conditions\nfrom\n aws_glacier_vault,\n \ + \ jsonb_array_elements(policy_std -> 'Statement') as s,\n jsonb_array_elements_text(s\ + \ -> 'Principal' -> 'AWS') as p,\n jsonb_array_elements_text(s -> 'Action') as\ + \ a\nwhere\n p = '*'\n and s ->> 'Effect' = 'Allow';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Glacier +Title: List AWS Glacier Vaults with Detailed Information diff --git a/queries/aws_glacier_vault_4.yaml b/queries/aws_glacier_vault_4.yaml index 126c51e94..a4596766a 100755 --- a/queries/aws_glacier_vault_4.yaml +++ b/queries/aws_glacier_vault_4.yaml @@ -1,29 +1,25 @@ +Description: Allows users to query AWS Glacier Vaults for detailed information on + each vault, including the vault''s name, ARN, creation date, number of archives, + size of archives, and more. ID: aws_glacier_vault_4 -Title: "Find AWS Glacier Vault Details including Name, ARN, and Archives" -Description: "Allows users to query AWS Glacier Vaults for detailed information on each vault, including the vault''s name, ARN, creation date, number of archives, size of archives, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - a as action, - s ->> 'Effect' as effect, - s -> 'Condition' -> 'NumericLessThan' ->> 'glacier:archiveageindays' as archive_age_in_days - from - aws_glacier_vault, - jsonb_array_elements(vault_lock_policy_std -> 'Statement') as s, - jsonb_array_elements_text(s -> 'Action') as a; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n a as action,\n s ->> 'Effect' as effect,\n\ + \ s -> 'Condition' -> 'NumericLessThan' ->> 'glacier:archiveageindays' as archive_age_in_days\n\ + from\n aws_glacier_vault,\n jsonb_array_elements(vault_lock_policy_std -> 'Statement')\ + \ as s,\n jsonb_array_elements_text(s -> 'Action') as a;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Glacier +Title: Find AWS Glacier Vault Details including Name, ARN, and Archives diff --git a/queries/aws_glacier_vault_5.yaml b/queries/aws_glacier_vault_5.yaml index 326d927dd..9f31e5ec7 100755 --- a/queries/aws_glacier_vault_5.yaml +++ b/queries/aws_glacier_vault_5.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS Glacier Vaults for detailed information on + each vault, including the vault''s name, ARN, creation date, number of archives, + size of archives, and more. ID: aws_glacier_vault_5 -Title: "List all AWS Glacier Vaults for Detailed Information" -Description: "Allows users to query AWS Glacier Vaults for detailed information on each vault, including the vault''s name, ARN, creation date, number of archives, size of archives, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - vault_name, - tags - from - aws_glacier_vault - where - not tags :: JSONB ? 'owner'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n vault_name,\n tags\nfrom\n aws_glacier_vault\nwhere\n\ + \ not tags :: JSONB ? 'owner';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Glacier +Title: List all AWS Glacier Vaults for Detailed Information diff --git a/queries/aws_glacier_vault_6.yaml b/queries/aws_glacier_vault_6.yaml index 721dc2350..c72751a84 100755 --- a/queries/aws_glacier_vault_6.yaml +++ b/queries/aws_glacier_vault_6.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query AWS Glacier Vaults for detailed information on + each vault, including the vault''s name, ARN, creation date, number of archives, + size of archives, and more. ID: aws_glacier_vault_6 -Title: "Find all AWS Glacier Vaults and Notification Configs" -Description: "Allows users to query AWS Glacier Vaults for detailed information on each vault, including the vault''s name, ARN, creation date, number of archives, size of archives, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - vault_name, - vault_notification_config ->> 'SNSTopic' as sns_topic, - vault_notification_config ->> 'Events' as notification_events - from - aws_glacier_vault - where - vault_notification_config is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n vault_name,\n vault_notification_config ->> 'SNSTopic'\ + \ as sns_topic,\n vault_notification_config ->> 'Events' as notification_events\n\ + from\n aws_glacier_vault\nwhere\n vault_notification_config is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Glacier +Title: Find all AWS Glacier Vaults and Notification Configs diff --git a/queries/aws_globalaccelerator_accelerator_1.yaml b/queries/aws_globalaccelerator_accelerator_1.yaml index 1c53f29fb..3b03cc90e 100755 --- a/queries/aws_globalaccelerator_accelerator_1.yaml +++ b/queries/aws_globalaccelerator_accelerator_1.yaml @@ -1,28 +1,19 @@ +Description: Allows users to query AWS Global Accelerator''s accelerators. ID: aws_globalaccelerator_accelerator_1 -Title: "Find all AWS Global Accelerator Accelerators" -Description: "Allows users to query AWS Global Accelerator''s accelerators." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - created_time, - dns_name, - enabled, - ip_address_type, - last_modified_time, - status - from - aws_globalaccelerator_accelerator; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n created_time,\n dns_name,\n enabled,\n ip_address_type,\n\ + \ last_modified_time,\n status\nfrom\n aws_globalaccelerator_accelerator;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Global Accelerator +Title: Find all AWS Global Accelerator Accelerators diff --git a/queries/aws_globalaccelerator_accelerator_2.yaml b/queries/aws_globalaccelerator_accelerator_2.yaml index 9caa3ad62..ba429b814 100755 --- a/queries/aws_globalaccelerator_accelerator_2.yaml +++ b/queries/aws_globalaccelerator_accelerator_2.yaml @@ -1,32 +1,22 @@ +Description: Allows users to query AWS Global Accelerator''s accelerators. ID: aws_globalaccelerator_accelerator_2 -Title: "Find all AWS Global Accelerator accelerators" -Description: "Allows users to query AWS Global Accelerator''s accelerators." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - created_time, - dns_name, - enabled, - ip_address_type, - last_modified_time, - status, - anycast_ip - from - aws_globalaccelerator_accelerator, - jsonb_array_elements(ip_sets -> 0 -> 'IpAddresses') as anycast_ip; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n created_time,\n dns_name,\n enabled,\n ip_address_type,\n\ + \ last_modified_time,\n status,\n anycast_ip\nfrom\n aws_globalaccelerator_accelerator,\n\ + \ jsonb_array_elements(ip_sets -> 0 -> 'IpAddresses') as anycast_ip;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Global Accelerator +Title: Find all AWS Global Accelerator accelerators diff --git a/queries/aws_globalaccelerator_accelerator_3.yaml b/queries/aws_globalaccelerator_accelerator_3.yaml index 144b9033f..4cde68103 100755 --- a/queries/aws_globalaccelerator_accelerator_3.yaml +++ b/queries/aws_globalaccelerator_accelerator_3.yaml @@ -1,25 +1,19 @@ +Description: Allows users to query AWS Global Accelerator''s accelerators. ID: aws_globalaccelerator_accelerator_3 -Title: "Find AWS Global Accelerator's Accelerators" -Description: "Allows users to query AWS Global Accelerator''s accelerators." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - tags - from - aws_globalaccelerator_accelerator - where - not tags::JSONB ? 'owner'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n tags\nfrom\n aws_globalaccelerator_accelerator\n\ + where\n not tags::JSONB ? 'owner';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Global Accelerator +Title: Find AWS Global Accelerator's Accelerators diff --git a/queries/aws_globalaccelerator_endpoint_group_1.yaml b/queries/aws_globalaccelerator_endpoint_group_1.yaml index af55b1403..914cbda4d 100755 --- a/queries/aws_globalaccelerator_endpoint_group_1.yaml +++ b/queries/aws_globalaccelerator_endpoint_group_1.yaml @@ -1,33 +1,24 @@ +Description: Allows users to query AWS Global Accelerator Endpoint Groups and obtain + detailed information about each group''s configuration, state, and associated endpoints. ID: aws_globalaccelerator_endpoint_group_1 -Title: "List AWS Global Accelerator Endpoint Groups Configuration" -Description: "Allows users to query AWS Global Accelerator Endpoint Groups and obtain detailed information about each group''s configuration, state, and associated endpoints." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - endpoint_descriptions, - endpoint_group_region, - traffic_dial_percentage, - port_overrides, - health_check_interval_seconds, - health_check_path, - health_check_port, - health_check_protocol, - threshold_count - from - aws_globalaccelerator_endpoint_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n endpoint_descriptions,\n endpoint_group_region,\n\ + \ traffic_dial_percentage,\n port_overrides,\n health_check_interval_seconds,\n\ + \ health_check_path,\n health_check_port,\n health_check_protocol,\n threshold_count\n\ + from\n aws_globalaccelerator_endpoint_group;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Global Accelerator +Title: List AWS Global Accelerator Endpoint Groups Configuration diff --git a/queries/aws_globalaccelerator_endpoint_group_2.yaml b/queries/aws_globalaccelerator_endpoint_group_2.yaml index e062af54d..930e7f6b1 100755 --- a/queries/aws_globalaccelerator_endpoint_group_2.yaml +++ b/queries/aws_globalaccelerator_endpoint_group_2.yaml @@ -1,35 +1,24 @@ +Description: Allows users to query AWS Global Accelerator Endpoint Groups and obtain + detailed information about each group''s configuration, state, and associated endpoints. ID: aws_globalaccelerator_endpoint_group_2 -Title: "List all AWS Global Accelerator Endpoint Groups" -Description: "Allows users to query AWS Global Accelerator Endpoint Groups and obtain detailed information about each group''s configuration, state, and associated endpoints." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - endpoint_descriptions, - endpoint_group_region, - traffic_dial_percentage, - port_overrides, - health_check_interval_seconds, - health_check_path, - health_check_port, - health_check_protocol, - threshold_count - from - aws_globalaccelerator_endpoint_group - where - listener_arn = 'arn:aws:globalaccelerator::012345678901:accelerator/1234abcd-abcd-1234-abcd-1234abcdefgh/listener/abcdef1234'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n endpoint_descriptions,\n endpoint_group_region,\n\ + \ traffic_dial_percentage,\n port_overrides,\n health_check_interval_seconds,\n\ + \ health_check_path,\n health_check_port,\n health_check_protocol,\n threshold_count\n\ + from\n aws_globalaccelerator_endpoint_group\nwhere\n listener_arn = 'arn:aws:globalaccelerator::012345678901:accelerator/1234abcd-abcd-1234-abcd-1234abcdefgh/listener/abcdef1234';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Global Accelerator +Title: List all AWS Global Accelerator Endpoint Groups diff --git a/queries/aws_globalaccelerator_endpoint_group_3.yaml b/queries/aws_globalaccelerator_endpoint_group_3.yaml index 653b4e0aa..4e027dade 100755 --- a/queries/aws_globalaccelerator_endpoint_group_3.yaml +++ b/queries/aws_globalaccelerator_endpoint_group_3.yaml @@ -1,41 +1,28 @@ +Description: Allows users to query AWS Global Accelerator Endpoint Groups and obtain + detailed information about each group''s configuration, state, and associated endpoints. ID: aws_globalaccelerator_endpoint_group_3 -Title: "Find AWS Global Accelerator Endpoint Groups Configuration" -Description: "Allows users to query AWS Global Accelerator Endpoint Groups and obtain detailed information about each group''s configuration, state, and associated endpoints." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - a.name as accelerator_name, - l.client_affinity as listener_client_affinity, - l.port_ranges as listener_port_ranges, - l.protocol as listener_protocol, - eg.endpoint_descriptions, - eg.endpoint_group_region, - eg.traffic_dial_percentage, - eg.port_overrides, - eg.health_check_interval_seconds, - eg.health_check_path, - eg.health_check_port, - eg.health_check_protocol, - eg.threshold_count - from - aws_globalaccelerator_accelerator a, - aws_globalaccelerator_listener l, - aws_globalaccelerator_endpoint_group eg - where - eg.listener_arn = l.arn - and l.accelerator_arn = a.arn; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n a.name as accelerator_name,\n l.client_affinity as listener_client_affinity,\n\ + \ l.port_ranges as listener_port_ranges,\n l.protocol as listener_protocol,\n\ + \ eg.endpoint_descriptions,\n eg.endpoint_group_region,\n eg.traffic_dial_percentage,\n\ + \ eg.port_overrides,\n eg.health_check_interval_seconds,\n eg.health_check_path,\n\ + \ eg.health_check_port,\n eg.health_check_protocol,\n eg.threshold_count\n\ + from\n aws_globalaccelerator_accelerator a,\n aws_globalaccelerator_listener\ + \ l,\n aws_globalaccelerator_endpoint_group eg\nwhere\n eg.listener_arn = l.arn\n\ + \ and l.accelerator_arn = a.arn;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Global Accelerator +Title: Find AWS Global Accelerator Endpoint Groups Configuration diff --git a/queries/aws_globalaccelerator_listener_1.yaml b/queries/aws_globalaccelerator_listener_1.yaml index bda315832..145a112c6 100755 --- a/queries/aws_globalaccelerator_listener_1.yaml +++ b/queries/aws_globalaccelerator_listener_1.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS Global Accelerator Listener data, including + details about each listener that processes inbound connections based on the port + or port ranges that you configure. ID: aws_globalaccelerator_listener_1 -Title: "List all AWS Global Accelerator Listener details" -Description: "Allows users to query AWS Global Accelerator Listener data, including details about each listener that processes inbound connections based on the port or port ranges that you configure." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - client_affinity, - port_ranges, - protocol - from - aws_globalaccelerator_listener; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n client_affinity,\n port_ranges,\n protocol\n\ + from\n aws_globalaccelerator_listener;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Global Accelerator +Title: List all AWS Global Accelerator Listener details diff --git a/queries/aws_globalaccelerator_listener_2.yaml b/queries/aws_globalaccelerator_listener_2.yaml index 3dbcc1235..051dff69a 100755 --- a/queries/aws_globalaccelerator_listener_2.yaml +++ b/queries/aws_globalaccelerator_listener_2.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS Global Accelerator Listener data, including + details about each listener that processes inbound connections based on the port + or port ranges that you configure. ID: aws_globalaccelerator_listener_2 -Title: "Find AWS Global Accelerator Listener Details" -Description: "Allows users to query AWS Global Accelerator Listener data, including details about each listener that processes inbound connections based on the port or port ranges that you configure." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - client_affinity, - port_ranges, - protocol - from - aws_globalaccelerator_listener - where - accelerator_arn = 'arn:aws:globalaccelerator::012345678901:accelerator/1234abcd'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n client_affinity,\n port_ranges,\n protocol\n\ + from\n aws_globalaccelerator_listener\nwhere\n accelerator_arn = 'arn:aws:globalaccelerator::012345678901:accelerator/1234abcd';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Global Accelerator +Title: Find AWS Global Accelerator Listener Details diff --git a/queries/aws_globalaccelerator_listener_3.yaml b/queries/aws_globalaccelerator_listener_3.yaml index ddc412070..0610fb0ea 100755 --- a/queries/aws_globalaccelerator_listener_3.yaml +++ b/queries/aws_globalaccelerator_listener_3.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS Global Accelerator Listener data, including + details about each listener that processes inbound connections based on the port + or port ranges that you configure. ID: aws_globalaccelerator_listener_3 -Title: "Find AWS Global Accelerator Listener Details" -Description: "Allows users to query AWS Global Accelerator Listener data, including details about each listener that processes inbound connections based on the port or port ranges that you configure." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - a.name as accelerator_name, - a.status as accelerator_status, - l.title as listener_title, - l.client_affinity as listener_client_affinity, - l.port_ranges as listener_port_ranges, - l.protocol as listener_protocol - from - aws_globalaccelerator_accelerator a, - aws_globalaccelerator_listener l - where - l.accelerator_arn = a.arn; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n a.name as accelerator_name,\n a.status as accelerator_status,\n\ + \ l.title as listener_title,\n l.client_affinity as listener_client_affinity,\n\ + \ l.port_ranges as listener_port_ranges,\n l.protocol as listener_protocol\n\ + from\n aws_globalaccelerator_accelerator a,\n aws_globalaccelerator_listener\ + \ l\nwhere\n l.accelerator_arn = a.arn;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Global Accelerator +Title: Find AWS Global Accelerator Listener Details diff --git a/queries/aws_globalaccelerator_listener_4.yaml b/queries/aws_globalaccelerator_listener_4.yaml index 4ad879ddf..62b118f7c 100755 --- a/queries/aws_globalaccelerator_listener_4.yaml +++ b/queries/aws_globalaccelerator_listener_4.yaml @@ -1,33 +1,25 @@ +Description: Allows users to query AWS Global Accelerator Listener data, including + details about each listener that processes inbound connections based on the port + or port ranges that you configure. ID: aws_globalaccelerator_listener_4 -Title: "List all AWS Global Accelerator Listener including details" -Description: "Allows users to query AWS Global Accelerator Listener data, including details about each listener that processes inbound connections based on the port or port ranges that you configure." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - a.name as accelerator_name, - a.status as accelerator_status, - l.protocol, - port_range -> 'FromPort' as from_port, - port_range -> 'ToPort' as to_port - from - aws_globalaccelerator_accelerator a, - aws_globalaccelerator_listener l, - jsonb_array_elements(l.port_ranges) as port_range - where - l.accelerator_arn = a.arn - and l.protocol = 'TCP' - and (port_range -> 'FromPort')::int <= 443 - and (port_range -> 'ToPort')::int >= 443; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n a.name as accelerator_name,\n a.status as accelerator_status,\n\ + \ l.protocol,\n port_range -> 'FromPort' as from_port,\n port_range -> 'ToPort'\ + \ as to_port\nfrom\n aws_globalaccelerator_accelerator a,\n aws_globalaccelerator_listener\ + \ l,\n jsonb_array_elements(l.port_ranges) as port_range\nwhere\n l.accelerator_arn\ + \ = a.arn\n and l.protocol = 'TCP'\n and (port_range -> 'FromPort')::int <=\ + \ 443\n and (port_range -> 'ToPort')::int >= 443;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Global Accelerator +Title: List all AWS Global Accelerator Listener including details diff --git a/queries/aws_glue_catalog_database_1.yaml b/queries/aws_glue_catalog_database_1.yaml index 998b112fd..13976e08f 100755 --- a/queries/aws_glue_catalog_database_1.yaml +++ b/queries/aws_glue_catalog_database_1.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS Glue Databases for detailed information about + their Glue Catalog Databases. ID: aws_glue_catalog_database_1 -Title: "List All AWS Glue Catalog Databases with Details" -Description: "Allows users to query AWS Glue Databases for detailed information about their Glue Catalog Databases." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - catalog_id, - create_time, - description, - location_uri, - create_table_default_permissions - from - aws_glue_catalog_database; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n catalog_id,\n create_time,\n description,\n\ + \ location_uri,\n create_table_default_permissions\nfrom\n aws_glue_catalog_database;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Glue +Title: List All AWS Glue Catalog Databases with Details diff --git a/queries/aws_glue_catalog_database_2.yaml b/queries/aws_glue_catalog_database_2.yaml index 22e83d27f..b7fa0d2d0 100755 --- a/queries/aws_glue_catalog_database_2.yaml +++ b/queries/aws_glue_catalog_database_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Glue Databases for detailed information about + their Glue Catalog Databases. ID: aws_glue_catalog_database_2 -Title: "Find all AWS Glue Databases with Catalog Info" -Description: "Allows users to query AWS Glue Databases for detailed information about their Glue Catalog Databases." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - catalog_id, - count(name) as database_count - from - aws_glue_catalog_database - group by - catalog_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n catalog_id,\n count(name) as database_count\nfrom\n\ + \ aws_glue_catalog_database\ngroup by\n catalog_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Glue +Title: Find all AWS Glue Databases with Catalog Info diff --git a/queries/aws_glue_catalog_table_1.yaml b/queries/aws_glue_catalog_table_1.yaml index 17012ef56..62910d861 100755 --- a/queries/aws_glue_catalog_table_1.yaml +++ b/queries/aws_glue_catalog_table_1.yaml @@ -1,20 +1,15 @@ +Description: Allows users to query AWS Glue Catalog Tables for a comprehensive overview + of table metadata, including table names, database names, owner information, and + more. ID: aws_glue_catalog_table_1 -Title: "Find AWS Glue Catalog Table Metadata" -Description: "Allows users to query AWS Glue Catalog Tables for a comprehensive overview of table metadata, including table names, database names, owner information, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - catalog_id, - create_time, - description, - database_name - from - aws_glue_catalog_table; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n catalog_id,\n create_time,\n description,\n\ + \ database_name\nfrom\n aws_glue_catalog_table;" Tags: {} +Title: Find AWS Glue Catalog Table Metadata diff --git a/queries/aws_glue_catalog_table_2.yaml b/queries/aws_glue_catalog_table_2.yaml index cd6f972ee..5a5d7f87a 100755 --- a/queries/aws_glue_catalog_table_2.yaml +++ b/queries/aws_glue_catalog_table_2.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS Glue Catalog Tables for a comprehensive overview + of table metadata, including table names, database names, owner information, and + more. ID: aws_glue_catalog_table_2 -Title: "List all AWS Glue Catalog Tables and Metadata" -Description: "Allows users to query AWS Glue Catalog Tables for a comprehensive overview of table metadata, including table names, database names, owner information, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - catalog_id, - count(name) as table_count - from - aws_glue_catalog_table - group by - catalog_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n catalog_id,\n count(name) as table_count\nfrom\n aws_glue_catalog_table\n\ + group by\n catalog_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Glue Catalog +Title: List all AWS Glue Catalog Tables and Metadata diff --git a/queries/aws_glue_catalog_table_3.yaml b/queries/aws_glue_catalog_table_3.yaml index 57b9b5ece..68b544572 100755 --- a/queries/aws_glue_catalog_table_3.yaml +++ b/queries/aws_glue_catalog_table_3.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS Glue Catalog Tables for a comprehensive overview + of table metadata, including table names, database names, owner information, and + more. ID: aws_glue_catalog_table_3 -Title: "List all AWS Glue Catalog Tables with metadata" -Description: "Allows users to query AWS Glue Catalog Tables for a comprehensive overview of table metadata, including table names, database names, owner information, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - catalog_id, - create_time, - description, - retention - from - aws_glue_catalog_table - where - retention < 30; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n catalog_id,\n create_time,\n description,\n\ + \ retention\nfrom\n aws_glue_catalog_table\nwhere\n retention < 30;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Glue +Title: List all AWS Glue Catalog Tables with metadata diff --git a/queries/aws_glue_connection_1.yaml b/queries/aws_glue_connection_1.yaml index c57c2e183..27e2bd336 100755 --- a/queries/aws_glue_connection_1.yaml +++ b/queries/aws_glue_connection_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Glue Connections to retrieve detailed information + about each connection. ID: aws_glue_connection_1 -Title: "List all AWS Glue Connections with Details" -Description: "Allows users to query AWS Glue Connections to retrieve detailed information about each connection." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - connection_type, - creation_time, - description, - region - from - aws_glue_connection; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n connection_type,\n creation_time,\n description,\n\ + \ region\nfrom\n aws_glue_connection;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Glue +Title: List all AWS Glue Connections with Details diff --git a/queries/aws_glue_connection_2.yaml b/queries/aws_glue_connection_2.yaml index aaeb648a3..d30317a21 100755 --- a/queries/aws_glue_connection_2.yaml +++ b/queries/aws_glue_connection_2.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Glue Connections to retrieve detailed information + about each connection. ID: aws_glue_connection_2 -Title: "List all SQL Queryable AWS Glue Connections" -Description: "Allows users to query AWS Glue Connections to retrieve detailed information about each connection." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - connection_type, - connection_properties ->> 'JDBC_CONNECTION_URL' as connection_url, - connection_properties ->> 'JDBC_ENFORCE_SSL' as ssl_enabled, - creation_time - from - aws_glue_connection - where - connection_type = 'JDBC'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n connection_type,\n connection_properties ->>\ + \ 'JDBC_CONNECTION_URL' as connection_url,\n connection_properties ->> 'JDBC_ENFORCE_SSL'\ + \ as ssl_enabled,\n creation_time\nfrom\n aws_glue_connection\nwhere\n connection_type\ + \ = 'JDBC';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Glue +Title: List all SQL Queryable AWS Glue Connections diff --git a/queries/aws_glue_connection_3.yaml b/queries/aws_glue_connection_3.yaml index 4234d1d29..7e306714a 100755 --- a/queries/aws_glue_connection_3.yaml +++ b/queries/aws_glue_connection_3.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Glue Connections to retrieve detailed information + about each connection. ID: aws_glue_connection_3 -Title: "List all AWS Glue Connections with JDBC not enforcing SSL" -Description: "Allows users to query AWS Glue Connections to retrieve detailed information about each connection." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - connection_type, - connection_properties ->> 'CONNECTION_URL' as connection_url, - connection_properties ->> 'JDBC_ENFORCE_SSL' as ssl_enabled, - creation_time - from - aws_glue_connection - where - connection_type = 'JDBC' - and connection_properties ->> 'JDBC_ENFORCE_SSL' = 'false'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n connection_type,\n connection_properties ->>\ + \ 'CONNECTION_URL' as connection_url,\n connection_properties ->> 'JDBC_ENFORCE_SSL'\ + \ as ssl_enabled,\n creation_time\nfrom\n aws_glue_connection\nwhere\n connection_type\ + \ = 'JDBC'\n and connection_properties ->> 'JDBC_ENFORCE_SSL' = 'false';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Glue +Title: List all AWS Glue Connections with JDBC not enforcing SSL diff --git a/queries/aws_glue_connection_4.yaml b/queries/aws_glue_connection_4.yaml index a525fc401..8f91e807b 100755 --- a/queries/aws_glue_connection_4.yaml +++ b/queries/aws_glue_connection_4.yaml @@ -1,31 +1,26 @@ +Description: Allows users to query AWS Glue Connections to retrieve detailed information + about each connection. ID: aws_glue_connection_4 -Title: "Find AWS Glue Connections Details" -Description: "Allows users to query AWS Glue Connections to retrieve detailed information about each connection." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - c.name as connection_name, - s.vpc_id as vpc_id, - s.title as subnet_name, - physical_connection_requirements ->> 'SubnetId' as subnet_id, - physical_connection_requirements ->> 'AvailabilityZone' as availability_zone, - cidr_block, - physical_connection_requirements ->> 'SecurityGroupIdList' as security_group_ids - from - aws_glue_connection c - join aws_vpc_subnet s on physical_connection_requirements ->> 'SubnetId' = s.subnet_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n c.name as connection_name,\n s.vpc_id as vpc_id,\n \ + \ s.title as subnet_name,\n physical_connection_requirements ->> 'SubnetId' as\ + \ subnet_id,\n physical_connection_requirements ->> 'AvailabilityZone' as availability_zone,\n\ + \ cidr_block,\n physical_connection_requirements ->> 'SecurityGroupIdList' as\ + \ security_group_ids\nfrom\n aws_glue_connection c\n join aws_vpc_subnet s on\ + \ physical_connection_requirements ->> 'SubnetId' = s.subnet_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Glue +Title: Find AWS Glue Connections Details diff --git a/queries/aws_glue_crawler_1.yaml b/queries/aws_glue_crawler_1.yaml index c2c962a34..52c4f5a13 100755 --- a/queries/aws_glue_crawler_1.yaml +++ b/queries/aws_glue_crawler_1.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Glue Crawlers and retrieve essential information + about the crawler''s configuration, status, and associated metadata. ID: aws_glue_crawler_1 -Title: "List all AWS Glue Crawlers and Their Essential Information" -Description: "Allows users to query AWS Glue Crawlers and retrieve essential information about the crawler''s configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - state, - database_name, - creation_time, - description, - recrawl_behavior - from - aws_glue_crawler; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n state,\n database_name,\n creation_time,\n\ + \ description,\n recrawl_behavior\nfrom\n aws_glue_crawler;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Glue +Title: List all AWS Glue Crawlers and Their Essential Information diff --git a/queries/aws_glue_crawler_2.yaml b/queries/aws_glue_crawler_2.yaml index 9eb7ec041..d2d48e092 100755 --- a/queries/aws_glue_crawler_2.yaml +++ b/queries/aws_glue_crawler_2.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS Glue Crawlers and retrieve essential information + about the crawler''s configuration, status, and associated metadata. ID: aws_glue_crawler_2 -Title: "List all AWS Glue Crawlers and Retrieve their Metadata" -Description: "Allows users to query AWS Glue Crawlers and retrieve essential information about the crawler''s configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - state, - database_name, - creation_time, - description, - recrawl_behavior - from - aws_glue_crawler - where - state = 'RUNNING'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n state,\n database_name,\n creation_time,\n\ + \ description,\n recrawl_behavior\nfrom\n aws_glue_crawler\nwhere\n state\ + \ = 'RUNNING'; " Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Glue +Title: List all AWS Glue Crawlers and Retrieve their Metadata diff --git a/queries/aws_glue_data_catalog_encryption_settings_1.yaml b/queries/aws_glue_data_catalog_encryption_settings_1.yaml index c491781a4..f559c43ed 100755 --- a/queries/aws_glue_data_catalog_encryption_settings_1.yaml +++ b/queries/aws_glue_data_catalog_encryption_settings_1.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS Glue Data Catalog Encryption Settings. ID: aws_glue_data_catalog_encryption_settings_1 -Title: "Find AWS Glue Data Catalog Encryption Settings" -Description: "Allows users to query AWS Glue Data Catalog Encryption Settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - encryption_at_rest, - connection_password_encryption, - region, - account_id - from - aws_glue_data_catalog_encryption_settings; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n encryption_at_rest,\n connection_password_encryption,\n\ + \ region,\n account_id\nfrom\n aws_glue_data_catalog_encryption_settings;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Glue +Title: Find AWS Glue Data Catalog Encryption Settings diff --git a/queries/aws_glue_data_catalog_encryption_settings_2.yaml b/queries/aws_glue_data_catalog_encryption_settings_2.yaml index 611537cd4..342a16a23 100755 --- a/queries/aws_glue_data_catalog_encryption_settings_2.yaml +++ b/queries/aws_glue_data_catalog_encryption_settings_2.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS Glue Data Catalog Encryption Settings. ID: aws_glue_data_catalog_encryption_settings_2 -Title: "Find AWS Glue Data Catalog Encryption Settings" -Description: "Allows users to query AWS Glue Data Catalog Encryption Settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - encryption_at_rest, - connection_password_encryption, - region, - account_id - from - aws_glue_data_catalog_encryption_settings - where - encryption_at_rest ->> 'CatalogEncryptionMode' = 'DISABLED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n encryption_at_rest,\n connection_password_encryption,\n\ + \ region,\n account_id\nfrom\n aws_glue_data_catalog_encryption_settings\n\ + where\n encryption_at_rest ->> 'CatalogEncryptionMode' = 'DISABLED';" Tags: cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Glue Data Catalog +Title: Find AWS Glue Data Catalog Encryption Settings diff --git a/queries/aws_glue_data_catalog_encryption_settings_3.yaml b/queries/aws_glue_data_catalog_encryption_settings_3.yaml index 50043d01b..690eb3415 100755 --- a/queries/aws_glue_data_catalog_encryption_settings_3.yaml +++ b/queries/aws_glue_data_catalog_encryption_settings_3.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Glue Data Catalog Encryption Settings. ID: aws_glue_data_catalog_encryption_settings_3 -Title: "List all AWS Glue Data Catalog Encryption Settings" -Description: "Allows users to query AWS Glue Data Catalog Encryption Settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - encryption_at_rest, - connection_password_encryption, - region, - account_id - from - aws_glue_data_catalog_encryption_settings - where - connection_password_encryption ->> 'ReturnConnectionPasswordEncrypted' = 'false'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n encryption_at_rest,\n connection_password_encryption,\n\ + \ region,\n account_id\nfrom\n aws_glue_data_catalog_encryption_settings\n\ + where\n connection_password_encryption ->> 'ReturnConnectionPasswordEncrypted'\ + \ = 'false';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Glue Data Catalog +Title: List all AWS Glue Data Catalog Encryption Settings diff --git a/queries/aws_glue_data_catalog_encryption_settings_4.yaml b/queries/aws_glue_data_catalog_encryption_settings_4.yaml index 523e28db8..387892833 100755 --- a/queries/aws_glue_data_catalog_encryption_settings_4.yaml +++ b/queries/aws_glue_data_catalog_encryption_settings_4.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS Glue Data Catalog Encryption Settings. ID: aws_glue_data_catalog_encryption_settings_4 -Title: "Query AWS Glue Data Catalog Encryption Settings" -Description: "Allows users to query AWS Glue Data Catalog Encryption Settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - encryption_at_rest ->> 'SseAwsKmsKeyId' as key_arn, - k.key_manager as key_manager, - k.creation_date as key_creation_date, - s.region, - s.account_id - from - aws_glue_data_catalog_encryption_settings s - join aws_kms_key k on s.encryption_at_rest ->> 'SseAwsKmsKeyId' = k.arn - and s.region = k.region; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n encryption_at_rest ->> 'SseAwsKmsKeyId' as key_arn,\n\ + \ k.key_manager as key_manager,\n k.creation_date as key_creation_date,\n s.region,\n\ + \ s.account_id\nfrom\n aws_glue_data_catalog_encryption_settings s\n join aws_kms_key\ + \ k on s.encryption_at_rest ->> 'SseAwsKmsKeyId' = k.arn\n and s.region = k.region;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Glue Data Catalog +Title: Query AWS Glue Data Catalog Encryption Settings diff --git a/queries/aws_glue_data_catalog_encryption_settings_5.yaml b/queries/aws_glue_data_catalog_encryption_settings_5.yaml index 815b1250f..32d046bb5 100755 --- a/queries/aws_glue_data_catalog_encryption_settings_5.yaml +++ b/queries/aws_glue_data_catalog_encryption_settings_5.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS Glue Data Catalog Encryption Settings. ID: aws_glue_data_catalog_encryption_settings_5 -Title: "Find AWS Glue Data Catalog Encryption Settings" -Description: "Allows users to query AWS Glue Data Catalog Encryption Settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - connection_password_encryption ->> 'AwsKmsKeyId' as key_arn, - k.key_manager as key_manager, - k.creation_date as key_creation_date, - s.region, - s.account_id - from - aws_glue_data_catalog_encryption_settings s - join aws_kms_key k on s.connection_password_encryption ->> 'AwsKmsKeyId' = k.arn - and s.region = k.region; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n connection_password_encryption ->> 'AwsKmsKeyId' as key_arn,\n\ + \ k.key_manager as key_manager,\n k.creation_date as key_creation_date,\n s.region,\n\ + \ s.account_id\nfrom\n aws_glue_data_catalog_encryption_settings s\n join aws_kms_key\ + \ k on s.connection_password_encryption ->> 'AwsKmsKeyId' = k.arn\n and s.region\ + \ = k.region;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Glue +Title: Find AWS Glue Data Catalog Encryption Settings diff --git a/queries/aws_glue_data_quality_ruleset_1.yaml b/queries/aws_glue_data_quality_ruleset_1.yaml index 2616675c9..eb6519926 100755 --- a/queries/aws_glue_data_quality_ruleset_1.yaml +++ b/queries/aws_glue_data_quality_ruleset_1.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS Glue Data Quality Ruleset to obtain information + about the rulesets used for data quality checks in AWS Glue. ID: aws_glue_data_quality_ruleset_1 -Title: "List all AWS Glue Data Quality Rulesets" -Description: "Allows users to query AWS Glue Data Quality Ruleset to obtain information about the rulesets used for data quality checks in AWS Glue." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - database_name, - table_name, - created_on, - description, - rule_set, - recommendation_run_id - from - aws_glue_data_quality_ruleset; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n database_name,\n table_name,\n created_on,\n\ + \ description,\n rule_set,\n recommendation_run_id\nfrom\n aws_glue_data_quality_ruleset;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Glue +Title: List all AWS Glue Data Quality Rulesets diff --git a/queries/aws_glue_data_quality_ruleset_2.yaml b/queries/aws_glue_data_quality_ruleset_2.yaml index 8ea563279..1208f9f7f 100755 --- a/queries/aws_glue_data_quality_ruleset_2.yaml +++ b/queries/aws_glue_data_quality_ruleset_2.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS Glue Data Quality Ruleset to obtain information + about the rulesets used for data quality checks in AWS Glue. ID: aws_glue_data_quality_ruleset_2 -Title: "Query AWS Glue Data Quality Rulesets" -Description: "Allows users to query AWS Glue Data Quality Ruleset to obtain information about the rulesets used for data quality checks in AWS Glue." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - database_name, - table_name, - created_on, - description, - rule_set, - recommendation_run_id - from - aws_glue_data_quality_ruleset - where - created_on >= now() - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n database_name,\n table_name,\n created_on,\n\ + \ description,\n rule_set,\n recommendation_run_id\nfrom\n aws_glue_data_quality_ruleset\n\ + where\n created_on >= now() - interval '30' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Glue +Title: Query AWS Glue Data Quality Rulesets diff --git a/queries/aws_glue_data_quality_ruleset_3.yaml b/queries/aws_glue_data_quality_ruleset_3.yaml index d2a34447e..b410fddb4 100755 --- a/queries/aws_glue_data_quality_ruleset_3.yaml +++ b/queries/aws_glue_data_quality_ruleset_3.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Glue Data Quality Ruleset to obtain information + about the rulesets used for data quality checks in AWS Glue. ID: aws_glue_data_quality_ruleset_3 -Title: "List All AWS Glue Data Quality Rulesets by Database" -Description: "Allows users to query AWS Glue Data Quality Ruleset to obtain information about the rulesets used for data quality checks in AWS Glue." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - database_name, - count("name") as rulset_count - from - aws_glue_data_quality_ruleset - group by - database_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n database_name,\n count(\"name\") as rulset_count\nfrom\n\ + \ aws_glue_data_quality_ruleset\ngroup by\n database_name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Glue +Title: List All AWS Glue Data Quality Rulesets by Database diff --git a/queries/aws_glue_data_quality_ruleset_4.yaml b/queries/aws_glue_data_quality_ruleset_4.yaml index 47e314081..31c2889f5 100755 --- a/queries/aws_glue_data_quality_ruleset_4.yaml +++ b/queries/aws_glue_data_quality_ruleset_4.yaml @@ -1,33 +1,24 @@ +Description: Allows users to query AWS Glue Data Quality Ruleset to obtain information + about the rulesets used for data quality checks in AWS Glue. ID: aws_glue_data_quality_ruleset_4 -Title: "List all Glue Data Quality Rulesets in AWS" -Description: "Allows users to query AWS Glue Data Quality Ruleset to obtain information about the rulesets used for data quality checks in AWS Glue." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.name, - r.database_name, - d.catalog_id, - d.create_time as databse_create_time, - d.location_uri - from - aws_glue_data_quality_ruleset as r, - aws_glue_catalog_database as d - where - r.database_name = d.name - and - r.name = 'ruleset1'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n r.name,\n r.database_name,\n d.catalog_id,\n d.create_time\ + \ as databse_create_time,\n d.location_uri\nfrom\n aws_glue_data_quality_ruleset\ + \ as r,\n aws_glue_catalog_database as d\nwhere\n r.database_name = d.name\n\ + and\n r.name = 'ruleset1';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Glue +Title: List all Glue Data Quality Rulesets in AWS diff --git a/queries/aws_glue_data_quality_ruleset_5.yaml b/queries/aws_glue_data_quality_ruleset_5.yaml index d624b5a37..fdce3fa6b 100755 --- a/queries/aws_glue_data_quality_ruleset_5.yaml +++ b/queries/aws_glue_data_quality_ruleset_5.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS Glue Data Quality Ruleset to obtain information + about the rulesets used for data quality checks in AWS Glue. ID: aws_glue_data_quality_ruleset_5 -Title: "Find AWS Glue Data Quality Rulesets with Rule Count" -Description: "Allows users to query AWS Glue Data Quality Ruleset to obtain information about the rulesets used for data quality checks in AWS Glue." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - rule_count - from - aws_glue_data_quality_ruleset; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n rule_count\nfrom\n aws_glue_data_quality_ruleset;" Tags: cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Glue +Title: Find AWS Glue Data Quality Rulesets with Rule Count diff --git a/queries/aws_glue_dev_endpoint_1.yaml b/queries/aws_glue_dev_endpoint_1.yaml index 86dad1a8d..100b8c7b7 100755 --- a/queries/aws_glue_dev_endpoint_1.yaml +++ b/queries/aws_glue_dev_endpoint_1.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS Glue Development Endpoints to retrieve detailed + information about individual endpoints, their configurations, and related metadata. ID: aws_glue_dev_endpoint_1 -Title: "List all AWS Glue Development Endpoints and Metadata" -Description: "Allows users to query AWS Glue Development Endpoints to retrieve detailed information about individual endpoints, their configurations, and related metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - endpoint_name, - status, - availability_zone, - created_timestamp, - extra_jars_s3_path, - glue_version, - private_address, - public_address - from - aws_glue_dev_endpoint; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n endpoint_name,\n status,\n availability_zone,\n created_timestamp,\n\ + \ extra_jars_s3_path,\n glue_version,\n private_address,\n public_address\n\ + from\n aws_glue_dev_endpoint;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Glue +Title: List all AWS Glue Development Endpoints and Metadata diff --git a/queries/aws_glue_dev_endpoint_2.yaml b/queries/aws_glue_dev_endpoint_2.yaml index b2ca6806f..579563ebe 100755 --- a/queries/aws_glue_dev_endpoint_2.yaml +++ b/queries/aws_glue_dev_endpoint_2.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS Glue Development Endpoints to retrieve detailed + information about individual endpoints, their configurations, and related metadata. ID: aws_glue_dev_endpoint_2 -Title: "Find all AWS Glue Development Endpoints with Metadata" -Description: "Allows users to query AWS Glue Development Endpoints to retrieve detailed information about individual endpoints, their configurations, and related metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - endpoint_name, - status, - created_timestamp, - extra_jars_s3_path, - glue_version, - private_address, - public_address - from - aws_glue_dev_endpoint - where - status <> 'READY'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n endpoint_name,\n status,\n created_timestamp,\n extra_jars_s3_path,\n\ + \ glue_version,\n private_address,\n public_address\nfrom\n aws_glue_dev_endpoint\n\ + where\n status <> 'READY'; " Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Glue +Title: Find all AWS Glue Development Endpoints with Metadata diff --git a/queries/aws_glue_dev_endpoint_3.yaml b/queries/aws_glue_dev_endpoint_3.yaml index e2a4b091d..076f947ef 100755 --- a/queries/aws_glue_dev_endpoint_3.yaml +++ b/queries/aws_glue_dev_endpoint_3.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS Glue Development Endpoints to retrieve detailed + information about individual endpoints, their configurations, and related metadata. ID: aws_glue_dev_endpoint_3 -Title: "List all AWS Glue Development Endpoints with Metadata" -Description: "Allows users to query AWS Glue Development Endpoints to retrieve detailed information about individual endpoints, their configurations, and related metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - arn, - status, - glue_version, - last_modified_timestamp - from - aws_glue_dev_endpoint - where - last_modified_timestamp >= now() - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n arn,\n status,\n glue_version,\n last_modified_timestamp\n\ + from\n aws_glue_dev_endpoint\nwhere\n last_modified_timestamp >= now() - interval\ + \ '30' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Glue Development Endpoint +Title: List all AWS Glue Development Endpoints with Metadata diff --git a/queries/aws_glue_dev_endpoint_4.yaml b/queries/aws_glue_dev_endpoint_4.yaml index e3268b478..3de96d49c 100755 --- a/queries/aws_glue_dev_endpoint_4.yaml +++ b/queries/aws_glue_dev_endpoint_4.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS Glue Development Endpoints to retrieve detailed + information about individual endpoints, their configurations, and related metadata. ID: aws_glue_dev_endpoint_4 -Title: "List AWS Glue Development Endpoints and Configurations" -Description: "Allows users to query AWS Glue Development Endpoints to retrieve detailed information about individual endpoints, their configurations, and related metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - endpoint_name, - arn, - status, - glue_version, - created_timestamp - from - aws_glue_dev_endpoint - where - created_timestamp >= now() - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n endpoint_name,\n arn,\n status,\n glue_version,\n\ + \ created_timestamp\nfrom\n aws_glue_dev_endpoint\nwhere\n created_timestamp\ + \ >= now() - interval '30' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Glue +Title: List AWS Glue Development Endpoints and Configurations diff --git a/queries/aws_glue_dev_endpoint_5.yaml b/queries/aws_glue_dev_endpoint_5.yaml index 031d1ce0f..2463b675c 100755 --- a/queries/aws_glue_dev_endpoint_5.yaml +++ b/queries/aws_glue_dev_endpoint_5.yaml @@ -1,36 +1,25 @@ +Description: Allows users to query AWS Glue Development Endpoints to retrieve detailed + information about individual endpoints, their configurations, and related metadata. ID: aws_glue_dev_endpoint_5 -Title: "Find AWS Glue Development Endpoints and Subnet Details" -Description: "Allows users to query AWS Glue Development Endpoints to retrieve detailed information about individual endpoints, their configurations, and related metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - e.endpoint_name, - s.availability_zone, - s.available_ip_address_count, - s.cidr_block, - s.default_for_az, - s.map_customer_owned_ip_on_launch, - s.map_public_ip_on_launch, - s.state - from - aws_glue_dev_endpoint as e, - aws_vpc_subnet as s - where - e.endpoint_name = 'test5' - and - e.subnet_id = s.subnet_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n e.endpoint_name,\n s.availability_zone,\n s.available_ip_address_count,\n\ + \ s.cidr_block,\n s.default_for_az,\n s.map_customer_owned_ip_on_launch,\n\ + \ s.map_public_ip_on_launch,\n s.state\nfrom\n aws_glue_dev_endpoint as e,\n\ + \ aws_vpc_subnet as s\nwhere\n e.endpoint_name = 'test5'\nand\n e.subnet_id\ + \ = s.subnet_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Glue +Title: Find AWS Glue Development Endpoints and Subnet Details diff --git a/queries/aws_glue_dev_endpoint_6.yaml b/queries/aws_glue_dev_endpoint_6.yaml index cc4e446f3..9a6b2f174 100755 --- a/queries/aws_glue_dev_endpoint_6.yaml +++ b/queries/aws_glue_dev_endpoint_6.yaml @@ -1,34 +1,23 @@ +Description: Allows users to query AWS Glue Development Endpoints to retrieve detailed + information about individual endpoints, their configurations, and related metadata. ID: aws_glue_dev_endpoint_6 -Title: "Find AWS Glue Development Endpoints Configurations and Metadata" -Description: "Allows users to query AWS Glue Development Endpoints to retrieve detailed information about individual endpoints, their configurations, and related metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - e.endpoint_name, - split_part(j, '/', '3') as extra_jars_s3_bucket, - b.versioning_enabled, - b.policy, - b.object_lock_configuration, - b.restrict_public_buckets, - b.policy - from - aws_glue_dev_endpoint as e, - aws_s3_bucket as b, - unnest (string_to_array(e.extra_jars_s3_path, ',')) as j - where - b.name = split_part(j, '/', '3') - and - e.endpoint_name = 'test34'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n e.endpoint_name,\n split_part(j, '/', '3') as extra_jars_s3_bucket,\n\ + \ b.versioning_enabled,\n b.policy,\n b.object_lock_configuration,\n b.restrict_public_buckets,\n\ + \ b.policy\nfrom\n aws_glue_dev_endpoint as e,\n aws_s3_bucket as b,\n unnest\ + \ (string_to_array(e.extra_jars_s3_path, ',')) as j\nwhere\n b.name = split_part(j,\ + \ '/', '3')\nand\n e.endpoint_name = 'test34';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Glue +Title: Find AWS Glue Development Endpoints Configurations and Metadata diff --git a/queries/aws_glue_job_1.yaml b/queries/aws_glue_job_1.yaml index ee3b69768..32a32d188 100755 --- a/queries/aws_glue_job_1.yaml +++ b/queries/aws_glue_job_1.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS Glue Jobs to retrieve detailed information + related to job properties, execution, and status. ID: aws_glue_job_1 -Title: "List AWS Glue Jobs with Details on Execution and Status" -Description: "Allows users to query AWS Glue Jobs to retrieve detailed information related to job properties, execution, and status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - created_on, - description, - max_capacity, - number_of_workers, - region, - timeout - from - aws_glue_job; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n created_on,\n description,\n max_capacity,\n\ + \ number_of_workers,\n region,\n timeout\nfrom\n aws_glue_job;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Glue +Title: List AWS Glue Jobs with Details on Execution and Status diff --git a/queries/aws_glue_job_10.yaml b/queries/aws_glue_job_10.yaml index 70e7f75cd..74e1d17b7 100755 --- a/queries/aws_glue_job_10.yaml +++ b/queries/aws_glue_job_10.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query AWS Glue Jobs to retrieve detailed information + related to job properties, execution, and status. ID: aws_glue_job_10 -Title: "Find AWS Glue Jobs Missing Encryption Type" -Description: "Allows users to query AWS Glue Jobs to retrieve detailed information related to job properties, execution, and status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - arn, - created_on - region, - account_id, - default_arguments ->> '--encryption-type' as encryption_type - from - aws_glue_job - where - default_arguments ->> '--encryption-type' is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n arn,\n created_on\n region,\n account_id,\n\ + \ default_arguments ->> '--encryption-type' as encryption_type\nfrom\n aws_glue_job\n\ + where\n default_arguments ->> '--encryption-type' is null;" Tags: cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Glue +Title: Find AWS Glue Jobs Missing Encryption Type diff --git a/queries/aws_glue_job_2.yaml b/queries/aws_glue_job_2.yaml index 8f8dee97e..2d3afdbc6 100755 --- a/queries/aws_glue_job_2.yaml +++ b/queries/aws_glue_job_2.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Glue Jobs to retrieve detailed information + related to job properties, execution, and status. ID: aws_glue_job_2 -Title: "Find AWS Glue Jobs and Their Detailed Job Properties" -Description: "Allows users to query AWS Glue Jobs to retrieve detailed information related to job properties, execution, and status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - arn, - created_on, - connections -> 'Connections' as connections - from - aws_glue_job - where - connections is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n arn,\n created_on,\n connections -> 'Connections'\ + \ as connections\nfrom\n aws_glue_job\nwhere\n connections is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Glue +Title: Find AWS Glue Jobs and Their Detailed Job Properties diff --git a/queries/aws_glue_job_3.yaml b/queries/aws_glue_job_3.yaml index f158d6a85..ca780fac5 100755 --- a/queries/aws_glue_job_3.yaml +++ b/queries/aws_glue_job_3.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS Glue Jobs to retrieve detailed information + related to job properties, execution, and status. ID: aws_glue_job_3 -Title: "List all AWS Glue Jobs with detailed properties" -Description: "Allows users to query AWS Glue Jobs to retrieve detailed information related to job properties, execution, and status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - arn, - created_on, - job_bookmark ->> 'Attempt' as total_attempts, - job_bookmark ->> 'Run' as total_runs, - job_bookmark ->> 'RunId' as run_id - from - aws_glue_job - where - job_bookmark is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n arn,\n created_on,\n job_bookmark ->> 'Attempt'\ + \ as total_attempts,\n job_bookmark ->> 'Run' as total_runs,\n job_bookmark\ + \ ->> 'RunId' as run_id\nfrom\n aws_glue_job\nwhere\n job_bookmark is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Glue +Title: List all AWS Glue Jobs with detailed properties diff --git a/queries/aws_glue_job_4.yaml b/queries/aws_glue_job_4.yaml index 4e34f134b..73c181de5 100755 --- a/queries/aws_glue_job_4.yaml +++ b/queries/aws_glue_job_4.yaml @@ -1,32 +1,24 @@ +Description: Allows users to query AWS Glue Jobs to retrieve detailed information + related to job properties, execution, and status. ID: aws_glue_job_4 -Title: "Find all AWS Glue Jobs with Query Execution Detail" -Description: "Allows users to query AWS Glue Jobs to retrieve detailed information related to job properties, execution, and status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - j.title, - j.arn, - j.created_on, - j.region, - j.account_id, - cloud_watch_encryption - from - aws_glue_job j - left join aws_glue_security_configuration s on j.security_configuration = s.name - where - cloud_watch_encryption is null or cloud_watch_encryption ->> 'CloudWatchEncryptionMode' = 'DISABLED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n j.title,\n j.arn,\n j.created_on,\n j.region,\n j.account_id,\n\ + \ cloud_watch_encryption\nfrom\n aws_glue_job j\n left join aws_glue_security_configuration\ + \ s on j.security_configuration = s.name\nwhere\n cloud_watch_encryption is null\ + \ or cloud_watch_encryption ->> 'CloudWatchEncryptionMode' = 'DISABLED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Glue +Title: Find all AWS Glue Jobs with Query Execution Detail diff --git a/queries/aws_glue_job_5.yaml b/queries/aws_glue_job_5.yaml index 45d69ef12..73f8917b7 100755 --- a/queries/aws_glue_job_5.yaml +++ b/queries/aws_glue_job_5.yaml @@ -1,34 +1,26 @@ +Description: Allows users to query AWS Glue Jobs to retrieve detailed information + related to job properties, execution, and status. ID: aws_glue_job_5 -Title: "List all AWS Glue Jobs Detailing Status and Properties" -Description: "Allows users to query AWS Glue Jobs to retrieve detailed information related to job properties, execution, and status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - j.title, - j.arn, - j.created_on, - j.region, - j.account_id, - job_bookmarks_encryption - from - aws_glue_job j - left join aws_glue_security_configuration s on j.security_configuration = s.name - where - job_bookmarks_encryption is null or job_bookmarks_encryption ->> 'JobBookmarksEncryptionMode' = 'DISABLED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n j.title,\n j.arn,\n j.created_on,\n j.region,\n j.account_id,\n\ + \ job_bookmarks_encryption\nfrom\n aws_glue_job j\n left join aws_glue_security_configuration\ + \ s on j.security_configuration = s.name\nwhere\n job_bookmarks_encryption is\ + \ null or job_bookmarks_encryption ->> 'JobBookmarksEncryptionMode' = 'DISABLED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Glue +Title: List all AWS Glue Jobs Detailing Status and Properties diff --git a/queries/aws_glue_job_6.yaml b/queries/aws_glue_job_6.yaml index e296a6a3d..8f116c7db 100755 --- a/queries/aws_glue_job_6.yaml +++ b/queries/aws_glue_job_6.yaml @@ -1,33 +1,24 @@ +Description: Allows users to query AWS Glue Jobs to retrieve detailed information + related to job properties, execution, and status. ID: aws_glue_job_6 -Title: "Find all AWS Glue Jobs with Detailed Information" -Description: "Allows users to query AWS Glue Jobs to retrieve detailed information related to job properties, execution, and status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - j.title, - j.arn, - j.created_on, - j.region, - j.account_id, - e as s3_encryption - from - aws_glue_job j - left join aws_glue_security_configuration s on j.security_configuration = s.name, - jsonb_array_elements(s.s3_encryption) e - where - e is null or e ->> 'S3EncryptionMode' = 'DISABLED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n j.title,\n j.arn,\n j.created_on,\n j.region,\n j.account_id,\n\ + \ e as s3_encryption\nfrom\n aws_glue_job j\n left join aws_glue_security_configuration\ + \ s on j.security_configuration = s.name,\n jsonb_array_elements(s.s3_encryption)\ + \ e\nwhere\n e is null or e ->> 'S3EncryptionMode' = 'DISABLED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Glue +Title: Find all AWS Glue Jobs with Detailed Information diff --git a/queries/aws_glue_job_7.yaml b/queries/aws_glue_job_7.yaml index 461c5a912..9f7f768a9 100755 --- a/queries/aws_glue_job_7.yaml +++ b/queries/aws_glue_job_7.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS Glue Jobs to retrieve detailed information + related to job properties, execution, and status. ID: aws_glue_job_7 -Title: "List all AWS Glue Jobs with Continuous CloudWatch Logs Disabled" -Description: "Allows users to query AWS Glue Jobs to retrieve detailed information related to job properties, execution, and status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - arn, - created_on - region, - account_id - from - aws_glue_job - where - default_arguments ->> '--enable-continuous-cloudwatch-log' = 'false'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n arn,\n created_on\n region,\n account_id\n\ + from\n aws_glue_job\nwhere\n default_arguments ->> '--enable-continuous-cloudwatch-log'\ + \ = 'false';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Glue +Title: List all AWS Glue Jobs with Continuous CloudWatch Logs Disabled diff --git a/queries/aws_glue_job_8.yaml b/queries/aws_glue_job_8.yaml index 247de01eb..4110fe98d 100755 --- a/queries/aws_glue_job_8.yaml +++ b/queries/aws_glue_job_8.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS Glue Jobs to retrieve detailed information + related to job properties, execution, and status. ID: aws_glue_job_8 -Title: "List AWS Glue Jobs with Detailed Properties and Status" -Description: "Allows users to query AWS Glue Jobs to retrieve detailed information related to job properties, execution, and status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - arn, - created_on - region, - account_id - from - aws_glue_job - where - default_arguments ->> '--enable-metrics' = 'false'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n arn,\n created_on\n region,\n account_id\n\ + from\n aws_glue_job\nwhere\n default_arguments ->> '--enable-metrics' = 'false';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Glue +Title: List AWS Glue Jobs with Detailed Properties and Status diff --git a/queries/aws_glue_job_9.yaml b/queries/aws_glue_job_9.yaml index 177c0e26e..9f458da86 100755 --- a/queries/aws_glue_job_9.yaml +++ b/queries/aws_glue_job_9.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Glue Jobs to retrieve detailed information + related to job properties, execution, and status. ID: aws_glue_job_9 -Title: "List all AWS Glue Job Properties and Execution Details" -Description: "Allows users to query AWS Glue Jobs to retrieve detailed information related to job properties, execution, and status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - arn, - created_on, - command ->> 'Name' as script_name, - command ->> 'ScriptLocation' as script_location, - default_arguments ->> '--job-language' as job_language - from - aws_glue_job; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n arn,\n created_on,\n command ->> 'Name' as\ + \ script_name,\n command ->> 'ScriptLocation' as script_location,\n default_arguments\ + \ ->> '--job-language' as job_language\nfrom\n aws_glue_job;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Glue +Title: List all AWS Glue Job Properties and Execution Details diff --git a/queries/aws_glue_security_configuration_1.yaml b/queries/aws_glue_security_configuration_1.yaml index 6debca620..2913b0905 100755 --- a/queries/aws_glue_security_configuration_1.yaml +++ b/queries/aws_glue_security_configuration_1.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS Glue Security Configurations and gain insights + into the security configurations of Glue resources. ID: aws_glue_security_configuration_1 -Title: "Find AWS Glue Security Configurations and Insights" -Description: "Allows users to query AWS Glue Security Configurations and gain insights into the security configurations of Glue resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - created_time_stamp, - cloud_watch_encryption, - job_bookmarks_encryption, - s3_encryption - from - aws_glue_security_configuration; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n created_time_stamp,\n cloud_watch_encryption,\n\ + \ job_bookmarks_encryption,\n s3_encryption\nfrom\n aws_glue_security_configuration;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Glue +Title: Find AWS Glue Security Configurations and Insights diff --git a/queries/aws_glue_security_configuration_2.yaml b/queries/aws_glue_security_configuration_2.yaml index 882a981ec..56dc920ef 100755 --- a/queries/aws_glue_security_configuration_2.yaml +++ b/queries/aws_glue_security_configuration_2.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query AWS Glue Security Configurations and gain insights + into the security configurations of Glue resources. ID: aws_glue_security_configuration_2 -Title: "Find AWS Glue Security Configurations with Encryption" -Description: "Allows users to query AWS Glue Security Configurations and gain insights into the security configurations of Glue resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - cloud_watch_encryption ->> 'CloudWatchEncryptionMode' as encyption_mode, - cloud_watch_encryption ->> 'KmsKeyArn' as kms_key_arn - from - aws_glue_security_configuration - where - cloud_watch_encryption ->> 'CloudWatchEncryptionMode' != 'DISABLED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n cloud_watch_encryption ->> 'CloudWatchEncryptionMode'\ + \ as encyption_mode,\n cloud_watch_encryption ->> 'KmsKeyArn' as kms_key_arn\n\ + from\n aws_glue_security_configuration\nwhere\n cloud_watch_encryption ->> 'CloudWatchEncryptionMode'\ + \ != 'DISABLED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Glue Security +Title: Find AWS Glue Security Configurations with Encryption diff --git a/queries/aws_glue_security_configuration_3.yaml b/queries/aws_glue_security_configuration_3.yaml index 3bac288b8..995468210 100755 --- a/queries/aws_glue_security_configuration_3.yaml +++ b/queries/aws_glue_security_configuration_3.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query AWS Glue Security Configurations and gain insights + into the security configurations of Glue resources. ID: aws_glue_security_configuration_3 -Title: "List all AWS Glue Security Configurations and Encryption Modes" -Description: "Allows users to query AWS Glue Security Configurations and gain insights into the security configurations of Glue resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - job_bookmarks_encryption ->> 'JobBookmarksEncryptionMode' as encyption_mode, - job_bookmarks_encryption ->> 'KmsKeyArn' as kms_key_arn - from - aws_glue_security_configuration - where - job_bookmarks_encryption ->> 'JobBookmarksEncryptionMode' != 'DISABLED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n job_bookmarks_encryption ->> 'JobBookmarksEncryptionMode'\ + \ as encyption_mode,\n job_bookmarks_encryption ->> 'KmsKeyArn' as kms_key_arn\n\ + from\n aws_glue_security_configuration\nwhere\n job_bookmarks_encryption ->>\ + \ 'JobBookmarksEncryptionMode' != 'DISABLED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Glue +Title: List all AWS Glue Security Configurations and Encryption Modes diff --git a/queries/aws_glue_security_configuration_4.yaml b/queries/aws_glue_security_configuration_4.yaml index 7e652ffc1..0a5d0eb47 100755 --- a/queries/aws_glue_security_configuration_4.yaml +++ b/queries/aws_glue_security_configuration_4.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS Glue Security Configurations and gain insights + into the security configurations of Glue resources. ID: aws_glue_security_configuration_4 -Title: "Find AWS Glue Security Configurations" -Description: "Allows users to query AWS Glue Security Configurations and gain insights into the security configurations of Glue resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - e ->> 'S3EncryptionMode' as encyption_mode, - e ->> 'KmsKeyArn' as kms_key_arn - from - aws_glue_security_configuration, - jsonb_array_elements(s3_encryption) e - where - e ->> 'S3EncryptionMode' != 'DISABLED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n e ->> 'S3EncryptionMode' as encyption_mode,\n\ + \ e ->> 'KmsKeyArn' as kms_key_arn\nfrom\n aws_glue_security_configuration,\n\ + \ jsonb_array_elements(s3_encryption) e\nwhere\n e ->> 'S3EncryptionMode' !=\ + \ 'DISABLED';" Tags: cloud_data_security: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Glue +Title: Find AWS Glue Security Configurations diff --git a/queries/aws_guardduty_detector_1.yaml b/queries/aws_guardduty_detector_1.yaml index e52d8593e..757963a9c 100755 --- a/queries/aws_guardduty_detector_1.yaml +++ b/queries/aws_guardduty_detector_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS GuardDuty Detector data, including detector + details, status, and associated metadata. ID: aws_guardduty_detector_1 -Title: "Find AWS GuardDuty Detector Details and Status" -Description: "Allows users to query AWS GuardDuty Detector data, including detector details, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - detector_id, - arn, - created_at, - status, - service_role - from - aws_guardduty_detector; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n detector_id,\n arn,\n created_at,\n status,\n service_role\n\ + from\n aws_guardduty_detector;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - GuardDuty +Title: Find AWS GuardDuty Detector Details and Status diff --git a/queries/aws_guardduty_detector_2.yaml b/queries/aws_guardduty_detector_2.yaml index b77964160..3b751fda4 100755 --- a/queries/aws_guardduty_detector_2.yaml +++ b/queries/aws_guardduty_detector_2.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS GuardDuty Detector data, including detector + details, status, and associated metadata. ID: aws_guardduty_detector_2 -Title: "List all AWS GuardDuty Detectors and their Status" -Description: "Allows users to query AWS GuardDuty Detector data, including detector details, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - detector_id, - created_at, - status - from - aws_guardduty_detector - where - status = 'ENABLED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n detector_id,\n created_at,\n status\nfrom\n aws_guardduty_detector\n\ + where\n status = 'ENABLED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - GuardDuty +Title: List all AWS GuardDuty Detectors and their Status diff --git a/queries/aws_guardduty_detector_3.yaml b/queries/aws_guardduty_detector_3.yaml index 22fa8d658..07a666510 100755 --- a/queries/aws_guardduty_detector_3.yaml +++ b/queries/aws_guardduty_detector_3.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query AWS GuardDuty Detector data, including detector + details, status, and associated metadata. ID: aws_guardduty_detector_3 -Title: "List all AWS GuardDuty Detector details and status" -Description: "Allows users to query AWS GuardDuty Detector data, including detector details, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - detector_id, - status as detector_status, - data_sources -> 'CloudTrail' ->> 'Status' as cloud_trail_status, - data_sources -> 'DNSLogs' ->> 'Status' as dns_logs_status, - data_sources -> 'FlowLogs' ->> 'Status' as flow_logs_status - from - aws_guardduty_detector; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n detector_id,\n status as detector_status,\n data_sources\ + \ -> 'CloudTrail' ->> 'Status' as cloud_trail_status,\n data_sources -> 'DNSLogs'\ + \ ->> 'Status' as dns_logs_status,\n data_sources -> 'FlowLogs' ->> 'Status'\ + \ as flow_logs_status\nfrom\n aws_guardduty_detector;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - GuardDuty +Title: List all AWS GuardDuty Detector details and status diff --git a/queries/aws_guardduty_detector_4.yaml b/queries/aws_guardduty_detector_4.yaml index 113c2b5ea..dc36fc7b1 100755 --- a/queries/aws_guardduty_detector_4.yaml +++ b/queries/aws_guardduty_detector_4.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query AWS GuardDuty Detector data, including detector + details, status, and associated metadata. ID: aws_guardduty_detector_4 -Title: "Find AWS GuardDuty Detector with SQL" -Description: "Allows users to query AWS GuardDuty Detector data, including detector details, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - detector_id, - master_account ->> 'AccountId' as master_account_id, - master_account ->> 'InvitationId' as invitation_id, - master_account ->> 'RelationshipStatus' as relationship_status - from - aws_guardduty_detector - where master_account is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n detector_id,\n master_account ->> 'AccountId' as master_account_id,\n\ + \ master_account ->> 'InvitationId' as invitation_id, \n master_account ->>\ + \ 'RelationshipStatus' as relationship_status \nfrom \n aws_guardduty_detector\n\ + where master_account is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - GuardDuty +Title: Find AWS GuardDuty Detector with SQL diff --git a/queries/aws_guardduty_filter_1.yaml b/queries/aws_guardduty_filter_1.yaml index 6d4261617..fb62d9a6a 100755 --- a/queries/aws_guardduty_filter_1.yaml +++ b/queries/aws_guardduty_filter_1.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS GuardDuty Filters to retrieve information about + existing filters, their conditions, actions, and associated metadata. ID: aws_guardduty_filter_1 -Title: "Find AWS GuardDuty Filters and Associated Metadata" -Description: "Allows users to query AWS GuardDuty Filters to retrieve information about existing filters, their conditions, actions, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - detector_id, - action, - rank - from - aws_guardduty_filter; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n detector_id,\n action,\n rank\nfrom\n aws_guardduty_filter;" Tags: cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - GuardDuty +Title: Find AWS GuardDuty Filters and Associated Metadata diff --git a/queries/aws_guardduty_filter_2.yaml b/queries/aws_guardduty_filter_2.yaml index beb1f7053..077b4ac6f 100755 --- a/queries/aws_guardduty_filter_2.yaml +++ b/queries/aws_guardduty_filter_2.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS GuardDuty Filters to retrieve information about + existing filters, their conditions, actions, and associated metadata. ID: aws_guardduty_filter_2 -Title: "Find AWS GuardDuty Filter Information with SQL" -Description: "Allows users to query AWS GuardDuty Filters to retrieve information about existing filters, their conditions, actions, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - detector_id, - action, - rank - from - aws_guardduty_filter - where - action = 'ARCHIVE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n detector_id,\n action,\n rank\nfrom\n aws_guardduty_filter\n\ + where\n action = 'ARCHIVE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - GuardDuty +Title: Find AWS GuardDuty Filter Information with SQL diff --git a/queries/aws_guardduty_filter_3.yaml b/queries/aws_guardduty_filter_3.yaml index 6cbe55c47..ed712c018 100755 --- a/queries/aws_guardduty_filter_3.yaml +++ b/queries/aws_guardduty_filter_3.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS GuardDuty Filters to retrieve information about + existing filters, their conditions, actions, and associated metadata. ID: aws_guardduty_filter_3 -Title: "Find AWS GuardDuty Filter Conditions, Actions, Metadata" -Description: "Allows users to query AWS GuardDuty Filters to retrieve information about existing filters, their conditions, actions, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - region, - detector_id, - action, - rank - from - aws_guardduty_filter - where - rank = 1; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n region,\n detector_id,\n action,\n rank\n\ + from\n aws_guardduty_filter\nwhere\n rank = 1;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - GuardDuty +Title: Find AWS GuardDuty Filter Conditions, Actions, Metadata diff --git a/queries/aws_guardduty_filter_4.yaml b/queries/aws_guardduty_filter_4.yaml index 24d34ba8e..de0f011ac 100755 --- a/queries/aws_guardduty_filter_4.yaml +++ b/queries/aws_guardduty_filter_4.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS GuardDuty Filters to retrieve information about + existing filters, their conditions, actions, and associated metadata. ID: aws_guardduty_filter_4 -Title: "Find AWS GuardDuty Filter Information using SQL" -Description: "Allows users to query AWS GuardDuty Filters to retrieve information about existing filters, their conditions, actions, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - jsonb_pretty(finding_criteria) as finding_criteria - from - aws_guardduty_filter - where - name = 'filter-1'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n jsonb_pretty(finding_criteria) as finding_criteria\n\ + from\n aws_guardduty_filter\nwhere\n name = 'filter-1';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - GuardDuty +Title: Find AWS GuardDuty Filter Information using SQL diff --git a/queries/aws_guardduty_filter_5.yaml b/queries/aws_guardduty_filter_5.yaml index 4d1f90f8b..d87076b2a 100755 --- a/queries/aws_guardduty_filter_5.yaml +++ b/queries/aws_guardduty_filter_5.yaml @@ -1,29 +1,20 @@ +Description: Allows users to query AWS GuardDuty Filters to retrieve information about + existing filters, their conditions, actions, and associated metadata. ID: aws_guardduty_filter_5 -Title: "List AWS GuardDuty Filters and Associated Metadata" -Description: "Allows users to query AWS GuardDuty Filters to retrieve information about existing filters, their conditions, actions, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - region, - detector_id, - count(name) - from - aws_guardduty_filter - group by - region, - detector_id - order by - count desc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n region,\n detector_id,\n count(name)\nfrom\n aws_guardduty_filter\n\ + group by\n region,\n detector_id\norder by\n count desc;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - GuardDuty +Title: List AWS GuardDuty Filters and Associated Metadata diff --git a/queries/aws_guardduty_finding_1.yaml b/queries/aws_guardduty_finding_1.yaml index 60d96d154..bab39cffd 100755 --- a/queries/aws_guardduty_finding_1.yaml +++ b/queries/aws_guardduty_finding_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS GuardDuty Findings to access detailed information + about potential security threats or suspicious activities detected in their AWS + environment. ID: aws_guardduty_finding_1 -Title: "Find all AWS GuardDuty Findings for Security Threats" -Description: "Allows users to query AWS GuardDuty Findings to access detailed information about potential security threats or suspicious activities detected in their AWS environment." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - detector_id, - arn, - created_at - from - aws_guardduty_finding; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n detector_id,\n arn,\n created_at\nfrom\n aws_guardduty_finding;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - GuardDuty +Title: Find all AWS GuardDuty Findings for Security Threats diff --git a/queries/aws_guardduty_finding_2.yaml b/queries/aws_guardduty_finding_2.yaml index c7970782c..89fdc91c1 100755 --- a/queries/aws_guardduty_finding_2.yaml +++ b/queries/aws_guardduty_finding_2.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS GuardDuty Findings to access detailed information + about potential security threats or suspicious activities detected in their AWS + environment. ID: aws_guardduty_finding_2 -Title: "Find AWS GuardDuty Findings on Security Threats" -Description: "Allows users to query AWS GuardDuty Findings to access detailed information about potential security threats or suspicious activities detected in their AWS environment." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - detector_id, - arn, - created_at - from - aws_guardduty_finding - where - service ->> 'Archived' = 'false'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n detector_id,\n arn,\n created_at\nfrom\n aws_guardduty_finding\n\ + where\n service ->> 'Archived' = 'false';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - GuardDuty +Title: Find AWS GuardDuty Findings on Security Threats diff --git a/queries/aws_guardduty_ipset_1.yaml b/queries/aws_guardduty_ipset_1.yaml index 66c9b6d80..e15809116 100755 --- a/queries/aws_guardduty_ipset_1.yaml +++ b/queries/aws_guardduty_ipset_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS GuardDuty IPSet to retrieve information about + the IPSet, such as the detector ID, IPSet ID, name, format, location, and status. ID: aws_guardduty_ipset_1 -Title: "Find AWS GuardDuty IPSets with Details" -Description: "Allows users to query AWS GuardDuty IPSet to retrieve information about the IPSet, such as the detector ID, IPSet ID, name, format, location, and status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - detector_id, - ipset_id, - name, - format, - location - from - aws_guardduty_ipset; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n detector_id,\n ipset_id,\n name,\n format,\n location\n\ + from\n aws_guardduty_ipset;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - GuardDuty +Title: Find AWS GuardDuty IPSets with Details diff --git a/queries/aws_guardduty_ipset_2.yaml b/queries/aws_guardduty_ipset_2.yaml index 5342c1423..634fef1da 100755 --- a/queries/aws_guardduty_ipset_2.yaml +++ b/queries/aws_guardduty_ipset_2.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS GuardDuty IPSet to retrieve information about + the IPSet, such as the detector ID, IPSet ID, name, format, location, and status. ID: aws_guardduty_ipset_2 -Title: "List All Inactive IP Sets in AWS GuardDuty" -Description: "Allows users to query AWS GuardDuty IPSet to retrieve information about the IPSet, such as the detector ID, IPSet ID, name, format, location, and status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - ipset_id, - name, - status - from - aws_guardduty_ipset - where - status = 'INACTIVE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n ipset_id,\n name,\n status\nfrom\n aws_guardduty_ipset\n\ + where\n status = 'INACTIVE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - GuardDuty +Title: List All Inactive IP Sets in AWS GuardDuty diff --git a/queries/aws_guardduty_member_1.yaml b/queries/aws_guardduty_member_1.yaml index 98dff354b..2e87242ce 100755 --- a/queries/aws_guardduty_member_1.yaml +++ b/queries/aws_guardduty_member_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS GuardDuty Member data, including member account + details, detector ID, invitation status, and relationship status. ID: aws_guardduty_member_1 -Title: "Find AWS GuardDuty Member Data, Details, and Status" -Description: "Allows users to query AWS GuardDuty Member data, including member account details, detector ID, invitation status, and relationship status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - member_account_id, - detector_id, - invited_at, - relationship_status - from - aws_guardduty_member; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n member_account_id,\n detector_id,\n invited_at,\n \ + \ relationship_status\nfrom\n aws_guardduty_member;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - GuardDuty +Title: Find AWS GuardDuty Member Data, Details, and Status diff --git a/queries/aws_guardduty_member_2.yaml b/queries/aws_guardduty_member_2.yaml index 416bf4b02..d79d9b928 100755 --- a/queries/aws_guardduty_member_2.yaml +++ b/queries/aws_guardduty_member_2.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS GuardDuty Member data, including member account + details, detector ID, invitation status, and relationship status. ID: aws_guardduty_member_2 -Title: "Find AWS GuardDuty Member Account Details and Status" -Description: "Allows users to query AWS GuardDuty Member data, including member account details, detector ID, invitation status, and relationship status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - member_account_id, - detector_id, - invited_at, - relationship_status - from - aws_guardduty_member - where - relationship_status = 'EmailVerificationFailed'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n member_account_id,\n detector_id,\n invited_at,\n \ + \ relationship_status\nfrom\n aws_guardduty_member\nwhere\n relationship_status\ + \ = 'EmailVerificationFailed';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - GuardDuty +Title: Find AWS GuardDuty Member Account Details and Status diff --git a/queries/aws_guardduty_member_3.yaml b/queries/aws_guardduty_member_3.yaml index 18e53025d..ac35ea108 100755 --- a/queries/aws_guardduty_member_3.yaml +++ b/queries/aws_guardduty_member_3.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS GuardDuty Member data, including member account + details, detector ID, invitation status, and relationship status. ID: aws_guardduty_member_3 -Title: "Find AWS GuardDuty Member Details" -Description: "Allows users to query AWS GuardDuty Member data, including member account details, detector ID, invitation status, and relationship status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - member_account_id, - detector_id, - invited_at, - relationship_status - from - aws_guardduty_member - where - invited_at is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n member_account_id,\n detector_id,\n invited_at,\n \ + \ relationship_status\nfrom\n aws_guardduty_member\nwhere\n invited_at is null;" Tags: cloud_data_security: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - GuardDuty +Title: Find AWS GuardDuty Member Details diff --git a/queries/aws_guardduty_member_4.yaml b/queries/aws_guardduty_member_4.yaml index ca2fe80f5..2dba668d3 100755 --- a/queries/aws_guardduty_member_4.yaml +++ b/queries/aws_guardduty_member_4.yaml @@ -1,31 +1,25 @@ +Description: Allows users to query AWS GuardDuty Member data, including member account + details, detector ID, invitation status, and relationship status. ID: aws_guardduty_member_4 -Title: "Find all AWS GuardDuty Member with details" -Description: "Allows users to query AWS GuardDuty Member data, including member account details, detector ID, invitation status, and relationship status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - member_account_id, - detector_id, - invited_at, - relationship_status - from - aws_guardduty_member - where - invited_at >= (now() - interval '10' day); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n member_account_id,\n detector_id,\n invited_at,\n \ + \ relationship_status\nfrom\n aws_guardduty_member\nwhere\n invited_at >= (now()\ + \ - interval '10' day);" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - GuardDuty +Title: Find all AWS GuardDuty Member with details diff --git a/queries/aws_guardduty_publishing_destination_1.yaml b/queries/aws_guardduty_publishing_destination_1.yaml index b6d3178bc..4a4b2f932 100755 --- a/queries/aws_guardduty_publishing_destination_1.yaml +++ b/queries/aws_guardduty_publishing_destination_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS GuardDuty Publishing Destinations to retrieve + information about where GuardDuty findings are published. ID: aws_guardduty_publishing_destination_1 -Title: "List AWS GuardDuty Publishing Destinations Info" -Description: "Allows users to query AWS GuardDuty Publishing Destinations to retrieve information about where GuardDuty findings are published." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - detector_id, - destination_id, - arn, - destination_arn, - status - from - aws_guardduty_publishing_destination; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n detector_id,\n destination_id,\n arn,\n destination_arn,\n\ + \ status\nfrom\n aws_guardduty_publishing_destination;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - GuardDuty +Title: List AWS GuardDuty Publishing Destinations Info diff --git a/queries/aws_guardduty_publishing_destination_2.yaml b/queries/aws_guardduty_publishing_destination_2.yaml index 46c36ce87..41d0817ec 100755 --- a/queries/aws_guardduty_publishing_destination_2.yaml +++ b/queries/aws_guardduty_publishing_destination_2.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS GuardDuty Publishing Destinations to retrieve + information about where GuardDuty findings are published. ID: aws_guardduty_publishing_destination_2 -Title: "Find AWS GuardDuty Publishing Destinations" -Description: "Allows users to query AWS GuardDuty Publishing Destinations to retrieve information about where GuardDuty findings are published." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - destination_id, - arn, - status - from - aws_guardduty_publishing_destination - where - status = 'PENDING_VERIFICATION'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n destination_id,\n arn,\n status\nfrom\n aws_guardduty_publishing_destination\n\ + where\n status = 'PENDING_VERIFICATION';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - GuardDuty +Title: Find AWS GuardDuty Publishing Destinations diff --git a/queries/aws_guardduty_publishing_destination_3.yaml b/queries/aws_guardduty_publishing_destination_3.yaml index be4b78787..792891ad8 100755 --- a/queries/aws_guardduty_publishing_destination_3.yaml +++ b/queries/aws_guardduty_publishing_destination_3.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS GuardDuty Publishing Destinations to retrieve + information about where GuardDuty findings are published. ID: aws_guardduty_publishing_destination_3 -Title: "List All AWS GuardDuty Publishing Destinations" -Description: "Allows users to query AWS GuardDuty Publishing Destinations to retrieve information about where GuardDuty findings are published." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - destination_id, - kms_key_arn, - status, - destination_type - from - aws_guardduty_publishing_destination - where - kms_key_arn is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n destination_id,\n kms_key_arn,\n status,\n destination_type\n\ + from\n aws_guardduty_publishing_destination\nwhere\n kms_key_arn is null;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - GuardDuty +Title: List All AWS GuardDuty Publishing Destinations diff --git a/queries/aws_guardduty_publishing_destination_4.yaml b/queries/aws_guardduty_publishing_destination_4.yaml index a1560cfc6..e74131041 100755 --- a/queries/aws_guardduty_publishing_destination_4.yaml +++ b/queries/aws_guardduty_publishing_destination_4.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS GuardDuty Publishing Destinations to retrieve + information about where GuardDuty findings are published. ID: aws_guardduty_publishing_destination_4 -Title: "List all AWS GuardDuty Publishing Destination Types" -Description: "Allows users to query AWS GuardDuty Publishing Destinations to retrieve information about where GuardDuty findings are published." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - destination_type, - count(destination_id) - from - aws_guardduty_publishing_destination - group by - destination_type - order by - count desc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n destination_type,\n count(destination_id)\nfrom\n aws_guardduty_publishing_destination\n\ + group by \n destination_type\norder by\n count desc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - GuardDuty +Title: List all AWS GuardDuty Publishing Destination Types diff --git a/queries/aws_guardduty_publishing_destination_5.yaml b/queries/aws_guardduty_publishing_destination_5.yaml index c48bb58c2..e9a2f1800 100755 --- a/queries/aws_guardduty_publishing_destination_5.yaml +++ b/queries/aws_guardduty_publishing_destination_5.yaml @@ -1,34 +1,23 @@ +Description: Allows users to query AWS GuardDuty Publishing Destinations to retrieve + information about where GuardDuty findings are published. ID: aws_guardduty_publishing_destination_5 -Title: "Find AWS GuardDuty Publishing Destinations" -Description: "Allows users to query AWS GuardDuty Publishing Destinations to retrieve information about where GuardDuty findings are published." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - d.destination_id, - d.destination_arn, - d.destination_type, - p ->> 'Sid' as sid, - p ->> 'Action' as policy_action, - p ->> 'Effect' as effect, - p -> 'Principal' ->> 'Service' as principal_service - from - aws_guardduty_publishing_destination as d, - aws_s3_bucket as s, - jsonb_array_elements(s.policy -> 'Statement') as p - where - d.destination_type = 'S3' - and - s.arn = d.destination_arn; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n d.destination_id,\n d.destination_arn,\n d.destination_type,\n\ + \ p ->> 'Sid' as sid,\n p ->> 'Action' as policy_action,\n p ->> 'Effect' as\ + \ effect,\n p -> 'Principal' ->> 'Service' as principal_service\nfrom\n aws_guardduty_publishing_destination\ + \ as d,\n aws_s3_bucket as s,\n jsonb_array_elements(s.policy -> 'Statement')\ + \ as p\nwhere\n d.destination_type = 'S3'\nand\n s.arn = d.destination_arn;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - GuardDuty +Title: Find AWS GuardDuty Publishing Destinations diff --git a/queries/aws_guardduty_publishing_destination_6.yaml b/queries/aws_guardduty_publishing_destination_6.yaml index 4c1fba53d..842835618 100755 --- a/queries/aws_guardduty_publishing_destination_6.yaml +++ b/queries/aws_guardduty_publishing_destination_6.yaml @@ -1,35 +1,25 @@ +Description: Allows users to query AWS GuardDuty Publishing Destinations to retrieve + information about where GuardDuty findings are published. ID: aws_guardduty_publishing_destination_6 -Title: "Find all AWS GuardDuty Publishing Destinations" -Description: "Allows users to query AWS GuardDuty Publishing Destinations to retrieve information about where GuardDuty findings are published." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - d.destination_id, - p ->> 'Sid' as sid, - p ->> 'Action' as policy_action, - p ->> 'Effect' as effect, - p ->> 'Principal' as policy_principal, - p ->> 'Condition' as policy_condition - from - aws_guardduty_publishing_destination as d, - aws_kms_key as k, - jsonb_array_elements(k.policy -> 'Statement') as p - where - d.kms_key_arn is not null - and - k.arn = d.kms_key_arn; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n d.destination_id,\n p ->> 'Sid' as sid,\n p ->> 'Action'\ + \ as policy_action,\n p ->> 'Effect' as effect,\n p ->> 'Principal' as policy_principal,\n\ + \ p ->> 'Condition' as policy_condition\nfrom\n aws_guardduty_publishing_destination\ + \ as d,\n aws_kms_key as k,\n jsonb_array_elements(k.policy -> 'Statement')\ + \ as p\nwhere\n d.kms_key_arn is not null\nand\n k.arn = d.kms_key_arn;" Tags: cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - GuardDuty +Title: Find all AWS GuardDuty Publishing Destinations diff --git a/queries/aws_guardduty_threat_intel_set_1.yaml b/queries/aws_guardduty_threat_intel_set_1.yaml index 5e94328e2..239bc45af 100755 --- a/queries/aws_guardduty_threat_intel_set_1.yaml +++ b/queries/aws_guardduty_threat_intel_set_1.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS GuardDuty ThreatIntelSet to fetch information + about threat intelligence sets that are associated with a GuardDuty detector. ID: aws_guardduty_threat_intel_set_1 -Title: "Find AWS GuardDuty ThreatIntelSet Information" -Description: "Allows users to query AWS GuardDuty ThreatIntelSet to fetch information about threat intelligence sets that are associated with a GuardDuty detector." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - detector_id, - threat_intel_set_id, - name, - format, - location - from - aws_guardduty_threat_intel_set; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n detector_id,\n threat_intel_set_id,\n name,\n format,\n\ + \ location\nfrom\n aws_guardduty_threat_intel_set;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - GuardDuty +Title: Find AWS GuardDuty ThreatIntelSet Information diff --git a/queries/aws_guardduty_threat_intel_set_2.yaml b/queries/aws_guardduty_threat_intel_set_2.yaml index 8259e9ba2..db7921437 100755 --- a/queries/aws_guardduty_threat_intel_set_2.yaml +++ b/queries/aws_guardduty_threat_intel_set_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS GuardDuty ThreatIntelSet to fetch information + about threat intelligence sets that are associated with a GuardDuty detector. ID: aws_guardduty_threat_intel_set_2 -Title: "Find all AWS GuardDuty ThreatIntelSet threat data" -Description: "Allows users to query AWS GuardDuty ThreatIntelSet to fetch information about threat intelligence sets that are associated with a GuardDuty detector." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - threat_intel_set_id, - status - from - aws_guardduty_threat_intel_set - where - status = 'INACTIVE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n threat_intel_set_id,\n status\nfrom\n aws_guardduty_threat_intel_set\n\ + where\n status = 'INACTIVE';" Tags: cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - GuardDuty +Title: Find all AWS GuardDuty ThreatIntelSet threat data diff --git a/queries/aws_health_affected_entity_1.yaml b/queries/aws_health_affected_entity_1.yaml index 2b42b1dfb..99e209d0c 100755 --- a/queries/aws_health_affected_entity_1.yaml +++ b/queries/aws_health_affected_entity_1.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query Affected Entities in AWS Health. The `aws_health_affected_entity` + table provides comprehensive details about each entity affected by AWS Health events. + It can be utilized to gain insights into the health status of AWS resources, allowing + for proactive monitoring and maintenance. ID: aws_health_affected_entity_1 -Title: "Find Health Status of AWS Resources via SQL" -Description: "Allows users to query Affected Entities in AWS Health. The `aws_health_affected_entity` table provides comprehensive details about each entity affected by AWS Health events. It can be utilized to gain insights into the health status of AWS resources, allowing for proactive monitoring and maintenance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - entity_url, - entity_value, - event_arn, - last_updated_time, - status_code - from - aws_health_affected_entity; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n entity_url,\n entity_value,\n event_arn,\n\ + \ last_updated_time,\n status_code\nfrom\n aws_health_affected_entity;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Health +Title: Find Health Status of AWS Resources via SQL diff --git a/queries/aws_health_affected_entity_2.yaml b/queries/aws_health_affected_entity_2.yaml index 675ea8a23..a28f35a14 100755 --- a/queries/aws_health_affected_entity_2.yaml +++ b/queries/aws_health_affected_entity_2.yaml @@ -1,31 +1,25 @@ +Description: Allows users to query Affected Entities in AWS Health. The `aws_health_affected_entity` + table provides comprehensive details about each entity affected by AWS Health events. + It can be utilized to gain insights into the health status of AWS resources, allowing + for proactive monitoring and maintenance. ID: aws_health_affected_entity_2 -Title: "List all AWS Health Affected Entities" -Description: "Allows users to query Affected Entities in AWS Health. The `aws_health_affected_entity` table provides comprehensive details about each entity affected by AWS Health events. It can be utilized to gain insights into the health status of AWS resources, allowing for proactive monitoring and maintenance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - entity_url, - entity_value, - event_arn, - last_updated_time, - status_code - from - aws_health_affected_entity - where - status_code = 'UNIMPAIRED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n entity_url,\n entity_value,\n event_arn,\n\ + \ last_updated_time,\n status_code\nfrom\n aws_health_affected_entity\nwhere\n\ + \ status_code = 'UNIMPAIRED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Health +Title: List all AWS Health Affected Entities diff --git a/queries/aws_health_affected_entity_3.yaml b/queries/aws_health_affected_entity_3.yaml index 765a0099a..7417f858a 100755 --- a/queries/aws_health_affected_entity_3.yaml +++ b/queries/aws_health_affected_entity_3.yaml @@ -1,30 +1,25 @@ +Description: Allows users to query Affected Entities in AWS Health. The `aws_health_affected_entity` + table provides comprehensive details about each entity affected by AWS Health events. + It can be utilized to gain insights into the health status of AWS resources, allowing + for proactive monitoring and maintenance. ID: aws_health_affected_entity_3 -Title: "List AWS Health Affected Entities with Detailed Insights" -Description: "Allows users to query Affected Entities in AWS Health. The `aws_health_affected_entity` table provides comprehensive details about each entity affected by AWS Health events. It can be utilized to gain insights into the health status of AWS resources, allowing for proactive monitoring and maintenance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - e.arn, - e.entity_url, - e.event_arn, - v.event_type_category, - v.event_type_code, - v.service - from - aws_health_affected_entity as e, - aws_health_event as v; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n e.arn,\n e.entity_url,\n e.event_arn,\n v.event_type_category,\n\ + \ v.event_type_code,\n v.service\nfrom\n aws_health_affected_entity as e,\n\ + \ aws_health_event as v;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Health +Title: List AWS Health Affected Entities with Detailed Insights diff --git a/queries/aws_health_event_1.yaml b/queries/aws_health_event_1.yaml index 260d92bd0..3cd739661 100755 --- a/queries/aws_health_event_1.yaml +++ b/queries/aws_health_event_1.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS Health Events to retrieve information about + events that affect your AWS services and accounts. ID: aws_health_event_1 -Title: "Query AWS Health Events Affecting Services and Accounts" -Description: "Allows users to query AWS Health Events to retrieve information about events that affect your AWS services and accounts." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - availability_zone, - start_time, - end_time, - event_type_category, - event_type_code, - event_scope_code, - service, - region - from - aws_health_event; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n availability_zone,\n start_time,\n end_time,\n\ + \ event_type_category,\n event_type_code,\n event_scope_code,\n service,\n\ + \ region\nfrom\n aws_health_event;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Health +Title: Query AWS Health Events Affecting Services and Accounts diff --git a/queries/aws_health_event_2.yaml b/queries/aws_health_event_2.yaml index 63a72ac83..1293c4ef5 100755 --- a/queries/aws_health_event_2.yaml +++ b/queries/aws_health_event_2.yaml @@ -1,25 +1,15 @@ +Description: Allows users to query AWS Health Events to retrieve information about + events that affect your AWS services and accounts. ID: aws_health_event_2 -Title: "" -Description: "Allows users to query AWS Health Events to retrieve information about events that affect your AWS services and accounts." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - start_time, - end_time, - event_type_category, - event_type_code, - event_scope_code, - status_code, - service - from - aws_health_event - where - status_code = 'upcoming'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n start_time,\n end_time,\n event_type_category,\n\ + \ event_type_code,\n event_scope_code,\n status_code,\n service\nfrom\n aws_health_event\n\ + where\n status_code = 'upcoming';" Tags: {} +Title: '' diff --git a/queries/aws_health_event_3.yaml b/queries/aws_health_event_3.yaml index 4ddc38000..74760863f 100755 --- a/queries/aws_health_event_3.yaml +++ b/queries/aws_health_event_3.yaml @@ -1,31 +1,21 @@ +Description: Allows users to query AWS Health Events to retrieve information about + events that affect your AWS services and accounts. ID: aws_health_event_3 -Title: "Find AWS Health Events Affecting Services and Accounts" -Description: "Allows users to query AWS Health Events to retrieve information about events that affect your AWS services and accounts." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - start_time, - end_time, - event_type_category, - event_type_code, - event_scope_code, - status_code, - service - from - aws_health_event - where - service = 'EC2'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n start_time,\n end_time,\n event_type_category,\n\ + \ event_type_code,\n event_scope_code,\n status_code,\n service\nfrom\n aws_health_event\n\ + where\n service = 'EC2';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Health Events +Title: Find AWS Health Events Affecting Services and Accounts diff --git a/queries/aws_health_event_4.yaml b/queries/aws_health_event_4.yaml index 4de91ec33..d6fdb340e 100755 --- a/queries/aws_health_event_4.yaml +++ b/queries/aws_health_event_4.yaml @@ -1,32 +1,21 @@ +Description: Allows users to query AWS Health Events to retrieve information about + events that affect your AWS services and accounts. ID: aws_health_event_4 -Title: "List all AWS Health Events affecting services and accounts" -Description: "Allows users to query AWS Health Events to retrieve information about events that affect your AWS services and accounts." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - availability_zone, - start_time, - end_time, - event_type_category, - event_type_code, - event_scope_code, - status_code, - service - from - aws_health_event - where - availability_zone = 'us-east-1a'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n availability_zone,\n start_time,\n end_time,\n\ + \ event_type_category,\n event_type_code,\n event_scope_code,\n status_code,\n\ + \ service\nfrom\n aws_health_event\nwhere\n availability_zone = 'us-east-1a';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Health +Title: List all AWS Health Events affecting services and accounts diff --git a/queries/aws_iam_access_advisor_1.yaml b/queries/aws_iam_access_advisor_1.yaml index acaf28de6..2416b824b 100755 --- a/queries/aws_iam_access_advisor_1.yaml +++ b/queries/aws_iam_access_advisor_1.yaml @@ -1,32 +1,24 @@ +Description: Allows users to query AWS IAM Access Advisor to retrieve information + about the service last accessed data for IAM entities (users, groups, and roles). ID: aws_iam_access_advisor_1 -Title: "Find AWS IAM Access Info via SQL Query" -Description: "Allows users to query AWS IAM Access Advisor to retrieve information about the service last accessed data for IAM entities (users, groups, and roles)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - principal_arn, - service_name, - last_authenticated, - age(last_authenticated::date) - from - aws_iam_access_advisor - where - principal_arn = 'arn:aws:iam::123456789123:user/john' - and last_authenticated is not null - order by - age asc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n principal_arn,\n service_name,\n last_authenticated,\n\ + \ age(last_authenticated::date) \nfrom \n aws_iam_access_advisor\nwhere\n principal_arn\ + \ = 'arn:aws:iam::123456789123:user/john'\n and last_authenticated is not null\n\ + order by \n age asc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM Access Advisor +Title: Find AWS IAM Access Info via SQL Query diff --git a/queries/aws_iam_access_advisor_2.yaml b/queries/aws_iam_access_advisor_2.yaml index bf24f7418..2b54e34f3 100755 --- a/queries/aws_iam_access_advisor_2.yaml +++ b/queries/aws_iam_access_advisor_2.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS IAM Access Advisor to retrieve information + about the service last accessed data for IAM entities (users, groups, and roles). ID: aws_iam_access_advisor_2 -Title: "List all AWS IAM entities with no recent service access" -Description: "Allows users to query AWS IAM Access Advisor to retrieve information about the service last accessed data for IAM entities (users, groups, and roles)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - principal_arn, - service_name - from - aws_iam_access_advisor - where - principal_arn = 'arn:aws:iam::123456789123:role/turbot/admin' - and last_authenticated is null - order by - service_name - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n principal_arn,\n service_name\nfrom \n aws_iam_access_advisor\n\ + where\n principal_arn = 'arn:aws:iam::123456789123:role/turbot/admin'\n and\ + \ last_authenticated is null\norder by \n service_name" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM Access Advisor +Title: List all AWS IAM entities with no recent service access diff --git a/queries/aws_iam_access_advisor_3.yaml b/queries/aws_iam_access_advisor_3.yaml index f7147210a..409da2cd0 100755 --- a/queries/aws_iam_access_advisor_3.yaml +++ b/queries/aws_iam_access_advisor_3.yaml @@ -1,34 +1,24 @@ +Description: Allows users to query AWS IAM Access Advisor to retrieve information + about the service last accessed data for IAM entities (users, groups, and roles). ID: aws_iam_access_advisor_3 -Title: "Find AWS IAM Access Advisor Info for Service Access Data" -Description: "Allows users to query AWS IAM Access Advisor to retrieve information about the service last accessed data for IAM entities (users, groups, and roles)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - principal_arn, - service_name, - last_authenticated, - age(last_authenticated::date), - last_authenticated_entity, - last_authenticated_region - from - aws_iam_access_advisor - where - principal_arn = 'arn:aws:iam::aws:policy/AdministratorAccess' - and last_authenticated is not null - order by - age asc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n principal_arn,\n service_name,\n last_authenticated,\n\ + \ age(last_authenticated::date),\n last_authenticated_entity,\n last_authenticated_region\n\ + from \n aws_iam_access_advisor\nwhere\n principal_arn = 'arn:aws:iam::aws:policy/AdministratorAccess'\n\ + \ and last_authenticated is not null\norder by \n age asc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM Access Advisor +Title: Find AWS IAM Access Advisor Info for Service Access Data diff --git a/queries/aws_iam_access_advisor_4.yaml b/queries/aws_iam_access_advisor_4.yaml index cbe94f006..3a07be73f 100755 --- a/queries/aws_iam_access_advisor_4.yaml +++ b/queries/aws_iam_access_advisor_4.yaml @@ -1,41 +1,29 @@ +Description: Allows users to query AWS IAM Access Advisor to retrieve information + about the service last accessed data for IAM entities (users, groups, and roles). ID: aws_iam_access_advisor_4 -Title: "Find AWS IAM Access Advisor Data for User Entities" -Description: "Allows users to query AWS IAM Access Advisor to retrieve information about the service last accessed data for IAM entities (users, groups, and roles)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - adv.service_name, - action as action_granted, - attached as granted_in, - adv.service_namespace - from - aws_iam_access_advisor as adv, - aws_iam_role as r, - jsonb_array_elements_text(r.attached_policy_arns) as attached, - aws_iam_policy as p, - jsonb_array_elements(p.policy_std -> 'Statement') as stmt, - jsonb_array_elements_text(stmt -> 'Action') as action - where - principal_arn = 'arn:aws:iam::123456789123:role/turbot/admin' - and r.arn = adv.principal_arn - and last_authenticated is null - and attached = p.arn - and stmt ->> 'Effect' = 'Allow' - and action like adv.service_namespace || ':%' - order by - adv.service_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n adv.service_name,\n action as action_granted,\n attached\ + \ as granted_in,\n adv.service_namespace\nfrom \n aws_iam_access_advisor as\ + \ adv,\n aws_iam_role as r,\n jsonb_array_elements_text(r.attached_policy_arns)\ + \ as attached,\n aws_iam_policy as p, \n jsonb_array_elements(p.policy_std\ + \ -> 'Statement') as stmt,\n jsonb_array_elements_text(stmt -> 'Action') as action\n\ + where\n principal_arn = 'arn:aws:iam::123456789123:role/turbot/admin'\n and\ + \ r.arn = adv.principal_arn\n and last_authenticated is null\n and attached\ + \ = p.arn\n and stmt ->> 'Effect' = 'Allow'\n and action like adv.service_namespace\ + \ || ':%'\norder by \n adv.service_name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find AWS IAM Access Advisor Data for User Entities diff --git a/queries/aws_iam_access_advisor_5.yaml b/queries/aws_iam_access_advisor_5.yaml index 1e2bbfa1c..1f1fbc9c8 100755 --- a/queries/aws_iam_access_advisor_5.yaml +++ b/queries/aws_iam_access_advisor_5.yaml @@ -1,36 +1,26 @@ +Description: Allows users to query AWS IAM Access Advisor to retrieve information + about the service last accessed data for IAM entities (users, groups, and roles). ID: aws_iam_access_advisor_5 -Title: "Find All AWS IAM Access Advisor Last Access Data" -Description: "Allows users to query AWS IAM Access Advisor to retrieve information about the service last accessed data for IAM entities (users, groups, and roles)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - principal_arn, - service_name, - last_authenticated, - age(last_authenticated::date), - a ->> 'ActionName' as action_name, - a ->> 'LastAccessedEntity' as action_last_accessed_entity, - a ->> 'LastAccessedRegion' as action_last_accessed_region, - a ->> 'LastAccessedTime' as action_last_accessed_time - from - aws_iam_access_advisor, - jsonb_array_elements(tracked_actions_last_accessed) as a - where - principal_arn = 'arn:aws:iam::123456789123:user/jane' - and last_authenticated is not null - and service_namespace = 's3' - order by - age asc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n principal_arn,\n service_name,\n last_authenticated,\n\ + \ age(last_authenticated::date),\n a ->> 'ActionName' as action_name,\n a ->>\ + \ 'LastAccessedEntity' as action_last_accessed_entity,\n a ->> 'LastAccessedRegion'\ + \ as action_last_accessed_region,\n a ->> 'LastAccessedTime' as action_last_accessed_time\n\ + from \n aws_iam_access_advisor,\n jsonb_array_elements(tracked_actions_last_accessed)\ + \ as a\nwhere\n principal_arn = 'arn:aws:iam::123456789123:user/jane'\n and\ + \ last_authenticated is not null\n and service_namespace = 's3'\norder by \n\ + \ age asc;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM Access Advisor +Title: Find All AWS IAM Access Advisor Last Access Data diff --git a/queries/aws_iam_access_advisor_6.yaml b/queries/aws_iam_access_advisor_6.yaml index bdc559904..4368564b2 100755 --- a/queries/aws_iam_access_advisor_6.yaml +++ b/queries/aws_iam_access_advisor_6.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS IAM Access Advisor to retrieve information + about the service last accessed data for IAM entities (users, groups, and roles). ID: aws_iam_access_advisor_6 -Title: "List IAM Access Advisor Data for AWS Entities" -Description: "Allows users to query AWS IAM Access Advisor to retrieve information about the service last accessed data for IAM entities (users, groups, and roles)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - principal_arn, - service_name - from - aws_iam_user as u, - aws_iam_access_advisor as adv - where - adv.principal_arn = u.arn - and last_authenticated is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n principal_arn,\n service_name\nfrom\n aws_iam_user\ + \ as u,\n aws_iam_access_advisor as adv\nwhere\n adv.principal_arn = u.arn\n\ + \ and last_authenticated is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM Access Advisor +Title: List IAM Access Advisor Data for AWS Entities diff --git a/queries/aws_iam_access_key_1.yaml b/queries/aws_iam_access_key_1.yaml index c09a80d57..d613fac56 100755 --- a/queries/aws_iam_access_key_1.yaml +++ b/queries/aws_iam_access_key_1.yaml @@ -1,26 +1,23 @@ +Description: Allows users to query IAM Access Keys in AWS to obtain details about + the access keys associated with an IAM user. This includes the access key ID, status, + creation date, and more. ID: aws_iam_access_key_1 -Title: "Find AWS IAM User Access Keys Details" -Description: "Allows users to query IAM Access Keys in AWS to obtain details about the access keys associated with an IAM user. This includes the access key ID, status, creation date, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - access_key_id, - user_name, - create_date - from - aws_iam_access_key; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n access_key_id,\n user_name,\n create_date\nfrom\n \ + \ aws_iam_access_key;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find AWS IAM User Access Keys Details diff --git a/queries/aws_iam_access_key_2.yaml b/queries/aws_iam_access_key_2.yaml index 50ed18c1e..34e7c75d0 100755 --- a/queries/aws_iam_access_key_2.yaml +++ b/queries/aws_iam_access_key_2.yaml @@ -1,30 +1,25 @@ +Description: Allows users to query IAM Access Keys in AWS to obtain details about + the access keys associated with an IAM user. This includes the access key ID, status, + creation date, and more. ID: aws_iam_access_key_2 -Title: "Find Inactive IAM Access Keys with AWS via SQL" -Description: "Allows users to query IAM Access Keys in AWS to obtain details about the access keys associated with an IAM user. This includes the access key ID, status, creation date, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - access_key_id, - user_name, - status - from - aws_iam_access_key - where - status = 'Inactive'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n access_key_id,\n user_name,\n status\nfrom\n aws_iam_access_key\n\ + where\n status = 'Inactive';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find Inactive IAM Access Keys with AWS via SQL diff --git a/queries/aws_iam_access_key_3.yaml b/queries/aws_iam_access_key_3.yaml index 5d5be57b4..6de039e08 100755 --- a/queries/aws_iam_access_key_3.yaml +++ b/queries/aws_iam_access_key_3.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query IAM Access Keys in AWS to obtain details about + the access keys associated with an IAM user. This includes the access key ID, status, + creation date, and more. ID: aws_iam_access_key_3 -Title: "List all AWS IAM Access Keys with User Details" -Description: "Allows users to query IAM Access Keys in AWS to obtain details about the access keys associated with an IAM user. This includes the access key ID, status, creation date, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - user_name, - count (access_key_id) as access_key_count - from - aws_iam_access_key - group by - user_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n user_name,\n count (access_key_id) as access_key_count\n\ + from\n aws_iam_access_key\ngroup by\n user_name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM Access Keys +Title: List all AWS IAM Access Keys with User Details diff --git a/queries/aws_iam_account_password_policy_1.yaml b/queries/aws_iam_account_password_policy_1.yaml index 78540d28d..a466933c7 100755 --- a/queries/aws_iam_account_password_policy_1.yaml +++ b/queries/aws_iam_account_password_policy_1.yaml @@ -1,33 +1,25 @@ +Description: Allows users to query AWS IAM Account Password Policies to gain insights + about password policy details such as minimum password length, password expiration + period, and whether it requires at least one number or symbol. ID: aws_iam_account_password_policy_1 -Title: "Find AWS IAM Account Password Policy Details" -Description: "Allows users to query AWS IAM Account Password Policies to gain insights about password policy details such as minimum password length, password expiration period, and whether it requires at least one number or symbol." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - allow_users_to_change_password, - expire_passwords, - hard_expiry, - max_password_age, - minimum_password_length, - password_reuse_prevention, - require_lowercase_characters, - require_numbers, - require_symbols, - require_uppercase_characters - from - aws_iam_account_password_policy; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n allow_users_to_change_password,\n expire_passwords,\n\ + \ hard_expiry,\n max_password_age,\n minimum_password_length,\n password_reuse_prevention,\n\ + \ require_lowercase_characters,\n require_numbers,\n require_symbols,\n require_uppercase_characters\n\ + from\n aws_iam_account_password_policy;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find AWS IAM Account Password Policy Details diff --git a/queries/aws_iam_account_password_policy_2.yaml b/queries/aws_iam_account_password_policy_2.yaml index 5ad888dc4..c61443d88 100755 --- a/queries/aws_iam_account_password_policy_2.yaml +++ b/queries/aws_iam_account_password_policy_2.yaml @@ -1,22 +1,20 @@ +Description: Allows users to query AWS IAM Account Password Policies to gain insights + about password policy details such as minimum password length, password expiration + period, and whether it requires at least one number or symbol. ID: aws_iam_account_password_policy_2 -Title: "Find AWS IAM Account Password Policy Requirements" -Description: "Allows users to query AWS IAM Account Password Policies to gain insights about password policy details such as minimum password length, password expiration period, and whether it requires at least one number or symbol." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - require_uppercase_characters - from - aws_iam_account_password_policy; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n require_uppercase_characters\nfrom\n aws_iam_account_password_policy;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find AWS IAM Account Password Policy Requirements diff --git a/queries/aws_iam_account_password_policy_3.yaml b/queries/aws_iam_account_password_policy_3.yaml index bea21892f..af514e678 100755 --- a/queries/aws_iam_account_password_policy_3.yaml +++ b/queries/aws_iam_account_password_policy_3.yaml @@ -1,22 +1,20 @@ +Description: Allows users to query AWS IAM Account Password Policies to gain insights + about password policy details such as minimum password length, password expiration + period, and whether it requires at least one number or symbol. ID: aws_iam_account_password_policy_3 -Title: "Find AWS IAM Account Password Policy Details" -Description: "Allows users to query AWS IAM Account Password Policies to gain insights about password policy details such as minimum password length, password expiration period, and whether it requires at least one number or symbol." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - require_lowercase_characters - from - aws_iam_account_password_policy; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n require_lowercase_characters\nfrom\n aws_iam_account_password_policy;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find AWS IAM Account Password Policy Details diff --git a/queries/aws_iam_account_password_policy_4.yaml b/queries/aws_iam_account_password_policy_4.yaml index 2bda251a3..3f6dfbaec 100755 --- a/queries/aws_iam_account_password_policy_4.yaml +++ b/queries/aws_iam_account_password_policy_4.yaml @@ -1,24 +1,22 @@ +Description: Allows users to query AWS IAM Account Password Policies to gain insights + about password policy details such as minimum password length, password expiration + period, and whether it requires at least one number or symbol. ID: aws_iam_account_password_policy_4 -Title: "Find AWS IAM Account Password Policy Requirements" -Description: "Allows users to query AWS IAM Account Password Policies to gain insights about password policy details such as minimum password length, password expiration period, and whether it requires at least one number or symbol." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - require_symbols - from - aws_iam_account_password_policy; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n require_symbols\nfrom\n aws_iam_account_password_policy;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM Account Password Policies +Title: Find AWS IAM Account Password Policy Requirements diff --git a/queries/aws_iam_account_password_policy_5.yaml b/queries/aws_iam_account_password_policy_5.yaml index 865be5e48..0dc51c413 100755 --- a/queries/aws_iam_account_password_policy_5.yaml +++ b/queries/aws_iam_account_password_policy_5.yaml @@ -1,24 +1,22 @@ +Description: Allows users to query AWS IAM Account Password Policies to gain insights + about password policy details such as minimum password length, password expiration + period, and whether it requires at least one number or symbol. ID: aws_iam_account_password_policy_5 -Title: "List AWS IAM Account Password Policies with SQL" -Description: "Allows users to query AWS IAM Account Password Policies to gain insights about password policy details such as minimum password length, password expiration period, and whether it requires at least one number or symbol." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - require_numbers - from - aws_iam_account_password_policy; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n require_numbers\nfrom\n aws_iam_account_password_policy;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: List AWS IAM Account Password Policies with SQL diff --git a/queries/aws_iam_account_password_policy_6.yaml b/queries/aws_iam_account_password_policy_6.yaml index 4f33ebad4..e97c6b7af 100755 --- a/queries/aws_iam_account_password_policy_6.yaml +++ b/queries/aws_iam_account_password_policy_6.yaml @@ -1,24 +1,22 @@ +Description: Allows users to query AWS IAM Account Password Policies to gain insights + about password policy details such as minimum password length, password expiration + period, and whether it requires at least one number or symbol. ID: aws_iam_account_password_policy_6 -Title: "Find AWS IAM Account Password Policies Details" -Description: "Allows users to query AWS IAM Account Password Policies to gain insights about password policy details such as minimum password length, password expiration period, and whether it requires at least one number or symbol." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - minimum_password_length >= 14 - from - aws_iam_account_password_policy; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n minimum_password_length >= 14\nfrom\n aws_iam_account_password_policy;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find AWS IAM Account Password Policies Details diff --git a/queries/aws_iam_account_password_policy_7.yaml b/queries/aws_iam_account_password_policy_7.yaml index c4ce08dae..9e998536f 100755 --- a/queries/aws_iam_account_password_policy_7.yaml +++ b/queries/aws_iam_account_password_policy_7.yaml @@ -1,22 +1,20 @@ +Description: Allows users to query AWS IAM Account Password Policies to gain insights + about password policy details such as minimum password length, password expiration + period, and whether it requires at least one number or symbol. ID: aws_iam_account_password_policy_7 -Title: "Find AWS IAM Account Password Policies with SQL" -Description: "Allows users to query AWS IAM Account Password Policies to gain insights about password policy details such as minimum password length, password expiration period, and whether it requires at least one number or symbol." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - password_reuse_prevention - from - aws_iam_account_password_policy; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n password_reuse_prevention\nfrom\n aws_iam_account_password_policy;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find AWS IAM Account Password Policies with SQL diff --git a/queries/aws_iam_account_password_policy_8.yaml b/queries/aws_iam_account_password_policy_8.yaml index 6caad373c..faabca7fd 100755 --- a/queries/aws_iam_account_password_policy_8.yaml +++ b/queries/aws_iam_account_password_policy_8.yaml @@ -1,24 +1,23 @@ +Description: Allows users to query AWS IAM Account Password Policies to gain insights + about password policy details such as minimum password length, password expiration + period, and whether it requires at least one number or symbol. ID: aws_iam_account_password_policy_8 -Title: "Find AWS IAM Account Password Policies" -Description: "Allows users to query AWS IAM Account Password Policies to gain insights about password policy details such as minimum password length, password expiration period, and whether it requires at least one number or symbol." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - (expire_passwords and max_password_age <= 90) - from - aws_iam_account_password_policy; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n (expire_passwords and max_password_age <= 90)\nfrom\n\ + \ aws_iam_account_password_policy;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find AWS IAM Account Password Policies diff --git a/queries/aws_iam_account_summary_1.yaml b/queries/aws_iam_account_summary_1.yaml index f6a845eaa..3a4949c8f 100755 --- a/queries/aws_iam_account_summary_1.yaml +++ b/queries/aws_iam_account_summary_1.yaml @@ -1,24 +1,21 @@ +Description: Allows users to query AWS IAM Account Summary to get a detailed overview + of the account''s IAM usage and resource consumption. ID: aws_iam_account_summary_1 -Title: "List AWS IAM Account Summary Overview and Resource Usage" -Description: "Allows users to query AWS IAM Account Summary to get a detailed overview of the account''s IAM usage and resource consumption." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - * - from - aws_iam_account_summary; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n *\nfrom\n aws_iam_account_summary;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Identity and Access Management +Title: List AWS IAM Account Summary Overview and Resource Usage diff --git a/queries/aws_iam_account_summary_2.yaml b/queries/aws_iam_account_summary_2.yaml index 79847b28e..9ced5f759 100755 --- a/queries/aws_iam_account_summary_2.yaml +++ b/queries/aws_iam_account_summary_2.yaml @@ -1,22 +1,19 @@ +Description: Allows users to query AWS IAM Account Summary to get a detailed overview + of the account''s IAM usage and resource consumption. ID: aws_iam_account_summary_2 -Title: "Find AWS IAM Account Summary with SQL Query" -Description: "Allows users to query AWS IAM Account Summary to get a detailed overview of the account''s IAM usage and resource consumption." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - account_mfa_enabled - from - aws_iam_account_summary; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n account_mfa_enabled\nfrom\n aws_iam_account_summary;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Identity and Access Management +Title: Find AWS IAM Account Summary with SQL Query diff --git a/queries/aws_iam_account_summary_3.yaml b/queries/aws_iam_account_summary_3.yaml index 5810815a8..b5cde8dc5 100755 --- a/queries/aws_iam_account_summary_3.yaml +++ b/queries/aws_iam_account_summary_3.yaml @@ -1,25 +1,19 @@ +Description: Allows users to query AWS IAM Account Summary to get a detailed overview + of the account''s IAM usage and resource consumption. ID: aws_iam_account_summary_3 -Title: "Find AWS IAM Account Summary Details" -Description: "Allows users to query AWS IAM Account Summary to get a detailed overview of the account''s IAM usage and resource consumption." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - users, - groups, - roles, - policies - from - aws_iam_account_summary; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n users,\n groups,\n roles,\n policies\nfrom\n aws_iam_account_summary;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find AWS IAM Account Summary Details diff --git a/queries/aws_iam_action_1.yaml b/queries/aws_iam_action_1.yaml index 1ce25e18e..5ceb6f923 100755 --- a/queries/aws_iam_action_1.yaml +++ b/queries/aws_iam_action_1.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query IAM Actions in AWS Identity and Access Management + (IAM). ID: aws_iam_action_1 -Title: "Find IAM Actions in AWS IAM with SQL" -Description: "Allows users to query IAM Actions in AWS Identity and Access Management (IAM)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - action, - description - from - aws_iam_action - where - prefix = 's3' - order by - action; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n action,\n description\nfrom\n aws_iam_action\nwhere\n\ + \ prefix = 's3'\norder by\n action;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Identity and Access Management +Title: Find IAM Actions in AWS IAM with SQL diff --git a/queries/aws_iam_action_2.yaml b/queries/aws_iam_action_2.yaml index 396e38b9c..a7db1d8b0 100755 --- a/queries/aws_iam_action_2.yaml +++ b/queries/aws_iam_action_2.yaml @@ -1,24 +1,20 @@ +Description: Allows users to query IAM Actions in AWS Identity and Access Management + (IAM). ID: aws_iam_action_2 -Title: "Find all IAM Actions in AWS Identity and Access Management" -Description: "Allows users to query IAM Actions in AWS Identity and Access Management (IAM)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - description - from - aws_iam_action - where - action = 's3:deleteobject'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n description\nfrom\n aws_iam_action\nwhere\n action\ + \ = 's3:deleteobject';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Identity and Access Management +Title: Find all IAM Actions in AWS Identity and Access Management diff --git a/queries/aws_iam_action_3.yaml b/queries/aws_iam_action_3.yaml index ab737f329..35e14fb31 100755 --- a/queries/aws_iam_action_3.yaml +++ b/queries/aws_iam_action_3.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query IAM Actions in AWS Identity and Access Management + (IAM). ID: aws_iam_action_3 -Title: "Find IAM Actions in AWS Identity and Access Management" -Description: "Allows users to query IAM Actions in AWS Identity and Access Management (IAM)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - a.action, - a.description - from - aws_iam_action as a, - glob('s3:d*') as action_name - where - a.action like action_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n a.action,\n a.description\nfrom\n aws_iam_action as\ + \ a,\n glob('s3:d*') as action_name\nwhere\n a.action like action_name;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Identity and Access Management +Title: Find IAM Actions in AWS Identity and Access Management diff --git a/queries/aws_iam_action_4.yaml b/queries/aws_iam_action_4.yaml index b3102702b..fd9f8e0a2 100755 --- a/queries/aws_iam_action_4.yaml +++ b/queries/aws_iam_action_4.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query IAM Actions in AWS Identity and Access Management + (IAM). ID: aws_iam_action_4 -Title: "Find IAM Actions in AWS Identity and Access Management" -Description: "Allows users to query IAM Actions in AWS Identity and Access Management (IAM)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - a.action, - a.access_level - from - aws_iam_policy p, - jsonb_array_elements(p.policy_std -> 'Statement') as stmt, - jsonb_array_elements_text(stmt -> 'Action') as action_glob, - glob(action_glob) as action_regex - join aws_iam_action a ON a.action LIKE action_regex - where - p.name = 'AmazonEC2ReadOnlyAccess' - and stmt ->> 'Effect' = 'Allow' - order by - a.action; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n a.action,\n a.access_level\nfrom\n aws_iam_policy p,\n\ + \ jsonb_array_elements(p.policy_std -> 'Statement') as stmt,\n jsonb_array_elements_text(stmt\ + \ -> 'Action') as action_glob,\n glob(action_glob) as action_regex\n join aws_iam_action\ + \ a ON a.action LIKE action_regex\nwhere\n p.name = 'AmazonEC2ReadOnlyAccess'\n\ + \ and stmt ->> 'Effect' = 'Allow'\norder by\n a.action;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Identity and Access Management (IAM) +Title: Find IAM Actions in AWS Identity and Access Management diff --git a/queries/aws_iam_action_5.yaml b/queries/aws_iam_action_5.yaml index 501fd2774..6bbba4dc6 100755 --- a/queries/aws_iam_action_5.yaml +++ b/queries/aws_iam_action_5.yaml @@ -1,40 +1,27 @@ +Description: Allows users to query IAM Actions in AWS Identity and Access Management + (IAM). ID: aws_iam_action_5 -Title: "Find AWS IAM Actions in AWS Identity and Access Management" -Description: "Allows users to query IAM Actions in AWS Identity and Access Management (IAM)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - f.name, - f.role, - a.action, - a.access_level, - a.description - from - aws_lambda_function as f, - aws_iam_role as r, - jsonb_array_elements_text(r.attached_policy_arns) as pol_arn, - aws_iam_policy as p, - jsonb_array_elements(p.policy_std -> 'Statement') as stmt, - jsonb_array_elements_text(stmt -> 'Action') as action_glob, - glob(action_glob) as action_regex - join aws_iam_action a ON a.action LIKE action_regex - where - f.role = r.arn - and pol_arn = p.arn - and stmt ->> 'Effect' = 'Allow' - and f.name = 'hellopython'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n f.name,\n f.role,\n a.action,\n a.access_level,\n\ + \ a.description\nfrom \n aws_lambda_function as f,\n aws_iam_role as r,\n \ + \ jsonb_array_elements_text(r.attached_policy_arns) as pol_arn,\n aws_iam_policy\ + \ as p,\n jsonb_array_elements(p.policy_std -> 'Statement') as stmt,\n jsonb_array_elements_text(stmt\ + \ -> 'Action') as action_glob,\n glob(action_glob) as action_regex\n join aws_iam_action\ + \ a ON a.action LIKE action_regex\nwhere\n f.role = r.arn\n and pol_arn = p.arn\ + \ \n and stmt ->> 'Effect' = 'Allow'\n and f.name = 'hellopython';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Identity and Access Management +Title: Find AWS IAM Actions in AWS Identity and Access Management diff --git a/queries/aws_iam_credential_report_1.yaml b/queries/aws_iam_credential_report_1.yaml index 7d8389496..4cd66e975 100755 --- a/queries/aws_iam_credential_report_1.yaml +++ b/queries/aws_iam_credential_report_1.yaml @@ -1,25 +1,22 @@ +Description: Allows users to query AWS IAM Credential Reports, providing a comprehensive + overview of the AWS Identity and Access Management (IAM) users, their status, and + credential usage. ID: aws_iam_credential_report_1 -Title: "Find AWS IAM Credential Reports for Users with Activity" -Description: "Allows users to query AWS IAM Credential Reports, providing a comprehensive overview of the AWS Identity and Access Management (IAM) users, their status, and credential usage." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - user_name - from - aws_iam_credential_report - where - password_enabled - and password_last_used > (current_date - interval '90' day); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n user_name\nfrom\n aws_iam_credential_report\nwhere\n\ + \ password_enabled\n and password_last_used > (current_date - interval '90'\ + \ day);" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Identity and Access Management +Title: Find AWS IAM Credential Reports for Users with Activity diff --git a/queries/aws_iam_credential_report_2.yaml b/queries/aws_iam_credential_report_2.yaml index e3ea4b89f..f04db84e6 100755 --- a/queries/aws_iam_credential_report_2.yaml +++ b/queries/aws_iam_credential_report_2.yaml @@ -1,33 +1,26 @@ +Description: Allows users to query AWS IAM Credential Reports, providing a comprehensive + overview of the AWS Identity and Access Management (IAM) users, their status, and + credential usage. ID: aws_iam_credential_report_2 -Title: "Find AWS IAM Credential Reports and User Statuses" -Description: "Allows users to query AWS IAM Credential Reports, providing a comprehensive overview of the AWS Identity and Access Management (IAM) users, their status, and credential usage." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - user_name, - password_last_used, - age(password_last_used) - from - aws_iam_credential_report - where - password_enabled - and password_last_used <= (current_date - interval '90' day) - order by - password_last_used; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n user_name,\n password_last_used,\n age(password_last_used)\n\ + from\n aws_iam_credential_report\nwhere\n password_enabled\n and password_last_used\ + \ <= (current_date - interval '90' day)\norder by\n password_last_used;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find AWS IAM Credential Reports and User Statuses diff --git a/queries/aws_iam_credential_report_3.yaml b/queries/aws_iam_credential_report_3.yaml index eb5ee861a..3d27b704b 100755 --- a/queries/aws_iam_credential_report_3.yaml +++ b/queries/aws_iam_credential_report_3.yaml @@ -1,24 +1,21 @@ +Description: Allows users to query AWS IAM Credential Reports, providing a comprehensive + overview of the AWS Identity and Access Management (IAM) users, their status, and + credential usage. ID: aws_iam_credential_report_3 -Title: "Find AWS IAM Users with Never Used Passwords" -Description: "Allows users to query AWS IAM Credential Reports, providing a comprehensive overview of the AWS Identity and Access Management (IAM) users, their status, and credential usage." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - user_name - from - aws_iam_credential_report - where - password_status = 'never_used'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n user_name\nfrom\n aws_iam_credential_report\nwhere\n\ + \ password_status = 'never_used';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM Credential Reports +Title: Find AWS IAM Users with Never Used Passwords diff --git a/queries/aws_iam_credential_report_4.yaml b/queries/aws_iam_credential_report_4.yaml index dc100eb8a..02c766bb9 100755 --- a/queries/aws_iam_credential_report_4.yaml +++ b/queries/aws_iam_credential_report_4.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS IAM Credential Reports, providing a comprehensive + overview of the AWS Identity and Access Management (IAM) users, their status, and + credential usage. ID: aws_iam_credential_report_4 -Title: "Find all AWS IAM Credential Reports for Key Rotation" -Description: "Allows users to query AWS IAM Credential Reports, providing a comprehensive overview of the AWS Identity and Access Management (IAM) users, their status, and credential usage." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - user_name, - access_key_1_last_rotated, - age(access_key_1_last_rotated) as access_key_1_age, - access_key_2_last_rotated, - age(access_key_2_last_rotated) as access_key_2_age - from - aws_iam_credential_report - where - access_key_1_last_rotated <= (current_date - interval '90' day) - or access_key_2_last_rotated <= (current_date - interval '90' day) - order by - user_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n user_name,\n access_key_1_last_rotated,\n age(access_key_1_last_rotated)\ + \ as access_key_1_age,\n access_key_2_last_rotated,\n age(access_key_2_last_rotated)\ + \ as access_key_2_age\nfrom\n aws_iam_credential_report\nwhere\n access_key_1_last_rotated\ + \ <= (current_date - interval '90' day)\n or access_key_2_last_rotated <= (current_date\ + \ - interval '90' day)\norder by\n user_name;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Identity and Access Management (IAM) +Title: Find all AWS IAM Credential Reports for Key Rotation diff --git a/queries/aws_iam_credential_report_5.yaml b/queries/aws_iam_credential_report_5.yaml index 490b0d7f6..97ca907f8 100755 --- a/queries/aws_iam_credential_report_5.yaml +++ b/queries/aws_iam_credential_report_5.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS IAM Credential Reports, providing a comprehensive + overview of the AWS Identity and Access Management (IAM) users, their status, and + credential usage. ID: aws_iam_credential_report_5 -Title: "Find AWS IAM Users Without MFA and With Password Enabled" -Description: "Allows users to query AWS IAM Credential Reports, providing a comprehensive overview of the AWS Identity and Access Management (IAM) users, their status, and credential usage." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - user_name, - mfa_active, - password_enabled - from - aws_iam_credential_report - where - password_enabled - and not mfa_active; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n user_name,\n mfa_active,\n password_enabled\nfrom\n\ + \ aws_iam_credential_report\nwhere\n password_enabled\n and not mfa_active;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM Credential Report +Title: Find AWS IAM Users Without MFA and With Password Enabled diff --git a/queries/aws_iam_credential_report_6.yaml b/queries/aws_iam_credential_report_6.yaml index c59318096..17175014b 100755 --- a/queries/aws_iam_credential_report_6.yaml +++ b/queries/aws_iam_credential_report_6.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS IAM Credential Reports, providing a comprehensive + overview of the AWS Identity and Access Management (IAM) users, their status, and + credential usage. ID: aws_iam_credential_report_6 -Title: "List all AWS IAM users and their credential status" -Description: "Allows users to query AWS IAM Credential Reports, providing a comprehensive overview of the AWS Identity and Access Management (IAM) users, their status, and credential usage." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - user_name, - mfa_active - from - aws_iam_credential_report - where - user_name = ''; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n user_name,\n mfa_active\nfrom\n aws_iam_credential_report\n\ + where\n user_name = '';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM Credential Report +Title: List all AWS IAM users and their credential status diff --git a/queries/aws_iam_group_1.yaml b/queries/aws_iam_group_1.yaml index 3e781ae44..9d1d6abec 100755 --- a/queries/aws_iam_group_1.yaml +++ b/queries/aws_iam_group_1.yaml @@ -1,30 +1,26 @@ +Description: Allows users to query AWS IAM Group data such as group name, path, and + ARN. This table provides information about IAM groups within AWS Identity and Access + Management (IAM). ID: aws_iam_group_1 -Title: "Find AWS IAM Group Data using SQL Query" -Description: "Allows users to query AWS IAM Group data such as group name, path, and ARN. This table provides information about IAM groups within AWS Identity and Access Management (IAM)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name as group_name, - iam_user ->> 'UserName' as user_name, - iam_user ->> 'UserId' as user_id, - iam_user ->> 'PermissionsBoundary' as permission_boundary, - iam_user ->> 'PasswordLastUsed' as password_last_used, - iam_user ->> 'CreateDate' as user_create_date - from - aws_iam_group - cross join jsonb_array_elements(users) as iam_user; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name as group_name,\n iam_user ->> 'UserName' as user_name,\n\ + \ iam_user ->> 'UserId' as user_id,\n iam_user ->> 'PermissionsBoundary' as\ + \ permission_boundary,\n iam_user ->> 'PasswordLastUsed' as password_last_used,\n\ + \ iam_user ->> 'CreateDate' as user_create_date\nfrom\n aws_iam_group\n cross\ + \ join jsonb_array_elements(users) as iam_user;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Identity and Access Management +Title: Find AWS IAM Group Data using SQL Query diff --git a/queries/aws_iam_group_2.yaml b/queries/aws_iam_group_2.yaml index e959a3104..f0ba6fc72 100755 --- a/queries/aws_iam_group_2.yaml +++ b/queries/aws_iam_group_2.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS IAM Group data such as group name, path, and + ARN. This table provides information about IAM groups within AWS Identity and Access + Management (IAM). ID: aws_iam_group_2 -Title: "Find AWS IAM Group Data: Name, Path, and ARN" -Description: "Allows users to query AWS IAM Group data such as group name, path, and ARN. This table provides information about IAM groups within AWS Identity and Access Management (IAM)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name as group_name, - iam_user ->> 'UserName' as user_name, - split_part(attachments, '/', 2) as attached_policies - from - aws_iam_group - cross join jsonb_array_elements(users) as iam_user, - jsonb_array_elements_text(attached_policy_arns) as attachments - where - split_part(attachments, '/', 2) = 'AdministratorAccess'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name as group_name,\n iam_user ->> 'UserName' as user_name,\n\ + \ split_part(attachments, '/', 2) as attached_policies\nfrom\n aws_iam_group\n\ + \ cross join jsonb_array_elements(users) as iam_user,\n jsonb_array_elements_text(attached_policy_arns)\ + \ as attachments\nwhere\n split_part(attachments, '/', 2) = 'AdministratorAccess';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Identity and Access Management +Title: 'Find AWS IAM Group Data: Name, Path, and ARN' diff --git a/queries/aws_iam_group_3.yaml b/queries/aws_iam_group_3.yaml index d0580245e..f57969b97 100755 --- a/queries/aws_iam_group_3.yaml +++ b/queries/aws_iam_group_3.yaml @@ -1,24 +1,22 @@ +Description: Allows users to query AWS IAM Group data such as group name, path, and + ARN. This table provides information about IAM groups within AWS Identity and Access + Management (IAM). ID: aws_iam_group_3 -Title: "Find all AWS IAM Group details with their attached policies" -Description: "Allows users to query AWS IAM Group data such as group name, path, and ARN. This table provides information about IAM groups within AWS Identity and Access Management (IAM)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name as group_name, - split_part(attachments, '/', 2) as attached_policies - from - aws_iam_group - cross join jsonb_array_elements_text(attached_policy_arns) as attachments; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name as group_name,\n split_part(attachments, '/', 2)\ + \ as attached_policies\nfrom\n aws_iam_group\n cross join jsonb_array_elements_text(attached_policy_arns)\ + \ as attachments;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find all AWS IAM Group details with their attached policies diff --git a/queries/aws_iam_group_4.yaml b/queries/aws_iam_group_4.yaml index 27fa73af5..dd313518a 100755 --- a/queries/aws_iam_group_4.yaml +++ b/queries/aws_iam_group_4.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS IAM Group data such as group name, path, and + ARN. This table provides information about IAM groups within AWS Identity and Access + Management (IAM). ID: aws_iam_group_4 -Title: "Find all AWS IAM Group information like name and path" -Description: "Allows users to query AWS IAM Group data such as group name, path, and ARN. This table provides information about IAM groups within AWS Identity and Access Management (IAM)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name as group_name, - inline_policies - from - aws_iam_group - where - inline_policies is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name as group_name,\n inline_policies\nfrom\n aws_iam_group\n\ + where \n inline_policies is not null;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find all AWS IAM Group information like name and path diff --git a/queries/aws_iam_open_id_connect_provider_1.yaml b/queries/aws_iam_open_id_connect_provider_1.yaml index a685a71d2..8a86e51f7 100755 --- a/queries/aws_iam_open_id_connect_provider_1.yaml +++ b/queries/aws_iam_open_id_connect_provider_1.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS IAM OpenID Connect Providers and retrieve details + about the OpenID Connect (OIDC) identity providers in their AWS account. ID: aws_iam_open_id_connect_provider_1 -Title: "Find AWS IAM OpenID Connect Providers and Details" -Description: "Allows users to query AWS IAM OpenID Connect Providers and retrieve details about the OpenID Connect (OIDC) identity providers in their AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - create_date, - client_id_list, - thumbprint_list, - url, - account_id - from - aws_iam_open_id_connect_provider; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n create_date,\n client_id_list,\n thumbprint_list,\n\ + \ url,\n account_id\nfrom\n aws_iam_open_id_connect_provider;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find AWS IAM OpenID Connect Providers and Details diff --git a/queries/aws_iam_open_id_connect_provider_2.yaml b/queries/aws_iam_open_id_connect_provider_2.yaml index f9160501e..f40656d3b 100755 --- a/queries/aws_iam_open_id_connect_provider_2.yaml +++ b/queries/aws_iam_open_id_connect_provider_2.yaml @@ -1,33 +1,23 @@ +Description: Allows users to query AWS IAM OpenID Connect Providers and retrieve details + about the OpenID Connect (OIDC) identity providers in their AWS account. ID: aws_iam_open_id_connect_provider_2 -Title: "List all AWS IAM OpenID Connect Providers in Account" -Description: "Allows users to query AWS IAM OpenID Connect Providers and retrieve details about the OpenID Connect (OIDC) identity providers in their AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - create_date, - client_id_list, - thumbprint_list, - url, - account_id - from - aws_iam_open_id_connect_provider - where - create_date <= (current_date - interval '90' day) - order by - create_date; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n create_date,\n client_id_list,\n thumbprint_list,\n\ + \ url,\n account_id\nfrom\n aws_iam_open_id_connect_provider\nwhere\n create_date\ + \ <= (current_date - interval '90' day)\norder by\n create_date;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: List all AWS IAM OpenID Connect Providers in Account diff --git a/queries/aws_iam_open_id_connect_provider_3.yaml b/queries/aws_iam_open_id_connect_provider_3.yaml index 1527fc399..3adeb348e 100755 --- a/queries/aws_iam_open_id_connect_provider_3.yaml +++ b/queries/aws_iam_open_id_connect_provider_3.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS IAM OpenID Connect Providers and retrieve details + about the OpenID Connect (OIDC) identity providers in their AWS account. ID: aws_iam_open_id_connect_provider_3 -Title: "Find AWS IAM OpenID Connect Providers and Retrieve Details" -Description: "Allows users to query AWS IAM OpenID Connect Providers and retrieve details about the OpenID Connect (OIDC) identity providers in their AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - create_date, - client_id_list, - thumbprint_list, - tags, - url, - account_id - from - aws_iam_open_id_connect_provider - where - tags ->> 'Environment' = 'Production'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n create_date,\n client_id_list,\n thumbprint_list,\n\ + \ tags,\n url,\n account_id\nfrom\n aws_iam_open_id_connect_provider\nwhere\n\ + \ tags ->> 'Environment' = 'Production';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find AWS IAM OpenID Connect Providers and Retrieve Details diff --git a/queries/aws_iam_open_id_connect_provider_4.yaml b/queries/aws_iam_open_id_connect_provider_4.yaml index 4a3dff63d..53fc67ae9 100755 --- a/queries/aws_iam_open_id_connect_provider_4.yaml +++ b/queries/aws_iam_open_id_connect_provider_4.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query AWS IAM OpenID Connect Providers and retrieve details + about the OpenID Connect (OIDC) identity providers in their AWS account. ID: aws_iam_open_id_connect_provider_4 -Title: "Find all AWS IAM OpenID Connect Providers with Details" -Description: "Allows users to query AWS IAM OpenID Connect Providers and retrieve details about the OpenID Connect (OIDC) identity providers in their AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - create_date, - client_id_list, - thumbprint_list, - tags, - url, - account_id - from - aws_iam_open_id_connect_provider - where - client_id_list @> '["sts.amazonaws.com"]'::jsonb - and not thumbprint_list @> '["1c58a3a8518e8759bf075b76b750d4f2df264fcd", "6938fd4d98bab03faadb97b34396831e3780aea1"]'::jsonb - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n create_date,\n client_id_list,\n thumbprint_list,\n\ + \ tags,\n url,\n account_id\nfrom\n aws_iam_open_id_connect_provider\nwhere\n\ + \ client_id_list @> '[\"sts.amazonaws.com\"]'::jsonb\n and not thumbprint_list\ + \ @> '[\"1c58a3a8518e8759bf075b76b750d4f2df264fcd\", \"6938fd4d98bab03faadb97b34396831e3780aea1\"\ + ]'::jsonb" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws +Title: Find all AWS IAM OpenID Connect Providers with Details diff --git a/queries/aws_iam_policy_1.yaml b/queries/aws_iam_policy_1.yaml index 3585e653d..07eaab57b 100755 --- a/queries/aws_iam_policy_1.yaml +++ b/queries/aws_iam_policy_1.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS IAM Policies, providing detailed information + about each policy, including permissions, attachment, and associated metadata. ID: aws_iam_policy_1 -Title: "Find all AWS IAM Policies with Detailed Information" -Description: "Allows users to query AWS IAM Policies, providing detailed information about each policy, including permissions, attachment, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn - from - aws_iam_policy - where - not is_aws_managed; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn\nfrom\n aws_iam_policy\nwhere\n not is_aws_managed;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find all AWS IAM Policies with Detailed Information diff --git a/queries/aws_iam_policy_2.yaml b/queries/aws_iam_policy_2.yaml index 974af1c82..36f74be19 100755 --- a/queries/aws_iam_policy_2.yaml +++ b/queries/aws_iam_policy_2.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS IAM Policies, providing detailed information + about each policy, including permissions, attachment, and associated metadata. ID: aws_iam_policy_2 -Title: "Find all AWS IAM Policies and associated metadata" -Description: "Allows users to query AWS IAM Policies, providing detailed information about each policy, including permissions, attachment, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn - from - aws_iam_policy - where - not is_aws_managed - and path = '/turbot/'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn\nfrom\n aws_iam_policy\nwhere\n not is_aws_managed\n\ + \ and path = '/turbot/';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM Policy +Title: Find all AWS IAM Policies and associated metadata diff --git a/queries/aws_iam_policy_3.yaml b/queries/aws_iam_policy_3.yaml index 92c695f03..7d29245eb 100755 --- a/queries/aws_iam_policy_3.yaml +++ b/queries/aws_iam_policy_3.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS IAM Policies, providing detailed information + about each policy, including permissions, attachment, and associated metadata. ID: aws_iam_policy_3 -Title: "List all AWS IAM Policies and their Details" -Description: "Allows users to query AWS IAM Policies, providing detailed information about each policy, including permissions, attachment, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - permissions_boundary_usage_count - from - aws_iam_policy - where - is_attached; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n permissions_boundary_usage_count\nfrom\n\ + \ aws_iam_policy\nwhere\n is_attached;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: List all AWS IAM Policies and their Details diff --git a/queries/aws_iam_policy_4.yaml b/queries/aws_iam_policy_4.yaml index 582502985..f6ce3b1ff 100755 --- a/queries/aws_iam_policy_4.yaml +++ b/queries/aws_iam_policy_4.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS IAM Policies, providing detailed information + about each policy, including permissions, attachment, and associated metadata. ID: aws_iam_policy_4 -Title: "List all AWS IAM Policies with Detailed Information" -Description: "Allows users to query AWS IAM Policies, providing detailed information about each policy, including permissions, attachment, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - attachment_count, - permissions_boundary_usage_count - from - aws_iam_policy - where - not is_aws_managed - and not is_attached - and permissions_boundary_usage_count = 0; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n attachment_count,\n permissions_boundary_usage_count\n\ + from\n aws_iam_policy\nwhere\n not is_aws_managed\n and not is_attached\n \ + \ and permissions_boundary_usage_count = 0;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: List all AWS IAM Policies with Detailed Information diff --git a/queries/aws_iam_policy_5.yaml b/queries/aws_iam_policy_5.yaml index 9db555727..b3cb518b9 100755 --- a/queries/aws_iam_policy_5.yaml +++ b/queries/aws_iam_policy_5.yaml @@ -1,32 +1,24 @@ +Description: Allows users to query AWS IAM Policies, providing detailed information + about each policy, including permissions, attachment, and associated metadata. ID: aws_iam_policy_5 -Title: "Find all AWS IAM Policies with permissions and metadata" -Description: "Allows users to query AWS IAM Policies, providing detailed information about each policy, including permissions, attachment, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - action, - s ->> 'Effect' as effect - from - aws_iam_policy, - jsonb_array_elements(policy_std -> 'Statement') as s, - jsonb_array_elements_text(s -> 'Action') as action - where - action in ('*', '*:*') - and s ->> 'Effect' = 'Allow'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n action,\n s ->> 'Effect' as effect\n\ + from\n aws_iam_policy,\n jsonb_array_elements(policy_std -> 'Statement') as\ + \ s,\n jsonb_array_elements_text(s -> 'Action') as action\nwhere\n action in\ + \ ('*', '*:*')\n and s ->> 'Effect' = 'Allow';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find all AWS IAM Policies with permissions and metadata diff --git a/queries/aws_iam_policy_6.yaml b/queries/aws_iam_policy_6.yaml index 1cfc85313..db85bd25c 100755 --- a/queries/aws_iam_policy_6.yaml +++ b/queries/aws_iam_policy_6.yaml @@ -1,35 +1,24 @@ +Description: Allows users to query AWS IAM Policies, providing detailed information + about each policy, including permissions, attachment, and associated metadata. ID: aws_iam_policy_6 -Title: "Find all AWS IAM Policies with Permissions and Metadata" -Description: "Allows users to query AWS IAM Policies, providing detailed information about each policy, including permissions, attachment, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - action, - s ->> 'Effect' as effect - from - aws_iam_policy, - jsonb_array_elements(policy_std -> 'Statement') as s, - jsonb_array_elements_text(s -> 'Action') as action - where - s ->> 'Effect' = 'Allow' - and ( - action = '*' - or action like '%:*' - ); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n action,\n s ->> 'Effect' as effect\n\ + from\n aws_iam_policy,\n jsonb_array_elements(policy_std -> 'Statement') as\ + \ s,\n jsonb_array_elements_text(s -> 'Action') as action\nwhere\n s ->> 'Effect'\ + \ = 'Allow'\n and (\n action = '*'\n or action like '%:*'\n );" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find all AWS IAM Policies with Permissions and Metadata diff --git a/queries/aws_iam_policy_7.yaml b/queries/aws_iam_policy_7.yaml index 36c3b4c31..a4d93dd26 100755 --- a/queries/aws_iam_policy_7.yaml +++ b/queries/aws_iam_policy_7.yaml @@ -1,35 +1,26 @@ +Description: Allows users to query AWS IAM Policies, providing detailed information + about each policy, including permissions, attachment, and associated metadata. ID: aws_iam_policy_7 -Title: "Find AWS IAM Policies with Detailed Information" -Description: "Allows users to query AWS IAM Policies, providing detailed information about each policy, including permissions, attachment, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - a.action, - a.access_level, - a.description - from - aws_iam_policy p, - jsonb_array_elements(p.policy_std -> 'Statement') as stmt, - jsonb_array_elements_text(stmt -> 'Action') as action_glob, - glob(action_glob) as action_regex - join aws_iam_action a ON a.action LIKE action_regex - where - p.name = 'AmazonEC2ReadOnlyAccess' - and stmt ->> 'Effect' = 'Allow' - order by - a.action; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n a.action,\n a.access_level,\n a.description\nfrom\n\ + \ aws_iam_policy p,\n jsonb_array_elements(p.policy_std -> 'Statement') as stmt,\n\ + \ jsonb_array_elements_text(stmt -> 'Action') as action_glob,\n glob(action_glob)\ + \ as action_regex\n join aws_iam_action a ON a.action LIKE action_regex\nwhere\n\ + \ p.name = 'AmazonEC2ReadOnlyAccess'\n and stmt ->> 'Effect' = 'Allow'\norder\ + \ by\n a.action;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find AWS IAM Policies with Detailed Information diff --git a/queries/aws_iam_policy_attachment_1.yaml b/queries/aws_iam_policy_attachment_1.yaml index caef95d91..cddf54455 100755 --- a/queries/aws_iam_policy_attachment_1.yaml +++ b/queries/aws_iam_policy_attachment_1.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query IAM Policy Attachments in AWS to gather information + about the relationship between IAM policies and their associated entities (users, + groups, and roles). ID: aws_iam_policy_attachment_1 -Title: "Find all AWS IAM Policy Attachments and Associations" -Description: "Allows users to query IAM Policy Attachments in AWS to gather information about the relationship between IAM policies and their associated entities (users, groups, and roles)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - policy_arn, - is_attached, - policy_groups - from - aws_iam_policy_attachment - where - is_attached; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n policy_arn,\n is_attached,\n policy_groups\nfrom\n\ + \ aws_iam_policy_attachment\nwhere\n is_attached;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find all AWS IAM Policy Attachments and Associations diff --git a/queries/aws_iam_policy_attachment_2.yaml b/queries/aws_iam_policy_attachment_2.yaml index 5f4d96a14..683ef9874 100755 --- a/queries/aws_iam_policy_attachment_2.yaml +++ b/queries/aws_iam_policy_attachment_2.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query IAM Policy Attachments in AWS to gather information + about the relationship between IAM policies and their associated entities (users, + groups, and roles). ID: aws_iam_policy_attachment_2 -Title: "Find IAM Policy Attachments in AWS" -Description: "Allows users to query IAM Policy Attachments in AWS to gather information about the relationship between IAM policies and their associated entities (users, groups, and roles)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - policy_arn, - is_attached, - policy_users - from - aws_iam_policy_attachment - where - is_attached; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n policy_arn,\n is_attached,\n policy_users\nfrom\n \ + \ aws_iam_policy_attachment\nwhere\n is_attached;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find IAM Policy Attachments in AWS diff --git a/queries/aws_iam_policy_attachment_3.yaml b/queries/aws_iam_policy_attachment_3.yaml index bfdd3aba9..aaf968fc6 100755 --- a/queries/aws_iam_policy_attachment_3.yaml +++ b/queries/aws_iam_policy_attachment_3.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query IAM Policy Attachments in AWS to gather information + about the relationship between IAM policies and their associated entities (users, + groups, and roles). ID: aws_iam_policy_attachment_3 -Title: "Find Relationships Between AWS IAM Policies and Entities" -Description: "Allows users to query IAM Policy Attachments in AWS to gather information about the relationship between IAM policies and their associated entities (users, groups, and roles)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name as policy_name, - policy_arn, - jsonb_pretty(policy_users) as policy_users - from - aws_iam_policy p - left join aws_iam_policy_attachment a on p.arn = a.policy_arn - where - name = 'AdministratorAccess' and a.is_attached; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name as policy_name, \n policy_arn, \n jsonb_pretty(policy_users)\ + \ as policy_users\nfrom\n aws_iam_policy p\n left join aws_iam_policy_attachment\ + \ a on p.arn = a.policy_arn \nwhere\n name = 'AdministratorAccess' and a.is_attached;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM Policy +Title: Find Relationships Between AWS IAM Policies and Entities diff --git a/queries/aws_iam_policy_simulator_1.yaml b/queries/aws_iam_policy_simulator_1.yaml index 02eca0ab6..8eb5b406d 100755 --- a/queries/aws_iam_policy_simulator_1.yaml +++ b/queries/aws_iam_policy_simulator_1.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query IAM Policy Simulator for evaluating the effects + of IAM access control policies. It provides information such as evaluation results, + matching resources, and involved actions. ID: aws_iam_policy_simulator_1 -Title: "Find IAM Policy Simulator Results for Access Control Evaluation" -Description: "Allows users to query IAM Policy Simulator for evaluating the effects of IAM access control policies. It provides information such as evaluation results, matching resources, and involved actions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - decision - from - aws_iam_policy_simulator - where - action = 's3:DeleteBucket' - and resource_arn = '*' - and principal_arn = 'arn:aws:iam::012345678901:user/bob'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n decision\nfrom\n aws_iam_policy_simulator\nwhere\n \ + \ action = 's3:DeleteBucket'\n and resource_arn = '*'\n and principal_arn =\ + \ 'arn:aws:iam::012345678901:user/bob';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM Policy Simulator +Title: Find IAM Policy Simulator Results for Access Control Evaluation diff --git a/queries/aws_iam_policy_simulator_2.yaml b/queries/aws_iam_policy_simulator_2.yaml index 7e0e4cb90..9a2a14093 100755 --- a/queries/aws_iam_policy_simulator_2.yaml +++ b/queries/aws_iam_policy_simulator_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query IAM Policy Simulator for evaluating the effects + of IAM access control policies. It provides information such as evaluation results, + matching resources, and involved actions. ID: aws_iam_policy_simulator_2 -Title: "Find AWS IAM Policy Simulator Evaluation Results for Control Policies" -Description: "Allows users to query IAM Policy Simulator for evaluating the effects of IAM access control policies. It provides information such as evaluation results, matching resources, and involved actions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - decision, - jsonb_pretty(matched_statements) - from - aws_iam_policy_simulator - where - action = 'ec2:terminateinstances' - and resource_arn = '*' - and principal_arn = 'arn:aws:iam::012345678901:user/bob'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n decision,\n jsonb_pretty(matched_statements)\nfrom\n\ + \ aws_iam_policy_simulator\nwhere\n action = 'ec2:terminateinstances'\n and\ + \ resource_arn = '*'\n and principal_arn = 'arn:aws:iam::012345678901:user/bob';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM Policy Simulator +Title: Find AWS IAM Policy Simulator Evaluation Results for Control Policies diff --git a/queries/aws_iam_policy_simulator_3.yaml b/queries/aws_iam_policy_simulator_3.yaml index 3cb4b761e..ef7ce125d 100755 --- a/queries/aws_iam_policy_simulator_3.yaml +++ b/queries/aws_iam_policy_simulator_3.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query IAM Policy Simulator for evaluating the effects + of IAM access control policies. It provides information such as evaluation results, + matching resources, and involved actions. ID: aws_iam_policy_simulator_3 -Title: "List all AWS IAM Policy Simulator evaluation results" -Description: "Allows users to query IAM Policy Simulator for evaluating the effects of IAM access control policies. It provides information such as evaluation results, matching resources, and involved actions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - u.name, - decision - from - aws_iam_policy_simulator p, - aws_iam_user u - where - action = 'sts:AssumeRole' - and resource_arn = '*' - and p.principal_arn = u.arn; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n u.name,\n decision\nfrom\n aws_iam_policy_simulator\ + \ p,\n aws_iam_user u\nwhere\n action = 'sts:AssumeRole'\n and resource_arn\ + \ = '*'\n and p.principal_arn = u.arn;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM Policy Simulator +Title: List all AWS IAM Policy Simulator evaluation results diff --git a/queries/aws_iam_role_1.yaml b/queries/aws_iam_role_1.yaml index effba2eae..96d15858d 100755 --- a/queries/aws_iam_role_1.yaml +++ b/queries/aws_iam_role_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query IAM Roles to gain insights into their permissions, + trust policies, and associated metadata. ID: aws_iam_role_1 -Title: "Find IAM Roles with Inline Policies in AWS" -Description: "Allows users to query IAM Roles to gain insights into their permissions, trust policies, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - create_date - from - aws_iam_role - where - inline_policies is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n create_date\nfrom\n aws_iam_role\nwhere\n \ + \ inline_policies is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find IAM Roles with Inline Policies in AWS diff --git a/queries/aws_iam_role_10.yaml b/queries/aws_iam_role_10.yaml index 8e3400817..d8789335e 100755 --- a/queries/aws_iam_role_10.yaml +++ b/queries/aws_iam_role_10.yaml @@ -1,40 +1,29 @@ +Description: Allows users to query IAM Roles to gain insights into their permissions, + trust policies, and associated metadata. ID: aws_iam_role_10 -Title: "Find all AWS Identity and Access Management (IAM) Roles" -Description: "Allows users to query IAM Roles to gain insights into their permissions, trust policies, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - iam.arn as resource, - iam.description, - iam.assume_role_policy_std, - case - when pstatement -> 'Condition' -> 'StringLike' -> 'token.actions.githubusercontent.com:sub' is not null - or pstatement -> 'Condition' -> 'StringEquals' -> 'token.actions.githubusercontent.com:sub' is not null then 'ok' - else 'alarm' - end as status, - case - when pstatement -> 'Condition' -> 'StringLike' -> 'token.actions.githubusercontent.com:sub' is not null - or pstatement -> 'Condition' -> 'StringEquals' -> 'token.actions.githubusercontent.com:sub' is not null then iam.arn || ' Condition Check Exists' - else iam.arn || ' Missing Condition Check' - end as reason - from - aws_iam_role as iam, - jsonb_array_elements(iam.assume_role_policy_std -> 'Statement') as pstatement - where - pstatement -> 'Action' ?& array [ 'sts:assumerolewithwebidentity' ] - and (pstatement -> 'Principal' -> 'Federated') :: text like '%token.actions.githubusercontent.com%' - order by - status asc - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n iam.arn as resource,\n iam.description,\n iam.assume_role_policy_std,\n\ + \ case\n when pstatement -> 'Condition' -> 'StringLike' -> 'token.actions.githubusercontent.com:sub'\ + \ is not null\n or pstatement -> 'Condition' -> 'StringEquals' -> 'token.actions.githubusercontent.com:sub'\ + \ is not null then 'ok'\n else 'alarm'\n end as status,\n case\n when\ + \ pstatement -> 'Condition' -> 'StringLike' -> 'token.actions.githubusercontent.com:sub'\ + \ is not null\n or pstatement -> 'Condition' -> 'StringEquals' -> 'token.actions.githubusercontent.com:sub'\ + \ is not null then iam.arn || ' Condition Check Exists'\n else iam.arn || '\ + \ Missing Condition Check'\n end as reason\nfrom\n aws_iam_role as iam,\n jsonb_array_elements(iam.assume_role_policy_std\ + \ -> 'Statement') as pstatement\nwhere\n pstatement -> 'Action' ?& array [ 'sts:assumerolewithwebidentity'\ + \ ]\n and (pstatement -> 'Principal' -> 'Federated') :: text like '%token.actions.githubusercontent.com%'\n\ + order by\n status asc" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM Roles +Title: Find all AWS Identity and Access Management (IAM) Roles diff --git a/queries/aws_iam_role_2.yaml b/queries/aws_iam_role_2.yaml index 6f4d4af93..5598a6988 100755 --- a/queries/aws_iam_role_2.yaml +++ b/queries/aws_iam_role_2.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query IAM Roles to gain insights into their permissions, + trust policies, and associated metadata. ID: aws_iam_role_2 -Title: "Find AWS IAM Roles' Permissions, Policies & Metadata" -Description: "Allows users to query IAM Roles to gain insights into their permissions, trust policies, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - description, - split_part(policy, '/', 3) as attached_policy - from - aws_iam_role - cross join jsonb_array_elements_text(attached_policy_arns) as policy; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n description,\n split_part(policy, '/', 3) as\ + \ attached_policy\nfrom\n aws_iam_role\n cross join jsonb_array_elements_text(attached_policy_arns)\ + \ as policy;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Identity and Access Management +Title: Find AWS IAM Roles' Permissions, Policies & Metadata diff --git a/queries/aws_iam_role_3.yaml b/queries/aws_iam_role_3.yaml index 063f4d535..704cb1f31 100755 --- a/queries/aws_iam_role_3.yaml +++ b/queries/aws_iam_role_3.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query IAM Roles to gain insights into their permissions, + trust policies, and associated metadata. ID: aws_iam_role_3 -Title: "Find AWS IAM Roles and Their Associated Metadata" -Description: "Allows users to query IAM Roles to gain insights into their permissions, trust policies, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - description, - permissions_boundary_arn, - permissions_boundary_type - from - aws_iam_role; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n description,\n permissions_boundary_arn,\n\ + \ permissions_boundary_type\nfrom\n aws_iam_role;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find AWS IAM Roles and Their Associated Metadata diff --git a/queries/aws_iam_role_4.yaml b/queries/aws_iam_role_4.yaml index ff3b9f9e7..d07c1257b 100755 --- a/queries/aws_iam_role_4.yaml +++ b/queries/aws_iam_role_4.yaml @@ -1,33 +1,24 @@ +Description: Allows users to query IAM Roles to gain insights into their permissions, + trust policies, and associated metadata. ID: aws_iam_role_4 -Title: "Find all AWS IAM Role Permissions and Trust Policies" -Description: "Allows users to query IAM Roles to gain insights into their permissions, trust policies, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.name as role_name, - p.name as policy_name - from - aws_iam_role as r, - jsonb_array_elements_text(r.attached_policy_arns) as policy_arn, - aws_iam_policy as p, - jsonb_array_elements(p.policy_std -> 'Statement') as stmt, - jsonb_array_elements_text(stmt -> 'Action') as action - where - policy_arn = p.arn - and stmt ->> 'Effect' = 'Allow' - and action = '*' - order by - r.name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n r.name as role_name,\n p.name as policy_name\nfrom\n\ + \ aws_iam_role as r,\n jsonb_array_elements_text(r.attached_policy_arns) as\ + \ policy_arn,\n aws_iam_policy as p,\n jsonb_array_elements(p.policy_std ->\ + \ 'Statement') as stmt,\n jsonb_array_elements_text(stmt -> 'Action') as action\n\ + where\n policy_arn = p.arn\n and stmt ->> 'Effect' = 'Allow'\n and action =\ + \ '*'\norder by\n r.name;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find all AWS IAM Role Permissions and Trust Policies diff --git a/queries/aws_iam_role_5.yaml b/queries/aws_iam_role_5.yaml index a6a833cd6..abe4a8bb9 100755 --- a/queries/aws_iam_role_5.yaml +++ b/queries/aws_iam_role_5.yaml @@ -1,36 +1,24 @@ +Description: Allows users to query IAM Roles to gain insights into their permissions, + trust policies, and associated metadata. ID: aws_iam_role_5 -Title: "Find AWS IAM Roles and Policies Permissions Metadata" -Description: "Allows users to query IAM Roles to gain insights into their permissions, trust policies, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.name as role_name, - p.name as policy_name, - stmt ->> 'Sid' as statement, - action - from - aws_iam_role as r, - jsonb_array_elements_text(r.attached_policy_arns) as policy_arn, - aws_iam_policy as p, - jsonb_array_elements(p.policy_std -> 'Statement') as stmt, - jsonb_array_elements_text(stmt -> 'Action') as action - where - r.name = 'owner' - and policy_arn = p.arn - and ( - action like '%*%' - or action like '%?%' - ); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n r.name as role_name,\n p.name as policy_name,\n stmt\ + \ ->> 'Sid' as statement,\n action\nfrom\n aws_iam_role as r,\n jsonb_array_elements_text(r.attached_policy_arns)\ + \ as policy_arn,\n aws_iam_policy as p,\n jsonb_array_elements(p.policy_std\ + \ -> 'Statement') as stmt,\n jsonb_array_elements_text(stmt -> 'Action') as action\n\ + where\n r.name = 'owner'\n and policy_arn = p.arn\n and (\n action like\ + \ '%*%'\n or action like '%?%'\n );" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Identity and Access Management +Title: Find AWS IAM Roles and Policies Permissions Metadata diff --git a/queries/aws_iam_role_6.yaml b/queries/aws_iam_role_6.yaml index abbf002f0..55dbeec4f 100755 --- a/queries/aws_iam_role_6.yaml +++ b/queries/aws_iam_role_6.yaml @@ -1,40 +1,28 @@ +Description: Allows users to query IAM Roles to gain insights into their permissions, + trust policies, and associated metadata. ID: aws_iam_role_6 -Title: "Find All AWS IAM Roles, Permissions, Trust Policies" -Description: "Allows users to query IAM Roles to gain insights into their permissions, trust policies, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.name, - a.action, - a.access_level, - a.description - from - aws_iam_role as r, - jsonb_array_elements_text(r.attached_policy_arns) as pol_arn, - aws_iam_policy as p, - jsonb_array_elements(p.policy_std -> 'Statement') as stmt, - jsonb_array_elements_text(stmt -> 'Action') as action_glob, - glob(action_glob) as action_regex - join aws_iam_action as a on a.action like action_regex - where - pol_arn = p.arn - and stmt ->> 'Effect' = 'Allow' - and r.name = 'AWSServiceRoleForRDS' - and access_level not in ('List', 'Read') - order by - action; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n r.name,\n a.action,\n a.access_level,\n a.description\n\ + from\n aws_iam_role as r,\n jsonb_array_elements_text(r.attached_policy_arns)\ + \ as pol_arn,\n aws_iam_policy as p,\n jsonb_array_elements(p.policy_std ->\ + \ 'Statement') as stmt,\n jsonb_array_elements_text(stmt -> 'Action') as action_glob,\n\ + \ glob(action_glob) as action_regex\n join aws_iam_action as a on a.action like\ + \ action_regex\nwhere\n pol_arn = p.arn\n and stmt ->> 'Effect' = 'Allow'\n\ + \ and r.name = 'AWSServiceRoleForRDS'\n and access_level not in ('List', 'Read')\n\ + order by\n action;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find All AWS IAM Roles, Permissions, Trust Policies diff --git a/queries/aws_iam_role_7.yaml b/queries/aws_iam_role_7.yaml index d0754f8a1..52e5a932c 100755 --- a/queries/aws_iam_role_7.yaml +++ b/queries/aws_iam_role_7.yaml @@ -1,81 +1,36 @@ +Description: Allows users to query IAM Roles to gain insights into their permissions, + trust policies, and associated metadata. ID: aws_iam_role_7 -Title: "Find All AWS IAM Roles Permissions and Trust Policies" -Description: "Allows users to query IAM Roles to gain insights into their permissions, trust policies, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - with roles as ( - select - name, - attached_policy_arns - from - aws_iam_role - where - name in ('AWSServiceRoleForSSO', 'AWSServiceRoleForRDS') - ), - policies as ( - select - name, - arn, - policy_std - from - aws_iam_policy - ), - role1_permissions as ( - select - r.name, - a.action, - a.access_level, - a.description - from - roles as r, - jsonb_array_elements_text(r.attached_policy_arns) as pol_arn, - policies as p, - jsonb_array_elements(p.policy_std -> 'Statement') as stmt, - jsonb_array_elements_text(stmt -> 'Action') as action_glob, - glob (action_glob) as action_regex - join aws_iam_action a on a.action like action_regex - where - pol_arn = p.arn - and stmt ->> 'Effect' = 'Allow' - and r.name = 'AWSServiceRoleForSSO' - ), - role2_permissions as ( - select - r.name, - a.action, - a.access_level, - a.description - from - roles as r, - jsonb_array_elements_text(r.attached_policy_arns) as pol_arn, - policies as p, - jsonb_array_elements(p.policy_std -> 'Statement') as stmt, - jsonb_array_elements_text(stmt -> 'Action') as action_glob, - glob (action_glob) as action_regex - join aws_iam_action a on a.action like action_regex - where - pol_arn = p.arn - and stmt ->> 'Effect' = 'Allow' - and r.name = 'AWSServiceRoleForRDS' - ) - select - * - from - role2_permissions - where - action not in ( select action from role1_permissions) - order by - action; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "with roles as (\n select\n name,\n attached_policy_arns\n\ + \ from\n aws_iam_role\n where\n name in ('AWSServiceRoleForSSO', 'AWSServiceRoleForRDS')\n\ + ),\npolicies as (\n select\n name,\n arn,\n policy_std\n from\n \ + \ aws_iam_policy\n),\nrole1_permissions as (\n select\n r.name,\n a.action,\n\ + \ a.access_level,\n a.description\n from\n roles as r,\n jsonb_array_elements_text(r.attached_policy_arns)\ + \ as pol_arn,\n policies as p,\n jsonb_array_elements(p.policy_std -> 'Statement')\ + \ as stmt,\n jsonb_array_elements_text(stmt -> 'Action') as action_glob,\n\ + \ glob (action_glob) as action_regex\n join aws_iam_action a on a.action\ + \ like action_regex\n where\n pol_arn = p.arn\n and stmt ->> 'Effect' =\ + \ 'Allow'\n and r.name = 'AWSServiceRoleForSSO'\n),\nrole2_permissions as (\n\ + \ select\n r.name,\n a.action,\n a.access_level,\n a.description\n\ + \ from\n roles as r,\n jsonb_array_elements_text(r.attached_policy_arns)\ + \ as pol_arn,\n policies as p,\n jsonb_array_elements(p.policy_std -> 'Statement')\ + \ as stmt,\n jsonb_array_elements_text(stmt -> 'Action') as action_glob,\n\ + \ glob (action_glob) as action_regex\n join aws_iam_action a on a.action\ + \ like action_regex\n where\n pol_arn = p.arn\n and stmt ->> 'Effect' =\ + \ 'Allow'\n and r.name = 'AWSServiceRoleForRDS'\n)\nselect\n *\nfrom\n role2_permissions\n\ + where\n action not in ( select action from role1_permissions)\norder by\n action;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find All AWS IAM Roles Permissions and Trust Policies diff --git a/queries/aws_iam_role_8.yaml b/queries/aws_iam_role_8.yaml index 44e1f2c6a..9afdfba6c 100755 --- a/queries/aws_iam_role_8.yaml +++ b/queries/aws_iam_role_8.yaml @@ -1,41 +1,32 @@ +Description: Allows users to query IAM Roles to gain insights into their permissions, + trust policies, and associated metadata. ID: aws_iam_role_8 -Title: "Find IAM Roles, Insights into Permissions and Policies in AWS" -Description: "Allows users to query IAM Roles to gain insights into their permissions, trust policies, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - maintenance.name, - admin.name, - jsonb_pretty(maintenance_stmt), - jsonb_pretty(admin_stmt) - from - -- use the account to get the organization_id - aws_account as a, - -- check any role as the "maintenance-role" - aws_iam_role as maintenance, - -- Combine via join with any role as the "admin-role" - aws_iam_role as admin, - jsonb_array_elements(maintenance.assume_role_policy_std -> 'Statement') as maintenance_stmt, - jsonb_array_elements(admin.assume_role_policy_std -> 'Statement') as admin_stmt - where - -- maintenance role can be assumed by any AWS principal - maintenance_stmt -> 'Principal' -> 'AWS' ? '*' - -- maintenance role principal must be in same account - and maintenance_stmt -> 'Condition' -> 'StringEquals' -> 'aws:principalorgid' ? a.organization_id - -- admin role specifically allow maintenance role - and admin_stmt -> 'Principal' -> 'AWS' ? maintenance.arn; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n maintenance.name,\n admin.name,\n jsonb_pretty(maintenance_stmt),\n\ + \ jsonb_pretty(admin_stmt)\nfrom\n -- use the account to get the organization_id\n\ + \ aws_account as a,\n -- check any role as the \"maintenance-role\"\n aws_iam_role\ + \ as maintenance,\n -- Combine via join with any role as the \"admin-role\"\n\ + \ aws_iam_role as admin,\n jsonb_array_elements(maintenance.assume_role_policy_std\ + \ -> 'Statement') as maintenance_stmt,\n jsonb_array_elements(admin.assume_role_policy_std\ + \ -> 'Statement') as admin_stmt\nwhere\n -- maintenance role can be assumed by\ + \ any AWS principal\n maintenance_stmt -> 'Principal' -> 'AWS' ? '*'\n -- maintenance\ + \ role principal must be in same account\n and maintenance_stmt -> 'Condition'\ + \ -> 'StringEquals' -> 'aws:principalorgid' ? a.organization_id\n -- admin role\ + \ specifically allow maintenance role\n and admin_stmt -> 'Principal' -> 'AWS'\ + \ ? maintenance.arn;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find IAM Roles, Insights into Permissions and Policies in AWS diff --git a/queries/aws_iam_role_9.yaml b/queries/aws_iam_role_9.yaml index e1b68cce1..aa58138fa 100755 --- a/queries/aws_iam_role_9.yaml +++ b/queries/aws_iam_role_9.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query IAM Roles to gain insights into their permissions, + trust policies, and associated metadata. ID: aws_iam_role_9 -Title: "Find all AWS IAM Roles with Permissions and Trust Policies" -Description: "Allows users to query IAM Roles to gain insights into their permissions, trust policies, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.name, - stmt - from - aws_iam_role as r, - jsonb_array_elements(r.assume_role_policy_std -> 'Statement') as stmt, - jsonb_array_elements_text(stmt -> 'Principal' -> 'AWS') as trust - where - trust = '*' - or trust like 'arn:aws:iam::%:role/%' - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n r.name,\n stmt\nfrom\n aws_iam_role as r,\n jsonb_array_elements(r.assume_role_policy_std\ + \ -> 'Statement') as stmt,\n jsonb_array_elements_text(stmt -> 'Principal' ->\ + \ 'AWS') as trust\nwhere\n trust = '*'\n or trust like 'arn:aws:iam::%:role/%'" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find all AWS IAM Roles with Permissions and Trust Policies diff --git a/queries/aws_iam_saml_provider_1.yaml b/queries/aws_iam_saml_provider_1.yaml index b978502d7..b4c8579a5 100755 --- a/queries/aws_iam_saml_provider_1.yaml +++ b/queries/aws_iam_saml_provider_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS IAM SAML Providers and retrieve detailed information + about each SAML provider within AWS Identity and Access Management (IAM). ID: aws_iam_saml_provider_1 -Title: "Find AWS IAM SAML Providers with Details" -Description: "Allows users to query AWS IAM SAML Providers and retrieve detailed information about each SAML provider within AWS Identity and Access Management (IAM)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - create_date, - valid_until, - region, - account_id - from - aws_iam_saml_provider; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n create_date,\n valid_until,\n region,\n account_id\n\ + from\n aws_iam_saml_provider;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Identity and Access Management (IAM) +Title: Find AWS IAM SAML Providers with Details diff --git a/queries/aws_iam_saml_provider_2.yaml b/queries/aws_iam_saml_provider_2.yaml index 89a981ed3..0967d7ffa 100755 --- a/queries/aws_iam_saml_provider_2.yaml +++ b/queries/aws_iam_saml_provider_2.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS IAM SAML Providers and retrieve detailed information + about each SAML provider within AWS Identity and Access Management (IAM). ID: aws_iam_saml_provider_2 -Title: "Find all AWS IAM SAML Providers and Details" -Description: "Allows users to query AWS IAM SAML Providers and retrieve detailed information about each SAML provider within AWS Identity and Access Management (IAM)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - create_date, - valid_until, - region, - account_id - from - aws_iam_saml_provider - where - create_date <= (current_date - interval '90' day) - order by - create_date; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n create_date,\n valid_until,\n region,\n account_id\n\ + from\n aws_iam_saml_provider\nwhere\n create_date <= (current_date - interval\ + \ '90' day)\norder by\n create_date;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Identity and Access Management +Title: Find all AWS IAM SAML Providers and Details diff --git a/queries/aws_iam_saml_provider_3.yaml b/queries/aws_iam_saml_provider_3.yaml index 40aed3522..dcaa0f52f 100755 --- a/queries/aws_iam_saml_provider_3.yaml +++ b/queries/aws_iam_saml_provider_3.yaml @@ -1,30 +1,21 @@ +Description: Allows users to query AWS IAM SAML Providers and retrieve detailed information + about each SAML provider within AWS Identity and Access Management (IAM). ID: aws_iam_saml_provider_3 -Title: "Find AWS IAM SAML Providers expiring within 30 days" -Description: "Allows users to query AWS IAM SAML Providers and retrieve detailed information about each SAML provider within AWS Identity and Access Management (IAM)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - create_date, - valid_until, - region, - account_id - from - aws_iam_saml_provider - where - valid_until <= (current_date - interval '30' day) - order by - valid_until; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n create_date,\n valid_until,\n region,\n account_id\n\ + from\n aws_iam_saml_provider\nwhere\n valid_until <= (current_date - interval\ + \ '30' day)\norder by\n valid_until;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Identity and Access Management +Title: Find AWS IAM SAML Providers expiring within 30 days diff --git a/queries/aws_iam_server_certificate_1.yaml b/queries/aws_iam_server_certificate_1.yaml index cb49b0094..f5dbc5ff6 100755 --- a/queries/aws_iam_server_certificate_1.yaml +++ b/queries/aws_iam_server_certificate_1.yaml @@ -1,26 +1,19 @@ +Description: Allows users to query AWS IAM Server Certificates ID: aws_iam_server_certificate_1 -Title: "Find AWS IAM Server Certificates" -Description: "Allows users to query AWS IAM Server Certificates" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - server_certificate_id, - upload_date, - expiration - from - aws_iam_server_certificate; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n server_certificate_id,\n upload_date,\n\ + \ expiration\nfrom\n aws_iam_server_certificate;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find AWS IAM Server Certificates diff --git a/queries/aws_iam_server_certificate_2.yaml b/queries/aws_iam_server_certificate_2.yaml index 6f36c7cb3..4c226e996 100755 --- a/queries/aws_iam_server_certificate_2.yaml +++ b/queries/aws_iam_server_certificate_2.yaml @@ -1,26 +1,19 @@ +Description: Allows users to query AWS IAM Server Certificates ID: aws_iam_server_certificate_2 -Title: "Find AWS IAM Server Certificates with Expiry Info" -Description: "Allows users to query AWS IAM Server Certificates" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - expiration - from - aws_iam_server_certificate - where - expiration < now()::timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n expiration\nfrom\n aws_iam_server_certificate\n\ + where\n expiration < now()::timestamp;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find AWS IAM Server Certificates with Expiry Info diff --git a/queries/aws_iam_service_specific_credential_1.yaml b/queries/aws_iam_service_specific_credential_1.yaml index 89478d62c..a146adc87 100755 --- a/queries/aws_iam_service_specific_credential_1.yaml +++ b/queries/aws_iam_service_specific_credential_1.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS IAM Service Specific Credentials, retrieving + detailed information about each credential, such as the username, status, creation + date, and service name. ID: aws_iam_service_specific_credential_1 -Title: "Find AWS IAM Service Specific Credentials Details" -Description: "Allows users to query AWS IAM Service Specific Credentials, retrieving detailed information about each credential, such as the username, status, creation date, and service name." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service_name, - service_specific_credential_id, - create_date, - user_name - from - aws_iam_service_specific_credential; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service_name,\n service_specific_credential_id,\n create_date,\n\ + \ user_name\nfrom\n aws_iam_service_specific_credential;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find AWS IAM Service Specific Credentials Details diff --git a/queries/aws_iam_service_specific_credential_2.yaml b/queries/aws_iam_service_specific_credential_2.yaml index 9d68ed402..8fc6f2784 100755 --- a/queries/aws_iam_service_specific_credential_2.yaml +++ b/queries/aws_iam_service_specific_credential_2.yaml @@ -1,32 +1,26 @@ +Description: Allows users to query AWS IAM Service Specific Credentials, retrieving + detailed information about each credential, such as the username, status, creation + date, and service name. ID: aws_iam_service_specific_credential_2 -Title: "List AWS IAM Service Specific Credentials Details" -Description: "Allows users to query AWS IAM Service Specific Credentials, retrieving detailed information about each credential, such as the username, status, creation date, and service name." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - s.service_name as service_name, - s.service_specific_credential_id as service_specific_credential_id, - u.name as user_name, - u.user_id as user_id, - u.password_last_used as password_last_used, - u.mfa_enabled as mfa_enabled - from - aws_iam_service_specific_credential as s, - aws_iam_user as u - where - s.user_name = u.name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n s.service_name as service_name,\n s.service_specific_credential_id\ + \ as service_specific_credential_id,\n u.name as user_name,\n u.user_id as user_id,\n\ + \ u.password_last_used as password_last_used,\n u.mfa_enabled as mfa_enabled\n\ + from\n aws_iam_service_specific_credential as s,\n aws_iam_user as u\nwhere\n\ + \ s.user_name = u.name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: List AWS IAM Service Specific Credentials Details diff --git a/queries/aws_iam_service_specific_credential_3.yaml b/queries/aws_iam_service_specific_credential_3.yaml index 1159b20dd..d96ce99de 100755 --- a/queries/aws_iam_service_specific_credential_3.yaml +++ b/queries/aws_iam_service_specific_credential_3.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS IAM Service Specific Credentials, retrieving + detailed information about each credential, such as the username, status, creation + date, and service name. ID: aws_iam_service_specific_credential_3 -Title: "Find AWS IAM Service Credentials and Detailed Info" -Description: "Allows users to query AWS IAM Service Specific Credentials, retrieving detailed information about each credential, such as the username, status, creation date, and service name." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service_name, - service_specific_credential_id, - create_date, - user_name - from - aws_iam_service_specific_credential - where - create_date <= current_date - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service_name,\n service_specific_credential_id,\n create_date,\n\ + \ user_name\nfrom\n aws_iam_service_specific_credential\nwhere\n create_date\ + \ <= current_date - interval '30' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find AWS IAM Service Credentials and Detailed Info diff --git a/queries/aws_iam_user_1.yaml b/queries/aws_iam_user_1.yaml index 0cb12b2ef..31256ef7b 100755 --- a/queries/aws_iam_user_1.yaml +++ b/queries/aws_iam_user_1.yaml @@ -1,30 +1,25 @@ +Description: Allows users to query AWS IAM User data, providing details such as user + ID, name, path, creation date, and more. This table is useful for security audits, + policy enforcement, and operational troubleshooting. ID: aws_iam_user_1 -Title: "List all AWS IAM User details with creation date" -Description: "Allows users to query AWS IAM User data, providing details such as user ID, name, path, creation date, and more. This table is useful for security audits, policy enforcement, and operational troubleshooting." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - user_id, - path, - create_date, - password_last_used - from - aws_iam_user; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n user_id,\n path,\n create_date,\n password_last_used\n\ + from\n aws_iam_user;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: List all AWS IAM User details with creation date diff --git a/queries/aws_iam_user_2.yaml b/queries/aws_iam_user_2.yaml index 496744c09..8b55821d2 100755 --- a/queries/aws_iam_user_2.yaml +++ b/queries/aws_iam_user_2.yaml @@ -1,30 +1,26 @@ +Description: Allows users to query AWS IAM User data, providing details such as user + ID, name, path, creation date, and more. This table is useful for security audits, + policy enforcement, and operational troubleshooting. ID: aws_iam_user_2 -Title: "Find AWS IAM User Data for Security Audits & Enforcement" -Description: "Allows users to query AWS IAM User data, providing details such as user ID, name, path, creation date, and more. This table is useful for security audits, policy enforcement, and operational troubleshooting." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name as user_name, - iam_group ->> 'GroupName' as group_name, - iam_group ->> 'GroupId' as group_id, - iam_group ->> 'CreateDate' as create_date - from - aws_iam_user - cross join jsonb_array_elements(groups) as iam_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name as user_name,\n iam_group ->> 'GroupName' as group_name,\n\ + \ iam_group ->> 'GroupId' as group_id,\n iam_group ->> 'CreateDate' as create_date\n\ + from\n aws_iam_user\n cross join jsonb_array_elements(groups) as iam_group;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find AWS IAM User Data for Security Audits & Enforcement diff --git a/queries/aws_iam_user_3.yaml b/queries/aws_iam_user_3.yaml index 1a99d6f85..9fd12ed5f 100755 --- a/queries/aws_iam_user_3.yaml +++ b/queries/aws_iam_user_3.yaml @@ -1,30 +1,26 @@ +Description: Allows users to query AWS IAM User data, providing details such as user + ID, name, path, creation date, and more. This table is useful for security audits, + policy enforcement, and operational troubleshooting. ID: aws_iam_user_3 -Title: "Find all AWS IAM Users with Specific Policies" -Description: "Allows users to query AWS IAM User data, providing details such as user ID, name, path, creation date, and more. This table is useful for security audits, policy enforcement, and operational troubleshooting." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name as user_name, - split_part(attachments, '/', 2) as attached_policies - from - aws_iam_user - cross join jsonb_array_elements_text(attached_policy_arns) as attachments - where - split_part(attachments, '/', 2) = 'AdministratorAccess'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name as user_name,\n split_part(attachments, '/', 2)\ + \ as attached_policies\nfrom\n aws_iam_user\n cross join jsonb_array_elements_text(attached_policy_arns)\ + \ as attachments\nwhere\n split_part(attachments, '/', 2) = 'AdministratorAccess';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find all AWS IAM Users with Specific Policies diff --git a/queries/aws_iam_user_4.yaml b/queries/aws_iam_user_4.yaml index 87428a918..4cef9a6b1 100755 --- a/queries/aws_iam_user_4.yaml +++ b/queries/aws_iam_user_4.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS IAM User data, providing details such as user + ID, name, path, creation date, and more. This table is useful for security audits, + policy enforcement, and operational troubleshooting. ID: aws_iam_user_4 -Title: "Find all non-MFA enabled AWS IAM Users with SQL" -Description: "Allows users to query AWS IAM User data, providing details such as user ID, name, path, creation date, and more. This table is useful for security audits, policy enforcement, and operational troubleshooting." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - user_id, - mfa_enabled - from - aws_iam_user - where - not mfa_enabled; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n user_id,\n mfa_enabled\nfrom\n aws_iam_user\n\ + where\n not mfa_enabled;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find all non-MFA enabled AWS IAM Users with SQL diff --git a/queries/aws_iam_user_5.yaml b/queries/aws_iam_user_5.yaml index e2b0fb400..6632caab4 100755 --- a/queries/aws_iam_user_5.yaml +++ b/queries/aws_iam_user_5.yaml @@ -1,28 +1,26 @@ +Description: Allows users to query AWS IAM User data, providing details such as user + ID, name, path, creation date, and more. This table is useful for security audits, + policy enforcement, and operational troubleshooting. ID: aws_iam_user_5 -Title: "Find all AWS IAM User Data for Audits and Troubleshooting" -Description: "Allows users to query AWS IAM User data, providing details such as user ID, name, path, creation date, and more. This table is useful for security audits, policy enforcement, and operational troubleshooting." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name as user_name, - split_part(attachments, '/', 2) as attached_policies - from - aws_iam_user - cross join jsonb_array_elements_text(attached_policy_arns) as attachments; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name as user_name,\n split_part(attachments, '/', 2)\ + \ as attached_policies\nfrom\n aws_iam_user\n cross join jsonb_array_elements_text(attached_policy_arns)\ + \ as attachments;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find all AWS IAM User Data for Audits and Troubleshooting diff --git a/queries/aws_iam_user_6.yaml b/queries/aws_iam_user_6.yaml index 85448e1d8..f37710744 100755 --- a/queries/aws_iam_user_6.yaml +++ b/queries/aws_iam_user_6.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS IAM User data, providing details such as user + ID, name, path, creation date, and more. This table is useful for security audits, + policy enforcement, and operational troubleshooting. ID: aws_iam_user_6 -Title: "Find AWS IAM Users with Inline Policies" -Description: "Allows users to query AWS IAM User data, providing details such as user ID, name, path, creation date, and more. This table is useful for security audits, policy enforcement, and operational troubleshooting." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name as user_name, - inline_policies - from - aws_iam_user - where - inline_policies is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name as user_name,\n inline_policies\nfrom\n aws_iam_user\n\ + where\n inline_policies is not null;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IAM +Title: Find AWS IAM Users with Inline Policies diff --git a/queries/aws_iam_virtual_mfa_device_1.yaml b/queries/aws_iam_virtual_mfa_device_1.yaml index 49b264221..73dc0802c 100755 --- a/queries/aws_iam_virtual_mfa_device_1.yaml +++ b/queries/aws_iam_virtual_mfa_device_1.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query Virtual MFA Devices in AWS Identity and Access + Management (IAM). ID: aws_iam_virtual_mfa_device_1 -Title: "Find all AWS IAM Virtual MFA Devices" -Description: "Allows users to query Virtual MFA Devices in AWS Identity and Access Management (IAM)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - serial_number, - enable_date, - user_name - from - aws_iam_virtual_mfa_device; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n serial_number,\n enable_date,\n user_name\nfrom\n \ + \ aws_iam_virtual_mfa_device;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Identity and Access Management +Title: Find all AWS IAM Virtual MFA Devices diff --git a/queries/aws_iam_virtual_mfa_device_2.yaml b/queries/aws_iam_virtual_mfa_device_2.yaml index a12ea4078..37b270d03 100755 --- a/queries/aws_iam_virtual_mfa_device_2.yaml +++ b/queries/aws_iam_virtual_mfa_device_2.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query Virtual MFA Devices in AWS Identity and Access + Management (IAM). ID: aws_iam_virtual_mfa_device_2 -Title: "Find all AWS IAM Virtual MFA Devices" -Description: "Allows users to query Virtual MFA Devices in AWS Identity and Access Management (IAM)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - u.user_id, - mfa.serial_number, - path, - create_date, - password_last_used - from - aws_iam_user u - inner join aws_iam_virtual_mfa_device mfa on u.name = mfa.user_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n u.user_id,\n mfa.serial_number,\n path,\n\ + \ create_date,\n password_last_used\nfrom\n aws_iam_user u\n inner join aws_iam_virtual_mfa_device\ + \ mfa on u.name = mfa.user_name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Identity and Access Management +Title: Find all AWS IAM Virtual MFA Devices diff --git a/queries/aws_identitystore_group_1.yaml b/queries/aws_identitystore_group_1.yaml index 724146463..e7b5ba8d7 100755 --- a/queries/aws_identitystore_group_1.yaml +++ b/queries/aws_identitystore_group_1.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query AWS Identity Store Groups to obtain information + about the identity and attributes of groups in AWS. ID: aws_identitystore_group_1 -Title: "Find AWS Identity Store Groups Information" -Description: "Allows users to query AWS Identity Store Groups to obtain information about the identity and attributes of groups in AWS." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - name - from - aws_identitystore_group - where identity_store_id = 'd-1234567890' and id = '1234567890-12345678-abcd-abcd-abcd-1234567890ab'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n name\nfrom\n aws_identitystore_group\nwhere identity_store_id\ + \ = 'd-1234567890' and id = '1234567890-12345678-abcd-abcd-abcd-1234567890ab';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Identity Store +Title: Find AWS Identity Store Groups Information diff --git a/queries/aws_identitystore_group_2.yaml b/queries/aws_identitystore_group_2.yaml index c650baf0b..249c5e109 100755 --- a/queries/aws_identitystore_group_2.yaml +++ b/queries/aws_identitystore_group_2.yaml @@ -1,24 +1,20 @@ +Description: Allows users to query AWS Identity Store Groups to obtain information + about the identity and attributes of groups in AWS. ID: aws_identitystore_group_2 -Title: "Find AWS Identity Store Groups Information" -Description: "Allows users to query AWS Identity Store Groups to obtain information about the identity and attributes of groups in AWS." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - name - from - aws_identitystore_group - where identity_store_id = 'd-1234567890' and name = 'test'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n name\nfrom\n aws_identitystore_group\nwhere identity_store_id\ + \ = 'd-1234567890' and name = 'test';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Identity Store +Title: Find AWS Identity Store Groups Information diff --git a/queries/aws_identitystore_group_membership_1.yaml b/queries/aws_identitystore_group_membership_1.yaml index 0f4e8062f..d47400818 100755 --- a/queries/aws_identitystore_group_membership_1.yaml +++ b/queries/aws_identitystore_group_membership_1.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS Identity Store Group Memberships, providing + information about AWS users'' membership status within various identity groups. ID: aws_identitystore_group_membership_1 -Title: "Find All AWS Identity Store Group Memberships" -Description: "Allows users to query AWS Identity Store Group Memberships, providing information about AWS users'' membership status within various identity groups." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - identity_store_id, - group_id, - membership_id, - member_id - from - aws_identitystore_group_membership - where - identity_store_id = 'd-1234567890'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n identity_store_id,\n group_id,\n membership_id,\n \ + \ member_id\nfrom\n aws_identitystore_group_membership\nwhere \n identity_store_id\ + \ = 'd-1234567890';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Identity Store +Title: Find All AWS Identity Store Group Memberships diff --git a/queries/aws_identitystore_group_membership_2.yaml b/queries/aws_identitystore_group_membership_2.yaml index 4014c23b6..447fac504 100755 --- a/queries/aws_identitystore_group_membership_2.yaml +++ b/queries/aws_identitystore_group_membership_2.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS Identity Store Group Memberships, providing + information about AWS users'' membership status within various identity groups. ID: aws_identitystore_group_membership_2 -Title: "Find AWS Identity Store Group Memberships" -Description: "Allows users to query AWS Identity Store Group Memberships, providing information about AWS users'' membership status within various identity groups." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - m.membership_id, - m.group_id, - m.identity_store_id, - u.name as user_name - from - aws_identitystore_group_membership as m, - aws_identitystore_user as u - where - m.identity_store_id = 'd-1234567890' - and u.identity_store_id = m.identity_store_id - and u.id = m.member_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n m.membership_id,\n m.group_id,\n m.identity_store_id,\n\ + \ u.name as user_name \nfrom\n aws_identitystore_group_membership as m,\n aws_identitystore_user\ + \ as u \nwhere\n m.identity_store_id = 'd-1234567890' \n and u.identity_store_id\ + \ = m.identity_store_id \n and u.id = m.member_id;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Identity Store +Title: Find AWS Identity Store Group Memberships diff --git a/queries/aws_identitystore_group_membership_3.yaml b/queries/aws_identitystore_group_membership_3.yaml index c41455c4e..6ed656220 100755 --- a/queries/aws_identitystore_group_membership_3.yaml +++ b/queries/aws_identitystore_group_membership_3.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS Identity Store Group Memberships, providing + information about AWS users'' membership status within various identity groups. ID: aws_identitystore_group_membership_3 -Title: "Find AWS Identity Store Group Membership Details" -Description: "Allows users to query AWS Identity Store Group Memberships, providing information about AWS users'' membership status within various identity groups." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - m.membership_id, - m.group_id, - m.identity_store_id, - g.name as group_name - from - aws_identitystore_group_membership as m, - aws_identitystore_group as g - where - m.identity_store_id = 'd-1234567890' - and g.identity_store_id = m.identity_store_id - and g.id = m.group_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n m.membership_id,\n m.group_id,\n m.identity_store_id,\n\ + \ g.name as group_name\nfrom\n aws_identitystore_group_membership as m,\n aws_identitystore_group\ + \ as g\nwhere\n m.identity_store_id = 'd-1234567890'\n and g.identity_store_id\ + \ = m.identity_store_id\n and g.id = m.group_id;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Identity Store +Title: Find AWS Identity Store Group Membership Details diff --git a/queries/aws_identitystore_user_1.yaml b/queries/aws_identitystore_user_1.yaml index 956492963..5e420bde0 100755 --- a/queries/aws_identitystore_user_1.yaml +++ b/queries/aws_identitystore_user_1.yaml @@ -1,26 +1,23 @@ +Description: Allows users to query AWS Identity Store User data, providing details + such as user ID, username, and ARN. This table is essential for managing and auditing + user information within the AWS Identity Store. ID: aws_identitystore_user_1 -Title: "List AWS Identity Store User Details by ID and Identity Store ID" -Description: "Allows users to query AWS Identity Store User data, providing details such as user ID, username, and ARN. This table is essential for managing and auditing user information within the AWS Identity Store." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - name - from - aws_identitystore_user - where identity_store_id = 'd-1234567890' and id = '1234567890-12345678-abcd-abcd-abcd-1234567890ab'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n name\nfrom\n aws_identitystore_user\nwhere identity_store_id\ + \ = 'd-1234567890' and id = '1234567890-12345678-abcd-abcd-abcd-1234567890ab';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Identity Store +Title: List AWS Identity Store User Details by ID and Identity Store ID diff --git a/queries/aws_identitystore_user_2.yaml b/queries/aws_identitystore_user_2.yaml index b966fc335..c2f4967ae 100755 --- a/queries/aws_identitystore_user_2.yaml +++ b/queries/aws_identitystore_user_2.yaml @@ -1,28 +1,25 @@ +Description: Allows users to query AWS Identity Store User data, providing details + such as user ID, username, and ARN. This table is essential for managing and auditing + user information within the AWS Identity Store. ID: aws_identitystore_user_2 -Title: "Query AWS Identity Store User Data in AWS Identity Store" -Description: "Allows users to query AWS Identity Store User data, providing details such as user ID, username, and ARN. This table is essential for managing and auditing user information within the AWS Identity Store." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - name - from - aws_identitystore_user - where identity_store_id = 'd-1234567890' and name = 'test'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n name\nfrom\n aws_identitystore_user\nwhere identity_store_id\ + \ = 'd-1234567890' and name = 'test';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Identity Store +Title: Query AWS Identity Store User Data in AWS Identity Store diff --git a/queries/aws_inspector2_coverage_1.yaml b/queries/aws_inspector2_coverage_1.yaml index 68d457deb..dc9225bc0 100755 --- a/queries/aws_inspector2_coverage_1.yaml +++ b/queries/aws_inspector2_coverage_1.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS Inspector Coverage data that provides details + on the assessment targets and the assessment templates that are associated with + the AWS Inspector service. ID: aws_inspector2_coverage_1 -Title: "List AWS Inspector Coverage Assessment Targets & Templates" -Description: "Allows users to query AWS Inspector Coverage data that provides details on the assessment targets and the assessment templates that are associated with the AWS Inspector service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - source_account_id, - resource_id, - resource_type, - scan_type, - scan_status_reason, - scan_status_code - from - aws_inspector2_coverage; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n source_account_id,\n resource_id,\n resource_type,\n\ + \ scan_type,\n scan_status_reason,\n scan_status_code\nfrom\n aws_inspector2_coverage;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: List AWS Inspector Coverage Assessment Targets & Templates diff --git a/queries/aws_inspector2_coverage_2.yaml b/queries/aws_inspector2_coverage_2.yaml index 1d8fd24a0..5addfb027 100755 --- a/queries/aws_inspector2_coverage_2.yaml +++ b/queries/aws_inspector2_coverage_2.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS Inspector Coverage data that provides details + on the assessment targets and the assessment templates that are associated with + the AWS Inspector service. ID: aws_inspector2_coverage_2 -Title: "Find all AWS Inspector Coverage Details" -Description: "Allows users to query AWS Inspector Coverage data that provides details on the assessment targets and the assessment templates that are associated with the AWS Inspector service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - source_account_id, - resource_id, - resource_type, - scan_status_code - from - aws_inspector2_coverage - where - scan_status_code = 'INACTIVE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n source_account_id,\n resource_id,\n resource_type,\n\ + \ scan_status_code\nfrom\n aws_inspector2_coverage\nwhere\n scan_status_code\ + \ = 'INACTIVE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Find all AWS Inspector Coverage Details diff --git a/queries/aws_inspector2_coverage_3.yaml b/queries/aws_inspector2_coverage_3.yaml index 1283e2266..90b24809b 100755 --- a/queries/aws_inspector2_coverage_3.yaml +++ b/queries/aws_inspector2_coverage_3.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS Inspector Coverage data that provides details + on the assessment targets and the assessment templates that are associated with + the AWS Inspector service. ID: aws_inspector2_coverage_3 -Title: "Find AWS Inspector Coverage and Assessment Templates" -Description: "Allows users to query AWS Inspector Coverage data that provides details on the assessment targets and the assessment templates that are associated with the AWS Inspector service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - source_account_id, - scan_type, - resource_id as ec2_instance_id, - resource_type, - ec2_ami_id, - ec2_platform - from - aws_inspector2_coverage - where - resource_type = `aws_EC2_INSTANCE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n source_account_id,\n scan_type,\n resource_id as ec2_instance_id,\n\ + \ resource_type,\n ec2_ami_id,\n ec2_platform\nfrom\n aws_inspector2_coverage\n\ + where\n resource_type = `aws_EC2_INSTANCE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Find AWS Inspector Coverage and Assessment Templates diff --git a/queries/aws_inspector2_coverage_4.yaml b/queries/aws_inspector2_coverage_4.yaml index 91070d988..ddff3b01e 100755 --- a/queries/aws_inspector2_coverage_4.yaml +++ b/queries/aws_inspector2_coverage_4.yaml @@ -1,32 +1,25 @@ +Description: Allows users to query AWS Inspector Coverage data that provides details + on the assessment targets and the assessment templates that are associated with + the AWS Inspector service. ID: aws_inspector2_coverage_4 -Title: "List AWS Inspector Coverage Data on Assessment Targets" -Description: "Allows users to query AWS Inspector Coverage data that provides details on the assessment targets and the assessment templates that are associated with the AWS Inspector service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - source_account_id, - scan_type, - resource_id as ec2_instance_id, - resource_type, - ec2_ami_id, - ec2_platform, - ec2_instance_tags - from - aws_inspector2_coverage - where - ec2_instance_tags = '{"foo": "bar", "foo1": "bar1"}'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n source_account_id,\n scan_type,\n resource_id as ec2_instance_id,\n\ + \ resource_type,\n ec2_ami_id,\n ec2_platform,\n ec2_instance_tags\nfrom\n\ + \ aws_inspector2_coverage\nwhere\n ec2_instance_tags = '{\"foo\": \"bar\", \"\ + foo1\": \"bar1\"}';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: List AWS Inspector Coverage Data on Assessment Targets diff --git a/queries/aws_inspector2_coverage_5.yaml b/queries/aws_inspector2_coverage_5.yaml index a44382718..2445d5c9d 100755 --- a/queries/aws_inspector2_coverage_5.yaml +++ b/queries/aws_inspector2_coverage_5.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS Inspector Coverage data that provides details + on the assessment targets and the assessment templates that are associated with + the AWS Inspector service. ID: aws_inspector2_coverage_5 -Title: "List AWS Inspector Coverage Data on Assessment Targets" -Description: "Allows users to query AWS Inspector Coverage data that provides details on the assessment targets and the assessment templates that are associated with the AWS Inspector service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - source_account_id, - scan_type, - resource_id as ec2_instance_id, - resource_type, - lambda_function_name, - lambda_function_runtime, - lambda_function_tags - from - aws_inspector2_coverage - where - lambda_function_tags = '{"foo": "bar", "foo1": "bar1"}'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n source_account_id,\n scan_type,\n resource_id as ec2_instance_id,\n\ + \ resource_type,\n lambda_function_name,\n lambda_function_runtime,\n lambda_function_tags\n\ + from\n aws_inspector2_coverage\nwhere\n lambda_function_tags = '{\"foo\": \"\ + bar\", \"foo1\": \"bar1\"}';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: List AWS Inspector Coverage Data on Assessment Targets diff --git a/queries/aws_inspector2_coverage_6.yaml b/queries/aws_inspector2_coverage_6.yaml index be192e124..34b7734db 100755 --- a/queries/aws_inspector2_coverage_6.yaml +++ b/queries/aws_inspector2_coverage_6.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS Inspector Coverage data that provides details + on the assessment targets and the assessment templates that are associated with + the AWS Inspector service. ID: aws_inspector2_coverage_6 -Title: "Find AWS Inspector Coverage Data for Assessment Targets" -Description: "Allows users to query AWS Inspector Coverage data that provides details on the assessment targets and the assessment templates that are associated with the AWS Inspector service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - source_account_id, - resource_id, - resource_type, - scan_type - from - aws_inspector2_coverage - where - scan_type = 'PACKAGE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n source_account_id,\n resource_id,\n resource_type,\n\ + \ scan_type\nfrom\n aws_inspector2_coverage\nwhere\n scan_type = 'PACKAGE';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Find AWS Inspector Coverage Data for Assessment Targets diff --git a/queries/aws_inspector2_coverage_7.yaml b/queries/aws_inspector2_coverage_7.yaml index 869127c96..ad5b4dcc4 100755 --- a/queries/aws_inspector2_coverage_7.yaml +++ b/queries/aws_inspector2_coverage_7.yaml @@ -1,34 +1,25 @@ +Description: Allows users to query AWS Inspector Coverage data that provides details + on the assessment targets and the assessment templates that are associated with + the AWS Inspector service. ID: aws_inspector2_coverage_7 -Title: "List all AWS Inspector Coverage Data Details" -Description: "Allows users to query AWS Inspector Coverage data that provides details on the assessment targets and the assessment templates that are associated with the AWS Inspector service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - c.resource_id, - c.resource_type, - c.ecr_repository_name, - r.registry_id, - r.repository_uri, - r.encryption_configuration - from - aws_inspector2_coverage as c, - aws_ecr_repository as r - where - r.repository_name = c.ecr_repository_name - and - c.resource_type = `AWS_ECR_REPOSITORY'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n c.resource_id,\n c.resource_type,\n c.ecr_repository_name,\n\ + \ r.registry_id,\n r.repository_uri,\n r.encryption_configuration\nfrom\n \ + \ aws_inspector2_coverage as c,\n aws_ecr_repository as r\nwhere\n r.repository_name\ + \ = c.ecr_repository_name\nand\n c.resource_type = `AWS_ECR_REPOSITORY';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: List all AWS Inspector Coverage Data Details diff --git a/queries/aws_inspector2_coverage_8.yaml b/queries/aws_inspector2_coverage_8.yaml index 5ff4cefdc..248952f08 100755 --- a/queries/aws_inspector2_coverage_8.yaml +++ b/queries/aws_inspector2_coverage_8.yaml @@ -1,35 +1,25 @@ +Description: Allows users to query AWS Inspector Coverage data that provides details + on the assessment targets and the assessment templates that are associated with + the AWS Inspector service. ID: aws_inspector2_coverage_8 -Title: "Find AWS Inspector Coverage Data on Assessment Targets" -Description: "Allows users to query AWS Inspector Coverage data that provides details on the assessment targets and the assessment templates that are associated with the AWS Inspector service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - c.resource_id, - c.resource_type, - c.lambda_function_name, - f.arn as lambda_function_arn, - c.lambda_function_runtime, - f.code_sha_256, - f.code_size, - f.kms_key_arn, - f.package_type - from - aws_inspector2_coverage as c, - aws_lambda_function as f - where - f.name = c.lambda_function_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n c.resource_id,\n c.resource_type,\n c.lambda_function_name,\n\ + \ f.arn as lambda_function_arn,\n c.lambda_function_runtime,\n f.code_sha_256,\n\ + \ f.code_size,\n f.kms_key_arn,\n f.package_type\nfrom\n aws_inspector2_coverage\ + \ as c,\n aws_lambda_function as f\nwhere\n f.name = c.lambda_function_name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Find AWS Inspector Coverage Data on Assessment Targets diff --git a/queries/aws_inspector2_coverage_9.yaml b/queries/aws_inspector2_coverage_9.yaml index 941765b55..32efc15ac 100755 --- a/queries/aws_inspector2_coverage_9.yaml +++ b/queries/aws_inspector2_coverage_9.yaml @@ -1,35 +1,25 @@ +Description: Allows users to query AWS Inspector Coverage data that provides details + on the assessment targets and the assessment templates that are associated with + the AWS Inspector service. ID: aws_inspector2_coverage_9 -Title: "Find AWS Inspector Coverage Data for EC2 Instances" -Description: "Allows users to query AWS Inspector Coverage data that provides details on the assessment targets and the assessment templates that are associated with the AWS Inspector service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - c.resource_id as ec2_instance_id, - c.resource_type, - c.ec2_ami_id, - i.instance_type, - i.instance_state, - i.disable_api_termination, - i.ebs_optimized - from - aws_inspector2_coverage as c, - aws_ec2_instance as i - where - i.instance_id = c.resource_id - and - c.resource_type = `AWS_EC2_INSTANCE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n c.resource_id as ec2_instance_id,\n c.resource_type,\n\ + \ c.ec2_ami_id,\n i.instance_type,\n i.instance_state,\n i.disable_api_termination,\n\ + \ i.ebs_optimized\nfrom\n aws_inspector2_coverage as c,\n aws_ec2_instance\ + \ as i\nwhere\n i.instance_id = c.resource_id\nand\n c.resource_type = `AWS_EC2_INSTANCE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Inspector +Title: Find AWS Inspector Coverage Data for EC2 Instances diff --git a/queries/aws_inspector2_coverage_statistics_1.yaml b/queries/aws_inspector2_coverage_statistics_1.yaml index 1ae1268f5..579c85a3a 100755 --- a/queries/aws_inspector2_coverage_statistics_1.yaml +++ b/queries/aws_inspector2_coverage_statistics_1.yaml @@ -1,23 +1,19 @@ +Description: Allows users to query AWS Inspector2 Coverage Statistics to obtain detailed + information about the assessment targets and the number of instances they cover. ID: aws_inspector2_coverage_statistics_1 -Title: "Find Detailed AWS Inspector2 Coverage Statistics" -Description: "Allows users to query AWS Inspector2 Coverage Statistics to obtain detailed information about the assessment targets and the number of instances they cover." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - total_counts, - counts_by_group - from - aws_inspector2_coverage_statistics; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n total_counts,\n counts_by_group\nfrom\n aws_inspector2_coverage_statistics;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector2 +Title: Find Detailed AWS Inspector2 Coverage Statistics diff --git a/queries/aws_inspector2_coverage_statistics_2.yaml b/queries/aws_inspector2_coverage_statistics_2.yaml index 4c42519a8..e1c4e454a 100755 --- a/queries/aws_inspector2_coverage_statistics_2.yaml +++ b/queries/aws_inspector2_coverage_statistics_2.yaml @@ -1,24 +1,21 @@ +Description: Allows users to query AWS Inspector2 Coverage Statistics to obtain detailed + information about the assessment targets and the number of instances they cover. ID: aws_inspector2_coverage_statistics_2 -Title: "Find AWS Inspector2 Coverage Statistics Details" -Description: "Allows users to query AWS Inspector2 Coverage Statistics to obtain detailed information about the assessment targets and the number of instances they cover." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - g ->> 'Count' as count, - g ->> 'GroupKey' as group_key - from - aws_inspector2_coverage_statistics, - jsonb_array_elements(counts_by_group) as g; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n g ->> 'Count' as count,\n g ->> 'GroupKey' as group_key\n\ + from\n aws_inspector2_coverage_statistics,\n jsonb_array_elements(counts_by_group)\ + \ as g;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector2 +Title: Find AWS Inspector2 Coverage Statistics Details diff --git a/queries/aws_inspector2_finding_1.yaml b/queries/aws_inspector2_finding_1.yaml index e4cc980e9..df31693be 100755 --- a/queries/aws_inspector2_finding_1.yaml +++ b/queries/aws_inspector2_finding_1.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS Inspector findings to gain insights into potential + security issues and vulnerabilities within their AWS resources. The table provides + detailed information about each finding, including its severity, status, and associated + resources. ID: aws_inspector2_finding_1 -Title: "Find AWS Inspector Findings and Insights Using SQL" -Description: "Allows users to query AWS Inspector findings to gain insights into potential security issues and vulnerabilities within their AWS resources. The table provides detailed information about each finding, including its severity, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - description, - fix_available, - inspector_score, - severity, - finding_account_id - from - aws_inspector2_finding; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n description,\n fix_available,\n inspector_score,\n\ + \ severity,\n finding_account_id\nfrom\n aws_inspector2_finding;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Find AWS Inspector Findings and Insights Using SQL diff --git a/queries/aws_inspector2_finding_10.yaml b/queries/aws_inspector2_finding_10.yaml index 5d97919e0..5ca1a7cb9 100755 --- a/queries/aws_inspector2_finding_10.yaml +++ b/queries/aws_inspector2_finding_10.yaml @@ -1,32 +1,27 @@ +Description: Allows users to query AWS Inspector findings to gain insights into potential + security issues and vulnerabilities within their AWS resources. The table provides + detailed information about each finding, including its severity, status, and associated + resources. ID: aws_inspector2_finding_10 -Title: "Find all AWS Inspector findings with fix available" -Description: "Allows users to query AWS Inspector findings to gain insights into potential security issues and vulnerabilities within their AWS resources. The table provides detailed information about each finding, including its severity, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - finding_account_id, - first_observed_at, - fix_available, - exploit_available - from - aws_inspector2_finding - where - fix_available = 'YES'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n finding_account_id,\n first_observed_at,\n \ + \ fix_available,\n exploit_available\nfrom\n aws_inspector2_finding\nwhere\n\ + \ fix_available = 'YES';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Find all AWS Inspector findings with fix available diff --git a/queries/aws_inspector2_finding_11.yaml b/queries/aws_inspector2_finding_11.yaml index e0b8a7542..63a565877 100755 --- a/queries/aws_inspector2_finding_11.yaml +++ b/queries/aws_inspector2_finding_11.yaml @@ -1,32 +1,27 @@ +Description: Allows users to query AWS Inspector findings to gain insights into potential + security issues and vulnerabilities within their AWS resources. The table provides + detailed information about each finding, including its severity, status, and associated + resources. ID: aws_inspector2_finding_11 -Title: "Find AWS Inspector findings and security issues" -Description: "Allows users to query AWS Inspector findings to gain insights into potential security issues and vulnerabilities within their AWS resources. The table provides detailed information about each finding, including its severity, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - inspector_score, - first_observed_at, - last_observed_at - inspector_score_details - from - aws_inspector2_finding - order by - inspector_score desc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n inspector_score,\n first_observed_at,\n last_observed_at\n\ + \ inspector_score_details\nfrom\n aws_inspector2_finding\norder by\n inspector_score\ + \ desc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Find AWS Inspector findings and security issues diff --git a/queries/aws_inspector2_finding_12.yaml b/queries/aws_inspector2_finding_12.yaml index 14f1260c5..8ebc40f89 100755 --- a/queries/aws_inspector2_finding_12.yaml +++ b/queries/aws_inspector2_finding_12.yaml @@ -1,32 +1,32 @@ +Description: Allows users to query AWS Inspector findings to gain insights into potential + security issues and vulnerabilities within their AWS resources. The table provides + detailed information about each finding, including its severity, status, and associated + resources. ID: aws_inspector2_finding_12 -Title: "Find AWS Inspector findings and security issues" -Description: "Allows users to query AWS Inspector findings to gain insights into potential security issues and vulnerabilities within their AWS resources. The table provides detailed information about each finding, including its severity, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - inspector_score_details -> 'AdjustedCvss' ->> 'Score' as adjusted_cvss_score, - inspector_score_details -> 'AdjustedCvss' ->> 'ScScoreSourceore' as adjusted_cvss_source_score, - inspector_score_details -> 'AdjustedCvss' ->> 'ScoScoringVectorre' as adjusted_cvss_scoring_vector, - inspector_score_details -> 'AdjustedCvss' ->> 'Version' as adjusted_cvss_version, - inspector_score_details -> 'AdjustedCvss' -> 'Adjustments' as adjusted_cvss_adjustments, - inspector_score_details -> 'AdjustedCvss' ->> 'CvssSource' as adjusted_cvss_cvss_source - from - aws_inspector2_finding; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n inspector_score_details -> 'AdjustedCvss' ->>\ + \ 'Score' as adjusted_cvss_score,\n inspector_score_details -> 'AdjustedCvss'\ + \ ->> 'ScScoreSourceore' as adjusted_cvss_source_score,\n inspector_score_details\ + \ -> 'AdjustedCvss' ->> 'ScoScoringVectorre' as adjusted_cvss_scoring_vector,\n\ + \ inspector_score_details -> 'AdjustedCvss' ->> 'Version' as adjusted_cvss_version,\n\ + \ inspector_score_details -> 'AdjustedCvss' -> 'Adjustments' as adjusted_cvss_adjustments,\n\ + \ inspector_score_details -> 'AdjustedCvss' ->> 'CvssSource' as adjusted_cvss_cvss_source\n\ + from\n aws_inspector2_finding;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Find AWS Inspector findings and security issues diff --git a/queries/aws_inspector2_finding_13.yaml b/queries/aws_inspector2_finding_13.yaml index 4328f836b..26a5a0f0b 100755 --- a/queries/aws_inspector2_finding_13.yaml +++ b/queries/aws_inspector2_finding_13.yaml @@ -1,28 +1,27 @@ +Description: Allows users to query AWS Inspector findings to gain insights into potential + security issues and vulnerabilities within their AWS resources. The table provides + detailed information about each finding, including its severity, status, and associated + resources. ID: aws_inspector2_finding_13 -Title: "Find all AWS Inspector findings for security insights" -Description: "Allows users to query AWS Inspector findings to gain insights into potential security issues and vulnerabilities within their AWS resources. The table provides detailed information about each finding, including its severity, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - network_reachability_details -> 'NetworkPath' -> 'Steps' as network_pathsteps, - network_reachability_details -> 'OpenPortRange' ->> 'Begin' as open_port_range_begin, - network_reachability_details -> 'OpenPortRange' ->> 'End' as open_port_range_end, - network_reachability_details -> 'Protocol' as protocol - from - aws_inspector2_finding; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n network_reachability_details -> 'NetworkPath'\ + \ -> 'Steps' as network_pathsteps,\n network_reachability_details -> 'OpenPortRange'\ + \ ->> 'Begin' as open_port_range_begin,\n network_reachability_details -> 'OpenPortRange'\ + \ ->> 'End' as open_port_range_end,\n network_reachability_details -> 'Protocol'\ + \ as protocol\nfrom\n aws_inspector2_finding;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Find all AWS Inspector findings for security insights diff --git a/queries/aws_inspector2_finding_14.yaml b/queries/aws_inspector2_finding_14.yaml index 909c8dba2..903ecd839 100755 --- a/queries/aws_inspector2_finding_14.yaml +++ b/queries/aws_inspector2_finding_14.yaml @@ -1,31 +1,26 @@ +Description: Allows users to query AWS Inspector findings to gain insights into potential + security issues and vulnerabilities within their AWS resources. The table provides + detailed information about each finding, including its severity, status, and associated + resources. ID: aws_inspector2_finding_14 -Title: "List AWS Inspector Findings with Severity and Status" -Description: "Allows users to query AWS Inspector findings to gain insights into potential security issues and vulnerabilities within their AWS resources. The table provides detailed information about each finding, including its severity, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - finding_account_id, - first_observed_at, - fix_available, - exploit_available, - resource_tags - from - aws_inspector2_finding - where - resource_tags = '[{"key": "Name", "value": "Dev"}, {"key": "Name", "value": "Prod"}]'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n finding_account_id,\n first_observed_at,\n \ + \ fix_available,\n exploit_available,\n resource_tags\nfrom\n aws_inspector2_finding\n\ + where\n resource_tags = '[{\"key\": \"Name\", \"value\": \"Dev\"}, {\"key\":\ + \ \"Name\", \"value\": \"Prod\"}]';" Tags: cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: List AWS Inspector Findings with Severity and Status diff --git a/queries/aws_inspector2_finding_15.yaml b/queries/aws_inspector2_finding_15.yaml index 48de1c08b..b66b577aa 100755 --- a/queries/aws_inspector2_finding_15.yaml +++ b/queries/aws_inspector2_finding_15.yaml @@ -1,31 +1,28 @@ +Description: Allows users to query AWS Inspector findings to gain insights into potential + security issues and vulnerabilities within their AWS resources. The table provides + detailed information about each finding, including its severity, status, and associated + resources. ID: aws_inspector2_finding_15 -Title: "Find AWS Inspector Findings and Security Issues" -Description: "Allows users to query AWS Inspector findings to gain insights into potential security issues and vulnerabilities within their AWS resources. The table provides detailed information about each finding, including its severity, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - finding_account_id, - first_observed_at, - fix_available, - exploit_available, - vulnerable_package - from - aws_inspector2_finding - where - vulnerable_package = '[{"architecture": "arc", "epoch": "231321", "name": "myVulere", "release": "v0.2.0", "sourceLambdaLayerArn": "arn:aws:lambda:us-west-2:123456789012:layer:my-layer:1", "sourceLayerHash": "dbasjkhda872", "version": "v0.1.0"}]'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n finding_account_id,\n first_observed_at,\n \ + \ fix_available,\n exploit_available,\n vulnerable_package\nfrom\n aws_inspector2_finding\n\ + where\n vulnerable_package = '[{\"architecture\": \"arc\", \"epoch\": \"231321\"\ + , \"name\": \"myVulere\", \"release\": \"v0.2.0\", \"sourceLambdaLayerArn\": \"\ + arn:aws:lambda:us-west-2:123456789012:layer:my-layer:1\", \"sourceLayerHash\"\ + : \"dbasjkhda872\", \"version\": \"v0.1.0\"}]';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Find AWS Inspector Findings and Security Issues diff --git a/queries/aws_inspector2_finding_2.yaml b/queries/aws_inspector2_finding_2.yaml index 59a04d0ae..fb58fb2f2 100755 --- a/queries/aws_inspector2_finding_2.yaml +++ b/queries/aws_inspector2_finding_2.yaml @@ -1,32 +1,26 @@ +Description: Allows users to query AWS Inspector findings to gain insights into potential + security issues and vulnerabilities within their AWS resources. The table provides + detailed information about each finding, including its severity, status, and associated + resources. ID: aws_inspector2_finding_2 -Title: "Find AWS Inspector Findings with High Severity" -Description: "Allows users to query AWS Inspector findings to gain insights into potential security issues and vulnerabilities within their AWS resources. The table provides detailed information about each finding, including its severity, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - source, - vendor_severity, - status, - severity - from - aws_inspector2_finding - where - severity = 'HIGH'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n source,\n vendor_severity,\n status,\n severity\n\ + from\n aws_inspector2_finding\nwhere\n severity = 'HIGH';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Find AWS Inspector Findings with High Severity diff --git a/queries/aws_inspector2_finding_3.yaml b/queries/aws_inspector2_finding_3.yaml index 90e6ab894..1afa86b26 100755 --- a/queries/aws_inspector2_finding_3.yaml +++ b/queries/aws_inspector2_finding_3.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS Inspector findings to gain insights into potential + security issues and vulnerabilities within their AWS resources. The table provides + detailed information about each finding, including its severity, status, and associated + resources. ID: aws_inspector2_finding_3 -Title: "Find Insights into AWS Inspector Security Issues" -Description: "Allows users to query AWS Inspector findings to gain insights into potential security issues and vulnerabilities within their AWS resources. The table provides detailed information about each finding, including its severity, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - severity, - count(severity) - from - aws_inspector2_finding - group by - severity - order by - severity; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n severity,\n count(severity)\nfrom\n aws_inspector2_finding\n\ + group by\n severity\norder by\n severity;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Find Insights into AWS Inspector Security Issues diff --git a/queries/aws_inspector2_finding_4.yaml b/queries/aws_inspector2_finding_4.yaml index b7ab08ab6..627ddf4ef 100755 --- a/queries/aws_inspector2_finding_4.yaml +++ b/queries/aws_inspector2_finding_4.yaml @@ -1,30 +1,26 @@ +Description: Allows users to query AWS Inspector findings to gain insights into potential + security issues and vulnerabilities within their AWS resources. The table provides + detailed information about each finding, including its severity, status, and associated + resources. ID: aws_inspector2_finding_4 -Title: "Find all AWS Inspector findings with details" -Description: "Allows users to query AWS Inspector findings to gain insights into potential security issues and vulnerabilities within their AWS resources. The table provides detailed information about each finding, including its severity, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - arn, - severity - from - aws_inspector2_finding - where - last_observed_at >= now() - interval '10' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n arn,\n severity\nfrom\n aws_inspector2_finding\n\ + where\n last_observed_at >= now() - interval '10' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Find all AWS Inspector findings with details diff --git a/queries/aws_inspector2_finding_5.yaml b/queries/aws_inspector2_finding_5.yaml index 7c090e8fb..961ad6e9a 100755 --- a/queries/aws_inspector2_finding_5.yaml +++ b/queries/aws_inspector2_finding_5.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS Inspector findings to gain insights into potential + security issues and vulnerabilities within their AWS resources. The table provides + detailed information about each finding, including its severity, status, and associated + resources. ID: aws_inspector2_finding_5 -Title: "Find AWS Inspector suppressed findings" -Description: "Allows users to query AWS Inspector findings to gain insights into potential security issues and vulnerabilities within their AWS resources. The table provides detailed information about each finding, including its severity, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - status, - type, - resources, - vulnerable_packages - from - aws_inspector2_finding - where - status = 'SUPPRESSED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n status,\n type,\n resources,\n vulnerable_packages\n\ + from\n aws_inspector2_finding\nwhere\n status = 'SUPPRESSED';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Find AWS Inspector suppressed findings diff --git a/queries/aws_inspector2_finding_6.yaml b/queries/aws_inspector2_finding_6.yaml index 0e294c522..60b757be3 100755 --- a/queries/aws_inspector2_finding_6.yaml +++ b/queries/aws_inspector2_finding_6.yaml @@ -1,32 +1,26 @@ +Description: Allows users to query AWS Inspector findings to gain insights into potential + security issues and vulnerabilities within their AWS resources. The table provides + detailed information about each finding, including its severity, status, and associated + resources. ID: aws_inspector2_finding_6 -Title: "Find AWS Inspector findings to identify vulnerabilities" -Description: "Allows users to query AWS Inspector findings to gain insights into potential security issues and vulnerabilities within their AWS resources. The table provides detailed information about each finding, including its severity, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - status, - type, - resources, - vulnerable_packages - from - aws_inspector2_finding - where - type = 'PACKAGE_VULNERABILITY'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n status,\n type,\n resources,\n vulnerable_packages\n\ + from\n aws_inspector2_finding\nwhere\n type = 'PACKAGE_VULNERABILITY';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Find AWS Inspector findings to identify vulnerabilities diff --git a/queries/aws_inspector2_finding_7.yaml b/queries/aws_inspector2_finding_7.yaml index 1dd642f17..f8fc76e87 100755 --- a/queries/aws_inspector2_finding_7.yaml +++ b/queries/aws_inspector2_finding_7.yaml @@ -1,30 +1,26 @@ +Description: Allows users to query AWS Inspector findings to gain insights into potential + security issues and vulnerabilities within their AWS resources. The table provides + detailed information about each finding, including its severity, status, and associated + resources. ID: aws_inspector2_finding_7 -Title: "Query AWS Inspector findings for security insights" -Description: "Allows users to query AWS Inspector findings to gain insights into potential security issues and vulnerabilities within their AWS resources. The table provides detailed information about each finding, including its severity, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - f.arn as finding_arn, - r ->> 'Id' as resource_id, - r ->> 'Type' as resource_type, - r ->> 'Details' as resource_details, - r ->> 'Partition' as partition, - r ->> 'Tags' as resource_tags - from - aws_inspector2_finding as f, - jsonb_array_elements(resources) as r; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n f.arn as finding_arn,\n r ->> 'Id' as resource_id,\n\ + \ r ->> 'Type' as resource_type,\n r ->> 'Details' as resource_details,\n r\ + \ ->> 'Partition' as partition,\n r ->> 'Tags' as resource_tags\nfrom\n aws_inspector2_finding\ + \ as f,\n jsonb_array_elements(resources) as r;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Query AWS Inspector findings for security insights diff --git a/queries/aws_inspector2_finding_8.yaml b/queries/aws_inspector2_finding_8.yaml index efa3bf15e..57d7310f1 100755 --- a/queries/aws_inspector2_finding_8.yaml +++ b/queries/aws_inspector2_finding_8.yaml @@ -1,37 +1,31 @@ +Description: Allows users to query AWS Inspector findings to gain insights into potential + security issues and vulnerabilities within their AWS resources. The table provides + detailed information about each finding, including its severity, status, and associated + resources. ID: aws_inspector2_finding_8 -Title: "Find AWS Inspector findings and vulnerabilities via SQL" -Description: "Allows users to query AWS Inspector findings to gain insights into potential security issues and vulnerabilities within their AWS resources. The table provides detailed information about each finding, including its severity, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - f.arn, - f.vulnerability_id, - v ->> 'Name' as vulnerability_package_name, - v ->> 'Version' as vulnerability_package_version, - v ->> 'Arch' as vulnerability_package_arch, - v ->> 'Epoch' as vulnerability_package_epoch, - v ->> 'FilePath' as vulnerability_package_file_path, - v ->> 'FixedInVersion' as vulnerability_package_fixed_in_version, - v ->> 'PackageManager' as vulnerability_package_package_manager, - v ->> 'Release' as vulnerability_package_release, - v ->> 'Remediation' as vulnerability_package_remediation, - v ->> 'SourceLambdaLayerArn' as source_lambda_layer_arn, - v ->> 'Name' as source_layer_hash - from - aws_inspector2_finding as f, - jsonb_array_elements(vulnerable_packages) as v; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n f.arn,\n f.vulnerability_id,\n v ->> 'Name' as vulnerability_package_name,\n\ + \ v ->> 'Version' as vulnerability_package_version,\n v ->> 'Arch' as vulnerability_package_arch,\n\ + \ v ->> 'Epoch' as vulnerability_package_epoch,\n v ->> 'FilePath' as vulnerability_package_file_path,\n\ + \ v ->> 'FixedInVersion' as vulnerability_package_fixed_in_version,\n v ->>\ + \ 'PackageManager' as vulnerability_package_package_manager,\n v ->> 'Release'\ + \ as vulnerability_package_release,\n v ->> 'Remediation' as vulnerability_package_remediation,\n\ + \ v ->> 'SourceLambdaLayerArn' as source_lambda_layer_arn,\n v ->> 'Name' as\ + \ source_layer_hash\nfrom\n aws_inspector2_finding as f,\n jsonb_array_elements(vulnerable_packages)\ + \ as v;" Tags: cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Find AWS Inspector findings and vulnerabilities via SQL diff --git a/queries/aws_inspector2_finding_9.yaml b/queries/aws_inspector2_finding_9.yaml index a6b94693e..dbaed78cd 100755 --- a/queries/aws_inspector2_finding_9.yaml +++ b/queries/aws_inspector2_finding_9.yaml @@ -1,32 +1,27 @@ +Description: Allows users to query AWS Inspector findings to gain insights into potential + security issues and vulnerabilities within their AWS resources. The table provides + detailed information about each finding, including its severity, status, and associated + resources. ID: aws_inspector2_finding_9 -Title: "Find and Query Insights into AWS Inspector Findings" -Description: "Allows users to query AWS Inspector findings to gain insights into potential security issues and vulnerabilities within their AWS resources. The table provides detailed information about each finding, including its severity, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - finding_account_id, - first_observed_at, - fix_available, - exploit_available - from - aws_inspector2_finding - where - exploit_available = 'YES'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n finding_account_id,\n first_observed_at,\n \ + \ fix_available,\n exploit_available\nfrom\n aws_inspector2_finding\nwhere\n\ + \ exploit_available = 'YES';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Find and Query Insights into AWS Inspector Findings diff --git a/queries/aws_inspector2_member_1.yaml b/queries/aws_inspector2_member_1.yaml index cfd6ae2ca..2eb43409d 100755 --- a/queries/aws_inspector2_member_1.yaml +++ b/queries/aws_inspector2_member_1.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Inspector Members to retrieve detailed information + about the member accounts within an AWS Inspector assessment target. ID: aws_inspector2_member_1 -Title: "Find all AWS Inspector Members and Their Details" -Description: "Allows users to query AWS Inspector Members to retrieve detailed information about the member accounts within an AWS Inspector assessment target." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - member_account_id, - delegated_admin_account_id, - relationship_status, - updated_at - from - aws_inspector2_member; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n member_account_id,\n delegated_admin_account_id,\n \ + \ relationship_status,\n updated_at\nfrom\n aws_inspector2_member;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Find all AWS Inspector Members and Their Details diff --git a/queries/aws_inspector2_member_2.yaml b/queries/aws_inspector2_member_2.yaml index 70f449323..3eaca0cad 100755 --- a/queries/aws_inspector2_member_2.yaml +++ b/queries/aws_inspector2_member_2.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Inspector Members to retrieve detailed information + about the member accounts within an AWS Inspector assessment target. ID: aws_inspector2_member_2 -Title: "Find AWS Inspector Members Information" -Description: "Allows users to query AWS Inspector Members to retrieve detailed information about the member accounts within an AWS Inspector assessment target." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - member_account_id, - delegated_admin_account_id, - relationship_status, - updated_at - from - aws_inspector2_member - where - updated_at >= now() - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n member_account_id,\n delegated_admin_account_id,\n \ + \ relationship_status,\n updated_at\nfrom\n aws_inspector2_member\nwhere\n \ + \ updated_at >= now() - interval '30' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Find AWS Inspector Members Information diff --git a/queries/aws_inspector2_member_3.yaml b/queries/aws_inspector2_member_3.yaml index 2bd294d74..46b8e8150 100755 --- a/queries/aws_inspector2_member_3.yaml +++ b/queries/aws_inspector2_member_3.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS Inspector Members to retrieve detailed information + about the member accounts within an AWS Inspector assessment target. ID: aws_inspector2_member_3 -Title: "Find all AWS Inspector Member Accounts Information" -Description: "Allows users to query AWS Inspector Members to retrieve detailed information about the member accounts within an AWS Inspector assessment target." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - member_account_id, - delegated_admin_account_id, - relationship_status - from - aws_inspector2_member - where - relationship_status = 'INVITED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n member_account_id,\n delegated_admin_account_id,\n \ + \ relationship_status\nfrom\n aws_inspector2_member\nwhere\n relationship_status\ + \ = 'INVITED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Inspector +Title: Find all AWS Inspector Member Accounts Information diff --git a/queries/aws_inspector_assessment_run_1.yaml b/queries/aws_inspector_assessment_run_1.yaml index 6814a8c37..f8d67eeb9 100755 --- a/queries/aws_inspector_assessment_run_1.yaml +++ b/queries/aws_inspector_assessment_run_1.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS Inspector Assessment Runs to get detailed information + about each assessment run, including its state, duration, findings, and more. ID: aws_inspector_assessment_run_1 -Title: "List all AWS Inspector Assessment Runs and Details" -Description: "Allows users to query AWS Inspector Assessment Runs to get detailed information about each assessment run, including its state, duration, findings, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - assessment_template_arn, - created_at, - state, - region - from - aws_inspector_assessment_run; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n assessment_template_arn,\n created_at,\n\ + \ state,\n region\nfrom\n aws_inspector_assessment_run;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: List all AWS Inspector Assessment Runs and Details diff --git a/queries/aws_inspector_assessment_run_2.yaml b/queries/aws_inspector_assessment_run_2.yaml index b95ae1d9b..bb19e84f9 100755 --- a/queries/aws_inspector_assessment_run_2.yaml +++ b/queries/aws_inspector_assessment_run_2.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Inspector Assessment Runs to get detailed information + about each assessment run, including its state, duration, findings, and more. ID: aws_inspector_assessment_run_2 -Title: "Find AWS Inspector Assessment Runs with Details" -Description: "Allows users to query AWS Inspector Assessment Runs to get detailed information about each assessment run, including its state, duration, findings, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - finding_counts ->> 'High' as high, - finding_counts ->> 'Low' as low, - finding_counts ->> 'Medium' as medium, - finding_counts ->> 'Informational' as informational, - state - from - aws_inspector_assessment_run; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n finding_counts ->> 'High' as high,\n finding_counts\ + \ ->> 'Low' as low,\n finding_counts ->> 'Medium' as medium,\n finding_counts\ + \ ->> 'Informational' as informational,\n state\nfrom\n aws_inspector_assessment_run;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Find AWS Inspector Assessment Runs with Details diff --git a/queries/aws_inspector_assessment_run_3.yaml b/queries/aws_inspector_assessment_run_3.yaml index 75b1de446..c721f2434 100755 --- a/queries/aws_inspector_assessment_run_3.yaml +++ b/queries/aws_inspector_assessment_run_3.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS Inspector Assessment Runs to get detailed information + about each assessment run, including its state, duration, findings, and more. ID: aws_inspector_assessment_run_3 -Title: "List all AWS Inspector Assessment Runs and Their Details" -Description: "Allows users to query AWS Inspector Assessment Runs to get detailed information about each assessment run, including its state, duration, findings, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - t.name as assessment_template_name, - r.name as assessment_run_name, - r.created_at as assessment_run_created_at, - r.state, - r.region - from - aws_inspector_assessment_run as r, - aws_inspector_assessment_template as t - where - r.assessment_template_arn = t.arn; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n t.name as assessment_template_name,\n r.name as assessment_run_name,\n\ + \ r.created_at as assessment_run_created_at,\n r.state,\n r.region\nfrom\n\ + \ aws_inspector_assessment_run as r,\n aws_inspector_assessment_template as\ + \ t\nwhere\n r.assessment_template_arn = t.arn;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Inspector +Title: List all AWS Inspector Assessment Runs and Their Details diff --git a/queries/aws_inspector_assessment_run_4.yaml b/queries/aws_inspector_assessment_run_4.yaml index 2ec68c8d8..d42cad3ce 100755 --- a/queries/aws_inspector_assessment_run_4.yaml +++ b/queries/aws_inspector_assessment_run_4.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query AWS Inspector Assessment Runs to get detailed information + about each assessment run, including its state, duration, findings, and more. ID: aws_inspector_assessment_run_4 -Title: "List all AWS Inspector Assessment Runs and their details" -Description: "Allows users to query AWS Inspector Assessment Runs to get detailed information about each assessment run, including its state, duration, findings, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - assessment_template_arn, - created_at, - state, - region - from - aws_inspector_assessment_run - where - state <> 'COMPLETED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n assessment_template_arn,\n created_at,\n\ + \ state,\n region\nfrom\n aws_inspector_assessment_run\nwhere\n state <> 'COMPLETED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: List all AWS Inspector Assessment Runs and their details diff --git a/queries/aws_inspector_assessment_run_5.yaml b/queries/aws_inspector_assessment_run_5.yaml index 2ab74765d..8c72577dd 100755 --- a/queries/aws_inspector_assessment_run_5.yaml +++ b/queries/aws_inspector_assessment_run_5.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Inspector Assessment Runs to get detailed information + about each assessment run, including its state, duration, findings, and more. ID: aws_inspector_assessment_run_5 -Title: "Query AWS Inspector Assessment Run Details" -Description: "Allows users to query AWS Inspector Assessment Runs to get detailed information about each assessment run, including its state, duration, findings, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - state, - jsonb_pretty(state_changes) as state_changes - from - aws_inspector_assessment_run; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n state,\n jsonb_pretty(state_changes)\ + \ as state_changes\nfrom\n aws_inspector_assessment_run;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Query AWS Inspector Assessment Run Details diff --git a/queries/aws_inspector_assessment_run_6.yaml b/queries/aws_inspector_assessment_run_6.yaml index a20b88ddc..d8fc04ba1 100755 --- a/queries/aws_inspector_assessment_run_6.yaml +++ b/queries/aws_inspector_assessment_run_6.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS Inspector Assessment Runs to get detailed information + about each assessment run, including its state, duration, findings, and more. ID: aws_inspector_assessment_run_6 -Title: "List all AWS Inspector Assessment Runs in Last Week" -Description: "Allows users to query AWS Inspector Assessment Runs to get detailed information about each assessment run, including its state, duration, findings, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - assessment_template_arn, - created_at, - state, - region - from - aws_inspector_assessment_run - where - created_at >= (now() - interval '7' day); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n assessment_template_arn,\n created_at,\n\ + \ state,\n region\nfrom\n aws_inspector_assessment_run\nwhere\n created_at\ + \ >= (now() - interval '7' day);" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: List all AWS Inspector Assessment Runs in Last Week diff --git a/queries/aws_inspector_assessment_target_1.yaml b/queries/aws_inspector_assessment_target_1.yaml index a46eae31a..56e2fb867 100755 --- a/queries/aws_inspector_assessment_target_1.yaml +++ b/queries/aws_inspector_assessment_target_1.yaml @@ -1,29 +1,27 @@ +Description: Allows users to query AWS Inspector Assessment Targets. The `aws_inspector_assessment_target` + table in Steampipe provides information about assessment targets within AWS Inspector. + This table allows DevOps engineers to query target-specific details, including ARN, + name, and associated resource group ARN. Users can utilize this table to gather + insights on assessment targets, such as their creation time, last updated time, + and more. The schema outlines the various attributes of the assessment target, including + the target ARN, creation date, and associated tags. ID: aws_inspector_assessment_target_1 -Title: "List AWS Inspector Assessment Targets with Details" -Description: "Allows users to query AWS Inspector Assessment Targets. The `aws_inspector_assessment_target` table in Steampipe provides information about assessment targets within AWS Inspector. This table allows DevOps engineers to query target-specific details, including ARN, name, and associated resource group ARN. Users can utilize this table to gather insights on assessment targets, such as their creation time, last updated time, and more. The schema outlines the various attributes of the assessment target, including the target ARN, creation date, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - resource_group_arn, - created_at, - updated_at, - region - from - aws_inspector_assessment_target; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n resource_group_arn,\n created_at,\n\ + \ updated_at,\n region\nfrom\n aws_inspector_assessment_target;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Inspector +Title: List AWS Inspector Assessment Targets with Details diff --git a/queries/aws_inspector_assessment_target_2.yaml b/queries/aws_inspector_assessment_target_2.yaml index 44daaea1e..abce2155c 100755 --- a/queries/aws_inspector_assessment_target_2.yaml +++ b/queries/aws_inspector_assessment_target_2.yaml @@ -1,31 +1,28 @@ +Description: Allows users to query AWS Inspector Assessment Targets. The `aws_inspector_assessment_target` + table in Steampipe provides information about assessment targets within AWS Inspector. + This table allows DevOps engineers to query target-specific details, including ARN, + name, and associated resource group ARN. Users can utilize this table to gather + insights on assessment targets, such as their creation time, last updated time, + and more. The schema outlines the various attributes of the assessment target, including + the target ARN, creation date, and associated tags. ID: aws_inspector_assessment_target_2 -Title: "Find AWS Inspector Assessment Targets Created in Last 7 Days" -Description: "Allows users to query AWS Inspector Assessment Targets. The `aws_inspector_assessment_target` table in Steampipe provides information about assessment targets within AWS Inspector. This table allows DevOps engineers to query target-specific details, including ARN, name, and associated resource group ARN. Users can utilize this table to gather insights on assessment targets, such as their creation time, last updated time, and more. The schema outlines the various attributes of the assessment target, including the target ARN, creation date, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - resource_group_arn, - created_at, - updated_at, - region - from - aws_inspector_assessment_target - where - created_at > (current_date - interval '7' day); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n resource_group_arn,\n created_at,\n\ + \ updated_at,\n region\nfrom\n aws_inspector_assessment_target\nwhere\n created_at\ + \ > (current_date - interval '7' day);" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Find AWS Inspector Assessment Targets Created in Last 7 Days diff --git a/queries/aws_inspector_assessment_target_3.yaml b/queries/aws_inspector_assessment_target_3.yaml index eefb3507c..72f4f5a57 100755 --- a/queries/aws_inspector_assessment_target_3.yaml +++ b/queries/aws_inspector_assessment_target_3.yaml @@ -1,31 +1,28 @@ +Description: Allows users to query AWS Inspector Assessment Targets. The `aws_inspector_assessment_target` + table in Steampipe provides information about assessment targets within AWS Inspector. + This table allows DevOps engineers to query target-specific details, including ARN, + name, and associated resource group ARN. Users can utilize this table to gather + insights on assessment targets, such as their creation time, last updated time, + and more. The schema outlines the various attributes of the assessment target, including + the target ARN, creation date, and associated tags. ID: aws_inspector_assessment_target_3 -Title: "List AWS Inspector Assessment Targets Details" -Description: "Allows users to query AWS Inspector Assessment Targets. The `aws_inspector_assessment_target` table in Steampipe provides information about assessment targets within AWS Inspector. This table allows DevOps engineers to query target-specific details, including ARN, name, and associated resource group ARN. Users can utilize this table to gather insights on assessment targets, such as their creation time, last updated time, and more. The schema outlines the various attributes of the assessment target, including the target ARN, creation date, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - resource_group_arn, - created_at, - updated_at, - region - from - aws_inspector_assessment_target - where - created_at != updated_at; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n resource_group_arn,\n created_at,\n\ + \ updated_at,\n region\nfrom\n aws_inspector_assessment_target\nwhere\n created_at\ + \ != updated_at;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: List AWS Inspector Assessment Targets Details diff --git a/queries/aws_inspector_assessment_template_1.yaml b/queries/aws_inspector_assessment_template_1.yaml index 3c485c00d..d64efd0b6 100755 --- a/queries/aws_inspector_assessment_template_1.yaml +++ b/queries/aws_inspector_assessment_template_1.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Inspector Assessment Templates to gain insights + into each template''s configuration, including ARN, duration, rules package ARNs, + and user attributes for findings. ID: aws_inspector_assessment_template_1 -Title: "Find AWS Inspector Assessment Templates" -Description: "Allows users to query AWS Inspector Assessment Templates to gain insights into each template''s configuration, including ARN, duration, rules package ARNs, and user attributes for findings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - assessment_run_count, - created_at, - assessment_target_arn, - region - from - aws_inspector_assessment_template; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n assessment_run_count,\n created_at,\n\ + \ assessment_target_arn,\n region\nfrom\n aws_inspector_assessment_template;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Find AWS Inspector Assessment Templates diff --git a/queries/aws_inspector_assessment_template_2.yaml b/queries/aws_inspector_assessment_template_2.yaml index a8e153c31..7b2489d13 100755 --- a/queries/aws_inspector_assessment_template_2.yaml +++ b/queries/aws_inspector_assessment_template_2.yaml @@ -1,32 +1,24 @@ +Description: Allows users to query AWS Inspector Assessment Templates to gain insights + into each template''s configuration, including ARN, duration, rules package ARNs, + and user attributes for findings. ID: aws_inspector_assessment_template_2 -Title: "List AWS Inspector Assessment Template Configurations" -Description: "Allows users to query AWS Inspector Assessment Templates to gain insights into each template''s configuration, including ARN, duration, rules package ARNs, and user attributes for findings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - assessment_run_count, - created_at, - assessment_target_arn, - user_attributes_for_findings, - region - from - aws_inspector_assessment_template - where - user_attributes_for_findings = '[]'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n assessment_run_count,\n created_at,\n\ + \ assessment_target_arn,\n user_attributes_for_findings,\n region\nfrom\n \ + \ aws_inspector_assessment_template\nwhere\n user_attributes_for_findings = '[]';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Inspector +Title: List AWS Inspector Assessment Template Configurations diff --git a/queries/aws_inspector_assessment_template_3.yaml b/queries/aws_inspector_assessment_template_3.yaml index f06e1c059..06dc08f5e 100755 --- a/queries/aws_inspector_assessment_template_3.yaml +++ b/queries/aws_inspector_assessment_template_3.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS Inspector Assessment Templates to gain insights + into each template''s configuration, including ARN, duration, rules package ARNs, + and user attributes for findings. ID: aws_inspector_assessment_template_3 -Title: "Find AWS Inspector Assessment Templates with 0 Runs" -Description: "Allows users to query AWS Inspector Assessment Templates to gain insights into each template''s configuration, including ARN, duration, rules package ARNs, and user attributes for findings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - assessment_run_count, - created_at, - assessment_target_arn, - user_attributes_for_findings, - region - from - aws_inspector_assessment_template - where - assessment_run_count = 0; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n assessment_run_count,\n created_at,\n\ + \ assessment_target_arn,\n user_attributes_for_findings,\n region\nfrom\n \ + \ aws_inspector_assessment_template\nwhere\n assessment_run_count = 0;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Find AWS Inspector Assessment Templates with 0 Runs diff --git a/queries/aws_inspector_assessment_template_4.yaml b/queries/aws_inspector_assessment_template_4.yaml index 080b64838..9b5327871 100755 --- a/queries/aws_inspector_assessment_template_4.yaml +++ b/queries/aws_inspector_assessment_template_4.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS Inspector Assessment Templates to gain insights + into each template''s configuration, including ARN, duration, rules package ARNs, + and user attributes for findings. ID: aws_inspector_assessment_template_4 -Title: "List AWS Inspector Assessment Template Details" -Description: "Allows users to query AWS Inspector Assessment Templates to gain insights into each template''s configuration, including ARN, duration, rules package ARNs, and user attributes for findings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - assessment_run_count, - created_at, - assessment_target_arn, - duration_in_seconds, - region - from - aws_inspector_assessment_template - where - duration_in_seconds < 3600; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n assessment_run_count,\n created_at,\n\ + \ assessment_target_arn,\n duration_in_seconds,\n region\nfrom\n aws_inspector_assessment_template\n\ + where\n duration_in_seconds < 3600;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: List AWS Inspector Assessment Template Details diff --git a/queries/aws_inspector_assessment_template_5.yaml b/queries/aws_inspector_assessment_template_5.yaml index 5a3c791a9..486946d0a 100755 --- a/queries/aws_inspector_assessment_template_5.yaml +++ b/queries/aws_inspector_assessment_template_5.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS Inspector Assessment Templates to gain insights + into each template''s configuration, including ARN, duration, rules package ARNs, + and user attributes for findings. ID: aws_inspector_assessment_template_5 -Title: "Find all AWS Inspector Assessment Templates with No Runs" -Description: "Allows users to query AWS Inspector Assessment Templates to gain insights into each template''s configuration, including ARN, duration, rules package ARNs, and user attributes for findings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - assessment_run_count, - created_at, - assessment_target_arn, - user_attributes_for_findings, - region - from - aws_inspector_assessment_template - where - assessment_run_count = 0; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n assessment_run_count,\n created_at,\n\ + \ assessment_target_arn,\n user_attributes_for_findings,\n region\nfrom\n \ + \ aws_inspector_assessment_template\nwhere\n assessment_run_count = 0;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Find all AWS Inspector Assessment Templates with No Runs diff --git a/queries/aws_inspector_assessment_template_6.yaml b/queries/aws_inspector_assessment_template_6.yaml index 0d9e8bdd1..410dd8cf0 100755 --- a/queries/aws_inspector_assessment_template_6.yaml +++ b/queries/aws_inspector_assessment_template_6.yaml @@ -1,32 +1,24 @@ +Description: Allows users to query AWS Inspector Assessment Templates to gain insights + into each template''s configuration, including ARN, duration, rules package ARNs, + and user attributes for findings. ID: aws_inspector_assessment_template_6 -Title: "Find AWS Inspector Assessment Templates by Duration" -Description: "Allows users to query AWS Inspector Assessment Templates to gain insights into each template''s configuration, including ARN, duration, rules package ARNs, and user attributes for findings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - assessment_run_count, - created_at, - assessment_target_arn, - duration_in_seconds, - region - from - aws_inspector_assessment_template - where - duration_in_seconds < 3600; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n assessment_run_count,\n created_at,\n\ + \ assessment_target_arn,\n duration_in_seconds,\n region\nfrom\n aws_inspector_assessment_template\n\ + where\n duration_in_seconds < 3600;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Find AWS Inspector Assessment Templates by Duration diff --git a/queries/aws_inspector_exclusion_1.yaml b/queries/aws_inspector_exclusion_1.yaml index 1e6d298bc..c99cbddc1 100755 --- a/queries/aws_inspector_exclusion_1.yaml +++ b/queries/aws_inspector_exclusion_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Inspector Exclusions and retrieve data about + AWS Inspector Exclusions, including their ARNs, descriptions, and recommendations. ID: aws_inspector_exclusion_1 -Title: "List all AWS Inspector Exclusions with Descriptions" -Description: "Allows users to query AWS Inspector Exclusions and retrieve data about AWS Inspector Exclusions, including their ARNs, descriptions, and recommendations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - attributes, - description, - title, - region - from - aws_inspector_exclusion; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n attributes,\n description,\n title,\n region\n\ + from\n aws_inspector_exclusion;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: List all AWS Inspector Exclusions with Descriptions diff --git a/queries/aws_inspector_exclusion_2.yaml b/queries/aws_inspector_exclusion_2.yaml index 4f2cd83ff..c979562d2 100755 --- a/queries/aws_inspector_exclusion_2.yaml +++ b/queries/aws_inspector_exclusion_2.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS Inspector Exclusions and retrieve data about + AWS Inspector Exclusions, including their ARNs, descriptions, and recommendations. ID: aws_inspector_exclusion_2 -Title: "Find AWS Inspector Exclusions including ARNs and Descriptions" -Description: "Allows users to query AWS Inspector Exclusions and retrieve data about AWS Inspector Exclusions, including their ARNs, descriptions, and recommendations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - attributes, - description, - title, - region - from - aws_inspector_exclusion - where - assessment_run_arn = 'arn:aws:inspector:us-east-1:012345678912:target/0-ywdTAdRg/template/0-rY1J4B4f/run/0-LRRwpQFz'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n attributes,\n description,\n title,\n region\n\ + from\n aws_inspector_exclusion\nwhere\n assessment_run_arn = 'arn:aws:inspector:us-east-1:012345678912:target/0-ywdTAdRg/template/0-rY1J4B4f/run/0-LRRwpQFz';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Find AWS Inspector Exclusions including ARNs and Descriptions diff --git a/queries/aws_inspector_exclusion_3.yaml b/queries/aws_inspector_exclusion_3.yaml index 6491c7390..7ff416593 100755 --- a/queries/aws_inspector_exclusion_3.yaml +++ b/queries/aws_inspector_exclusion_3.yaml @@ -1,24 +1,20 @@ +Description: Allows users to query AWS Inspector Exclusions and retrieve data about + AWS Inspector Exclusions, including their ARNs, descriptions, and recommendations. ID: aws_inspector_exclusion_3 -Title: "List AWS Inspector Exclusions with Details" -Description: "Allows users to query AWS Inspector Exclusions and retrieve data about AWS Inspector Exclusions, including their ARNs, descriptions, and recommendations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - jsonb_pretty(attributes) as attributes, - jsonb_pretty(scopes) as scopes - from - aws_inspector_exclusion; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n jsonb_pretty(attributes) as attributes,\n jsonb_pretty(scopes)\ + \ as scopes\nfrom\n aws_inspector_exclusion;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Inspector +Title: List AWS Inspector Exclusions with Details diff --git a/queries/aws_inspector_exclusion_4.yaml b/queries/aws_inspector_exclusion_4.yaml index 567f421ca..3e3f5959f 100755 --- a/queries/aws_inspector_exclusion_4.yaml +++ b/queries/aws_inspector_exclusion_4.yaml @@ -1,31 +1,20 @@ +Description: Allows users to query AWS Inspector Exclusions and retrieve data about + AWS Inspector Exclusions, including their ARNs, descriptions, and recommendations. ID: aws_inspector_exclusion_4 -Title: "List all AWS Inspector Exclusions with Details" -Description: "Allows users to query AWS Inspector Exclusions and retrieve data about AWS Inspector Exclusions, including their ARNs, descriptions, and recommendations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - region, - title, - count(arn) - from - aws_inspector_exclusion - group by - arn, - region, - title - order by - count desc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n region,\n title,\n count(arn)\nfrom\n aws_inspector_exclusion\n\ + group by\n arn,\n region,\n title\norder by\n count desc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Inspector +Title: List all AWS Inspector Exclusions with Details diff --git a/queries/aws_inspector_exclusion_5.yaml b/queries/aws_inspector_exclusion_5.yaml index 59b011600..3ec2a934a 100755 --- a/queries/aws_inspector_exclusion_5.yaml +++ b/queries/aws_inspector_exclusion_5.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query AWS Inspector Exclusions and retrieve data about + AWS Inspector Exclusions, including their ARNs, descriptions, and recommendations. ID: aws_inspector_exclusion_5 -Title: "List AWS Inspector Exclusions with ARNs and Recommendations" -Description: "Allows users to query AWS Inspector Exclusions and retrieve data about AWS Inspector Exclusions, including their ARNs, descriptions, and recommendations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - e.arn, - e.title, - jsonb_pretty(e.attributes) as attributes, - e.recommendation - from - aws_inspector_exclusion e, - aws_inspector_assessment_run r, - aws_inspector_assessment_template t - where - e.assessment_run_arn = r.arn - and - r.assessment_template_arn = t.arn; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n e.arn, \n e.title, \n jsonb_pretty(e.attributes) as\ + \ attributes, \n e.recommendation \nfrom \n aws_inspector_exclusion e, \n aws_inspector_assessment_run\ + \ r, \n aws_inspector_assessment_template t \nwhere \n e.assessment_run_arn\ + \ = r.arn \nand \n r.assessment_template_arn = t.arn;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: List AWS Inspector Exclusions with ARNs and Recommendations diff --git a/queries/aws_inspector_finding_1.yaml b/queries/aws_inspector_finding_1.yaml index 04fc26559..d70fc952e 100755 --- a/queries/aws_inspector_finding_1.yaml +++ b/queries/aws_inspector_finding_1.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Inspector Findings to obtain detailed information + about the Amazon Inspector findings that are generated during the assessment of + the target applications. ID: aws_inspector_finding_1 -Title: "Find all AWS Inspector Findings details" -Description: "Allows users to query AWS Inspector Findings to obtain detailed information about the Amazon Inspector findings that are generated during the assessment of the target applications." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - arn, - agent_id as instance_id, - asset_type, - confidence, - severity - from - aws_inspector_finding; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n arn,\n agent_id as instance_id,\n asset_type,\n\ + \ confidence,\n severity\nfrom\n aws_inspector_finding;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Inspector +Title: Find all AWS Inspector Findings details diff --git a/queries/aws_inspector_finding_10.yaml b/queries/aws_inspector_finding_10.yaml index 4d0221d40..12a6468cb 100755 --- a/queries/aws_inspector_finding_10.yaml +++ b/queries/aws_inspector_finding_10.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS Inspector Findings to obtain detailed information + about the Amazon Inspector findings that are generated during the assessment of + the target applications. ID: aws_inspector_finding_10 -Title: "List all AWS Inspector Findings with Details" -Description: "Allows users to query AWS Inspector Findings to obtain detailed information about the Amazon Inspector findings that are generated during the assessment of the target applications." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - arn, - agent_id as instance_id, - asset_type, - confidence, - severity - from - aws_inspector_finding - order by - confidence; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n arn,\n agent_id as instance_id,\n asset_type,\n\ + \ confidence,\n severity\nfrom\n aws_inspector_finding\norder by\n confidence;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Inspector +Title: List all AWS Inspector Findings with Details diff --git a/queries/aws_inspector_finding_2.yaml b/queries/aws_inspector_finding_2.yaml index db4c1eda2..45208b0c3 100755 --- a/queries/aws_inspector_finding_2.yaml +++ b/queries/aws_inspector_finding_2.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS Inspector Findings to obtain detailed information + about the Amazon Inspector findings that are generated during the assessment of + the target applications. ID: aws_inspector_finding_2 -Title: "List High Severity Findings from AWS Inspector" -Description: "Allows users to query AWS Inspector Findings to obtain detailed information about the Amazon Inspector findings that are generated during the assessment of the target applications." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - arn, - agent_id as instance_id, - asset_type, - confidence, - severity - from - aws_inspector_finding - where - severity = 'High'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n arn,\n agent_id as instance_id,\n asset_type,\n\ + \ confidence,\n severity\nfrom\n aws_inspector_finding\nwhere\n severity =\ + \ 'High';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Inspector +Title: List High Severity Findings from AWS Inspector diff --git a/queries/aws_inspector_finding_3.yaml b/queries/aws_inspector_finding_3.yaml index 174ab1f78..21a957ded 100755 --- a/queries/aws_inspector_finding_3.yaml +++ b/queries/aws_inspector_finding_3.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS Inspector Findings to obtain detailed information + about the Amazon Inspector findings that are generated during the assessment of + the target applications. ID: aws_inspector_finding_3 -Title: "Find AWS Inspector Findings by Severity" -Description: "Allows users to query AWS Inspector Findings to obtain detailed information about the Amazon Inspector findings that are generated during the assessment of the target applications." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - severity, - count(severity) - from - aws_inspector_finding - group by - severity - order by - severity; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n severity,\n count(severity)\nfrom\n aws_inspector_finding\n\ + group by\n severity\norder by\n severity;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Inspector +Title: Find AWS Inspector Findings by Severity diff --git a/queries/aws_inspector_finding_4.yaml b/queries/aws_inspector_finding_4.yaml index af1d57448..e352bb67f 100755 --- a/queries/aws_inspector_finding_4.yaml +++ b/queries/aws_inspector_finding_4.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS Inspector Findings to obtain detailed information + about the Amazon Inspector findings that are generated during the assessment of + the target applications. ID: aws_inspector_finding_4 -Title: "List AWS Inspector Findings from the Past 10 Days" -Description: "Allows users to query AWS Inspector Findings to obtain detailed information about the Amazon Inspector findings that are generated during the assessment of the target applications." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - id, - confidence, - severity - from - aws_inspector_finding - where - created_at >= now() - interval '10' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n id,\n confidence,\n severity\nfrom\n aws_inspector_finding\n\ + where\n created_at >= now() - interval '10' day;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Inspector +Title: List AWS Inspector Findings from the Past 10 Days diff --git a/queries/aws_inspector_finding_5.yaml b/queries/aws_inspector_finding_5.yaml index 13f874c38..aac4ae574 100755 --- a/queries/aws_inspector_finding_5.yaml +++ b/queries/aws_inspector_finding_5.yaml @@ -1,26 +1,23 @@ +Description: Allows users to query AWS Inspector Findings to obtain detailed information + about the Amazon Inspector findings that are generated during the assessment of + the target applications. ID: aws_inspector_finding_5 -Title: "List all AWS Inspector Findings with Detailed Information" -Description: "Allows users to query AWS Inspector Findings to obtain detailed information about the Amazon Inspector findings that are generated during the assessment of the target applications." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - id, - jsonb_pretty(attributes) as attributes - from - aws_inspector_finding; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n id, \n jsonb_pretty(attributes) as attributes\n\ + from\n aws_inspector_finding;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Inspector +Title: List all AWS Inspector Findings with Detailed Information diff --git a/queries/aws_inspector_finding_6.yaml b/queries/aws_inspector_finding_6.yaml index b2c790323..30aeae3fd 100755 --- a/queries/aws_inspector_finding_6.yaml +++ b/queries/aws_inspector_finding_6.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS Inspector Findings to obtain detailed information + about the Amazon Inspector findings that are generated during the assessment of + the target applications. ID: aws_inspector_finding_6 -Title: "Find AWS Inspector Findings with Detailed Information" -Description: "Allows users to query AWS Inspector Findings to obtain detailed information about the Amazon Inspector findings that are generated during the assessment of the target applications." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - title, - asset_attributes ->> 'AgentId' as agent_id, - asset_attributes ->> 'AmiId' as ami_id, - asset_attributes ->> 'Hostname' as hostname, - asset_attributes ->> 'Tags' as tags - from - aws_inspector_finding; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n title,\n asset_attributes ->> 'AgentId' as agent_id,\n\ + \ asset_attributes ->> 'AmiId' as ami_id,\n asset_attributes ->> 'Hostname'\ + \ as hostname,\n asset_attributes ->> 'Tags' as tags\nfrom\n aws_inspector_finding;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Inspector +Title: Find AWS Inspector Findings with Detailed Information diff --git a/queries/aws_inspector_finding_7.yaml b/queries/aws_inspector_finding_7.yaml index bfdd7b590..a19f6e807 100755 --- a/queries/aws_inspector_finding_7.yaml +++ b/queries/aws_inspector_finding_7.yaml @@ -1,37 +1,27 @@ +Description: Allows users to query AWS Inspector Findings to obtain detailed information + about the Amazon Inspector findings that are generated during the assessment of + the target applications. ID: aws_inspector_finding_7 -Title: "List all High Severity AWS Inspector Findings" -Description: "Allows users to query AWS Inspector Findings to obtain detailed information about the Amazon Inspector findings that are generated during the assessment of the target applications." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - distinct i.instance_id, - i.instance_state, - i.instance_type, - f.title, - f.service, - f.severity, - f.confidence - from - aws_ec2_instance as i, - aws_inspector_finding as f - where - severity = 'High' - and - i.instance_id = f.agent_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n distinct i.instance_id,\n i.instance_state,\n i.instance_type,\n\ + \ f.title,\n f.service,\n f.severity,\n f.confidence\nfrom\n aws_ec2_instance\ + \ as i,\n aws_inspector_finding as f\nwhere\n severity = 'High'\nand\n i.instance_id\ + \ = f.agent_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Inspector +Title: List all High Severity AWS Inspector Findings diff --git a/queries/aws_inspector_finding_8.yaml b/queries/aws_inspector_finding_8.yaml index ff74254ff..f0f76ee24 100755 --- a/queries/aws_inspector_finding_8.yaml +++ b/queries/aws_inspector_finding_8.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query AWS Inspector Findings to obtain detailed information + about the Amazon Inspector findings that are generated during the assessment of + the target applications. ID: aws_inspector_finding_8 -Title: "Find all Detailed Information on AWS Inspector Findings" -Description: "Allows users to query AWS Inspector Findings to obtain detailed information about the Amazon Inspector findings that are generated during the assessment of the target applications." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - title, - service_attributes ->> 'AssessmentRunArn' as assessment_run_arn, - service_attributes ->> 'RulesPackageArn' as rules_package_arn, - service_attributes ->> 'SchemaVersion' as schema_version, - from - aws_inspector_finding; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n title,\n service_attributes ->> 'AssessmentRunArn'\ + \ as assessment_run_arn,\n service_attributes ->> 'RulesPackageArn' as rules_package_arn,\n\ + \ service_attributes ->> 'SchemaVersion' as schema_version,\nfrom\n aws_inspector_finding;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Inspector +Title: Find all Detailed Information on AWS Inspector Findings diff --git a/queries/aws_inspector_finding_9.yaml b/queries/aws_inspector_finding_9.yaml index ee41deff2..e7bd06146 100755 --- a/queries/aws_inspector_finding_9.yaml +++ b/queries/aws_inspector_finding_9.yaml @@ -1,31 +1,25 @@ +Description: Allows users to query AWS Inspector Findings to obtain detailed information + about the Amazon Inspector findings that are generated during the assessment of + the target applications. ID: aws_inspector_finding_9 -Title: "Find AWS Inspector Findings with Detailed Information" -Description: "Allows users to query AWS Inspector Findings to obtain detailed information about the Amazon Inspector findings that are generated during the assessment of the target applications." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - f.id, - r.title, - f.service_attributes ->> 'AssessmentRunArn' as assessment_run_arn, - r.assessment_template_arn, - r.finding_counts - from - aws_inspector_finding as f, - aws_inspector_assessment_run as r - where - f.service_attributes ->> 'AssessmentRunArn' = r.arn; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n f.id,\n r.title,\n f.service_attributes ->> 'AssessmentRunArn'\ + \ as assessment_run_arn,\n r.assessment_template_arn,\n r.finding_counts\nfrom\n\ + \ aws_inspector_finding as f,\n aws_inspector_assessment_run as r\nwhere\n \ + \ f.service_attributes ->> 'AssessmentRunArn' = r.arn;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Inspector +Title: Find AWS Inspector Findings with Detailed Information diff --git a/queries/aws_iot_fleet_metric_1.yaml b/queries/aws_iot_fleet_metric_1.yaml index 13f2d3279..6534de881 100755 --- a/queries/aws_iot_fleet_metric_1.yaml +++ b/queries/aws_iot_fleet_metric_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS IoT Fleet Metrics to gain insights into each + fleet metric''s configuration, including ARN, creation date, and aggregation information. ID: aws_iot_fleet_metric_1 -Title: "List all AWS IoT Fleet Metrics with details" -Description: "Allows users to query AWS IoT Fleet Metrics to gain insights into each fleet metric''s configuration, including ARN, creation date, and aggregation information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - metric_name, - arn, - index_name, - creation_date, - last_modified_date - from - aws_iot_fleet_metric; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n metric_name,\n arn,\n index_name,\n creation_date,\n\ + \ last_modified_date\nfrom\n aws_iot_fleet_metric;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IoT Fleet Metrics +Title: List all AWS IoT Fleet Metrics with details diff --git a/queries/aws_iot_fleet_metric_2.yaml b/queries/aws_iot_fleet_metric_2.yaml index e1b3c5e84..1bb8004e2 100755 --- a/queries/aws_iot_fleet_metric_2.yaml +++ b/queries/aws_iot_fleet_metric_2.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS IoT Fleet Metrics to gain insights into each + fleet metric''s configuration, including ARN, creation date, and aggregation information. ID: aws_iot_fleet_metric_2 -Title: "List all AWS IoT Fleet Metrics Configuration and Aggregation" -Description: "Allows users to query AWS IoT Fleet Metrics to gain insights into each fleet metric''s configuration, including ARN, creation date, and aggregation information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - metric_name, - aggregation_field, - creation_date, - aggregation_type_name, - query_string - from - aws_iot_fleet_metric - group by - aggregation_type_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n metric_name,\n aggregation_field,\n creation_date,\n\ + \ aggregation_type_name,\n query_string\nfrom\n aws_iot_fleet_metric\ngroup\ + \ by\n aggregation_type_name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IoT Fleet Metrics +Title: List all AWS IoT Fleet Metrics Configuration and Aggregation diff --git a/queries/aws_iot_fleet_metric_3.yaml b/queries/aws_iot_fleet_metric_3.yaml index f453002a7..1c68dd12f 100755 --- a/queries/aws_iot_fleet_metric_3.yaml +++ b/queries/aws_iot_fleet_metric_3.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS IoT Fleet Metrics to gain insights into each + fleet metric''s configuration, including ARN, creation date, and aggregation information. ID: aws_iot_fleet_metric_3 -Title: "List all AWS IoT Fleet Metrics with Details from Last 30 Days" -Description: "Allows users to query AWS IoT Fleet Metrics to gain insights into each fleet metric''s configuration, including ARN, creation date, and aggregation information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - metric_name, - index_name, - creation_date, - last_modified_date, - query_version, - version - from - aws_iot_fleet_metric - where - last_modified_date >= now() - interval '30 days'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n metric_name,\n index_name,\n creation_date,\n last_modified_date,\n\ + \ query_version,\n version\nfrom\n aws_iot_fleet_metric\nwhere\n last_modified_date\ + \ >= now() - interval '30 days';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS IoT Fleet Metrics +Title: List all AWS IoT Fleet Metrics with Details from Last 30 Days diff --git a/queries/aws_iot_thing_1.yaml b/queries/aws_iot_thing_1.yaml index b23b8d37d..676f5e1e1 100755 --- a/queries/aws_iot_thing_1.yaml +++ b/queries/aws_iot_thing_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Internet of Things to retrieve detailed information + about the the virtual model of a physical device with in an AWS account. ID: aws_iot_thing_1 -Title: "List all IoT Things with Details from AWS Account" -Description: "Allows users to query AWS Internet of Things to retrieve detailed information about the the virtual model of a physical device with in an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - thing_name, - thing_id, - arn, - thing_type_name, - version - from - aws_iot_thing; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n thing_name,\n thing_id,\n arn,\n thing_type_name,\n\ + \ version\nfrom\n aws_iot_thing;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Internet of Things +Title: List all IoT Things with Details from AWS Account diff --git a/queries/aws_iot_thing_2.yaml b/queries/aws_iot_thing_2.yaml index 6d4d7f98d..10e2b5c05 100755 --- a/queries/aws_iot_thing_2.yaml +++ b/queries/aws_iot_thing_2.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query AWS Internet of Things to retrieve detailed information + about the the virtual model of a physical device with in an AWS account. ID: aws_iot_thing_2 -Title: "Find AWS IoT details for virtual device models" -Description: "Allows users to query AWS Internet of Things to retrieve detailed information about the the virtual model of a physical device with in an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - thing_name, - thing_id, - arn, - thing_type_name, - version - from - aws_iot_thing - where - attribute_name = 'foo'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n thing_name,\n thing_id,\n arn,\n thing_type_name,\n\ + \ version\nfrom\n aws_iot_thing\nwhere\n attribute_name = 'foo';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS IoT +Title: Find AWS IoT details for virtual device models diff --git a/queries/aws_iot_thing_3.yaml b/queries/aws_iot_thing_3.yaml index 3a7bed942..b25e6e7ad 100755 --- a/queries/aws_iot_thing_3.yaml +++ b/queries/aws_iot_thing_3.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query AWS Internet of Things to retrieve detailed information + about the the virtual model of a physical device with in an AWS account. ID: aws_iot_thing_3 -Title: "List all AWS IoT things and attribute value details" -Description: "Allows users to query AWS Internet of Things to retrieve detailed information about the the virtual model of a physical device with in an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - thing_name, - arn, - thing_id, - thing_type_name, - attribute_value - from - aws_iot_thing - where - thing_type_name = 'foo'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n thing_name,\n arn,\n thing_id,\n thing_type_name,\n\ + \ attribute_value\nfrom\n aws_iot_thing\nwhere\n thing_type_name = 'foo';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Internet of Things +Title: List all AWS IoT things and attribute value details diff --git a/queries/aws_iot_thing_group_1.yaml b/queries/aws_iot_thing_group_1.yaml index 8901cb7a8..6e6404b2b 100755 --- a/queries/aws_iot_thing_group_1.yaml +++ b/queries/aws_iot_thing_group_1.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS IoT Thing Group to gain insights into each + group''s configuration, including ARN, creation date, version of the group, and + parent of the groups. ID: aws_iot_thing_group_1 -Title: "List insights into AWS IoT Thing Group configuration" -Description: "Allows users to query AWS IoT Thing Group to gain insights into each group''s configuration, including ARN, creation date, version of the group, and parent of the groups." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - group_name, - thing_group_id, - thing_group_description, - arn, - creation_date, - parent_group_name - from - aws_iot_thing_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n group_name,\n thing_group_id,\n thing_group_description,\n\ + \ arn,\n creation_date,\n parent_group_name\nfrom\n aws_iot_thing_group;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IoT +Title: List insights into AWS IoT Thing Group configuration diff --git a/queries/aws_iot_thing_group_2.yaml b/queries/aws_iot_thing_group_2.yaml index 8c40f7199..a05d79c44 100755 --- a/queries/aws_iot_thing_group_2.yaml +++ b/queries/aws_iot_thing_group_2.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS IoT Thing Group to gain insights into each + group''s configuration, including ARN, creation date, version of the group, and + parent of the groups. ID: aws_iot_thing_group_2 -Title: "List all AWS IoT Thing Group Configurations" -Description: "Allows users to query AWS IoT Thing Group to gain insights into each group''s configuration, including ARN, creation date, version of the group, and parent of the groups." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - group_name, - thing_group_id, - creation_date, - parent_group_name, - version - from - aws_iot_thing_group - where - parent_group_name = 'foo'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n group_name,\n thing_group_id,\n creation_date,\n parent_group_name,\n\ + \ version\nfrom\n aws_iot_thing_group\nwhere\n parent_group_name = 'foo';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS IoT +Title: List all AWS IoT Thing Group Configurations diff --git a/queries/aws_iot_thing_group_3.yaml b/queries/aws_iot_thing_group_3.yaml index 728f5637e..8e62c089c 100755 --- a/queries/aws_iot_thing_group_3.yaml +++ b/queries/aws_iot_thing_group_3.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS IoT Thing Group to gain insights into each + group''s configuration, including ARN, creation date, version of the group, and + parent of the groups. ID: aws_iot_thing_group_3 -Title: "List all AWS IoT Thing Group Configurations" -Description: "Allows users to query AWS IoT Thing Group to gain insights into each group''s configuration, including ARN, creation date, version of the group, and parent of the groups." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - group_name, - thing_group_id, - parent_group_name, - creation_date, - status - from - aws_iot_thing_group - where - creation_date >= now() - interval '30 days'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n group_name,\n thing_group_id,\n parent_group_name,\n\ + \ creation_date,\n status\nfrom\n aws_iot_thing_group\nwhere\n creation_date\ + \ >= now() - interval '30 days';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IoT +Title: List all AWS IoT Thing Group Configurations diff --git a/queries/aws_iot_thing_group_4.yaml b/queries/aws_iot_thing_group_4.yaml index a2aa1f83b..d2bfc9605 100755 --- a/queries/aws_iot_thing_group_4.yaml +++ b/queries/aws_iot_thing_group_4.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS IoT Thing Group to gain insights into each + group''s configuration, including ARN, creation date, version of the group, and + parent of the groups. ID: aws_iot_thing_group_4 -Title: "Find AWS IoT Thing Group Configurations and Details" -Description: "Allows users to query AWS IoT Thing Group to gain insights into each group''s configuration, including ARN, creation date, version of the group, and parent of the groups." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - group_name, - thing_group_id, - query_string, - query_version, - status - from - aws_iot_thing_group - where - status = 'ACTIVE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n group_name,\n thing_group_id,\n query_string,\n query_version,\n\ + \ status\nfrom\n aws_iot_thing_group\nwhere\n status = 'ACTIVE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS IoT Thing Group +Title: Find AWS IoT Thing Group Configurations and Details diff --git a/queries/aws_iot_thing_type_1.yaml b/queries/aws_iot_thing_type_1.yaml index a5c5d904e..043bdefbb 100755 --- a/queries/aws_iot_thing_type_1.yaml +++ b/queries/aws_iot_thing_type_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS IoT Thing Type to gain insights into each thing + type''s configuration, including ARN, name, creation date, and deprecation status. ID: aws_iot_thing_type_1 -Title: "Find all AWS IoT Thing Types and Configurations" -Description: "Allows users to query AWS IoT Thing Type to gain insights into each thing type''s configuration, including ARN, name, creation date, and deprecation status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - thing_type_name, - arn, - thing_type_id, - thing_type_description, - creation_date - from - aws_iot_thing_type; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n thing_type_name,\n arn,\n thing_type_id,\n thing_type_description,\n\ + \ creation_date\nfrom\n aws_iot_thing_type;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IoT +Title: Find all AWS IoT Thing Types and Configurations diff --git a/queries/aws_iot_thing_type_2.yaml b/queries/aws_iot_thing_type_2.yaml index ea41a2132..5b693e9f6 100755 --- a/queries/aws_iot_thing_type_2.yaml +++ b/queries/aws_iot_thing_type_2.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query AWS IoT Thing Type to gain insights into each thing + type''s configuration, including ARN, name, creation date, and deprecation status. ID: aws_iot_thing_type_2 -Title: "List AWS IoT Thing Types and Their Configurations" -Description: "Allows users to query AWS IoT Thing Type to gain insights into each thing type''s configuration, including ARN, name, creation date, and deprecation status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - thing_type_name, - arn, - thing_type_id, - thing_type_description, - creation_date, - deprecated - from - aws_iot_thing_type - where - deprecated; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n thing_type_name,\n arn,\n thing_type_id,\n thing_type_description,\n\ + \ creation_date,\n deprecated\nfrom\n aws_iot_thing_type\nwhere\n deprecated;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS IoT Thing Type +Title: List AWS IoT Thing Types and Their Configurations diff --git a/queries/aws_iot_thing_type_3.yaml b/queries/aws_iot_thing_type_3.yaml index edcec46eb..0b9e9bd97 100755 --- a/queries/aws_iot_thing_type_3.yaml +++ b/queries/aws_iot_thing_type_3.yaml @@ -1,30 +1,21 @@ +Description: Allows users to query AWS IoT Thing Type to gain insights into each thing + type''s configuration, including ARN, name, creation date, and deprecation status. ID: aws_iot_thing_type_3 -Title: "List all AWS IoT Thing Types with Configuration Details" -Description: "Allows users to query AWS IoT Thing Type to gain insights into each thing type''s configuration, including ARN, name, creation date, and deprecation status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - thing_type_name, - arn, - thing_type_id, - thing_type_description, - creation_date, - deprecated, - searchable_attributes - from - aws_iot_thing_type - where - creation_date >= now() - interval '30 days'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n thing_type_name,\n arn,\n thing_type_id,\n thing_type_description,\n\ + \ creation_date,\n deprecated,\n searchable_attributes\nfrom\n aws_iot_thing_type\n\ + where\n creation_date >= now() - interval '30 days';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IoT +Title: List all AWS IoT Thing Types with Configuration Details diff --git a/queries/aws_iot_thing_type_4.yaml b/queries/aws_iot_thing_type_4.yaml index 6a5134766..4261374e1 100755 --- a/queries/aws_iot_thing_type_4.yaml +++ b/queries/aws_iot_thing_type_4.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS IoT Thing Type to gain insights into each thing + type''s configuration, including ARN, name, creation date, and deprecation status. ID: aws_iot_thing_type_4 -Title: "Find All AWS IoT Thing Types with Configuration Insights" -Description: "Allows users to query AWS IoT Thing Type to gain insights into each thing type''s configuration, including ARN, name, creation date, and deprecation status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - thing_type_name, - arn, - thing_type_id, - creation_date, - tags, - deprecation_date - from - aws_iot_thing_type - where - deprecation_date <= now() - interval '30 days'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n thing_type_name,\n arn,\n thing_type_id,\n creation_date,\n\ + \ tags,\n deprecation_date\nfrom\n aws_iot_thing_type\nwhere\n deprecation_date\ + \ <= now() - interval '30 days';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - IoT +Title: Find All AWS IoT Thing Types with Configuration Insights diff --git a/queries/aws_kinesis_consumer_1.yaml b/queries/aws_kinesis_consumer_1.yaml index e38702695..336263b24 100755 --- a/queries/aws_kinesis_consumer_1.yaml +++ b/queries/aws_kinesis_consumer_1.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS Kinesis Consumers. This table provides information + about Kinesis Consumers within AWS Kinesis Data Streams. It enables users to gather + insights on consumers such as consumer ARN, creation timestamp, stream ARN and more. ID: aws_kinesis_consumer_1 -Title: "List All AWS Kinesis Consumers and Their Details" -Description: "Allows users to query AWS Kinesis Consumers. This table provides information about Kinesis Consumers within AWS Kinesis Data Streams. It enables users to gather insights on consumers such as consumer ARN, creation timestamp, stream ARN and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - consumer_name, - consumer_arn, - consumer_status, - stream_arn - from - aws_kinesis_consumer; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n consumer_name,\n consumer_arn,\n consumer_status,\n\ + \ stream_arn\nfrom\n aws_kinesis_consumer;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Kinesis Data Streams +Title: List All AWS Kinesis Consumers and Their Details diff --git a/queries/aws_kinesis_consumer_2.yaml b/queries/aws_kinesis_consumer_2.yaml index 5019345c5..53b50458c 100755 --- a/queries/aws_kinesis_consumer_2.yaml +++ b/queries/aws_kinesis_consumer_2.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS Kinesis Consumers. This table provides information + about Kinesis Consumers within AWS Kinesis Data Streams. It enables users to gather + insights on consumers such as consumer ARN, creation timestamp, stream ARN and more. ID: aws_kinesis_consumer_2 -Title: "List all AWS Kinesis Consumers and their Status" -Description: "Allows users to query AWS Kinesis Consumers. This table provides information about Kinesis Consumers within AWS Kinesis Data Streams. It enables users to gather insights on consumers such as consumer ARN, creation timestamp, stream ARN and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - consumer_name, - consumer_status, - consumer_arn - from - aws_kinesis_consumer - where - consumer_status != 'ACTIVE' - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n consumer_name,\n consumer_status,\n consumer_arn\n\ + from\n aws_kinesis_consumer\nwhere\n consumer_status != 'ACTIVE'" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Kinesis Data Streams +Title: List all AWS Kinesis Consumers and their Status diff --git a/queries/aws_kinesis_firehose_delivery_stream_1.yaml b/queries/aws_kinesis_firehose_delivery_stream_1.yaml index c4e9afadf..cf08aaed7 100755 --- a/queries/aws_kinesis_firehose_delivery_stream_1.yaml +++ b/queries/aws_kinesis_firehose_delivery_stream_1.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Kinesis Firehose Delivery Stream data, providing + detailed information about each delivery stream in the AWS account. ID: aws_kinesis_firehose_delivery_stream_1 -Title: "List all AWS Kinesis Firehose Delivery Stream Details" -Description: "Allows users to query AWS Kinesis Firehose Delivery Stream data, providing detailed information about each delivery stream in the AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - delivery_stream_name, - arn, - create_timestamp, - delivery_stream_type - from - aws_kinesis_firehose_delivery_stream; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n delivery_stream_name,\n arn,\n create_timestamp,\n\ + \ delivery_stream_type\nfrom\n aws_kinesis_firehose_delivery_stream;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Kinesis Firehose +Title: List all AWS Kinesis Firehose Delivery Stream Details diff --git a/queries/aws_kinesis_firehose_delivery_stream_2.yaml b/queries/aws_kinesis_firehose_delivery_stream_2.yaml index b480c4886..6304a485f 100755 --- a/queries/aws_kinesis_firehose_delivery_stream_2.yaml +++ b/queries/aws_kinesis_firehose_delivery_stream_2.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS Kinesis Firehose Delivery Stream data, providing + detailed information about each delivery stream in the AWS account. ID: aws_kinesis_firehose_delivery_stream_2 -Title: "List Delivery Streams for AWS Kinesis Firehose" -Description: "Allows users to query AWS Kinesis Firehose Delivery Stream data, providing detailed information about each delivery stream in the AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - delivery_stream_name, - arn, - delivery_stream_status, - create_timestamp, - delivery_stream_type - from - aws_kinesis_firehose_delivery_stream - where - delivery_stream_status != 'ACTIVE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n delivery_stream_name,\n arn,\n delivery_stream_status,\n\ + \ create_timestamp,\n delivery_stream_type\nfrom\n aws_kinesis_firehose_delivery_stream\n\ + where\n delivery_stream_status != 'ACTIVE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Kinesis Firehose +Title: List Delivery Streams for AWS Kinesis Firehose diff --git a/queries/aws_kinesis_firehose_delivery_stream_3.yaml b/queries/aws_kinesis_firehose_delivery_stream_3.yaml index 44e49be91..13e90f9c7 100755 --- a/queries/aws_kinesis_firehose_delivery_stream_3.yaml +++ b/queries/aws_kinesis_firehose_delivery_stream_3.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS Kinesis Firehose Delivery Stream data, providing + detailed information about each delivery stream in the AWS account. ID: aws_kinesis_firehose_delivery_stream_3 -Title: "List all AWS Kinesis Firehose Delivery Stream details" -Description: "Allows users to query AWS Kinesis Firehose Delivery Stream data, providing detailed information about each delivery stream in the AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - delivery_stream_name, - arn, - delivery_stream_status, - create_timestamp, - delivery_stream_type, - delivery_stream_encryption_configuration ->> 'Status' as encryption_status - from - aws_kinesis_firehose_delivery_stream - where - delivery_stream_encryption_configuration ->> 'Status' = 'DISABLED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n delivery_stream_name,\n arn,\n delivery_stream_status,\n\ + \ create_timestamp,\n delivery_stream_type,\n delivery_stream_encryption_configuration\ + \ ->> 'Status' as encryption_status\nfrom\n aws_kinesis_firehose_delivery_stream\n\ + where\n delivery_stream_encryption_configuration ->> 'Status' = 'DISABLED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Kinesis Firehose +Title: List all AWS Kinesis Firehose Delivery Stream details diff --git a/queries/aws_kinesis_firehose_delivery_stream_4.yaml b/queries/aws_kinesis_firehose_delivery_stream_4.yaml index 168e59b6b..bbb312c4b 100755 --- a/queries/aws_kinesis_firehose_delivery_stream_4.yaml +++ b/queries/aws_kinesis_firehose_delivery_stream_4.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS Kinesis Firehose Delivery Stream data, providing + detailed information about each delivery stream in the AWS account. ID: aws_kinesis_firehose_delivery_stream_4 -Title: "List all AWS Kinesis Firehose Delivery Stream details" -Description: "Allows users to query AWS Kinesis Firehose Delivery Stream data, providing detailed information about each delivery stream in the AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - delivery_stream_name, - arn, - delivery_stream_status, - create_timestamp, - delivery_stream_type - from - aws_kinesis_firehose_delivery_stream - where - delivery_stream_type = 'DirectPut'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n delivery_stream_name,\n arn,\n delivery_stream_status,\n\ + \ create_timestamp,\n delivery_stream_type\nfrom\n aws_kinesis_firehose_delivery_stream\n\ + where\n delivery_stream_type = 'DirectPut';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Kinesis Firehose +Title: List all AWS Kinesis Firehose Delivery Stream details diff --git a/queries/aws_kinesis_firehose_delivery_stream_5.yaml b/queries/aws_kinesis_firehose_delivery_stream_5.yaml index c5d1cc66b..6252fa308 100755 --- a/queries/aws_kinesis_firehose_delivery_stream_5.yaml +++ b/queries/aws_kinesis_firehose_delivery_stream_5.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS Kinesis Firehose Delivery Stream data, providing + detailed information about each delivery stream in the AWS account. ID: aws_kinesis_firehose_delivery_stream_5 -Title: "List all AWS Kinesis Firehose Delivery Stream details" -Description: "Allows users to query AWS Kinesis Firehose Delivery Stream data, providing detailed information about each delivery stream in the AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - delivery_stream_name, - arn, - delivery_stream_status, - delivery_stream_type, - failure_description - from - aws_kinesis_firehose_delivery_stream - where - failure_description is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n delivery_stream_name,\n arn,\n delivery_stream_status,\n\ + \ delivery_stream_type,\n failure_description\nfrom\n aws_kinesis_firehose_delivery_stream\n\ + where\n failure_description is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Kinesis Firehose +Title: List all AWS Kinesis Firehose Delivery Stream details diff --git a/queries/aws_kinesis_stream_1.yaml b/queries/aws_kinesis_stream_1.yaml index 08b9811b7..de23f7f69 100755 --- a/queries/aws_kinesis_stream_1.yaml +++ b/queries/aws_kinesis_stream_1.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Kinesis Stream data, including stream name, + status, creation time, and associated tags. ID: aws_kinesis_stream_1 -Title: "List all AWS Kinesis Stream data and its details" -Description: "Allows users to query AWS Kinesis Stream data, including stream name, status, creation time, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - stream_name, - stream_arn, - stream_status, - consumer_count, - stream_creation_timestamp, - region - from - aws_kinesis_stream; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n stream_name,\n stream_arn,\n stream_status,\n consumer_count,\n\ + \ stream_creation_timestamp,\n region\nfrom\n aws_kinesis_stream;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Kinesis Stream +Title: List all AWS Kinesis Stream data and its details diff --git a/queries/aws_kinesis_stream_2.yaml b/queries/aws_kinesis_stream_2.yaml index e610a7da4..bdf8b97e3 100755 --- a/queries/aws_kinesis_stream_2.yaml +++ b/queries/aws_kinesis_stream_2.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS Kinesis Stream data, including stream name, + status, creation time, and associated tags. ID: aws_kinesis_stream_2 -Title: "List Attributes of AWS Kinesis Streams Excluding Active Status" -Description: "Allows users to query AWS Kinesis Stream data, including stream name, status, creation time, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - stream_name, - stream_arn, - stream_status, - consumer_count, - stream_creation_timestamp, - region - from - aws_kinesis_stream - where - stream_status != 'ACTIVE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n stream_name,\n stream_arn,\n stream_status,\n consumer_count,\n\ + \ stream_creation_timestamp,\n region\nfrom\n aws_kinesis_stream\nwhere\n \ + \ stream_status != 'ACTIVE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Kinesis Stream +Title: List Attributes of AWS Kinesis Streams Excluding Active Status diff --git a/queries/aws_kinesis_stream_3.yaml b/queries/aws_kinesis_stream_3.yaml index f8995f16b..7fb3a928e 100755 --- a/queries/aws_kinesis_stream_3.yaml +++ b/queries/aws_kinesis_stream_3.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query AWS Kinesis Stream data, including stream name, + status, creation time, and associated tags. ID: aws_kinesis_stream_3 -Title: "List all AWS Kinesis Streams with Consumer Count Zero" -Description: "Allows users to query AWS Kinesis Stream data, including stream name, status, creation time, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - stream_name, - stream_arn, - stream_status, - consumer_count, - stream_creation_timestamp, - region - from - aws_kinesis_stream - where - consumer_count = 0; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n stream_name,\n stream_arn,\n stream_status,\n consumer_count,\n\ + \ stream_creation_timestamp,\n region\nfrom\n aws_kinesis_stream\nwhere\n \ + \ consumer_count = 0;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Kinesis Stream +Title: List all AWS Kinesis Streams with Consumer Count Zero diff --git a/queries/aws_kinesis_stream_4.yaml b/queries/aws_kinesis_stream_4.yaml index bc9be67a8..9c65d1018 100755 --- a/queries/aws_kinesis_stream_4.yaml +++ b/queries/aws_kinesis_stream_4.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query AWS Kinesis Stream data, including stream name, + status, creation time, and associated tags. ID: aws_kinesis_stream_4 -Title: "List AWS Kinesis Stream details including name, status, and tags" -Description: "Allows users to query AWS Kinesis Stream data, including stream name, status, creation time, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - stream_name, - stream_arn, - encryption_type, - key_id, - stream_creation_timestamp, - region - from - aws_kinesis_stream - where - encryption_type = 'NONE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n stream_name,\n stream_arn,\n encryption_type,\n key_id,\n\ + \ stream_creation_timestamp,\n region\nfrom\n aws_kinesis_stream\nwhere\n \ + \ encryption_type = 'NONE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Kinesis Stream +Title: List AWS Kinesis Stream details including name, status, and tags diff --git a/queries/aws_kinesis_stream_5.yaml b/queries/aws_kinesis_stream_5.yaml index c1443fa29..4a6bf8b97 100755 --- a/queries/aws_kinesis_stream_5.yaml +++ b/queries/aws_kinesis_stream_5.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS Kinesis Stream data, including stream name, + status, creation time, and associated tags. ID: aws_kinesis_stream_5 -Title: "List all AWS Kinesis Stream Data Including Creation Time" -Description: "Allows users to query AWS Kinesis Stream data, including stream name, status, creation time, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - stream_name, - stream_arn, - encryption_type, - key_id, - stream_creation_timestamp, - region - from - aws_kinesis_stream - where - encryption_type != 'NONE' - and key_id = 'alias/aws/kinesis'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n stream_name,\n stream_arn,\n encryption_type,\n key_id,\n\ + \ stream_creation_timestamp,\n region\nfrom\n aws_kinesis_stream\nwhere\n \ + \ encryption_type != 'NONE'\n and key_id = 'alias/aws/kinesis';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Kinesis Stream +Title: List all AWS Kinesis Stream Data Including Creation Time diff --git a/queries/aws_kinesis_video_stream_1.yaml b/queries/aws_kinesis_video_stream_1.yaml index 1d6e26b40..35436a8f7 100755 --- a/queries/aws_kinesis_video_stream_1.yaml +++ b/queries/aws_kinesis_video_stream_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query Kinesis Video Streams to obtain metadata about + each stream, including the stream''s ARN, creation time, status, and other information. ID: aws_kinesis_video_stream_1 -Title: "List metadata for AWS Kinesis Video Streams" -Description: "Allows users to query Kinesis Video Streams to obtain metadata about each stream, including the stream''s ARN, creation time, status, and other information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - stream_name, - stream_arn, - status, - creation_time, - region - from - aws_kinesis_video_stream; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n stream_name,\n stream_arn,\n status,\n creation_time,\n\ + \ region\nfrom\n aws_kinesis_video_stream;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Kinesis Video Streams +Title: List metadata for AWS Kinesis Video Streams diff --git a/queries/aws_kinesis_video_stream_2.yaml b/queries/aws_kinesis_video_stream_2.yaml index 725f0b78a..d3003759e 100755 --- a/queries/aws_kinesis_video_stream_2.yaml +++ b/queries/aws_kinesis_video_stream_2.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query Kinesis Video Streams to obtain metadata about + each stream, including the stream''s ARN, creation time, status, and other information. ID: aws_kinesis_video_stream_2 -Title: "List All Metadata of AWS Kinesis Video Streams" -Description: "Allows users to query Kinesis Video Streams to obtain metadata about each stream, including the stream''s ARN, creation time, status, and other information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - stream_name, - stream_arn, - status, - creation_time, - region - from - aws_kinesis_video_stream - where - status != 'ACTIVE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n stream_name,\n stream_arn,\n status,\n creation_time,\n\ + \ region\nfrom\n aws_kinesis_video_stream\nwhere\n status != 'ACTIVE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Kinesis Video Streams +Title: List All Metadata of AWS Kinesis Video Streams diff --git a/queries/aws_kinesis_video_stream_3.yaml b/queries/aws_kinesis_video_stream_3.yaml index dd9db66fb..603825836 100755 --- a/queries/aws_kinesis_video_stream_3.yaml +++ b/queries/aws_kinesis_video_stream_3.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query Kinesis Video Streams to obtain metadata about + each stream, including the stream''s ARN, creation time, status, and other information. ID: aws_kinesis_video_stream_3 -Title: "List all AWS Kinesis Video Streams with metadata" -Description: "Allows users to query Kinesis Video Streams to obtain metadata about each stream, including the stream''s ARN, creation time, status, and other information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - stream_name, - stream_arn, - status, - kms_key_id, - creation_time, - region - from - aws_kinesis_video_stream - where - split_part(kms_key_id, ':', 6) = 'alias/aws/kinesisvideo'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n stream_name,\n stream_arn,\n status,\n kms_key_id,\n\ + \ creation_time,\n region\nfrom\n aws_kinesis_video_stream\nwhere\n split_part(kms_key_id,\ + \ ':', 6) = 'alias/aws/kinesisvideo';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Kinesis Video Streams +Title: List all AWS Kinesis Video Streams with metadata diff --git a/queries/aws_kinesis_video_stream_4.yaml b/queries/aws_kinesis_video_stream_4.yaml index 6c30fd88f..57810c913 100755 --- a/queries/aws_kinesis_video_stream_4.yaml +++ b/queries/aws_kinesis_video_stream_4.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query Kinesis Video Streams to obtain metadata about + each stream, including the stream''s ARN, creation time, status, and other information. ID: aws_kinesis_video_stream_4 -Title: "List All Kinesis Video Streams Metadata from AWS" -Description: "Allows users to query Kinesis Video Streams to obtain metadata about each stream, including the stream''s ARN, creation time, status, and other information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - stream_name, - stream_arn, - status, - creation_time, - data_retention_in_hours, - region - from - aws_kinesis_video_stream - where - data_retention_in_hours < 168; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n stream_name,\n stream_arn,\n status,\n creation_time,\n\ + \ data_retention_in_hours,\n region\nfrom\n aws_kinesis_video_stream\nwhere\n\ + \ data_retention_in_hours < 168;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Kinesis Video Stream +Title: List All Kinesis Video Streams Metadata from AWS diff --git a/queries/aws_kinesisanalyticsv2_application_1.yaml b/queries/aws_kinesisanalyticsv2_application_1.yaml index 628f0106a..63b31bb1f 100755 --- a/queries/aws_kinesisanalyticsv2_application_1.yaml +++ b/queries/aws_kinesisanalyticsv2_application_1.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS Kinesis Analytics Applications to retrieve + detailed information about each application, including the name, ARN, description, + status, runtime environment, and more. ID: aws_kinesisanalyticsv2_application_1 -Title: "List AWS Kinesis Analytics Applications with Details" -Description: "Allows users to query AWS Kinesis Analytics Applications to retrieve detailed information about each application, including the name, ARN, description, status, runtime environment, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - application_name, - application_arn, - application_version_id, - application_status, - application_description, - service_execution_role, - runtime_environment - from - aws_kinesisanalyticsv2_application; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n application_name,\n application_arn,\n application_version_id,\n\ + \ application_status,\n application_description,\n service_execution_role,\n\ + \ runtime_environment\nfrom\n aws_kinesisanalyticsv2_application;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Kinesis Analytics +Title: List AWS Kinesis Analytics Applications with Details diff --git a/queries/aws_kinesisanalyticsv2_application_2.yaml b/queries/aws_kinesisanalyticsv2_application_2.yaml index 9278f795d..dfc009b2c 100755 --- a/queries/aws_kinesisanalyticsv2_application_2.yaml +++ b/queries/aws_kinesisanalyticsv2_application_2.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS Kinesis Analytics Applications to retrieve + detailed information about each application, including the name, ARN, description, + status, runtime environment, and more. ID: aws_kinesisanalyticsv2_application_2 -Title: "Find AWS Kinesis Analytics Applications and Details" -Description: "Allows users to query AWS Kinesis Analytics Applications to retrieve detailed information about each application, including the name, ARN, description, status, runtime environment, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - application_name, - application_version_id, - application_arn, - application_status - from - aws_kinesisanalyticsv2_application - where - application_version_id > 1; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n application_name,\n application_version_id,\n application_arn,\n\ + \ application_status\nfrom\n aws_kinesisanalyticsv2_application\nwhere\n application_version_id\ + \ > 1;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Kinesis Analytics +Title: Find AWS Kinesis Analytics Applications and Details diff --git a/queries/aws_kinesisanalyticsv2_application_3.yaml b/queries/aws_kinesisanalyticsv2_application_3.yaml index 34080cc26..864afe134 100755 --- a/queries/aws_kinesisanalyticsv2_application_3.yaml +++ b/queries/aws_kinesisanalyticsv2_application_3.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS Kinesis Analytics Applications to retrieve + detailed information about each application, including the name, ARN, description, + status, runtime environment, and more. ID: aws_kinesisanalyticsv2_application_3 -Title: "Find AWS Kinesis Analytics Applications and Details" -Description: "Allows users to query AWS Kinesis Analytics Applications to retrieve detailed information about each application, including the name, ARN, description, status, runtime environment, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - application_name, - runtime_environment, - application_arn, - application_status - from - aws_kinesisanalyticsv2_application - where - runtime_environment = 'SQL-1_0'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n application_name,\n runtime_environment,\n application_arn,\n\ + \ application_status\nfrom\n aws_kinesisanalyticsv2_application\nwhere\n runtime_environment\ + \ = 'SQL-1_0';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Kinesis Analytics +Title: Find AWS Kinesis Analytics Applications and Details diff --git a/queries/aws_kms_alias_1.yaml b/queries/aws_kms_alias_1.yaml index 9fef92dc0..d64e03be1 100755 --- a/queries/aws_kms_alias_1.yaml +++ b/queries/aws_kms_alias_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS KMS aliases and retrieve information about + their associated keys, including the key ID, alias name, and alias ARN. ID: aws_kms_alias_1 -Title: "Find all AWS KMS alias details including keys" -Description: "Allows users to query AWS KMS aliases and retrieve information about their associated keys, including the key ID, alias name, and alias ARN." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - alias_name, - title, - arn, - target_key_id, - creation_date - from - aws_kms_alias; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n alias_name,\n title,\n arn,\n target_key_id,\n creation_date\n\ + from\n aws_kms_alias;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Key Management Service (KMS) +Title: Find all AWS KMS alias details including keys diff --git a/queries/aws_kms_alias_2.yaml b/queries/aws_kms_alias_2.yaml index 2eaf92fe7..ba4a8b637 100755 --- a/queries/aws_kms_alias_2.yaml +++ b/queries/aws_kms_alias_2.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS KMS aliases and retrieve information about + their associated keys, including the key ID, alias name, and alias ARN. ID: aws_kms_alias_2 -Title: "Find AWS KMS Alias and Associated Keys with SQL" -Description: "Allows users to query AWS KMS aliases and retrieve information about their associated keys, including the key ID, alias name, and alias ARN." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - k.id as key_id, - k.key_rotation_enabled as key_rotation_enabled, - a.alias_name as alias_name, - a.arn as alias_arn - from - aws_kms_key as k, - aws_kms_alias as a - where - k.id = a.target_key_id and not key_rotation_enabled; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n k.id as key_id,\n k.key_rotation_enabled as key_rotation_enabled,\n\ + \ a.alias_name as alias_name,\n a.arn as alias_arn\nfrom\n aws_kms_key as k,\n\ + \ aws_kms_alias as a\nwhere\n k.id = a.target_key_id and not key_rotation_enabled;" Tags: cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Key Management Service +Title: Find AWS KMS Alias and Associated Keys with SQL diff --git a/queries/aws_kms_alias_3.yaml b/queries/aws_kms_alias_3.yaml index 5be88c642..9a1713e35 100755 --- a/queries/aws_kms_alias_3.yaml +++ b/queries/aws_kms_alias_3.yaml @@ -1,32 +1,25 @@ +Description: Allows users to query AWS KMS aliases and retrieve information about + their associated keys, including the key ID, alias name, and alias ARN. ID: aws_kms_alias_3 -Title: "List all AWS KMS aliases with key state pending deletion" -Description: "Allows users to query AWS KMS aliases and retrieve information about their associated keys, including the key ID, alias name, and alias ARN." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - a.alias_name as alias_name, - k.id as key_id, - k.key_state as key_state, - k.deletion_date as key_deletion_date - from - aws_kms_key as k, - aws_kms_alias as a - where - k.id = a.target_key_id and key_state = 'PendingDeletion'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n a.alias_name as alias_name,\n k.id as key_id,\n k.key_state\ + \ as key_state,\n k.deletion_date as key_deletion_date\nfrom\n aws_kms_key as\ + \ k,\n aws_kms_alias as a\nwhere\n k.id = a.target_key_id and key_state = 'PendingDeletion';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Key Management Service +Title: List all AWS KMS aliases with key state pending deletion diff --git a/queries/aws_kms_alias_4.yaml b/queries/aws_kms_alias_4.yaml index 8bb04b60c..98314975e 100755 --- a/queries/aws_kms_alias_4.yaml +++ b/queries/aws_kms_alias_4.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS KMS aliases and retrieve information about + their associated keys, including the key ID, alias name, and alias ARN. ID: aws_kms_alias_4 -Title: "List all AWS KMS aliases and their associated keys" -Description: "Allows users to query AWS KMS aliases and retrieve information about their associated keys, including the key ID, alias name, and alias ARN." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - k.id as key_id, - count(a.alias_name) as count - from - aws_kms_key as k - left join aws_kms_alias as a - on k.id = a.target_key_id - group by - key_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n k.id as key_id,\n count(a.alias_name) as count\nfrom\n\ + \ aws_kms_key as k\n left join aws_kms_alias as a\n on k.id = a.target_key_id\n\ + group by\n key_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - KMS +Title: List all AWS KMS aliases and their associated keys diff --git a/queries/aws_kms_key_1.yaml b/queries/aws_kms_key_1.yaml index 914b03c64..4084856b5 100755 --- a/queries/aws_kms_key_1.yaml +++ b/queries/aws_kms_key_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS KMS Key data including cryptographic details, + key usage, key state, and associated metadata. ID: aws_kms_key_1 -Title: "List all AWS KMS Keys and their metadata" -Description: "Allows users to query AWS KMS Key data including cryptographic details, key usage, key state, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - title, - arn, - key_manager, - creation_date - from - aws_kms_key; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n title,\n arn,\n key_manager,\n creation_date\n\ + from\n aws_kms_key;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS KMS +Title: List all AWS KMS Keys and their metadata diff --git a/queries/aws_kms_key_2.yaml b/queries/aws_kms_key_2.yaml index 650c64216..13da22258 100755 --- a/queries/aws_kms_key_2.yaml +++ b/queries/aws_kms_key_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS KMS Key data including cryptographic details, + key usage, key state, and associated metadata. ID: aws_kms_key_2 -Title: "Find AWS KMS Key Data with Metadata & Key Usage" -Description: "Allows users to query AWS KMS Key data including cryptographic details, key usage, key state, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - key_rotation_enabled - from - aws_kms_key - where - not key_rotation_enabled; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n key_rotation_enabled\nfrom\n aws_kms_key\nwhere\n\ + \ not key_rotation_enabled;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - KMS +Title: Find AWS KMS Key Data with Metadata & Key Usage diff --git a/queries/aws_kms_key_3.yaml b/queries/aws_kms_key_3.yaml index 8c20cbff1..468c78f26 100755 --- a/queries/aws_kms_key_3.yaml +++ b/queries/aws_kms_key_3.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS KMS Key data including cryptographic details, + key usage, key state, and associated metadata. ID: aws_kms_key_3 -Title: "List AWS KMS Key data including cryptographic details" -Description: "Allows users to query AWS KMS Key data including cryptographic details, key usage, key state, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - key_state, - deletion_date - from - aws_kms_key - where - key_state = 'PendingDeletion'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n key_state,\n deletion_date\nfrom\n aws_kms_key\n\ + where\n key_state = 'PendingDeletion';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - KMS Key +Title: List AWS KMS Key data including cryptographic details diff --git a/queries/aws_kms_key_4.yaml b/queries/aws_kms_key_4.yaml index f414e99f5..08f8fa596 100755 --- a/queries/aws_kms_key_4.yaml +++ b/queries/aws_kms_key_4.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS KMS Key data including cryptographic details, + key usage, key state, and associated metadata. ID: aws_kms_key_4 -Title: "List all AWS KMS Key data including key state and usage" -Description: "Allows users to query AWS KMS Key data including cryptographic details, key usage, key state, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - enabled as key_enabled - from - aws_kms_key - where - not enabled; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n enabled as key_enabled\nfrom\n aws_kms_key\n\ + where\n not enabled;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - KMS +Title: List all AWS KMS Key data including key state and usage diff --git a/queries/aws_kms_key_5.yaml b/queries/aws_kms_key_5.yaml index 7fc253fed..72599d560 100755 --- a/queries/aws_kms_key_5.yaml +++ b/queries/aws_kms_key_5.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS KMS Key data including cryptographic details, + key usage, key state, and associated metadata. ID: aws_kms_key_5 -Title: "List all AWS KMS Key data with cryptographic details" -Description: "Allows users to query AWS KMS Key data including cryptographic details, key usage, key state, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - key_manager, - count(key_manager) as count - from - aws_kms_key - group by - key_manager; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n key_manager,\n count(key_manager) as count\nfrom\n \ + \ aws_kms_key\ngroup by\n key_manager;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - KMS +Title: List all AWS KMS Key data with cryptographic details diff --git a/queries/aws_kms_key_rotation_1.yaml b/queries/aws_kms_key_rotation_1.yaml index 6edd4a2f2..4dc2520e5 100755 --- a/queries/aws_kms_key_rotation_1.yaml +++ b/queries/aws_kms_key_rotation_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS KMS Key Rotation data including the rotation + schedule, type, and associated key details. ID: aws_kms_key_rotation_1 -Title: "Find AWS KMS Key Rotation Schedule and Details" -Description: "Allows users to query AWS KMS Key Rotation data including the rotation schedule, type, and associated key details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - key_id, - key_arn, - rotation_date, - rotation_type - from - aws_kms_key_rotation; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n key_id,\n key_arn,\n rotation_date,\n rotation_type\n\ + from\n aws_kms_key_rotation;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - KMS +Title: Find AWS KMS Key Rotation Schedule and Details diff --git a/queries/aws_kms_key_rotation_2.yaml b/queries/aws_kms_key_rotation_2.yaml index ec5eb0c41..b71cc7065 100755 --- a/queries/aws_kms_key_rotation_2.yaml +++ b/queries/aws_kms_key_rotation_2.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS KMS Key Rotation data including the rotation + schedule, type, and associated key details. ID: aws_kms_key_rotation_2 -Title: "List all AWS KMS Key Rotation Data" -Description: "Allows users to query AWS KMS Key Rotation data including the rotation schedule, type, and associated key details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - key_id, - key_arn, - rotation_date - from - aws_kms_key_rotation - where - rotation_date >= current_date - interval '30 days'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n key_id,\n key_arn,\n rotation_date\nfrom\n aws_kms_key_rotation\n\ + where\n rotation_date >= current_date - interval '30 days';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS KMS +Title: List all AWS KMS Key Rotation Data diff --git a/queries/aws_kms_key_rotation_3.yaml b/queries/aws_kms_key_rotation_3.yaml index ebc5df96d..0e03bf6f1 100755 --- a/queries/aws_kms_key_rotation_3.yaml +++ b/queries/aws_kms_key_rotation_3.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS KMS Key Rotation data including the rotation + schedule, type, and associated key details. ID: aws_kms_key_rotation_3 -Title: "List AWS KMS Key Rotation Details and Schedule" -Description: "Allows users to query AWS KMS Key Rotation data including the rotation schedule, type, and associated key details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - akr.key_id, - ak.title, - akr.rotation_date, - akr.rotation_type, - ak.key_manager - from - aws_kms_key_rotation akr - join - aws_kms_key ak - on - akr.key_id = ak.id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n akr.key_id,\n ak.title,\n akr.rotation_date,\n akr.rotation_type,\n\ + \ ak.key_manager\nfrom\n aws_kms_key_rotation akr\njoin\n aws_kms_key ak\n\ + on\n akr.key_id = ak.id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - KMS +Title: List AWS KMS Key Rotation Details and Schedule diff --git a/queries/aws_kms_key_rotation_4.yaml b/queries/aws_kms_key_rotation_4.yaml index f7b683092..a34d3eab1 100755 --- a/queries/aws_kms_key_rotation_4.yaml +++ b/queries/aws_kms_key_rotation_4.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS KMS Key Rotation data including the rotation + schedule, type, and associated key details. ID: aws_kms_key_rotation_4 -Title: "List AWS KMS Key Rotation Schedules and Types" -Description: "Allows users to query AWS KMS Key Rotation data including the rotation schedule, type, and associated key details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - rotation_type, - count(key_id) as count - from - aws_kms_key_rotation - group by - rotation_type; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n rotation_type,\n count(key_id) as count\nfrom\n aws_kms_key_rotation\n\ + group by\n rotation_type;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - KMS +Title: List AWS KMS Key Rotation Schedules and Types diff --git a/queries/aws_lambda_alias_1.yaml b/queries/aws_lambda_alias_1.yaml index c8d67e006..dbafdfa68 100755 --- a/queries/aws_lambda_alias_1.yaml +++ b/queries/aws_lambda_alias_1.yaml @@ -1,24 +1,20 @@ +Description: Allows users to query AWS Lambda Alias, providing detailed information + about each alias associated with AWS Lambda functions. ID: aws_lambda_alias_1 -Title: "List AWS Lambda Alias with detailed information" -Description: "Allows users to query AWS Lambda Alias, providing detailed information about each alias associated with AWS Lambda functions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - function_name, - function_version - from - aws_lambda_alias; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n function_name,\n function_version\nfrom\n \ + \ aws_lambda_alias;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Lambda +Title: List AWS Lambda Alias with detailed information diff --git a/queries/aws_lambda_alias_2.yaml b/queries/aws_lambda_alias_2.yaml index 861a30482..ee8114d8f 100755 --- a/queries/aws_lambda_alias_2.yaml +++ b/queries/aws_lambda_alias_2.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Lambda Alias, providing detailed information + about each alias associated with AWS Lambda functions. ID: aws_lambda_alias_2 -Title: "List all AWS Lambda Aliases with Detailed Information" -Description: "Allows users to query AWS Lambda Alias, providing detailed information about each alias associated with AWS Lambda functions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - function_name, - count(function_name) count - from - aws_lambda_alias - group by - function_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n function_name,\n count(function_name) count\nfrom\n\ + \ aws_lambda_alias\ngroup by\n function_name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Lambda +Title: List all AWS Lambda Aliases with Detailed Information diff --git a/queries/aws_lambda_alias_3.yaml b/queries/aws_lambda_alias_3.yaml index 3faea0ecc..621faced9 100755 --- a/queries/aws_lambda_alias_3.yaml +++ b/queries/aws_lambda_alias_3.yaml @@ -1,25 +1,22 @@ +Description: Allows users to query AWS Lambda Alias, providing detailed information + about each alias associated with AWS Lambda functions. ID: aws_lambda_alias_3 -Title: "List all AWS Lambda Alias with detailed information" -Description: "Allows users to query AWS Lambda Alias, providing detailed information about each alias associated with AWS Lambda functions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - jsonb_pretty(policy) as policy, - jsonb_pretty(policy_std) as policy_std - from - aws_lambda_alias; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n jsonb_pretty(policy) as policy,\n jsonb_pretty(policy_std)\ + \ as policy_std\nfrom\n aws_lambda_alias;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lambda +Title: List all AWS Lambda Alias with detailed information diff --git a/queries/aws_lambda_alias_4.yaml b/queries/aws_lambda_alias_4.yaml index aacb447bd..eb0b0c7e3 100755 --- a/queries/aws_lambda_alias_4.yaml +++ b/queries/aws_lambda_alias_4.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query AWS Lambda Alias, providing detailed information + about each alias associated with AWS Lambda functions. ID: aws_lambda_alias_4 -Title: "List all AWS Lambda Aliases and Configuration" -Description: "Allows users to query AWS Lambda Alias, providing detailed information about each alias associated with AWS Lambda functions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - function_name, - jsonb_pretty(url_config) as url_config - from - aws_lambda_alias; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n function_name,\n jsonb_pretty(url_config) as\ + \ url_config\nfrom\n aws_lambda_alias;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Lambda +Title: List all AWS Lambda Aliases and Configuration diff --git a/queries/aws_lambda_event_source_mapping_1.yaml b/queries/aws_lambda_event_source_mapping_1.yaml index 98e1bf9e6..27915d5f5 100755 --- a/queries/aws_lambda_event_source_mapping_1.yaml +++ b/queries/aws_lambda_event_source_mapping_1.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query AWS Lambda Event Source Mappings, providing a detailed + view of each mapping configuration. ID: aws_lambda_event_source_mapping_1 -Title: "List AWS Lambda Event Source Mappings with Config Details" -Description: "Allows users to query AWS Lambda Event Source Mappings, providing a detailed view of each mapping configuration." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - function_arn, - function_name, - last_processing_result, - parallelization_factor, - state, - destination_config - from - aws_lambda_event_source_mapping; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n function_arn,\n function_name,\n last_processing_result,\n\ + \ parallelization_factor,\n state,\n destination_config\nfrom\n aws_lambda_event_source_mapping;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lambda +Title: List AWS Lambda Event Source Mappings with Config Details diff --git a/queries/aws_lambda_event_source_mapping_2.yaml b/queries/aws_lambda_event_source_mapping_2.yaml index d9c1431bd..821331c54 100755 --- a/queries/aws_lambda_event_source_mapping_2.yaml +++ b/queries/aws_lambda_event_source_mapping_2.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS Lambda Event Source Mappings, providing a detailed + view of each mapping configuration. ID: aws_lambda_event_source_mapping_2 -Title: "Find AWS Lambda Event Source Mappings with SQL" -Description: "Allows users to query AWS Lambda Event Source Mappings, providing a detailed view of each mapping configuration." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - function_name, - state, - last_modified, - state_transition_reason - from - aws_lambda_event_source_mapping - where - state = 'Disabled'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n function_name,\n state,\n last_modified,\n state_transition_reason\n\ + from\n aws_lambda_event_source_mapping\nwhere\n state = 'Disabled';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lambda +Title: Find AWS Lambda Event Source Mappings with SQL diff --git a/queries/aws_lambda_event_source_mapping_3.yaml b/queries/aws_lambda_event_source_mapping_3.yaml index 571366ec6..d28b56f00 100755 --- a/queries/aws_lambda_event_source_mapping_3.yaml +++ b/queries/aws_lambda_event_source_mapping_3.yaml @@ -1,23 +1,20 @@ +Description: Allows users to query AWS Lambda Event Source Mappings, providing a detailed + view of each mapping configuration. ID: aws_lambda_event_source_mapping_3 -Title: "Find AWS Lambda Event Source Mappings with SQL" -Description: "Allows users to query AWS Lambda Event Source Mappings, providing a detailed view of each mapping configuration." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - function_name, - jsonb_array_elements_text(jsonb_extract_path(self_managed_event_source, 'Endpoints', 'KAFKA_BOOTSTRAP_SERVERS')) - from - aws_lambda_event_source_mapping; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n function_name,\n jsonb_array_elements_text(jsonb_extract_path(self_managed_event_source,\ + \ 'Endpoints', 'KAFKA_BOOTSTRAP_SERVERS'))\nfrom\n aws_lambda_event_source_mapping;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lambda +Title: Find AWS Lambda Event Source Mappings with SQL diff --git a/queries/aws_lambda_event_source_mapping_4.yaml b/queries/aws_lambda_event_source_mapping_4.yaml index 9459bf559..3cc46afb0 100755 --- a/queries/aws_lambda_event_source_mapping_4.yaml +++ b/queries/aws_lambda_event_source_mapping_4.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS Lambda Event Source Mappings, providing a detailed + view of each mapping configuration. ID: aws_lambda_event_source_mapping_4 -Title: "Find AWS Lambda Event Source Mappings and Configurations" -Description: "Allows users to query AWS Lambda Event Source Mappings, providing a detailed view of each mapping configuration." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - uuid, - arn, - a ->> 'Type' as source_access_type, - a ->> 'URL' as source_access_url - from - aws_lambda_event_source_mapping, - jsonb_array_elements(source_access_configurations) as a; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n uuid,\n arn,\n a ->> 'Type' as source_access_type,\n\ + \ a ->> 'URL' as source_access_url\nfrom\n aws_lambda_event_source_mapping,\n\ + \ jsonb_array_elements(source_access_configurations) as a;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lambda +Title: Find AWS Lambda Event Source Mappings and Configurations diff --git a/queries/aws_lambda_event_source_mapping_5.yaml b/queries/aws_lambda_event_source_mapping_5.yaml index 5aaf9f422..7aa2b0c24 100755 --- a/queries/aws_lambda_event_source_mapping_5.yaml +++ b/queries/aws_lambda_event_source_mapping_5.yaml @@ -1,24 +1,20 @@ +Description: Allows users to query AWS Lambda Event Source Mappings, providing a detailed + view of each mapping configuration. ID: aws_lambda_event_source_mapping_5 -Title: "List all AWS Lambda Event Source Mappings with Details" -Description: "Allows users to query AWS Lambda Event Source Mappings, providing a detailed view of each mapping configuration." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - uuid, - arn, - scaling_config ->> 'MaximumConcurrency' as maximum_concurrency - from - aws_lambda_event_source_mapping; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n uuid,\n arn,\n scaling_config ->> 'MaximumConcurrency'\ + \ as maximum_concurrency\nfrom\n aws_lambda_event_source_mapping;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lambda +Title: List all AWS Lambda Event Source Mappings with Details diff --git a/queries/aws_lambda_event_source_mapping_6.yaml b/queries/aws_lambda_event_source_mapping_6.yaml index 553449ab6..ab46bb159 100755 --- a/queries/aws_lambda_event_source_mapping_6.yaml +++ b/queries/aws_lambda_event_source_mapping_6.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS Lambda Event Source Mappings, providing a detailed + view of each mapping configuration. ID: aws_lambda_event_source_mapping_6 -Title: "List all AWS Lambda Event Source Mappings and Configs" -Description: "Allows users to query AWS Lambda Event Source Mappings, providing a detailed view of each mapping configuration." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - uuid, - function_name, - destination_config ->> 'OnFailure' as on_failure, - destination_config ->> 'OnSuccess' as on_success - from - aws_lambda_event_source_mapping; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n uuid,\n function_name,\n destination_config ->> 'OnFailure'\ + \ as on_failure,\n destination_config ->> 'OnSuccess' as on_success\nfrom\n \ + \ aws_lambda_event_source_mapping;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lambda +Title: List all AWS Lambda Event Source Mappings and Configs diff --git a/queries/aws_lambda_event_source_mapping_7.yaml b/queries/aws_lambda_event_source_mapping_7.yaml index f8b421348..c1420548b 100755 --- a/queries/aws_lambda_event_source_mapping_7.yaml +++ b/queries/aws_lambda_event_source_mapping_7.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Lambda Event Source Mappings, providing a detailed + view of each mapping configuration. ID: aws_lambda_event_source_mapping_7 -Title: "Find AWS Lambda Event Source Mappings Configurations" -Description: "Allows users to query AWS Lambda Event Source Mappings, providing a detailed view of each mapping configuration." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - uuid, - arn, - function_arn, - state, - filter ->> 'Pattern' as filter_criteria_pattern - from - aws_lambda_event_source_mapping, - jsonb_array_elements(filter_criteria -> 'Filters') as filter - where - filter ->> 'Pattern' like '{ \"Metadata\" : [ 1, 2 ]}'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n uuid,\n arn,\n function_arn,\n state,\n filter ->>\ + \ 'Pattern' as filter_criteria_pattern\nfrom\n aws_lambda_event_source_mapping,\n\ + \ jsonb_array_elements(filter_criteria -> 'Filters') as filter\nwhere\n filter\ + \ ->> 'Pattern' like '{ \\\"Metadata\\\" : [ 1, 2 ]}';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Lambda +Title: Find AWS Lambda Event Source Mappings Configurations diff --git a/queries/aws_lambda_event_source_mapping_8.yaml b/queries/aws_lambda_event_source_mapping_8.yaml index cf806404e..472deb707 100755 --- a/queries/aws_lambda_event_source_mapping_8.yaml +++ b/queries/aws_lambda_event_source_mapping_8.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query AWS Lambda Event Source Mappings, providing a detailed + view of each mapping configuration. ID: aws_lambda_event_source_mapping_8 -Title: "Find AWS Lambda Event Source Mappings Configuration" -Description: "Allows users to query AWS Lambda Event Source Mappings, providing a detailed view of each mapping configuration." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - m.arn, - m.function_arn, - f.runtime, - f.handler, - f.architectures - from - aws_lambda_event_source_mapping as m, - aws_lambda_function as f - where - f.name = m.function_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n m.arn,\n m.function_arn,\n f.runtime,\n f.handler,\n\ + \ f.architectures\nfrom\n aws_lambda_event_source_mapping as m,\n aws_lambda_function\ + \ as f\nwhere\n f.name = m.function_name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lambda +Title: Find AWS Lambda Event Source Mappings Configuration diff --git a/queries/aws_lambda_function_1.yaml b/queries/aws_lambda_function_1.yaml index d46bdbcb4..f92e14a55 100755 --- a/queries/aws_lambda_function_1.yaml +++ b/queries/aws_lambda_function_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Lambda Functions, providing information about + each function''s configuration, including runtime, code size, timeout, and associated + tags. ID: aws_lambda_function_1 -Title: "List AWS Lambda Function Configurations via SQL" -Description: "Allows users to query AWS Lambda Functions, providing information about each function''s configuration, including runtime, code size, timeout, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - handler, - kms_key_arn - from - aws_lambda_function; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n handler,\n kms_key_arn\nfrom\n aws_lambda_function;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lambda +Title: List AWS Lambda Function Configurations via SQL diff --git a/queries/aws_lambda_function_10.yaml b/queries/aws_lambda_function_10.yaml index bf6d13135..685880a9b 100755 --- a/queries/aws_lambda_function_10.yaml +++ b/queries/aws_lambda_function_10.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS Lambda Functions, providing information about + each function''s configuration, including runtime, code size, timeout, and associated + tags. ID: aws_lambda_function_10 -Title: "Find AWS Lambda Functions with Specific Tracing Config" -Description: "Allows users to query AWS Lambda Functions, providing information about each function''s configuration, including runtime, code size, timeout, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - jsonb_pretty(tracing_config) as tracing_config - from - aws_lambda_function - where - tracing_config ->> 'Mode' = 'PassThrough'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n jsonb_pretty(tracing_config) as tracing_config\n\ + from\n aws_lambda_function\nwhere\n tracing_config ->> 'Mode' = 'PassThrough';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lambda +Title: Find AWS Lambda Functions with Specific Tracing Config diff --git a/queries/aws_lambda_function_2.yaml b/queries/aws_lambda_function_2.yaml index bd8ba9894..9b7b8df0f 100755 --- a/queries/aws_lambda_function_2.yaml +++ b/queries/aws_lambda_function_2.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS Lambda Functions, providing information about + each function''s configuration, including runtime, code size, timeout, and associated + tags. ID: aws_lambda_function_2 -Title: "Find AWS Lambda Functions Without KMS Key ARN" -Description: "Allows users to query AWS Lambda Functions, providing information about each function''s configuration, including runtime, code size, timeout, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - kms_key_arn - from - aws_lambda_function - where - kms_key_arn is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n kms_key_arn\nfrom\n aws_lambda_function\nwhere\n\ + \ kms_key_arn is null;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lambda Functions +Title: Find AWS Lambda Functions Without KMS Key ARN diff --git a/queries/aws_lambda_function_3.yaml b/queries/aws_lambda_function_3.yaml index ed22157d8..bdbdb3641 100755 --- a/queries/aws_lambda_function_3.yaml +++ b/queries/aws_lambda_function_3.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS Lambda Functions, providing information about + each function''s configuration, including runtime, code size, timeout, and associated + tags. ID: aws_lambda_function_3 -Title: "List all AWS Lambda Functions with Runtime Details" -Description: "Allows users to query AWS Lambda Functions, providing information about each function''s configuration, including runtime, code size, timeout, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - runtime, - count(*) - from - aws_lambda_function - group by - runtime; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n runtime,\n count(*)\nfrom\n aws_lambda_function\ngroup\ + \ by\n runtime;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lambda +Title: List all AWS Lambda Functions with Runtime Details diff --git a/queries/aws_lambda_function_4.yaml b/queries/aws_lambda_function_4.yaml index 34e75cf08..4a91d18bf 100755 --- a/queries/aws_lambda_function_4.yaml +++ b/queries/aws_lambda_function_4.yaml @@ -1,32 +1,25 @@ +Description: Allows users to query AWS Lambda Functions, providing information about + each function''s configuration, including runtime, code size, timeout, and associated + tags. ID: aws_lambda_function_4 -Title: "List AWS Lambda Functions with Logs Retention Less Than 30 Days" -Description: "Allows users to query AWS Lambda Functions, providing information about each function''s configuration, including runtime, code size, timeout, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - fn.name, - lg.name, - lg.retention_in_days - from - aws_lambda_function as fn - inner join aws_cloudwatch_log_group as lg on ( - (lg.name = '/aws/lambda/') - or (lg.name = fn.name) - ) - where - lg.retention_in_days < 30; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n fn.name,\n lg.name,\n lg.retention_in_days\nfrom\n\ + \ aws_lambda_function as fn\n inner join aws_cloudwatch_log_group as lg on (\n\ + \ (lg.name = '/aws/lambda/')\n or (lg.name = fn.name)\n )\nwhere\n lg.retention_in_days\ + \ < 30;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Lambda +Title: List AWS Lambda Functions with Logs Retention Less Than 30 Days diff --git a/queries/aws_lambda_function_5.yaml b/queries/aws_lambda_function_5.yaml index 59cc2add2..b4f94c19f 100755 --- a/queries/aws_lambda_function_5.yaml +++ b/queries/aws_lambda_function_5.yaml @@ -1,33 +1,25 @@ +Description: Allows users to query AWS Lambda Functions, providing information about + each function''s configuration, including runtime, code size, timeout, and associated + tags. ID: aws_lambda_function_5 -Title: "List all AWS Lambda Functions with Configuration Details" -Description: "Allows users to query AWS Lambda Functions, providing information about each function''s configuration, including runtime, code size, timeout, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - fn.name, - fn.region, - count (availability_zone) as zone_count - from - aws_lambda_function as fn - cross join jsonb_array_elements_text(vpc_subnet_ids) as vpc_subnet - join aws_vpc_subnet as sub on sub.subnet_id = vpc_subnet - group by - fn.name, - fn.region - order by - zone_count; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n fn.name,\n fn.region,\n count (availability_zone) as\ + \ zone_count\nfrom\n aws_lambda_function as fn\n cross join jsonb_array_elements_text(vpc_subnet_ids)\ + \ as vpc_subnet\n join aws_vpc_subnet as sub on sub.subnet_id = vpc_subnet\n\ + group by\n fn.name,\n fn.region\norder by\n zone_count;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lambda Function +Title: List all AWS Lambda Functions with Configuration Details diff --git a/queries/aws_lambda_function_6.yaml b/queries/aws_lambda_function_6.yaml index 6fbde2809..ec435f584 100755 --- a/queries/aws_lambda_function_6.yaml +++ b/queries/aws_lambda_function_6.yaml @@ -1,40 +1,28 @@ +Description: Allows users to query AWS Lambda Functions, providing information about + each function''s configuration, including runtime, code size, timeout, and associated + tags. ID: aws_lambda_function_6 -Title: "Find AWS Lambda Functions and IAM Actions" -Description: "Allows users to query AWS Lambda Functions, providing information about each function''s configuration, including runtime, code size, timeout, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - f.name, - f.role, - a.action, - a.access_level, - a.description - from - aws_lambda_function as f, - aws_iam_role as r, - jsonb_array_elements_text(r.attached_policy_arns) as pol_arn, - aws_iam_policy as p, - jsonb_array_elements(p.policy_std -> 'Statement') as stmt, - jsonb_array_elements_text(stmt -> 'Action') as action_glob, - glob(action_glob) as action_regex - join aws_iam_action a ON a.action LIKE action_regex - where - f.role = r.arn - and pol_arn = p.arn - and stmt ->> 'Effect' = 'Allow' - and f.name = 'hellopython'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n f.name,\n f.role,\n a.action,\n a.access_level,\n\ + \ a.description\nfrom\n aws_lambda_function as f,\n aws_iam_role as r,\n jsonb_array_elements_text(r.attached_policy_arns)\ + \ as pol_arn,\n aws_iam_policy as p,\n jsonb_array_elements(p.policy_std ->\ + \ 'Statement') as stmt,\n jsonb_array_elements_text(stmt -> 'Action') as action_glob,\n\ + \ glob(action_glob) as action_regex\n join aws_iam_action a ON a.action LIKE\ + \ action_regex\nwhere\n f.role = r.arn\n and pol_arn = p.arn\n and stmt ->>\ + \ 'Effect' = 'Allow'\n and f.name = 'hellopython';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lambda Function +Title: Find AWS Lambda Functions and IAM Actions diff --git a/queries/aws_lambda_function_7.yaml b/queries/aws_lambda_function_7.yaml index ba8486b28..4cff911b4 100755 --- a/queries/aws_lambda_function_7.yaml +++ b/queries/aws_lambda_function_7.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS Lambda Functions, providing information about + each function''s configuration, including runtime, code size, timeout, and associated + tags. ID: aws_lambda_function_7 -Title: "Find all AWS Lambda Functions with Missing DLQ" -Description: "Allows users to query AWS Lambda Functions, providing information about each function''s configuration, including runtime, code size, timeout, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - dead_letter_config_target_arn - from - aws_lambda_function - where - dead_letter_config_target_arn is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n dead_letter_config_target_arn\nfrom\n aws_lambda_function\n\ + where\n dead_letter_config_target_arn is null;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Lambda +Title: Find all AWS Lambda Functions with Missing DLQ diff --git a/queries/aws_lambda_function_8.yaml b/queries/aws_lambda_function_8.yaml index 9076a796e..58598e32b 100755 --- a/queries/aws_lambda_function_8.yaml +++ b/queries/aws_lambda_function_8.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS Lambda Functions, providing information about + each function''s configuration, including runtime, code size, timeout, and associated + tags. ID: aws_lambda_function_8 -Title: "Find AWS Lambda Function Configuration and Details" -Description: "Allows users to query AWS Lambda Functions, providing information about each function''s configuration, including runtime, code size, timeout, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - runtime, - handler, - architectures - from - aws_lambda_function; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n runtime,\n handler,\n architectures\nfrom\n\ + \ aws_lambda_function;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Lambda +Title: Find AWS Lambda Function Configuration and Details diff --git a/queries/aws_lambda_function_9.yaml b/queries/aws_lambda_function_9.yaml index 6415a44f1..38cb6bc05 100755 --- a/queries/aws_lambda_function_9.yaml +++ b/queries/aws_lambda_function_9.yaml @@ -1,26 +1,23 @@ +Description: Allows users to query AWS Lambda Functions, providing information about + each function''s configuration, including runtime, code size, timeout, and associated + tags. ID: aws_lambda_function_9 -Title: "List all AWS Lambda Function Configurations" -Description: "Allows users to query AWS Lambda Functions, providing information about each function''s configuration, including runtime, code size, timeout, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - jsonb_pretty(url_config) as url_config - from - aws_lambda_function; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n jsonb_pretty(url_config) as url_config\n\ + from\n aws_lambda_function;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lambda Function +Title: List all AWS Lambda Function Configurations diff --git a/queries/aws_lambda_function_metric_duration_daily_1.yaml b/queries/aws_lambda_function_metric_duration_daily_1.yaml index 9f62adec2..c730ff7f3 100755 --- a/queries/aws_lambda_function_metric_duration_daily_1.yaml +++ b/queries/aws_lambda_function_metric_duration_daily_1.yaml @@ -1,30 +1,20 @@ +Description: Allows users to query AWS Lambda Function daily duration metrics. ID: aws_lambda_function_metric_duration_daily_1 -Title: "Find AWS Lambda Function Daily Duration Metrics" -Description: "Allows users to query AWS Lambda Function daily duration metrics." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - timestamp, - minimum, - maximum, - average, - sample_count - from - aws_lambda_function_metric_duration_daily - order by - name, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n timestamp,\n minimum,\n maximum,\n average,\n\ + \ sample_count\nfrom\n aws_lambda_function_metric_duration_daily\norder by\n\ + \ name,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Lambda +Title: Find AWS Lambda Function Daily Duration Metrics diff --git a/queries/aws_lambda_function_metric_duration_daily_2.yaml b/queries/aws_lambda_function_metric_duration_daily_2.yaml index fc1b9da6f..2f3021561 100755 --- a/queries/aws_lambda_function_metric_duration_daily_2.yaml +++ b/queries/aws_lambda_function_metric_duration_daily_2.yaml @@ -1,31 +1,21 @@ +Description: Allows users to query AWS Lambda Function daily duration metrics. ID: aws_lambda_function_metric_duration_daily_2 -Title: "Find AWS Lambda Function Daily Duration Metrics" -Description: "Allows users to query AWS Lambda Function daily duration metrics." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - timestamp, - round(minimum::numeric,2) as min_duration, - round(maximum::numeric,2) as max_duration, - round(average::numeric,2) as avg_duration, - sample_count - from - aws_lambda_function_metric_duration_daily - where maximum > 100 - order by - name, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n timestamp,\n round(minimum::numeric,2) as min_duration,\n\ + \ round(maximum::numeric,2) as max_duration,\n round(average::numeric,2) as\ + \ avg_duration,\n sample_count\nfrom\n aws_lambda_function_metric_duration_daily\n\ + where maximum > 100\norder by\n name,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Lambda +Title: Find AWS Lambda Function Daily Duration Metrics diff --git a/queries/aws_lambda_function_metric_duration_daily_3.yaml b/queries/aws_lambda_function_metric_duration_daily_3.yaml index e393a3c70..d32bd24f2 100755 --- a/queries/aws_lambda_function_metric_duration_daily_3.yaml +++ b/queries/aws_lambda_function_metric_duration_daily_3.yaml @@ -1,31 +1,21 @@ +Description: Allows users to query AWS Lambda Function daily duration metrics. ID: aws_lambda_function_metric_duration_daily_3 -Title: "Find AWS Lambda Function Daily Duration Metrics" -Description: "Allows users to query AWS Lambda Function daily duration metrics." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - timestamp, - round(minimum::numeric,2) as min_duration, - round(maximum::numeric,2) as max_duration, - round(average::numeric,2) as avg_duration, - sample_count - from - aws_lambda_function_metric_duration_daily - where average < 5 - order by - name, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n timestamp,\n round(minimum::numeric,2) as min_duration,\n\ + \ round(maximum::numeric,2) as max_duration,\n round(average::numeric,2) as\ + \ avg_duration,\n sample_count\nfrom\n aws_lambda_function_metric_duration_daily\n\ + where average < 5\norder by\n name,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lambda +Title: Find AWS Lambda Function Daily Duration Metrics diff --git a/queries/aws_lambda_function_metric_errors_daily_1.yaml b/queries/aws_lambda_function_metric_errors_daily_1.yaml index 1b364a897..34f849b62 100755 --- a/queries/aws_lambda_function_metric_errors_daily_1.yaml +++ b/queries/aws_lambda_function_metric_errors_daily_1.yaml @@ -1,30 +1,20 @@ +Description: Allows users to query AWS Lambda Function error metrics on a daily basis. ID: aws_lambda_function_metric_errors_daily_1 -Title: "List AWS Lambda Function Daily Error Metrics" -Description: "Allows users to query AWS Lambda Function error metrics on a daily basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - timestamp, - minimum, - maximum, - average, - sample_count - from - aws_lambda_function_metric_errors_daily - order by - name, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n timestamp,\n minimum,\n maximum,\n average,\n\ + \ sample_count\nfrom\n aws_lambda_function_metric_errors_daily\norder by\n \ + \ name,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lambda +Title: List AWS Lambda Function Daily Error Metrics diff --git a/queries/aws_lambda_function_metric_errors_daily_2.yaml b/queries/aws_lambda_function_metric_errors_daily_2.yaml index d296fe67c..5bd96d797 100755 --- a/queries/aws_lambda_function_metric_errors_daily_2.yaml +++ b/queries/aws_lambda_function_metric_errors_daily_2.yaml @@ -1,31 +1,21 @@ +Description: Allows users to query AWS Lambda Function error metrics on a daily basis. ID: aws_lambda_function_metric_errors_daily_2 -Title: "List All AWS Lambda Function Errors Metrics Daily" -Description: "Allows users to query AWS Lambda Function error metrics on a daily basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - timestamp, - round(minimum::numeric,2) as min_error, - round(maximum::numeric,2) as max_error, - round(average::numeric,2) as avg_error, - sample_count - from - aws_lambda_function_metric_errors_daily - where average < 1 - order by - name, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n timestamp,\n round(minimum::numeric,2) as min_error,\n\ + \ round(maximum::numeric,2) as max_error,\n round(average::numeric,2) as avg_error,\n\ + \ sample_count\nfrom\n aws_lambda_function_metric_errors_daily\nwhere average\ + \ < 1\norder by\n name,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lambda +Title: List All AWS Lambda Function Errors Metrics Daily diff --git a/queries/aws_lambda_function_metric_invocations_daily_1.yaml b/queries/aws_lambda_function_metric_invocations_daily_1.yaml index fc8671970..91cb1f5ff 100755 --- a/queries/aws_lambda_function_metric_invocations_daily_1.yaml +++ b/queries/aws_lambda_function_metric_invocations_daily_1.yaml @@ -1,27 +1,19 @@ +Description: Allows users to query AWS Lambda Function Metrics on a daily basis. ID: aws_lambda_function_metric_invocations_daily_1 -Title: "Find All Daily AWS Lambda Function Metrics Using SQL" -Description: "Allows users to query AWS Lambda Function Metrics on a daily basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - timestamp, - sum - from - aws_lambda_function_metric_invocations_daily - order by - name, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n timestamp,\n sum\nfrom\n aws_lambda_function_metric_invocations_daily\n\ + order by\n name,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Lambda Function +Title: Find All Daily AWS Lambda Function Metrics Using SQL diff --git a/queries/aws_lambda_function_metric_invocations_daily_2.yaml b/queries/aws_lambda_function_metric_invocations_daily_2.yaml index b2c08592b..0c2be8bd7 100755 --- a/queries/aws_lambda_function_metric_invocations_daily_2.yaml +++ b/queries/aws_lambda_function_metric_invocations_daily_2.yaml @@ -1,31 +1,21 @@ +Description: Allows users to query AWS Lambda Function Metrics on a daily basis. ID: aws_lambda_function_metric_invocations_daily_2 -Title: "Find AWS Lambda Function Metrics on a Daily Basis" -Description: "Allows users to query AWS Lambda Function Metrics on a daily basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - timestamp, - round(sum::numeric,2) as sum_invocations, - sample_count - from - aws_lambda_function_metric_invocations_daily - where - date_part('day', now() - timestamp) <=3 - and sum > 10 - order by - name, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n timestamp,\n round(sum::numeric,2) as sum_invocations,\n\ + \ sample_count\nfrom\n aws_lambda_function_metric_invocations_daily\nwhere \n\ + \ date_part('day', now() - timestamp) <=3\nand sum > 10\norder by\n name,\n\ + \ timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lambda Function Metrics +Title: Find AWS Lambda Function Metrics on a Daily Basis diff --git a/queries/aws_lambda_layer_1.yaml b/queries/aws_lambda_layer_1.yaml index c746ec1ff..44c7d71d0 100755 --- a/queries/aws_lambda_layer_1.yaml +++ b/queries/aws_lambda_layer_1.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS Lambda Layers and retrieve information including + layer ARNs, layer versions, compatible runtimes, and more. ID: aws_lambda_layer_1 -Title: "Find all AWS Lambda Layer Details" -Description: "Allows users to query AWS Lambda Layers and retrieve information including layer ARNs, layer versions, compatible runtimes, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - layer_arn, - layer_name, - layer_version_arn, - created_date, - jsonb_pretty(compatible_runtimes) as compatible_runtimes, - jsonb_pretty(compatible_architectures) as compatible_architectures, - version - from - aws_lambda_layer; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n layer_arn,\n layer_name,\n layer_version_arn,\n created_date,\n\ + \ jsonb_pretty(compatible_runtimes) as compatible_runtimes,\n jsonb_pretty(compatible_architectures)\ + \ as compatible_architectures,\n version\nfrom\n aws_lambda_layer;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Lambda +Title: Find all AWS Lambda Layer Details diff --git a/queries/aws_lambda_layer_version_1.yaml b/queries/aws_lambda_layer_version_1.yaml index 0853ef1d0..4ad0680a9 100755 --- a/queries/aws_lambda_layer_version_1.yaml +++ b/queries/aws_lambda_layer_version_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Lambda Layer Versions, providing detailed information + about each layer version, including its ARN, description, license info, compatible + runtimes, created date, and more. ID: aws_lambda_layer_version_1 -Title: "Find AWS Lambda Layer Version Details" -Description: "Allows users to query AWS Lambda Layer Versions, providing detailed information about each layer version, including its ARN, description, license info, compatible runtimes, created date, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - layer_arn, - layer_name, - layer_version_arn, - created_date, - jsonb_pretty(policy) as policy, - jsonb_pretty(policy_std) as policy_std, - version - from - aws_lambda_layer_version; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n layer_arn,\n layer_name,\n layer_version_arn,\n created_date,\n\ + \ jsonb_pretty(policy) as policy,\n jsonb_pretty(policy_std) as policy_std,\n\ + \ version\nfrom\n aws_lambda_layer_version;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lambda +Title: Find AWS Lambda Layer Version Details diff --git a/queries/aws_lambda_version_1.yaml b/queries/aws_lambda_version_1.yaml index 7b7dd335b..07bcccdbf 100755 --- a/queries/aws_lambda_version_1.yaml +++ b/queries/aws_lambda_version_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Lambda Versions to fetch detailed information + about each version of a specific AWS Lambda function. ID: aws_lambda_version_1 -Title: "Find AWS Lambda Versions and Details" -Description: "Allows users to query AWS Lambda Versions to fetch detailed information about each version of a specific AWS Lambda function." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - function_name, - version, - runtime, - handler - from - aws_lambda_version; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n function_name,\n version,\n runtime,\n handler\nfrom\n\ + \ aws_lambda_version;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lambda +Title: Find AWS Lambda Versions and Details diff --git a/queries/aws_lambda_version_2.yaml b/queries/aws_lambda_version_2.yaml index bb315c7f0..6f8122ade 100755 --- a/queries/aws_lambda_version_2.yaml +++ b/queries/aws_lambda_version_2.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Lambda Versions to fetch detailed information + about each version of a specific AWS Lambda function. ID: aws_lambda_version_2 -Title: "List AWS Lambda Versions to Fetch Detailed Information" -Description: "Allows users to query AWS Lambda Versions to fetch detailed information about each version of a specific AWS Lambda function." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - function_name, - version, - timeout - from - aws_lambda_version - where - timeout :: int > 120; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n function_name,\n version,\n timeout\nfrom\n aws_lambda_version\n\ + where\n timeout :: int > 120;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lambda +Title: List AWS Lambda Versions to Fetch Detailed Information diff --git a/queries/aws_lambda_version_3.yaml b/queries/aws_lambda_version_3.yaml index ef21823dd..81474228b 100755 --- a/queries/aws_lambda_version_3.yaml +++ b/queries/aws_lambda_version_3.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Lambda Versions to fetch detailed information + about each version of a specific AWS Lambda function. ID: aws_lambda_version_3 -Title: "Find all Versions of a Specific AWS Lambda Function" -Description: "Allows users to query AWS Lambda Versions to fetch detailed information about each version of a specific AWS Lambda function." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - function_name, - version, - vpc_id, - vpc_security_group_ids, - vpc_subnet_ids - from - aws_lambda_version; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n function_name,\n version,\n vpc_id,\n vpc_security_group_ids,\n\ + \ vpc_subnet_ids\nfrom\n aws_lambda_version;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lambda +Title: Find all Versions of a Specific AWS Lambda Function diff --git a/queries/aws_lambda_version_4.yaml b/queries/aws_lambda_version_4.yaml index 14ca15c1a..1b9fa1bb6 100755 --- a/queries/aws_lambda_version_4.yaml +++ b/queries/aws_lambda_version_4.yaml @@ -1,25 +1,22 @@ +Description: Allows users to query AWS Lambda Versions to fetch detailed information + about each version of a specific AWS Lambda function. ID: aws_lambda_version_4 -Title: "Query AWS Lambda Versions for Detailed Information" -Description: "Allows users to query AWS Lambda Versions to fetch detailed information about each version of a specific AWS Lambda function." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - jsonb_pretty(policy) as policy, - jsonb_pretty(policy_std) as policy_std - from - aws_lambda_version; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n jsonb_pretty(policy) as policy,\n jsonb_pretty(policy_std)\ + \ as policy_std\nfrom\n aws_lambda_version;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lambda +Title: Query AWS Lambda Versions for Detailed Information diff --git a/queries/aws_lightsail_bucket_1.yaml b/queries/aws_lightsail_bucket_1.yaml index 7b04c954c..a131dbe5e 100755 --- a/queries/aws_lightsail_bucket_1.yaml +++ b/queries/aws_lightsail_bucket_1.yaml @@ -1,25 +1,19 @@ +Description: Allows users to query AWS Lightsail Buckets and retrieve detailed information + such as bucket configuration, access rules, tags, and more. ID: aws_lightsail_bucket_1 -Title: "Find AWS Lightsail Buckets and Retrieve Detailed Information" -Description: "Allows users to query AWS Lightsail Buckets and retrieve detailed information such as bucket configuration, access rules, tags, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - state_code, - created_at - from - aws_lightsail_bucket; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n state_code,\n created_at\nfrom\n aws_lightsail_bucket;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lightsail Buckets +Title: Find AWS Lightsail Buckets and Retrieve Detailed Information diff --git a/queries/aws_lightsail_bucket_2.yaml b/queries/aws_lightsail_bucket_2.yaml index 8c977ec7e..484eeb6b0 100755 --- a/queries/aws_lightsail_bucket_2.yaml +++ b/queries/aws_lightsail_bucket_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Lightsail Buckets and retrieve detailed information + such as bucket configuration, access rules, tags, and more. ID: aws_lightsail_bucket_2 -Title: "List all AWS Lightsail Buckets and Configurations" -Description: "Allows users to query AWS Lightsail Buckets and retrieve detailed information such as bucket configuration, access rules, tags, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - region, - count(*) as bucket_count - from - aws_lightsail_bucket - group by - region; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n region,\n count(*) as bucket_count\nfrom\n aws_lightsail_bucket\n\ + group by\n region;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lightsail +Title: List all AWS Lightsail Buckets and Configurations diff --git a/queries/aws_lightsail_bucket_3.yaml b/queries/aws_lightsail_bucket_3.yaml index 9895c67d2..bc094ac17 100755 --- a/queries/aws_lightsail_bucket_3.yaml +++ b/queries/aws_lightsail_bucket_3.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Lightsail Buckets and retrieve detailed information + such as bucket configuration, access rules, tags, and more. ID: aws_lightsail_bucket_3 -Title: "List all AWS Lightsail Buckets with Public Access" -Description: "Allows users to query AWS Lightsail Buckets and retrieve detailed information such as bucket configuration, access rules, tags, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - region, - access_rules ->> 'GetObject' as public_access - from - aws_lightsail_bucket - where - access_rules ->> 'GetObject' = 'public'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n region,\n access_rules ->> 'GetObject' as public_access\n\ + from\n aws_lightsail_bucket\nwhere\n access_rules ->> 'GetObject' = 'public';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lightsail +Title: List all AWS Lightsail Buckets with Public Access diff --git a/queries/aws_lightsail_bucket_4.yaml b/queries/aws_lightsail_bucket_4.yaml index 8abd828d7..948898a5c 100755 --- a/queries/aws_lightsail_bucket_4.yaml +++ b/queries/aws_lightsail_bucket_4.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Lightsail Buckets and retrieve detailed information + such as bucket configuration, access rules, tags, and more. ID: aws_lightsail_bucket_4 -Title: "Find AWS Lightsail Buckets with Configuration Details" -Description: "Allows users to query AWS Lightsail Buckets and retrieve detailed information such as bucket configuration, access rules, tags, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - created_at - from - aws_lightsail_bucket - where - created_at >= (current_date - interval '30' day); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n created_at\nfrom\n aws_lightsail_bucket\nwhere\n\ + \ created_at >= (current_date - interval '30' day);" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lightsail +Title: Find AWS Lightsail Buckets with Configuration Details diff --git a/queries/aws_lightsail_bucket_5.yaml b/queries/aws_lightsail_bucket_5.yaml index 42acbe8c7..017619931 100755 --- a/queries/aws_lightsail_bucket_5.yaml +++ b/queries/aws_lightsail_bucket_5.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Lightsail Buckets and retrieve detailed information + such as bucket configuration, access rules, tags, and more. ID: aws_lightsail_bucket_5 -Title: "Find all AWS Lightsail Buckets without tags" -Description: "Allows users to query AWS Lightsail Buckets and retrieve detailed information such as bucket configuration, access rules, tags, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - tags - from - aws_lightsail_bucket - where - tags is null or tags = '[]'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n tags\nfrom\n aws_lightsail_bucket\nwhere\n\ + \ tags is null or tags = '[]';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lightsail +Title: Find all AWS Lightsail Buckets without tags diff --git a/queries/aws_lightsail_bucket_6.yaml b/queries/aws_lightsail_bucket_6.yaml index 57b5b0fb4..149532e21 100755 --- a/queries/aws_lightsail_bucket_6.yaml +++ b/queries/aws_lightsail_bucket_6.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Lightsail Buckets and retrieve detailed information + such as bucket configuration, access rules, tags, and more. ID: aws_lightsail_bucket_6 -Title: "Find AWS Lightsail Buckets with Enabled Versioning" -Description: "Allows users to query AWS Lightsail Buckets and retrieve detailed information such as bucket configuration, access rules, tags, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - object_versioning - from - aws_lightsail_bucket - where - object_versioning = 'Enabled'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n object_versioning\nfrom\n aws_lightsail_bucket\n\ + where\n object_versioning = 'Enabled';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lightsail +Title: Find AWS Lightsail Buckets with Enabled Versioning diff --git a/queries/aws_lightsail_bucket_7.yaml b/queries/aws_lightsail_bucket_7.yaml index b4d854242..7bcee7f66 100755 --- a/queries/aws_lightsail_bucket_7.yaml +++ b/queries/aws_lightsail_bucket_7.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS Lightsail Buckets and retrieve detailed information + such as bucket configuration, access rules, tags, and more. ID: aws_lightsail_bucket_7 -Title: "Find AWS Lightsail Bucket Configuration and Access Rules" -Description: "Allows users to query AWS Lightsail Buckets and retrieve detailed information such as bucket configuration, access rules, tags, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - access_log_config ->> 'Enabled' as access_log_enabled, - access_log_config ->> 'Destination' as access_log_destination, - access_log_config ->> 'Prefix' as access_log_prefix - from - aws_lightsail_bucket; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n access_log_config ->> 'Enabled' as access_log_enabled,\n\ + \ access_log_config ->> 'Destination' as access_log_destination,\n access_log_config\ + \ ->> 'Prefix' as access_log_prefix\nfrom\n aws_lightsail_bucket;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lightsail +Title: Find AWS Lightsail Bucket Configuration and Access Rules diff --git a/queries/aws_lightsail_instance_1.yaml b/queries/aws_lightsail_instance_1.yaml index ea07e571a..189d52c6b 100755 --- a/queries/aws_lightsail_instance_1.yaml +++ b/queries/aws_lightsail_instance_1.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Lightsail Instances and retrieve detailed information + about each instance such as instance state, type, associated bundles, and more. ID: aws_lightsail_instance_1 -Title: "List all AWS Lightsail instances with details" -Description: "Allows users to query AWS Lightsail Instances and retrieve detailed information about each instance such as instance state, type, associated bundles, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - availability_zone as az, - bundle_id, - count(*) - from - aws_lightsail_instance - group by - availability_zone, - bundle_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n availability_zone as az,\n bundle_id,\n count(*)\n\ + from\n aws_lightsail_instance\ngroup by\n availability_zone,\n bundle_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lightsail +Title: List all AWS Lightsail instances with details diff --git a/queries/aws_lightsail_instance_2.yaml b/queries/aws_lightsail_instance_2.yaml index 5e4e60726..41a2c7b41 100755 --- a/queries/aws_lightsail_instance_2.yaml +++ b/queries/aws_lightsail_instance_2.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS Lightsail Instances and retrieve detailed information + about each instance such as instance state, type, associated bundles, and more. ID: aws_lightsail_instance_2 -Title: "List all AWS Lightsail Instances with Stopped State" -Description: "Allows users to query AWS Lightsail Instances and retrieve detailed information about each instance such as instance state, type, associated bundles, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - state_name - from - aws_lightsail_instance - where - state_name = 'stopped' - and created_at <= (current_date - interval '30' day); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n state_name\nfrom\n aws_lightsail_instance\n\ + where\n state_name = 'stopped'\n and created_at <= (current_date - interval\ + \ '30' day);" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lightsail +Title: List all AWS Lightsail Instances with Stopped State diff --git a/queries/aws_lightsail_instance_3.yaml b/queries/aws_lightsail_instance_3.yaml index 3959cd7e4..8a30acaf3 100755 --- a/queries/aws_lightsail_instance_3.yaml +++ b/queries/aws_lightsail_instance_3.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Lightsail Instances and retrieve detailed information + about each instance such as instance state, type, associated bundles, and more. ID: aws_lightsail_instance_3 -Title: "List AWS Lightsail Instances with State and Details" -Description: "Allows users to query AWS Lightsail Instances and retrieve detailed information about each instance such as instance state, type, associated bundles, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - state_name, - bundle_id, - region - from - aws_lightsail_instance - where - public_ip_address is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n state_name,\n bundle_id,\n region\nfrom\n\ + \ aws_lightsail_instance\nwhere\n public_ip_address is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lightsail +Title: List AWS Lightsail Instances with State and Details diff --git a/queries/aws_lightsail_instance_4.yaml b/queries/aws_lightsail_instance_4.yaml index aa3b1d8f1..933cb6d2d 100755 --- a/queries/aws_lightsail_instance_4.yaml +++ b/queries/aws_lightsail_instance_4.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Lightsail Instances and retrieve detailed information + about each instance such as instance state, type, associated bundles, and more. ID: aws_lightsail_instance_4 -Title: "List all AWS Lightsail Instances and Their Details" -Description: "Allows users to query AWS Lightsail Instances and retrieve detailed information about each instance such as instance state, type, associated bundles, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - tags - from - aws_lightsail_instance - where - not tags :: JSONB ? 'application'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n tags\nfrom\n aws_lightsail_instance\nwhere\n\ + \ not tags :: JSONB ? 'application';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Lightsail +Title: List all AWS Lightsail Instances and Their Details diff --git a/queries/aws_lightsail_instance_5.yaml b/queries/aws_lightsail_instance_5.yaml index 68b895eb4..a5d8ec801 100755 --- a/queries/aws_lightsail_instance_5.yaml +++ b/queries/aws_lightsail_instance_5.yaml @@ -1,24 +1,20 @@ +Description: Allows users to query AWS Lightsail Instances and retrieve detailed information + about each instance such as instance state, type, associated bundles, and more. ID: aws_lightsail_instance_5 -Title: "Find AWS Lightsail Instances with Details" -Description: "Allows users to query AWS Lightsail Instances and retrieve detailed information about each instance such as instance state, type, associated bundles, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - hardware ->> 'CpuCount' as "CPU Count", - hardware ->> 'RamSizeInGb' as "RAM Size (in GB)" - from - aws_lightsail_instance; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n hardware ->> 'CpuCount' as \"CPU Count\",\n\ + \ hardware ->> 'RamSizeInGb' as \"RAM Size (in GB)\"\nfrom\n aws_lightsail_instance;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lightsail +Title: Find AWS Lightsail Instances with Details diff --git a/queries/aws_macie2_classification_job_1.yaml b/queries/aws_macie2_classification_job_1.yaml index ccdbea443..d5b8ec4b8 100755 --- a/queries/aws_macie2_classification_job_1.yaml +++ b/queries/aws_macie2_classification_job_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Macie2 Classification Jobs and retrieve detailed + information about each job''s settings, status, and results. ID: aws_macie2_classification_job_1 -Title: "List all AWS Macie2 Classification Jobs and Status" -Description: "Allows users to query AWS Macie2 Classification Jobs and retrieve detailed information about each job''s settings, status, and results." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - job_id, - arn, - name, - job_status, - region - from - aws_macie2_classification_job; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n job_id,\n arn,\n name,\n job_status,\n region\nfrom\n\ + \ aws_macie2_classification_job;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Macie2 +Title: List all AWS Macie2 Classification Jobs and Status diff --git a/queries/aws_macie2_classification_job_2.yaml b/queries/aws_macie2_classification_job_2.yaml index 64f062b2a..ea684c24f 100755 --- a/queries/aws_macie2_classification_job_2.yaml +++ b/queries/aws_macie2_classification_job_2.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS Macie2 Classification Jobs and retrieve detailed + information about each job''s settings, status, and results. ID: aws_macie2_classification_job_2 -Title: "List AWS Macie2 Classification Jobs and Details" -Description: "Allows users to query AWS Macie2 Classification Jobs and retrieve detailed information about each job''s settings, status, and results." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - job_id, - detail -> 'AccountId' as account_id, - detail -> 'Buckets' as buckets - from - aws_macie2_classification_job, - jsonb_array_elements(s3_job_definition -> 'BucketDefinitions') as detail; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n job_id,\n detail -> 'AccountId' as account_id,\n detail\ + \ -> 'Buckets' as buckets\nfrom\n aws_macie2_classification_job,\n jsonb_array_elements(s3_job_definition\ + \ -> 'BucketDefinitions') as detail;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Macie2 +Title: List AWS Macie2 Classification Jobs and Details diff --git a/queries/aws_macie2_classification_job_3.yaml b/queries/aws_macie2_classification_job_3.yaml index ff0e81576..e2d5f737d 100755 --- a/queries/aws_macie2_classification_job_3.yaml +++ b/queries/aws_macie2_classification_job_3.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS Macie2 Classification Jobs and retrieve detailed + information about each job''s settings, status, and results. ID: aws_macie2_classification_job_3 -Title: "Find AWS Macie2 Classification Jobs with Cancelled or Paused Status" -Description: "Allows users to query AWS Macie2 Classification Jobs and retrieve detailed information about each job''s settings, status, and results." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - job_id, - arn, - name, - job_status as status - from - aws_macie2_classification_job - where - job_status = 'CANCELLED' - or job_status = 'PAUSED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n job_id,\n arn,\n name,\n job_status as status\nfrom\n\ + \ aws_macie2_classification_job\nwhere\n job_status = 'CANCELLED'\n or job_status\ + \ = 'PAUSED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Macie2 +Title: Find AWS Macie2 Classification Jobs with Cancelled or Paused Status diff --git a/queries/aws_macie2_classification_job_4.yaml b/queries/aws_macie2_classification_job_4.yaml index c0924007b..db4583808 100755 --- a/queries/aws_macie2_classification_job_4.yaml +++ b/queries/aws_macie2_classification_job_4.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS Macie2 Classification Jobs and retrieve detailed + information about each job''s settings, status, and results. ID: aws_macie2_classification_job_4 -Title: "List AWS Macie2 Classification Jobs and Details" -Description: "Allows users to query AWS Macie2 Classification Jobs and retrieve detailed information about each job''s settings, status, and results." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - job_id, - arn, - statistics ->> 'ApproximateNumberOfObjectsToProcess' as approximate_number_of_objects_to_process, - statistics ->> 'NumberOfRuns' as number_of_runs - from - aws_macie2_classification_job; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n job_id,\n arn,\n statistics ->> 'ApproximateNumberOfObjectsToProcess'\ + \ as approximate_number_of_objects_to_process,\n statistics ->> 'NumberOfRuns'\ + \ as number_of_runs\nfrom\n aws_macie2_classification_job;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Macie2 +Title: List AWS Macie2 Classification Jobs and Details diff --git a/queries/aws_media_store_container_1.yaml b/queries/aws_media_store_container_1.yaml index 203582f9f..238944976 100755 --- a/queries/aws_media_store_container_1.yaml +++ b/queries/aws_media_store_container_1.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS MediaStore Container information, including + ARN, creation time, status, and access logging details. ID: aws_media_store_container_1 -Title: "List AWS MediaStore Container Details" -Description: "Allows users to query AWS MediaStore Container information, including ARN, creation time, status, and access logging details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - status, - access_logging_enabled, - creation_time, - endpoint - from - aws_media_store_container; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n status,\n access_logging_enabled,\n\ + \ creation_time,\n endpoint\nfrom\n aws_media_store_container;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - MediaStore +Title: List AWS MediaStore Container Details diff --git a/queries/aws_media_store_container_2.yaml b/queries/aws_media_store_container_2.yaml index 8efc82600..eb146c0af 100755 --- a/queries/aws_media_store_container_2.yaml +++ b/queries/aws_media_store_container_2.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query AWS MediaStore Container information, including + ARN, creation time, status, and access logging details. ID: aws_media_store_container_2 -Title: "List all AWS MediaStore Containers with details" -Description: "Allows users to query AWS MediaStore Container information, including ARN, creation time, status, and access logging details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - status, - access_logging_enabled, - creation_time, - endpoint - from - aws_media_store_container - where - status = 'CREATING'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n status,\n access_logging_enabled,\n\ + \ creation_time,\n endpoint\nfrom\n aws_media_store_container\nwhere\n status\ + \ = 'CREATING';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - MediaStore +Title: List all AWS MediaStore Containers with details diff --git a/queries/aws_media_store_container_3.yaml b/queries/aws_media_store_container_3.yaml index 68f155271..b2dd26355 100755 --- a/queries/aws_media_store_container_3.yaml +++ b/queries/aws_media_store_container_3.yaml @@ -1,24 +1,20 @@ +Description: Allows users to query AWS MediaStore Container information, including + ARN, creation time, status, and access logging details. ID: aws_media_store_container_3 -Title: "List AWS MediaStore Container Info with ARN and Status" -Description: "Allows users to query AWS MediaStore Container information, including ARN, creation time, status, and access logging details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - jsonb_pretty(policy) as policy, - jsonb_pretty(policy_std) as policy_std - from - aws_media_store_container; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n jsonb_pretty(policy) as policy,\n jsonb_pretty(policy_std)\ + \ as policy_std\nfrom\n aws_media_store_container;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - MediaStore +Title: List AWS MediaStore Container Info with ARN and Status diff --git a/queries/aws_media_store_container_4.yaml b/queries/aws_media_store_container_4.yaml index d43608e1f..2ee40d716 100755 --- a/queries/aws_media_store_container_4.yaml +++ b/queries/aws_media_store_container_4.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS MediaStore Container information, including + ARN, creation time, status, and access logging details. ID: aws_media_store_container_4 -Title: "Find AWS MediaStore Container Info with Access Logging" -Description: "Allows users to query AWS MediaStore Container information, including ARN, creation time, status, and access logging details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - access_logging_enabled - from - aws_media_store_container - where - access_logging_enabled; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n access_logging_enabled\nfrom\n aws_media_store_container\n\ + where\n access_logging_enabled;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - MediaStore +Title: Find AWS MediaStore Container Info with Access Logging diff --git a/queries/aws_memorydb_cluster_1.yaml b/queries/aws_memorydb_cluster_1.yaml index 8376c7754..b3d0705d2 100755 --- a/queries/aws_memorydb_cluster_1.yaml +++ b/queries/aws_memorydb_cluster_1.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS MemoryDB clusters, providing detailed information + on cluster configurations and statuses. ID: aws_memorydb_cluster_1 -Title: "List all AWS MemoryDB Clusters and Configurations" -Description: "Allows users to query AWS MemoryDB clusters, providing detailed information on cluster configurations and statuses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - status, - node_type, - engine_version, - region - from - aws_memorydb_cluster; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n status,\n node_type,\n engine_version,\n\ + \ region\nfrom\n aws_memorydb_cluster;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - MemoryDB +Title: List all AWS MemoryDB Clusters and Configurations diff --git a/queries/aws_memorydb_cluster_2.yaml b/queries/aws_memorydb_cluster_2.yaml index 4397c0432..c0bb3685f 100755 --- a/queries/aws_memorydb_cluster_2.yaml +++ b/queries/aws_memorydb_cluster_2.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS MemoryDB clusters, providing detailed information + on cluster configurations and statuses. ID: aws_memorydb_cluster_2 -Title: "List all AWS MemoryDB Clusters with SQL" -Description: "Allows users to query AWS MemoryDB clusters, providing detailed information on cluster configurations and statuses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - auto_minor_version_upgrade - from - aws_memorydb_cluster - where - auto_minor_version_upgrade = true; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n auto_minor_version_upgrade\nfrom\n \ + \ aws_memorydb_cluster\nwhere\n auto_minor_version_upgrade = true;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - MemoryDB +Title: List all AWS MemoryDB Clusters with SQL diff --git a/queries/aws_memorydb_cluster_3.yaml b/queries/aws_memorydb_cluster_3.yaml index 9430637fc..15efc5bf6 100755 --- a/queries/aws_memorydb_cluster_3.yaml +++ b/queries/aws_memorydb_cluster_3.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS MemoryDB clusters, providing detailed information + on cluster configurations and statuses. ID: aws_memorydb_cluster_3 -Title: "List all AWS MemoryDB clusters and their configurations" -Description: "Allows users to query AWS MemoryDB clusters, providing detailed information on cluster configurations and statuses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - availability_mode - from - aws_memorydb_cluster - where - availability_mode = 'multiaz'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n availability_mode\nfrom\n aws_memorydb_cluster\n\ + where\n availability_mode = 'multiaz';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - MemoryDB +Title: List all AWS MemoryDB clusters and their configurations diff --git a/queries/aws_memorydb_cluster_4.yaml b/queries/aws_memorydb_cluster_4.yaml index 68c16a583..caff60804 100755 --- a/queries/aws_memorydb_cluster_4.yaml +++ b/queries/aws_memorydb_cluster_4.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS MemoryDB clusters, providing detailed information + on cluster configurations and statuses. ID: aws_memorydb_cluster_4 -Title: "Find All AWS MemoryDB Clusters Without TLS Encryption" -Description: "Allows users to query AWS MemoryDB clusters, providing detailed information on cluster configurations and statuses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - tls_enabled - from - aws_memorydb_cluster - where - tls_enabled = false; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n tls_enabled\nfrom\n aws_memorydb_cluster\n\ + where\n tls_enabled = false;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - MemoryDB +Title: Find All AWS MemoryDB Clusters Without TLS Encryption diff --git a/queries/aws_memorydb_cluster_5.yaml b/queries/aws_memorydb_cluster_5.yaml index 31ba17c19..2736688a4 100755 --- a/queries/aws_memorydb_cluster_5.yaml +++ b/queries/aws_memorydb_cluster_5.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS MemoryDB clusters, providing detailed information + on cluster configurations and statuses. ID: aws_memorydb_cluster_5 -Title: "List All AWS MemoryDB Cluster Configurations and Statuses" -Description: "Allows users to query AWS MemoryDB clusters, providing detailed information on cluster configurations and statuses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - maintenance_window - from - aws_memorydb_cluster; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n maintenance_window\nfrom\n aws_memorydb_cluster;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - MemoryDB +Title: List All AWS MemoryDB Cluster Configurations and Statuses diff --git a/queries/aws_memorydb_cluster_6.yaml b/queries/aws_memorydb_cluster_6.yaml index 57b2e1499..2b53ab5d6 100755 --- a/queries/aws_memorydb_cluster_6.yaml +++ b/queries/aws_memorydb_cluster_6.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS MemoryDB clusters, providing detailed information + on cluster configurations and statuses. ID: aws_memorydb_cluster_6 -Title: "Find AWS MemoryDB Cluster Configurations and Statuses" -Description: "Allows users to query AWS MemoryDB clusters, providing detailed information on cluster configurations and statuses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - node_type - from - aws_memorydb_cluster - where - node_type = 'db.r6gd.xlarge'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n node_type\nfrom\n aws_memorydb_cluster\n\ + where\n node_type = 'db.r6gd.xlarge';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - MemoryDB +Title: Find AWS MemoryDB Cluster Configurations and Statuses diff --git a/queries/aws_memorydb_cluster_7.yaml b/queries/aws_memorydb_cluster_7.yaml index 542b9505d..31dc3f45a 100755 --- a/queries/aws_memorydb_cluster_7.yaml +++ b/queries/aws_memorydb_cluster_7.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS MemoryDB clusters, providing detailed information + on cluster configurations and statuses. ID: aws_memorydb_cluster_7 -Title: "Find all AWS MemoryDB Cluster Configurations and Statuses" -Description: "Allows users to query AWS MemoryDB clusters, providing detailed information on cluster configurations and statuses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - number_of_shards, - shards - from - aws_memorydb_cluster; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n number_of_shards,\n shards\nfrom\n\ + \ aws_memorydb_cluster;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - MemoryDB +Title: Find all AWS MemoryDB Cluster Configurations and Statuses diff --git a/queries/aws_memorydb_cluster_8.yaml b/queries/aws_memorydb_cluster_8.yaml index 69531e06d..5759c3773 100755 --- a/queries/aws_memorydb_cluster_8.yaml +++ b/queries/aws_memorydb_cluster_8.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS MemoryDB clusters, providing detailed information + on cluster configurations and statuses. ID: aws_memorydb_cluster_8 -Title: "Find AWS MemoryDB Clusters with Pending Updates" -Description: "Allows users to query AWS MemoryDB clusters, providing detailed information on cluster configurations and statuses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - pending_updates - from - aws_memorydb_cluster - where - jsonb_array_length(pending_updates) > 0; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n pending_updates\nfrom\n aws_memorydb_cluster\n\ + where\n jsonb_array_length(pending_updates) > 0;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - MemoryDB +Title: Find AWS MemoryDB Clusters with Pending Updates diff --git a/queries/aws_memorydb_cluster_9.yaml b/queries/aws_memorydb_cluster_9.yaml index a1d262fd0..3522d4c94 100755 --- a/queries/aws_memorydb_cluster_9.yaml +++ b/queries/aws_memorydb_cluster_9.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS MemoryDB clusters, providing detailed information + on cluster configurations and statuses. ID: aws_memorydb_cluster_9 -Title: "Find all AWS MemoryDB Clusters and their configurations" -Description: "Allows users to query AWS MemoryDB clusters, providing detailed information on cluster configurations and statuses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - snapshot_retention_limit, - snapshot_window - from - aws_memorydb_cluster; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n snapshot_retention_limit,\n snapshot_window\n\ + from\n aws_memorydb_cluster;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - MemoryDB +Title: Find all AWS MemoryDB Clusters and their configurations diff --git a/queries/aws_mgn_application_1.yaml b/queries/aws_mgn_application_1.yaml index 0d7a1c0f9..d29ce6899 100755 --- a/queries/aws_mgn_application_1.yaml +++ b/queries/aws_mgn_application_1.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query AWS Migration Service Applications to retrieve + detailed information about each application. ID: aws_mgn_application_1 -Title: "List all AWS Migration Service Applications with Details" -Description: "Allows users to query AWS Migration Service Applications to retrieve detailed information about each application." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - application_id, - creation_date_time, - is_archived, - wave_id, - tags - from - aws_mgn_application; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n application_id,\n creation_date_time,\n\ + \ is_archived,\n wave_id,\n tags\nfrom\n aws_mgn_application;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Migration Service +Title: List all AWS Migration Service Applications with Details diff --git a/queries/aws_mgn_application_2.yaml b/queries/aws_mgn_application_2.yaml index a2e872085..0abe43b89 100755 --- a/queries/aws_mgn_application_2.yaml +++ b/queries/aws_mgn_application_2.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS Migration Service Applications to retrieve + detailed information about each application. ID: aws_mgn_application_2 -Title: "List AWS Migration Service Applications with Details" -Description: "Allows users to query AWS Migration Service Applications to retrieve detailed information about each application." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - application_id, - creation_date_time, - is_archived - from - aws_mgn_application - where - is_archived; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n application_id,\n creation_date_time,\n\ + \ is_archived\nfrom\n aws_mgn_application\nwhere\n is_archived;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Migration Service +Title: List AWS Migration Service Applications with Details diff --git a/queries/aws_mgn_application_3.yaml b/queries/aws_mgn_application_3.yaml index b4338f62a..93eff9032 100755 --- a/queries/aws_mgn_application_3.yaml +++ b/queries/aws_mgn_application_3.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query AWS Migration Service Applications to retrieve + detailed information about each application. ID: aws_mgn_application_3 -Title: "List All AWS Migration Service Applications Details" -Description: "Allows users to query AWS Migration Service Applications to retrieve detailed information about each application." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - application_id, - application_aggregated_status ->> 'HealthStatus' as health_status, - application_aggregated_status ->> 'ProgressStatus' as progress_status, - application_aggregated_status ->> 'TotalSourceServers' as total_source_servers - from - aws_mgn_application; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n application_id,\n application_aggregated_status\ + \ ->> 'HealthStatus' as health_status,\n application_aggregated_status ->> 'ProgressStatus'\ + \ as progress_status,\n application_aggregated_status ->> 'TotalSourceServers'\ + \ as total_source_servers\nfrom\n aws_mgn_application;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Migration Service +Title: List All AWS Migration Service Applications Details diff --git a/queries/aws_mgn_application_4.yaml b/queries/aws_mgn_application_4.yaml index ad8f54122..1a054f946 100755 --- a/queries/aws_mgn_application_4.yaml +++ b/queries/aws_mgn_application_4.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS Migration Service Applications to retrieve + detailed information about each application. ID: aws_mgn_application_4 -Title: "List AWS Migration Service Applications with Details" -Description: "Allows users to query AWS Migration Service Applications to retrieve detailed information about each application." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - application_id, - creation_date_time, - is_archived, - wave_id - from - aws_mgn_application - where - creation_date_time >= now() - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n application_id,\n creation_date_time,\n is_archived,\n\ + \ wave_id\nfrom\n aws_mgn_application\nwhere\n creation_date_time >= now()\ + \ - interval '30' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Migration Service +Title: List AWS Migration Service Applications with Details diff --git a/queries/aws_mq_broker_1.yaml b/queries/aws_mq_broker_1.yaml index a2c50e170..63777212f 100755 --- a/queries/aws_mq_broker_1.yaml +++ b/queries/aws_mq_broker_1.yaml @@ -1,32 +1,22 @@ +Description: Allows users to query AWS MQ Brokers. ID: aws_mq_broker_1 -Title: "List all AWS MQ Brokers with Key Details" -Description: "Allows users to query AWS MQ Brokers." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - broker_name, - broker_state, - deployment_mode, - created, - host_instance_type, - engine_type, - engine_version - tags - from - aws_mq_broker; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n broker_name,\n broker_state,\n deployment_mode,\n\ + \ created,\n host_instance_type,\n engine_type,\n engine_version\n tags\n\ + from\n aws_mq_broker;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - MQ +Title: List all AWS MQ Brokers with Key Details diff --git a/queries/aws_mq_broker_2.yaml b/queries/aws_mq_broker_2.yaml index 371bbf7df..b5c585d72 100755 --- a/queries/aws_mq_broker_2.yaml +++ b/queries/aws_mq_broker_2.yaml @@ -1,31 +1,21 @@ +Description: Allows users to query AWS MQ Brokers. ID: aws_mq_broker_2 -Title: "Find AWS MQ Brokers with Reboot In Progress State" -Description: "Allows users to query AWS MQ Brokers." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - broker_name, - broker_state, - created - data_replication_mode, - authentication_strategy - from - aws_mq_broker - where - broker_state = 'REBOOT_IN_PROGRESS'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n broker_name,\n broker_state,\n created\n data_replication_mode,\n\ + \ authentication_strategy\nfrom\n aws_mq_broker\nwhere\n broker_state = 'REBOOT_IN_PROGRESS';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - MQ Brokers +Title: Find AWS MQ Brokers with Reboot In Progress State diff --git a/queries/aws_mq_broker_3.yaml b/queries/aws_mq_broker_3.yaml index 703fe9a25..60e56a7b9 100755 --- a/queries/aws_mq_broker_3.yaml +++ b/queries/aws_mq_broker_3.yaml @@ -1,27 +1,19 @@ +Description: Allows users to query AWS MQ Brokers. ID: aws_mq_broker_3 -Title: "List all AWS MQ Brokers with SQL Queries" -Description: "Allows users to query AWS MQ Brokers." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - broker_name, - broker_state, - created - from - aws_mq_broker - where - publicly_accessible; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n broker_name,\n broker_state,\n created\nfrom\n\ + \ aws_mq_broker\nwhere\n publicly_accessible;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - MQ Brokers +Title: List all AWS MQ Brokers with SQL Queries diff --git a/queries/aws_mq_broker_4.yaml b/queries/aws_mq_broker_4.yaml index 3786c1f7f..90282931d 100755 --- a/queries/aws_mq_broker_4.yaml +++ b/queries/aws_mq_broker_4.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS MQ Brokers. ID: aws_mq_broker_4 -Title: "Find all AWS MQ Brokers using SQL" -Description: "Allows users to query AWS MQ Brokers." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - broker_name, - encryption_options ->> 'UseAwsOwnedKey' as use_aws_owned_key, - created - from - aws_mq_broker - where - encryption_options ->> 'UseAwsOwnedKey' = 'false'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n broker_name,\n encryption_options ->> 'UseAwsOwnedKey'\ + \ as use_aws_owned_key,\n created\nfrom\n aws_mq_broker\nwhere\n encryption_options\ + \ ->> 'UseAwsOwnedKey' = 'false';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - MQ Broker +Title: Find all AWS MQ Brokers using SQL diff --git a/queries/aws_mq_broker_5.yaml b/queries/aws_mq_broker_5.yaml index c7e9a41b6..b33987497 100755 --- a/queries/aws_mq_broker_5.yaml +++ b/queries/aws_mq_broker_5.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS MQ Brokers. ID: aws_mq_broker_5 -Title: "Find all AWS MQ Brokers with Maintenance Window Info" -Description: "Allows users to query AWS MQ Brokers." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - broker_name, - maintenance_window_start_time -> 'DayOfWeek' as day_of_week, - maintenance_window_start_time -> 'TimeOfDay' as time_of_day, - maintenance_window_start_time -> 'TimeZone' as time_zone - from - aws_mq_broker; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n broker_name,\n maintenance_window_start_time\ + \ -> 'DayOfWeek' as day_of_week,\n maintenance_window_start_time -> 'TimeOfDay'\ + \ as time_of_day,\n maintenance_window_start_time -> 'TimeZone' as time_zone\n\ + from\n aws_mq_broker;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - MQ +Title: Find all AWS MQ Brokers with Maintenance Window Info diff --git a/queries/aws_msk_cluster_1.yaml b/queries/aws_msk_cluster_1.yaml index a4901eab1..03a66b8cd 100755 --- a/queries/aws_msk_cluster_1.yaml +++ b/queries/aws_msk_cluster_1.yaml @@ -1,29 +1,19 @@ +Description: Allows users to query AWS Managed Streaming for Apache Kafka (MSK) clusters. ID: aws_msk_cluster_1 -Title: "Find AWS MSK Clusters using SQL with Steampipe Table" -Description: "Allows users to query AWS Managed Streaming for Apache Kafka (MSK) clusters." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - cluster_name, - state, - cluster_type, - creation_time, - current_version, - region, - tags - from - aws_msk_cluster; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n cluster_name,\n state,\n cluster_type,\n creation_time,\n\ + \ current_version,\n region,\n tags\nfrom\n aws_msk_cluster;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Managed Streaming for Apache Kafka +Title: Find AWS MSK Clusters using SQL with Steampipe Table diff --git a/queries/aws_msk_cluster_2.yaml b/queries/aws_msk_cluster_2.yaml index f6bd2decb..07104d83a 100755 --- a/queries/aws_msk_cluster_2.yaml +++ b/queries/aws_msk_cluster_2.yaml @@ -1,27 +1,19 @@ +Description: Allows users to query AWS Managed Streaming for Apache Kafka (MSK) clusters. ID: aws_msk_cluster_2 -Title: "List all AWS MSK Clusters and Their States" -Description: "Allows users to query AWS Managed Streaming for Apache Kafka (MSK) clusters." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - cluster_name, - state, - creation_time - from - aws_msk_cluster - where - state <> 'ACTIVE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n cluster_name,\n state,\n creation_time\nfrom\n\ + \ aws_msk_cluster\nwhere\n state <> 'ACTIVE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Managed Streaming for Apache Kafka +Title: List all AWS MSK Clusters and Their States diff --git a/queries/aws_msk_cluster_3.yaml b/queries/aws_msk_cluster_3.yaml index 223d737b6..6d03802b9 100755 --- a/queries/aws_msk_cluster_3.yaml +++ b/queries/aws_msk_cluster_3.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Managed Streaming for Apache Kafka (MSK) clusters. ID: aws_msk_cluster_3 -Title: "Find AWS MSK Clusters and Their Details" -Description: "Allows users to query AWS Managed Streaming for Apache Kafka (MSK) clusters." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - cluster_name, - state, - creation_time - from - aws_msk_cluster - where - provisioned -> 'BrokerNodeGroupInfo' -> 'ConnectivityInfo' -> 'PublicAccess' ->> 'Type' <> 'DISABLED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n cluster_name,\n state,\n creation_time\nfrom\n\ + \ aws_msk_cluster\nwhere\n provisioned -> 'BrokerNodeGroupInfo' -> 'ConnectivityInfo'\ + \ -> 'PublicAccess' ->> 'Type' <> 'DISABLED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Managed Streaming for Apache Kafka (MSK) +Title: Find AWS MSK Clusters and Their Details diff --git a/queries/aws_msk_cluster_4.yaml b/queries/aws_msk_cluster_4.yaml index 0de450604..61a4af117 100755 --- a/queries/aws_msk_cluster_4.yaml +++ b/queries/aws_msk_cluster_4.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Managed Streaming for Apache Kafka (MSK) clusters. ID: aws_msk_cluster_4 -Title: "List all AWS MSK Clusters with Unencrypted Data" -Description: "Allows users to query AWS Managed Streaming for Apache Kafka (MSK) clusters." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - cluster_name, - state, - creation_time - from - aws_msk_cluster - where - provisioned -> 'EncryptionInfo' -> 'EncryptionAtRest' is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n cluster_name,\n state,\n creation_time\nfrom\n\ + \ aws_msk_cluster\nwhere\n provisioned -> 'EncryptionInfo' -> 'EncryptionAtRest'\ + \ is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Managed Streaming for Apache Kafka (MSK) +Title: List all AWS MSK Clusters with Unencrypted Data diff --git a/queries/aws_msk_cluster_5.yaml b/queries/aws_msk_cluster_5.yaml index b6c4d8727..bf721be34 100755 --- a/queries/aws_msk_cluster_5.yaml +++ b/queries/aws_msk_cluster_5.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS Managed Streaming for Apache Kafka (MSK) clusters. ID: aws_msk_cluster_5 -Title: "List All AWS MSK Clusters with Specific Encryption State" -Description: "Allows users to query AWS Managed Streaming for Apache Kafka (MSK) clusters." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - cluster_name, - state, - creation_time - from - aws_msk_cluster - where - provisioned -> 'EncryptionInfo' -> 'EncryptionInTransit' is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n cluster_name,\n state,\n creation_time\nfrom\n\ + \ aws_msk_cluster\nwhere\n provisioned -> 'EncryptionInfo' -> 'EncryptionInTransit'\ + \ is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Managed Streaming for Apache Kafka +Title: List All AWS MSK Clusters with Specific Encryption State diff --git a/queries/aws_msk_cluster_6.yaml b/queries/aws_msk_cluster_6.yaml index 0e204c8b5..0ae297253 100755 --- a/queries/aws_msk_cluster_6.yaml +++ b/queries/aws_msk_cluster_6.yaml @@ -1,27 +1,19 @@ +Description: Allows users to query AWS Managed Streaming for Apache Kafka (MSK) clusters. ID: aws_msk_cluster_6 -Title: "List all AWS MSK Clusters with Missing Logging Info" -Description: "Allows users to query AWS Managed Streaming for Apache Kafka (MSK) clusters." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - cluster_name, - state, - creation_time - from - aws_msk_cluster - where - provisioned -> 'LoggingInfo' is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n cluster_name,\n state,\n creation_time\nfrom\n\ + \ aws_msk_cluster\nwhere\n provisioned -> 'LoggingInfo' is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Managed Streaming for Apache Kafka +Title: List all AWS MSK Clusters with Missing Logging Info diff --git a/queries/aws_msk_cluster_7.yaml b/queries/aws_msk_cluster_7.yaml index 59cdd8b61..b1196cf14 100755 --- a/queries/aws_msk_cluster_7.yaml +++ b/queries/aws_msk_cluster_7.yaml @@ -1,22 +1,19 @@ +Description: Allows users to query AWS Managed Streaming for Apache Kafka (MSK) clusters. ID: aws_msk_cluster_7 -Title: "Find Total Storage of AWS MSK Clusters" -Description: "Allows users to query AWS Managed Streaming for Apache Kafka (MSK) clusters." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - sum((provisioned -> 'BrokerNodeGroupInfo' -> 'StorageInfo' -> 'EbsStorageInfo' ->> 'VolumeSize')::int) as total_storage - from - aws_msk_cluster; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n sum((provisioned -> 'BrokerNodeGroupInfo' -> 'StorageInfo'\ + \ -> 'EbsStorageInfo' ->> 'VolumeSize')::int) as total_storage\nfrom\n aws_msk_cluster;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Managed Streaming for Apache Kafka +Title: Find Total Storage of AWS MSK Clusters diff --git a/queries/aws_msk_serverless_cluster_1.yaml b/queries/aws_msk_serverless_cluster_1.yaml index 803f253e4..ca8a0b8f3 100755 --- a/queries/aws_msk_serverless_cluster_1.yaml +++ b/queries/aws_msk_serverless_cluster_1.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query AWS MSK Serverless Clusters to retrieve detailed + information about each cluster. ID: aws_msk_serverless_cluster_1 -Title: "List AWS MSK Serverless Clusters with Detailed Info" -Description: "Allows users to query AWS MSK Serverless Clusters to retrieve detailed information about each cluster." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - cluster_name, - state, - cluster_type, - creation_time, - current_version, - region, - tags - from - aws_msk_serverless_cluster; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n cluster_name,\n state,\n cluster_type,\n creation_time,\n\ + \ current_version,\n region,\n tags\nfrom\n aws_msk_serverless_cluster;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Managed Streaming for Kafka (MSK) +Title: List AWS MSK Serverless Clusters with Detailed Info diff --git a/queries/aws_msk_serverless_cluster_2.yaml b/queries/aws_msk_serverless_cluster_2.yaml index 96562fdc3..3a9b81b19 100755 --- a/queries/aws_msk_serverless_cluster_2.yaml +++ b/queries/aws_msk_serverless_cluster_2.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS MSK Serverless Clusters to retrieve detailed + information about each cluster. ID: aws_msk_serverless_cluster_2 -Title: "List all AWS MSK Serverless Clusters Using SQL" -Description: "Allows users to query AWS MSK Serverless Clusters to retrieve detailed information about each cluster." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - cluster_name, - state, - creation_time - from - aws_msk_serverless_cluster - where - state <> 'ACTIVE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n cluster_name,\n state,\n creation_time\nfrom\n\ + \ aws_msk_serverless_cluster\nwhere\n state <> 'ACTIVE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - MSK +Title: List all AWS MSK Serverless Clusters Using SQL diff --git a/queries/aws_msk_serverless_cluster_3.yaml b/queries/aws_msk_serverless_cluster_3.yaml index bac855459..44d266e24 100755 --- a/queries/aws_msk_serverless_cluster_3.yaml +++ b/queries/aws_msk_serverless_cluster_3.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS MSK Serverless Clusters to retrieve detailed + information about each cluster. ID: aws_msk_serverless_cluster_3 -Title: "List all AWS MSK Serverless Clusters with Details" -Description: "Allows users to query AWS MSK Serverless Clusters to retrieve detailed information about each cluster." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - cluster_name, - state, - creation_time - from - aws_msk_serverless_cluster - where - creation_time >= (current_date - interval '90' day) - order by - creation_time; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n cluster_name,\n state,\n creation_time\nfrom\n\ + \ aws_msk_serverless_cluster\nwhere\n creation_time >= (current_date - interval\ + \ '90' day)\norder by\n creation_time;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon MSK +Title: List all AWS MSK Serverless Clusters with Details diff --git a/queries/aws_msk_serverless_cluster_4.yaml b/queries/aws_msk_serverless_cluster_4.yaml index e533129ca..af4302ee7 100755 --- a/queries/aws_msk_serverless_cluster_4.yaml +++ b/queries/aws_msk_serverless_cluster_4.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS MSK Serverless Clusters to retrieve detailed + information about each cluster. ID: aws_msk_serverless_cluster_4 -Title: "Find all AWS MSK Serverless Cluster details" -Description: "Allows users to query AWS MSK Serverless Clusters to retrieve detailed information about each cluster." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - cluster_name, - state, - vpc ->> 'SubnetIds' as subnet_ids, - vpc ->> 'SecurityGroupIds' as security_group_ids - from - aws_msk_serverless_cluster, - jsonb_array_elements(serverless -> 'VpcConfigs') as vpc - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n cluster_name,\n state,\n vpc ->> 'SubnetIds'\ + \ as subnet_ids,\n vpc ->> 'SecurityGroupIds' as security_group_ids\nfrom\n \ + \ aws_msk_serverless_cluster,\n jsonb_array_elements(serverless -> 'VpcConfigs')\ + \ as vpc" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Managed Streaming for Kafka (MSK) Serverless +Title: Find all AWS MSK Serverless Cluster details diff --git a/queries/aws_msk_serverless_cluster_5.yaml b/queries/aws_msk_serverless_cluster_5.yaml index 20166aa7b..6dd6557ad 100755 --- a/queries/aws_msk_serverless_cluster_5.yaml +++ b/queries/aws_msk_serverless_cluster_5.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS MSK Serverless Clusters to retrieve detailed + information about each cluster. ID: aws_msk_serverless_cluster_5 -Title: "Find AWS MSK Serverless Clusters with Specific Client Auth" -Description: "Allows users to query AWS MSK Serverless Clusters to retrieve detailed information about each cluster." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - cluster_name, - state, - serverless -> 'ClientAuthentication' as client_authentication - from - aws_msk_serverless_cluster - where - (serverless -> 'ClientAuthentication' -> 'Sasl' -> 'Iam' ->> 'Enabled')::boolean = false; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n cluster_name,\n state,\n serverless -> 'ClientAuthentication'\ + \ as client_authentication\nfrom\n aws_msk_serverless_cluster\nwhere\n (serverless\ + \ -> 'ClientAuthentication' -> 'Sasl' -> 'Iam' ->> 'Enabled')::boolean = false;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Managed Streaming for Kafka (MSK) +Title: Find AWS MSK Serverless Clusters with Specific Client Auth diff --git a/queries/aws_neptune_db_cluster_1.yaml b/queries/aws_neptune_db_cluster_1.yaml index 60c913242..585b4cd00 100755 --- a/queries/aws_neptune_db_cluster_1.yaml +++ b/queries/aws_neptune_db_cluster_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query Amazon Neptune DB clusters for comprehensive information + about their configuration, status, and other relevant details. ID: aws_neptune_db_cluster_1 -Title: "List all configurations and status of Neptune DB Clusters" -Description: "Allows users to query Amazon Neptune DB clusters for comprehensive information about their configuration, status, and other relevant details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_cluster_identifier, - allocated_storage, - kms_key_id - from - aws_neptune_db_cluster - where - kms_key_id is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_cluster_identifier,\n allocated_storage,\n kms_key_id\n\ + from\n aws_neptune_db_cluster\nwhere\n kms_key_id is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Neptune +Title: List all configurations and status of Neptune DB Clusters diff --git a/queries/aws_neptune_db_cluster_2.yaml b/queries/aws_neptune_db_cluster_2.yaml index a097e23fd..c3f76d063 100755 --- a/queries/aws_neptune_db_cluster_2.yaml +++ b/queries/aws_neptune_db_cluster_2.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query Amazon Neptune DB clusters for comprehensive information + about their configuration, status, and other relevant details. ID: aws_neptune_db_cluster_2 -Title: "List all Amazon Neptune DB clusters and their configurations" -Description: "Allows users to query Amazon Neptune DB clusters for comprehensive information about their configuration, status, and other relevant details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_cluster_identifier, - backup_retention_period - from - aws_neptune_db_cluster - where - backup_retention_period > 7; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_cluster_identifier,\n backup_retention_period\nfrom\n\ + \ aws_neptune_db_cluster\nwhere\n backup_retention_period > 7;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Neptune +Title: List all Amazon Neptune DB clusters and their configurations diff --git a/queries/aws_neptune_db_cluster_3.yaml b/queries/aws_neptune_db_cluster_3.yaml index bac24be17..302ef6f6f 100755 --- a/queries/aws_neptune_db_cluster_3.yaml +++ b/queries/aws_neptune_db_cluster_3.yaml @@ -1,23 +1,20 @@ +Description: Allows users to query Amazon Neptune DB clusters for comprehensive information + about their configuration, status, and other relevant details. ID: aws_neptune_db_cluster_3 -Title: "List all Amazon Neptune DB Clusters and Their Details" -Description: "Allows users to query Amazon Neptune DB clusters for comprehensive information about their configuration, status, and other relevant details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_cluster_identifier, - jsonb_array_length(availability_zones) availability_zones_count - from - aws_neptune_db_cluster; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_cluster_identifier,\n jsonb_array_length(availability_zones)\ + \ availability_zones_count\nfrom\n aws_neptune_db_cluster;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Neptune +Title: List all Amazon Neptune DB Clusters and Their Details diff --git a/queries/aws_neptune_db_cluster_4.yaml b/queries/aws_neptune_db_cluster_4.yaml index 4ed5d4d5d..a4282e8b1 100755 --- a/queries/aws_neptune_db_cluster_4.yaml +++ b/queries/aws_neptune_db_cluster_4.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query Amazon Neptune DB clusters for comprehensive information + about their configuration, status, and other relevant details. ID: aws_neptune_db_cluster_4 -Title: "Find Amazon Neptune DB Clusters including configuration & status" -Description: "Allows users to query Amazon Neptune DB clusters for comprehensive information about their configuration, status, and other relevant details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_cluster_identifier, - member ->> 'DBClusterParameterGroupStatus' as db_cluster_parameter_group_status, - member ->> 'DBInstanceIdentifier' as db_instance_identifier, - member ->> 'IsClusterWriter' as is_cluster_writer, - member ->> 'PromotionTier' as promotion_tier - from - aws_neptune_db_cluster - cross join jsonb_array_elements(db_cluster_members) as member; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_cluster_identifier,\n member ->> 'DBClusterParameterGroupStatus'\ + \ as db_cluster_parameter_group_status,\n member ->> 'DBInstanceIdentifier' as\ + \ db_instance_identifier,\n member ->> 'IsClusterWriter' as is_cluster_writer,\n\ + \ member ->> 'PromotionTier' as promotion_tier\nfrom\n aws_neptune_db_cluster\n\ + \ cross join jsonb_array_elements(db_cluster_members) as member;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Neptune DB +Title: Find Amazon Neptune DB Clusters including configuration & status diff --git a/queries/aws_neptune_db_cluster_snapshot_1.yaml b/queries/aws_neptune_db_cluster_snapshot_1.yaml index 6ebb7798c..3d7ad25f6 100755 --- a/queries/aws_neptune_db_cluster_snapshot_1.yaml +++ b/queries/aws_neptune_db_cluster_snapshot_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Neptune DB Cluster Snapshots for comprehensive + details about their configurations, status, and associated metadata. ID: aws_neptune_db_cluster_snapshot_1 -Title: "List all AWS Neptune DB Cluster Snapshots for metadata" -Description: "Allows users to query AWS Neptune DB Cluster Snapshots for comprehensive details about their configurations, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_cluster_snapshot_identifier, - snapshot_type, - storage_encrypted - from - aws_neptune_db_cluster_snapshot - where - not storage_encrypted; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_cluster_snapshot_identifier,\n snapshot_type,\n \ + \ storage_encrypted\nfrom\n aws_neptune_db_cluster_snapshot\nwhere\n not storage_encrypted;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Neptune +Title: List all AWS Neptune DB Cluster Snapshots for metadata diff --git a/queries/aws_neptune_db_cluster_snapshot_2.yaml b/queries/aws_neptune_db_cluster_snapshot_2.yaml index 34c2b74f7..100811dad 100755 --- a/queries/aws_neptune_db_cluster_snapshot_2.yaml +++ b/queries/aws_neptune_db_cluster_snapshot_2.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Neptune DB Cluster Snapshots for comprehensive + details about their configurations, status, and associated metadata. ID: aws_neptune_db_cluster_snapshot_2 -Title: "Find all AWS Neptune DB Cluster Snapshots with metadata" -Description: "Allows users to query AWS Neptune DB Cluster Snapshots for comprehensive details about their configurations, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_cluster_snapshot_identifier, - cluster_create_time, - engine, - engine_version, - license_model - from - aws_neptune_db_cluster_snapshot; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_cluster_snapshot_identifier,\n cluster_create_time,\n\ + \ engine,\n engine_version,\n license_model\nfrom\n aws_neptune_db_cluster_snapshot;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Neptune +Title: Find all AWS Neptune DB Cluster Snapshots with metadata diff --git a/queries/aws_neptune_db_cluster_snapshot_3.yaml b/queries/aws_neptune_db_cluster_snapshot_3.yaml index 6d2d6a6ae..77fdac979 100755 --- a/queries/aws_neptune_db_cluster_snapshot_3.yaml +++ b/queries/aws_neptune_db_cluster_snapshot_3.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Neptune DB Cluster Snapshots for comprehensive + details about their configurations, status, and associated metadata. ID: aws_neptune_db_cluster_snapshot_3 -Title: "List all AWS Neptune DB Cluster Snapshots and Counts" -Description: "Allows users to query AWS Neptune DB Cluster Snapshots for comprehensive details about their configurations, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_cluster_identifier, - count(db_cluster_snapshot_identifier) snapshot_count - from - aws_neptune_db_cluster_snapshot - group by - db_cluster_identifier; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_cluster_identifier,\n count(db_cluster_snapshot_identifier)\ + \ snapshot_count\nfrom\n aws_neptune_db_cluster_snapshot\ngroup by\n db_cluster_identifier;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Neptune +Title: List all AWS Neptune DB Cluster Snapshots and Counts diff --git a/queries/aws_neptune_db_cluster_snapshot_4.yaml b/queries/aws_neptune_db_cluster_snapshot_4.yaml index a9895a129..0d5f2b4c7 100755 --- a/queries/aws_neptune_db_cluster_snapshot_4.yaml +++ b/queries/aws_neptune_db_cluster_snapshot_4.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Neptune DB Cluster Snapshots for comprehensive + details about their configurations, status, and associated metadata. ID: aws_neptune_db_cluster_snapshot_4 -Title: "Find all AWS Neptune DB Cluster Snapshot details" -Description: "Allows users to query AWS Neptune DB Cluster Snapshots for comprehensive details about their configurations, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_cluster_snapshot_identifier, - engine, - snapshot_type - from - aws_neptune_db_cluster_snapshot, - jsonb_array_elements(db_cluster_snapshot_attributes) as cluster_snapshot - where - cluster_snapshot -> 'AttributeValues' = '["all"]'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_cluster_snapshot_identifier,\n engine,\n snapshot_type\n\ + from\n aws_neptune_db_cluster_snapshot,\n jsonb_array_elements(db_cluster_snapshot_attributes)\ + \ as cluster_snapshot\nwhere\n cluster_snapshot -> 'AttributeValues' = '[\"all\"\ + ]';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Neptune DB +Title: Find all AWS Neptune DB Cluster Snapshot details diff --git a/queries/aws_networkfirewall_firewall_1.yaml b/queries/aws_networkfirewall_firewall_1.yaml index 3a9e4d897..2094624b5 100755 --- a/queries/aws_networkfirewall_firewall_1.yaml +++ b/queries/aws_networkfirewall_firewall_1.yaml @@ -1,32 +1,24 @@ +Description: Allows users to query AWS Network Firewalls for detailed information + about each firewall''s properties and settings. ID: aws_networkfirewall_firewall_1 -Title: "Find all AWS Network Firewall properties and settings" -Description: "Allows users to query AWS Network Firewalls for detailed information about each firewall''s properties and settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - name, - description, - vpc_id, - policy_arn, - region, - tags - from - aws_networkfirewall_firewall; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n name,\n description,\n vpc_id,\n policy_arn,\n\ + \ region,\n tags\nfrom\n aws_networkfirewall_firewall;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Network Firewall +Title: Find all AWS Network Firewall properties and settings diff --git a/queries/aws_networkfirewall_firewall_2.yaml b/queries/aws_networkfirewall_firewall_2.yaml index d5e3be85c..57d49089e 100755 --- a/queries/aws_networkfirewall_firewall_2.yaml +++ b/queries/aws_networkfirewall_firewall_2.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Network Firewalls for detailed information + about each firewall''s properties and settings. ID: aws_networkfirewall_firewall_2 -Title: "Find AWS Network Firewall details including encryption" -Description: "Allows users to query AWS Network Firewalls for detailed information about each firewall''s properties and settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - name, - description, - encryption_configuration - from - aws_networkfirewall_firewall - where - encryption_configuration ->> 'Type' = `AWS_OWNED_KMS_KEY'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n name,\n description,\n encryption_configuration\n\ + from\n aws_networkfirewall_firewall\nwhere\n encryption_configuration ->> 'Type'\ + \ = `AWS_OWNED_KMS_KEY';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Network Firewall +Title: Find AWS Network Firewall details including encryption diff --git a/queries/aws_networkfirewall_firewall_3.yaml b/queries/aws_networkfirewall_firewall_3.yaml index d77669fe2..d9faddb5d 100755 --- a/queries/aws_networkfirewall_firewall_3.yaml +++ b/queries/aws_networkfirewall_firewall_3.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Network Firewalls for detailed information + about each firewall''s properties and settings. ID: aws_networkfirewall_firewall_3 -Title: "Find AWS Network Firewalls for Properties and Settings" -Description: "Allows users to query AWS Network Firewalls for detailed information about each firewall''s properties and settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - name, - description, - vpc_id - from - aws_networkfirewall_firewall - where - not delete_protection; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n name,\n description,\n vpc_id\nfrom\n aws_networkfirewall_firewall\n\ + where\n not delete_protection;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Network Firewall +Title: Find AWS Network Firewalls for Properties and Settings diff --git a/queries/aws_networkfirewall_firewall_4.yaml b/queries/aws_networkfirewall_firewall_4.yaml index 77198bc57..db2289e7a 100755 --- a/queries/aws_networkfirewall_firewall_4.yaml +++ b/queries/aws_networkfirewall_firewall_4.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Network Firewalls for detailed information + about each firewall''s properties and settings. ID: aws_networkfirewall_firewall_4 -Title: "Find All AWS Network Firewalls with Details" -Description: "Allows users to query AWS Network Firewalls for detailed information about each firewall''s properties and settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - name, - description, - vpc_id - from - aws_networkfirewall_firewall - where - not policy_change_protection; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n name,\n description,\n vpc_id\nfrom\n aws_networkfirewall_firewall\n\ + where\n not policy_change_protection;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Network Firewalls +Title: Find All AWS Network Firewalls with Details diff --git a/queries/aws_networkfirewall_firewall_5.yaml b/queries/aws_networkfirewall_firewall_5.yaml index 2f44c36e8..003eff080 100755 --- a/queries/aws_networkfirewall_firewall_5.yaml +++ b/queries/aws_networkfirewall_firewall_5.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Network Firewalls for detailed information + about each firewall''s properties and settings. ID: aws_networkfirewall_firewall_5 -Title: "Find AWS Network Firewall Properties and Settings" -Description: "Allows users to query AWS Network Firewalls for detailed information about each firewall''s properties and settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - name, - description, - vpc_id - from - aws_networkfirewall_firewall - where - not subnet_change_protection; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n name,\n description,\n vpc_id\nfrom\n aws_networkfirewall_firewall\n\ + where\n not subnet_change_protection;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Network Firewall +Title: Find AWS Network Firewall Properties and Settings diff --git a/queries/aws_networkfirewall_firewall_6.yaml b/queries/aws_networkfirewall_firewall_6.yaml index 7caaa0cfc..eedbf9291 100755 --- a/queries/aws_networkfirewall_firewall_6.yaml +++ b/queries/aws_networkfirewall_firewall_6.yaml @@ -1,36 +1,26 @@ +Description: Allows users to query AWS Network Firewalls for detailed information + about each firewall''s properties and settings. ID: aws_networkfirewall_firewall_6 -Title: "List AWS Network Firewall properties and settings" -Description: "Allows users to query AWS Network Firewalls for detailed information about each firewall''s properties and settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - f.arn, - f.name, - f.vpc_id, - s ->> 'SubnetId' as subnet_id, - cidr_block, - availability_zone, - default_for_az - from - aws_networkfirewall_firewall f, - jsonb_array_elements(subnet_mappings) s, - aws_vpc_subnet vs - where - vs.subnet_id = s ->> 'SubnetId'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n f.arn,\n f.name,\n f.vpc_id,\n s ->> 'SubnetId' as\ + \ subnet_id,\n cidr_block,\n availability_zone,\n default_for_az\nfrom\n aws_networkfirewall_firewall\ + \ f,\n jsonb_array_elements(subnet_mappings) s,\n aws_vpc_subnet vs\nwhere\n\ + \ vs.subnet_id = s ->> 'SubnetId';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Network Firewall +Title: List AWS Network Firewall properties and settings diff --git a/queries/aws_networkfirewall_firewall_7.yaml b/queries/aws_networkfirewall_firewall_7.yaml index ede717d10..414ca25ce 100755 --- a/queries/aws_networkfirewall_firewall_7.yaml +++ b/queries/aws_networkfirewall_firewall_7.yaml @@ -1,32 +1,24 @@ +Description: Allows users to query AWS Network Firewalls for detailed information + about each firewall''s properties and settings. ID: aws_networkfirewall_firewall_7 -Title: "Find details of AWS Network Firewalls properties and settings" -Description: "Allows users to query AWS Network Firewalls for detailed information about each firewall''s properties and settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - f.arn, - f.name, - f.vpc_id, - k.arn as key_arn, - key_rotation_enabled - from - aws_networkfirewall_firewall f, - aws_kms_key k - where - k.id = encryption_configuration ->> 'KeyId' - and not f.encryption_configuration ->> 'Type' = `AWS_OWNED_KMS_KEY'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n f.arn,\n f.name,\n f.vpc_id,\n k.arn as key_arn,\n\ + \ key_rotation_enabled\nfrom\n aws_networkfirewall_firewall f,\n aws_kms_key\ + \ k\nwhere\n k.id = encryption_configuration ->> 'KeyId'\n and not f.encryption_configuration\ + \ ->> 'Type' = `AWS_OWNED_KMS_KEY';" Tags: cloud_data_security: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Network Firewall +Title: Find details of AWS Network Firewalls properties and settings diff --git a/queries/aws_networkfirewall_firewall_8.yaml b/queries/aws_networkfirewall_firewall_8.yaml index d6dcef783..66e2e9b21 100755 --- a/queries/aws_networkfirewall_firewall_8.yaml +++ b/queries/aws_networkfirewall_firewall_8.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS Network Firewalls for detailed information + about each firewall''s properties and settings. ID: aws_networkfirewall_firewall_8 -Title: "List all AWS Network Firewalls and Logging configurations" -Description: "Allows users to query AWS Network Firewalls for detailed information about each firewall''s properties and settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - l -> 'LogDestination' as log_destination, - l ->> 'LogDestinationType' as log_destination_type, - l ->> 'LogType' as log_type - from - aws_networkfirewall_firewall, - jsonb_array_elements(logging_configuration) as l; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n l -> 'LogDestination' as log_destination,\n\ + \ l ->> 'LogDestinationType' as log_destination_type,\n l ->> 'LogType' as log_type\n\ + from\n aws_networkfirewall_firewall,\n jsonb_array_elements(logging_configuration)\ + \ as l;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Network Firewall +Title: List all AWS Network Firewalls and Logging configurations diff --git a/queries/aws_networkfirewall_firewall_policy_1.yaml b/queries/aws_networkfirewall_firewall_policy_1.yaml index 10b9f6831..adad320e7 100755 --- a/queries/aws_networkfirewall_firewall_policy_1.yaml +++ b/queries/aws_networkfirewall_firewall_policy_1.yaml @@ -1,29 +1,21 @@ +Description: '' ID: aws_networkfirewall_firewall_policy_1 -Title: "" -Description: "" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - name, - description, - firewall_policy_status, - region, - tags - from - aws_networkfirewall_firewall_policy; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n name,\n description,\n firewall_policy_status,\n\ + \ region,\n tags\nfrom\n aws_networkfirewall_firewall_policy;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Network Firewall +Title: '' diff --git a/queries/aws_networkfirewall_firewall_policy_2.yaml b/queries/aws_networkfirewall_firewall_policy_2.yaml index 1669937e4..95b7a3f44 100755 --- a/queries/aws_networkfirewall_firewall_policy_2.yaml +++ b/queries/aws_networkfirewall_firewall_policy_2.yaml @@ -1,28 +1,20 @@ +Description: '' ID: aws_networkfirewall_firewall_policy_2 -Title: "" -Description: "" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - name, - description, - firewall_policy_status, - encryption_configuration - from - aws_networkfirewall_firewall_policy - where - encryption_configuration ->> 'Type' = `aws_OWNED_KMS_KEY'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n name,\n description,\n firewall_policy_status,\n\ + \ encryption_configuration\nfrom\n aws_networkfirewall_firewall_policy\nwhere\ + \ \n encryption_configuration ->> 'Type' = `aws_OWNED_KMS_KEY';" Tags: cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Network Firewall +Title: '' diff --git a/queries/aws_networkfirewall_firewall_policy_3.yaml b/queries/aws_networkfirewall_firewall_policy_3.yaml index 03be54f2b..e62816743 100755 --- a/queries/aws_networkfirewall_firewall_policy_3.yaml +++ b/queries/aws_networkfirewall_firewall_policy_3.yaml @@ -1,29 +1,20 @@ +Description: '' ID: aws_networkfirewall_firewall_policy_3 -Title: "" -Description: "" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - name, - description, - firewall_policy_status, - region, - tags - from - aws_networkfirewall_firewall_policy - where - firewall_policy_status != 'ACTIVE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n name,\n description,\n firewall_policy_status,\n\ + \ region,\n tags\nfrom\n aws_networkfirewall_firewall_policy\nwhere\n firewall_policy_status\ + \ != 'ACTIVE';" Tags: cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Network Firewall +Title: '' diff --git a/queries/aws_networkfirewall_firewall_policy_4.yaml b/queries/aws_networkfirewall_firewall_policy_4.yaml index 8ffea0e03..57ee6c3fc 100755 --- a/queries/aws_networkfirewall_firewall_policy_4.yaml +++ b/queries/aws_networkfirewall_firewall_policy_4.yaml @@ -1,28 +1,23 @@ +Description: '' ID: aws_networkfirewall_firewall_policy_4 -Title: "" -Description: "" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - name as firewall_policy_name, - firewall_policy_status, - firewall_policy -> 'StatefulDefaultActions' as stateful_default_actions, - firewall_policy -> 'StatefulRuleGroupReferences' as stateful_rule_group_references - from - aws_networkfirewall_firewall_policy; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n name as firewall_policy_name,\n firewall_policy_status,\n\ + \ firewall_policy -> 'StatefulDefaultActions' as stateful_default_actions,\n\ + \ firewall_policy -> 'StatefulRuleGroupReferences' as stateful_rule_group_references\n\ + from\n aws_networkfirewall_firewall_policy;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Network Firewall +Title: '' diff --git a/queries/aws_networkfirewall_firewall_policy_5.yaml b/queries/aws_networkfirewall_firewall_policy_5.yaml index fc79eaae9..31f7c3145 100755 --- a/queries/aws_networkfirewall_firewall_policy_5.yaml +++ b/queries/aws_networkfirewall_firewall_policy_5.yaml @@ -1,28 +1,23 @@ +Description: '' ID: aws_networkfirewall_firewall_policy_5 -Title: "" -Description: "" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - name as firewall_policy_name, - firewall_policy_status, - firewall_policy -> 'StatelessDefaultActions' as stateless_default_actions, - firewall_policy -> 'StatelessRuleGroupReferences' as stateless_rule_group_references - from - aws_networkfirewall_firewall_policy; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n name as firewall_policy_name,\n firewall_policy_status,\n\ + \ firewall_policy -> 'StatelessDefaultActions' as stateless_default_actions,\n\ + \ firewall_policy -> 'StatelessRuleGroupReferences' as stateless_rule_group_references\n\ + from\n aws_networkfirewall_firewall_policy;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - NetworkFirewall +Title: '' diff --git a/queries/aws_networkfirewall_firewall_policy_6.yaml b/queries/aws_networkfirewall_firewall_policy_6.yaml index adf8e4838..ebc950bfc 100755 --- a/queries/aws_networkfirewall_firewall_policy_6.yaml +++ b/queries/aws_networkfirewall_firewall_policy_6.yaml @@ -1,26 +1,21 @@ +Description: '' ID: aws_networkfirewall_firewall_policy_6 -Title: "" -Description: "" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - name as firewall_policy_name, - firewall_policy_status, - firewall_policy -> 'StatelessFragmentDefaultActions' as stateless_default_actions, - firewall_policy -> 'StatelessRuleGroupReferences' as stateless_rule_group_references - from - aws_networkfirewall_firewall_policy; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n name as firewall_policy_name,\n firewall_policy_status,\n\ + \ firewall_policy -> 'StatelessFragmentDefaultActions' as stateless_default_actions,\n\ + \ firewall_policy -> 'StatelessRuleGroupReferences' as stateless_rule_group_references\n\ + from\n aws_networkfirewall_firewall_policy;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws +Title: '' diff --git a/queries/aws_networkfirewall_firewall_policy_7.yaml b/queries/aws_networkfirewall_firewall_policy_7.yaml index 8b6fe5324..4d9ba2fe4 100755 --- a/queries/aws_networkfirewall_firewall_policy_7.yaml +++ b/queries/aws_networkfirewall_firewall_policy_7.yaml @@ -1,26 +1,21 @@ +Description: '' ID: aws_networkfirewall_firewall_policy_7 -Title: "" -Description: "" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - name as firewall_policy_name, - firewall_policy_status, - firewall_policy -> 'StatelessRuleGroupReferences' ->> 'ActionName' as custom_action_name, - firewall_policy -> 'StatelessRuleGroupReferences' ->> 'ActionDefinition' as custom_action_definition - from - aws_networkfirewall_firewall_policy; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n name as firewall_policy_name,\n firewall_policy_status,\n\ + \ firewall_policy -> 'StatelessRuleGroupReferences' ->> 'ActionName' as custom_action_name,\n\ + \ firewall_policy -> 'StatelessRuleGroupReferences' ->> 'ActionDefinition' as\ + \ custom_action_definition\nfrom\n aws_networkfirewall_firewall_policy;" Tags: cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Network Firewall +Title: '' diff --git a/queries/aws_networkfirewall_rule_group_1.yaml b/queries/aws_networkfirewall_rule_group_1.yaml index 460633658..42f3e4819 100755 --- a/queries/aws_networkfirewall_rule_group_1.yaml +++ b/queries/aws_networkfirewall_rule_group_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Network Firewall Rule Group details, including + rule group ARN, capacity, rule group name, and associated tags. ID: aws_networkfirewall_rule_group_1 -Title: "Find AWS Network Firewall Rule Group Details" -Description: "Allows users to query AWS Network Firewall Rule Group details, including rule group ARN, capacity, rule group name, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - rule_group_name, - rule_group_status, - type, - jsonb_pretty(rules_source) as rules_source - from - aws_networkfirewall_rule_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n rule_group_name,\n rule_group_status,\n type,\n jsonb_pretty(rules_source)\ + \ as rules_source\nfrom\n aws_networkfirewall_rule_group;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Network Firewall +Title: Find AWS Network Firewall Rule Group Details diff --git a/queries/aws_networkfirewall_rule_group_2.yaml b/queries/aws_networkfirewall_rule_group_2.yaml index 8ba6665c8..1a7d94096 100755 --- a/queries/aws_networkfirewall_rule_group_2.yaml +++ b/queries/aws_networkfirewall_rule_group_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Network Firewall Rule Group details, including + rule group ARN, capacity, rule group name, and associated tags. ID: aws_networkfirewall_rule_group_2 -Title: "Find AWS Network Firewall Rule Group Details" -Description: "Allows users to query AWS Network Firewall Rule Group details, including rule group ARN, capacity, rule group name, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - rule_group_name, - rule_group_status - from - aws_networkfirewall_rule_group - where - number_of_associations = 0; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n rule_group_name,\n rule_group_status\nfrom\n aws_networkfirewall_rule_group\n\ + where\n number_of_associations = 0;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Network Firewall +Title: Find AWS Network Firewall Rule Group Details diff --git a/queries/aws_networkfirewall_rule_group_3.yaml b/queries/aws_networkfirewall_rule_group_3.yaml index f51d1874c..04aa2afc7 100755 --- a/queries/aws_networkfirewall_rule_group_3.yaml +++ b/queries/aws_networkfirewall_rule_group_3.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS Network Firewall Rule Group details, including + rule group ARN, capacity, rule group name, and associated tags. ID: aws_networkfirewall_rule_group_3 -Title: "Find AWS Network Firewall Rule Group Details" -Description: "Allows users to query AWS Network Firewall Rule Group details, including rule group ARN, capacity, rule group name, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - rule_group_name, - rule_group_status, - jsonb_pretty(rules_source -> 'StatefulRules') as stateful_rules, - jsonb_pretty(rule_variables) as rule_variables, - stateful_rule_options - from - aws_networkfirewall_rule_group - where - type = 'STATEFUL'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n rule_group_name,\n rule_group_status,\n jsonb_pretty(rules_source\ + \ -> 'StatefulRules') as stateful_rules,\n jsonb_pretty(rule_variables) as rule_variables,\n\ + \ stateful_rule_options\nfrom\n aws_networkfirewall_rule_group\nwhere\n type\ + \ = 'STATEFUL';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Network Firewall +Title: Find AWS Network Firewall Rule Group Details diff --git a/queries/aws_networkfirewall_rule_group_4.yaml b/queries/aws_networkfirewall_rule_group_4.yaml index 382ed0d36..4f11eefed 100755 --- a/queries/aws_networkfirewall_rule_group_4.yaml +++ b/queries/aws_networkfirewall_rule_group_4.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS Network Firewall Rule Group details, including + rule group ARN, capacity, rule group name, and associated tags. ID: aws_networkfirewall_rule_group_4 -Title: "List all AWS Network Firewall Rule Group Details" -Description: "Allows users to query AWS Network Firewall Rule Group details, including rule group ARN, capacity, rule group name, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - rule_group_name, - rule_group_status, - jsonb_pretty(rules_source -> 'StatelessRulesAndCustomActions' -> 'StatelessRules') as stateless_rules, - jsonb_pretty(rules_source -> 'StatelessRulesAndCustomActions' -> 'CustomActions') as custom_actions - from - aws_networkfirewall_rule_group - where - type = 'STATELESS'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n rule_group_name,\n rule_group_status,\n jsonb_pretty(rules_source\ + \ -> 'StatelessRulesAndCustomActions' -> 'StatelessRules') as stateless_rules,\n\ + \ jsonb_pretty(rules_source -> 'StatelessRulesAndCustomActions' -> 'CustomActions')\ + \ as custom_actions\nfrom\n aws_networkfirewall_rule_group\nwhere\n type = 'STATELESS';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Network Firewall +Title: List all AWS Network Firewall Rule Group Details diff --git a/queries/aws_networkfirewall_rule_group_5.yaml b/queries/aws_networkfirewall_rule_group_5.yaml index e5b46c626..763918b05 100755 --- a/queries/aws_networkfirewall_rule_group_5.yaml +++ b/queries/aws_networkfirewall_rule_group_5.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Network Firewall Rule Group details, including + rule group ARN, capacity, rule group name, and associated tags. ID: aws_networkfirewall_rule_group_5 -Title: "List AWS Network Firewall Rule Group Details" -Description: "Allows users to query AWS Network Firewall Rule Group details, including rule group ARN, capacity, rule group name, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - rule_group_name, - rule_group_status, - number_of_associations - from - aws_networkfirewall_rule_group - where - type = 'STATELESS' and jsonb_array_length(rules_source -> 'StatelessRulesAndCustomActions' -> 'StatelessRules') = 0 - or type = 'STATEFUL' and jsonb_array_length(rules_source -> 'StatefulRules') = 0; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n rule_group_name,\n rule_group_status,\n number_of_associations\n\ + from\n aws_networkfirewall_rule_group\nwhere\n type = 'STATELESS' and jsonb_array_length(rules_source\ + \ -> 'StatelessRulesAndCustomActions' -> 'StatelessRules') = 0\n or type = 'STATEFUL'\ + \ and jsonb_array_length(rules_source -> 'StatefulRules') = 0;" Tags: cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Network Firewall +Title: List AWS Network Firewall Rule Group Details diff --git a/queries/aws_oam_link_1.yaml b/queries/aws_oam_link_1.yaml index a302083c3..3ae773d86 100755 --- a/queries/aws_oam_link_1.yaml +++ b/queries/aws_oam_link_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS OAM Links to gather information about the link + between an AWS resource and an AWS OAM resource. ID: aws_oam_link_1 -Title: "List all AWS OAM resource links" -Description: "Allows users to query AWS OAM Links to gather information about the link between an AWS resource and an AWS OAM resource." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - arn, - sink_arn, - label, - resource_types - from - aws_oam_link; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n arn,\n sink_arn,\n label,\n resource_types\n\ + from\n aws_oam_link;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - OAM +Title: List all AWS OAM resource links diff --git a/queries/aws_oam_link_2.yaml b/queries/aws_oam_link_2.yaml index 346e0301b..e29ddacce 100755 --- a/queries/aws_oam_link_2.yaml +++ b/queries/aws_oam_link_2.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS OAM Links to gather information about the link + between an AWS resource and an AWS OAM resource. ID: aws_oam_link_2 -Title: "List all AWS OAM Links and Their Associated Sinks" -Description: "Allows users to query AWS OAM Links to gather information about the link between an AWS resource and an AWS OAM resource." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - l.id, - l.arn, - s.name as sink_name, - l.sink_arn - from - aws_oam_link as l, - aws_oam_sink as s; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n l.id,\n l.arn,\n s.name as sink_name,\n l.sink_arn\n\ + from\n aws_oam_link as l,\n aws_oam_sink as s;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - OAM +Title: List all AWS OAM Links and Their Associated Sinks diff --git a/queries/aws_oam_link_3.yaml b/queries/aws_oam_link_3.yaml index 9e581289f..36ea4243c 100755 --- a/queries/aws_oam_link_3.yaml +++ b/queries/aws_oam_link_3.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query AWS OAM Links to gather information about the link + between an AWS resource and an AWS OAM resource. ID: aws_oam_link_3 -Title: "Find AWS OAM Links Between Resources" -Description: "Allows users to query AWS OAM Links to gather information about the link between an AWS resource and an AWS OAM resource." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - l.id, - l.arn, - l.label, - l.label_template, - r as resource_type - from - aws_oam_link as l, - jsonb_array_elements_text(resource_types) as r - where - r = 'AWS::Logs::LogGroup'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n l.id,\n l.arn,\n l.label,\n l.label_template,\n r\ + \ as resource_type\nfrom\n aws_oam_link as l,\n jsonb_array_elements_text(resource_types)\ + \ as r\nwhere\n r = 'AWS::Logs::LogGroup';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - OAM +Title: Find AWS OAM Links Between Resources diff --git a/queries/aws_oam_sink_1.yaml b/queries/aws_oam_sink_1.yaml index 995bfaeea..2620d58df 100755 --- a/queries/aws_oam_sink_1.yaml +++ b/queries/aws_oam_sink_1.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS OAM Sink data, providing detailed information + about each AWS OAM Sink in your AWS account. ID: aws_oam_sink_1 -Title: "Find AWS OAM Sink data for detailed information" -Description: "Allows users to query AWS OAM Sink data, providing detailed information about each AWS OAM Sink in your AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - arn, - tags, - title - from - aws_oam_sink; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n arn,\n tags,\n title\nfrom\n aws_oam_sink;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - OAM Sink +Title: Find AWS OAM Sink data for detailed information diff --git a/queries/aws_oam_sink_2.yaml b/queries/aws_oam_sink_2.yaml index 35416d793..324dc2771 100755 --- a/queries/aws_oam_sink_2.yaml +++ b/queries/aws_oam_sink_2.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS OAM Sink data, providing detailed information + about each AWS OAM Sink in your AWS account. ID: aws_oam_sink_2 -Title: "Find AWS OAM Sink Data with Detailed Information" -Description: "Allows users to query AWS OAM Sink data, providing detailed information about each AWS OAM Sink in your AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - arn - from - aws_oam_sink - where - id = 'hfj44c81-7bdf-3847-r7i3-5dfc61b17483'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n arn\nfrom\n aws_oam_sink\nwhere\n id\ + \ = 'hfj44c81-7bdf-3847-r7i3-5dfc61b17483';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS OAM Sink +Title: Find AWS OAM Sink Data with Detailed Information diff --git a/queries/aws_opensearch_domain_1.yaml b/queries/aws_opensearch_domain_1.yaml index 0c2220565..64428ef31 100755 --- a/queries/aws_opensearch_domain_1.yaml +++ b/queries/aws_opensearch_domain_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS OpenSearch Service Domains for detailed information + on their configuration, status, and associated resources. ID: aws_opensearch_domain_1 -Title: "Find AWS OpenSearch Service Domains Configuration" -Description: "Allows users to query AWS OpenSearch Service Domains for detailed information on their configuration, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - domain_id, - arn, - engine_version, - created - from - aws_opensearch_domain; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n domain_id,\n arn,\n engine_version,\n\ + \ created\nfrom\n aws_opensearch_domain;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - OpenSearch Service +Title: Find AWS OpenSearch Service Domains Configuration diff --git a/queries/aws_opensearch_domain_2.yaml b/queries/aws_opensearch_domain_2.yaml index 0953f8bd1..3f6b67000 100755 --- a/queries/aws_opensearch_domain_2.yaml +++ b/queries/aws_opensearch_domain_2.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS OpenSearch Service Domains for detailed information + on their configuration, status, and associated resources. ID: aws_opensearch_domain_2 -Title: "Find All AWS OpenSearch Service Domains and Their Details" -Description: "Allows users to query AWS OpenSearch Service Domains for detailed information on their configuration, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - domain_id, - encryption_at_rest_options ->> 'Enabled' as enabled, - encryption_at_rest_options ->> 'KmsKeyId' as kms_key_id - from - aws_opensearch_domain - where - encryption_at_rest_options ->> 'Enabled' = 'false'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n domain_id,\n encryption_at_rest_options\ + \ ->> 'Enabled' as enabled,\n encryption_at_rest_options ->> 'KmsKeyId' as kms_key_id\n\ + from\n aws_opensearch_domain\nwhere\n encryption_at_rest_options ->> 'Enabled'\ + \ = 'false';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - OpenSearch Service +Title: Find All AWS OpenSearch Service Domains and Their Details diff --git a/queries/aws_opensearch_domain_3.yaml b/queries/aws_opensearch_domain_3.yaml index 1282bdb8b..21fc11e61 100755 --- a/queries/aws_opensearch_domain_3.yaml +++ b/queries/aws_opensearch_domain_3.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS OpenSearch Service Domains for detailed information + on their configuration, status, and associated resources. ID: aws_opensearch_domain_3 -Title: "List all AWS OpenSearch Service Domains with SQL" -Description: "Allows users to query AWS OpenSearch Service Domains for detailed information on their configuration, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - domain_id, - ebs_options ->> 'VolumeSize' as volume_size, - ebs_options ->> 'VolumeType' as volume_type, - ebs_options ->> 'EBSEnabled' as ebs_enabled - from - aws_opensearch_domain - where - ebs_options ->> 'EBSEnabled' = 'true'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n domain_id,\n ebs_options ->> 'VolumeSize'\ + \ as volume_size,\n ebs_options ->> 'VolumeType' as volume_type,\n ebs_options\ + \ ->> 'EBSEnabled' as ebs_enabled\nfrom\n aws_opensearch_domain\nwhere\n ebs_options\ + \ ->> 'EBSEnabled' = 'true';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - OpenSearch Service +Title: List all AWS OpenSearch Service Domains with SQL diff --git a/queries/aws_opensearch_domain_4.yaml b/queries/aws_opensearch_domain_4.yaml index 281e0bbbd..f03cf16d6 100755 --- a/queries/aws_opensearch_domain_4.yaml +++ b/queries/aws_opensearch_domain_4.yaml @@ -1,32 +1,27 @@ +Description: Allows users to query AWS OpenSearch Service Domains for detailed information + on their configuration, status, and associated resources. ID: aws_opensearch_domain_4 -Title: "List AWS OpenSearch Service Domains and Configurations" -Description: "Allows users to query AWS OpenSearch Service Domains for detailed information on their configuration, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - vpc_options ->> 'AvailabilityZones' as availability_zones, - vpc_options ->> 'SecurityGroupIds' as security_group_ids, - vpc_options ->> 'SubnetIds' as subnet_ids, - vpc_options ->> 'VPCId' as vpc_id - from - aws_opensearch_domain - where - vpc_options ->> 'AvailabilityZones' is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n vpc_options ->> 'AvailabilityZones' as\ + \ availability_zones,\n vpc_options ->> 'SecurityGroupIds' as security_group_ids,\n\ + \ vpc_options ->> 'SubnetIds' as subnet_ids,\n vpc_options ->> 'VPCId' as vpc_id\n\ + from\n aws_opensearch_domain\nwhere\n vpc_options ->> 'AvailabilityZones' is\ + \ not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - OpenSearch Service +Title: List AWS OpenSearch Service Domains and Configurations diff --git a/queries/aws_opensearch_domain_5.yaml b/queries/aws_opensearch_domain_5.yaml index fddd7a51b..d09235913 100755 --- a/queries/aws_opensearch_domain_5.yaml +++ b/queries/aws_opensearch_domain_5.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS OpenSearch Service Domains for detailed information + on their configuration, status, and associated resources. ID: aws_opensearch_domain_5 -Title: "List all AWS OpenSearch Service Domains and Configurations" -Description: "Allows users to query AWS OpenSearch Service Domains for detailed information on their configuration, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - domain_id, - cluster_config ->> 'InstanceType' as instance_type, - cluster_config ->> 'InstanceCount' as instance_count - from - aws_opensearch_domain; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n domain_id,\n cluster_config ->> 'InstanceType'\ + \ as instance_type,\n cluster_config ->> 'InstanceCount' as instance_count\n\ + from\n aws_opensearch_domain;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - OpenSearch Service +Title: List all AWS OpenSearch Service Domains and Configurations diff --git a/queries/aws_opensearch_domain_6.yaml b/queries/aws_opensearch_domain_6.yaml index 7bee730cc..cd14fafc0 100755 --- a/queries/aws_opensearch_domain_6.yaml +++ b/queries/aws_opensearch_domain_6.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS OpenSearch Service Domains for detailed information + on their configuration, status, and associated resources. ID: aws_opensearch_domain_6 -Title: "Find all AWS OpenSearch Service Domains and their details" -Description: "Allows users to query AWS OpenSearch Service Domains for detailed information on their configuration, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - domain_id, - arn, - engine_version, - created - from - aws_opensearch_domain - where - vpc_options is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n domain_id,\n arn,\n engine_version,\n\ + \ created\nfrom\n aws_opensearch_domain\nwhere\n vpc_options is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - OpenSearch Service +Title: Find all AWS OpenSearch Service Domains and their details diff --git a/queries/aws_opensearch_domain_7.yaml b/queries/aws_opensearch_domain_7.yaml index 7f831c1ff..b4c8c196a 100755 --- a/queries/aws_opensearch_domain_7.yaml +++ b/queries/aws_opensearch_domain_7.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query AWS OpenSearch Service Domains for detailed information + on their configuration, status, and associated resources. ID: aws_opensearch_domain_7 -Title: "Find AWS OpenSearch Service Domains Configuration" -Description: "Allows users to query AWS OpenSearch Service Domains for detailed information on their configuration, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - domain_id, - log_publishing_options - from - aws_opensearch_domain; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n domain_id,\n log_publishing_options\n\ + from\n aws_opensearch_domain;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - OpenSearch Service +Title: Find AWS OpenSearch Service Domains Configuration diff --git a/queries/aws_opensearch_domain_8.yaml b/queries/aws_opensearch_domain_8.yaml index 5b04d6f2c..28d097a3a 100755 --- a/queries/aws_opensearch_domain_8.yaml +++ b/queries/aws_opensearch_domain_8.yaml @@ -1,25 +1,22 @@ +Description: Allows users to query AWS OpenSearch Service Domains for detailed information + on their configuration, status, and associated resources. ID: aws_opensearch_domain_8 -Title: "List all AWS OpenSearch Service Domain Configurations" -Description: "Allows users to query AWS OpenSearch Service Domains for detailed information on their configuration, status, and associated resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - domain_id, - log_publishing_options -> 'SEARCH_SLOW_LOGS' -> 'Enabled' as enabled, - log_publishing_options -> 'SEARCH_SLOW_LOGS' -> 'CloudWatchLogsLogGroupArn' as cloud_watch_logs_log_group_arn - from - aws_opensearch_domain; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n domain_id,\n log_publishing_options\ + \ -> 'SEARCH_SLOW_LOGS' -> 'Enabled' as enabled,\n log_publishing_options ->\ + \ 'SEARCH_SLOW_LOGS' -> 'CloudWatchLogsLogGroupArn' as cloud_watch_logs_log_group_arn\n\ + from\n aws_opensearch_domain;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - OpenSearch Service +Title: List all AWS OpenSearch Service Domain Configurations diff --git a/queries/aws_organizations_account_1.yaml b/queries/aws_organizations_account_1.yaml index 5de0b8451..ad6533efc 100755 --- a/queries/aws_organizations_account_1.yaml +++ b/queries/aws_organizations_account_1.yaml @@ -1,29 +1,20 @@ +Description: Allows users to query AWS Organizations Account and provides information + about each AWS account that is a member of an organization in AWS Organizations. ID: aws_organizations_account_1 -Title: "List all AWS Organizations Accounts with Details" -Description: "Allows users to query AWS Organizations Account and provides information about each AWS account that is a member of an organization in AWS Organizations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - arn, - email, - joined_method, - joined_timestamp, - name, - status, - tags - from - aws_organizations_account; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n arn,\n email,\n joined_method,\n joined_timestamp,\n\ + \ name,\n status,\n tags\nfrom\n aws_organizations_account;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Organizations +Title: List all AWS Organizations Accounts with Details diff --git a/queries/aws_organizations_account_2.yaml b/queries/aws_organizations_account_2.yaml index ad61b3463..add6cc9ae 100755 --- a/queries/aws_organizations_account_2.yaml +++ b/queries/aws_organizations_account_2.yaml @@ -1,32 +1,22 @@ +Description: Allows users to query AWS Organizations Account and provides information + about each AWS account that is a member of an organization in AWS Organizations. ID: aws_organizations_account_2 -Title: "List all AWS Organizations Account in Suspended Status" -Description: "Allows users to query AWS Organizations Account and provides information about each AWS account that is a member of an organization in AWS Organizations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - name, - arn, - email, - joined_method, - joined_timestamp, - status - from - aws_organizations_account - where - status = 'SUSPENDED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n name,\n arn,\n email,\n joined_method,\n joined_timestamp,\n\ + \ status\nfrom\n aws_organizations_account\nwhere\n status = 'SUSPENDED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Organizations +Title: List all AWS Organizations Account in Suspended Status diff --git a/queries/aws_organizations_organizational_unit_1.yaml b/queries/aws_organizations_organizational_unit_1.yaml index aefd30af2..8f237314d 100755 --- a/queries/aws_organizations_organizational_unit_1.yaml +++ b/queries/aws_organizations_organizational_unit_1.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS Organizations Organizational Units and provides + information about each OU. ID: aws_organizations_organizational_unit_1 -Title: "List all AWS Organization Units with Details" -Description: "Allows users to query AWS Organizations Organizational Units and provides information about each OU." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - arn, - parent_id, - title, - akas - from - aws_organizations_organizational_unit; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n arn,\n parent_id,\n title,\n akas\n\ + from\n aws_organizations_organizational_unit;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Organizations +Title: List all AWS Organization Units with Details diff --git a/queries/aws_organizations_organizational_unit_2.yaml b/queries/aws_organizations_organizational_unit_2.yaml index 8bb672fea..cbf4faec7 100755 --- a/queries/aws_organizations_organizational_unit_2.yaml +++ b/queries/aws_organizations_organizational_unit_2.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS Organizations Organizational Units and provides + information about each OU. ID: aws_organizations_organizational_unit_2 -Title: "List AWS Organizations Organizational Units" -Description: "Allows users to query AWS Organizations Organizational Units and provides information about each OU." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - parent_id, - path - from - aws_organizations_organizational_unit - where - path <@ 'r_wxnb.ou_wxnb_m8l8t123'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n parent_id,\n path\nfrom\n aws_organizations_organizational_unit\n\ + where\n path <@ 'r_wxnb.ou_wxnb_m8l8t123';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Organizations +Title: List AWS Organizations Organizational Units diff --git a/queries/aws_organizations_organizational_unit_3.yaml b/queries/aws_organizations_organizational_unit_3.yaml index e0e0bf04c..0708b46f0 100755 --- a/queries/aws_organizations_organizational_unit_3.yaml +++ b/queries/aws_organizations_organizational_unit_3.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS Organizations Organizational Units and provides + information about each OU. ID: aws_organizations_organizational_unit_3 -Title: "Find AWS Organizations Organizational Units using SQL" -Description: "Allows users to query AWS Organizations Organizational Units and provides information about each OU." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - parent_id, - path - from - aws_organizations_organizational_unit - where - nlevel(path) = 3; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n parent_id,\n path\nfrom\n aws_organizations_organizational_unit\n\ + where\n nlevel(path) = 3;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Organizations +Title: Find AWS Organizations Organizational Units using SQL diff --git a/queries/aws_organizations_organizational_unit_4.yaml b/queries/aws_organizations_organizational_unit_4.yaml index 313fa0373..b91b860db 100755 --- a/queries/aws_organizations_organizational_unit_4.yaml +++ b/queries/aws_organizations_organizational_unit_4.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS Organizations Organizational Units and provides + information about each OU. ID: aws_organizations_organizational_unit_4 -Title: "Find all AWS Organizations Organizational Units" -Description: "Allows users to query AWS Organizations Organizational Units and provides information about each OU." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - parent_id, - path - from - aws_organizations_organizational_unit - where - 'r_wxnb.ou_wxnb_m8l123aq.ou_wxnb_5gri123b' @> path; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n parent_id,\n path\nfrom\n aws_organizations_organizational_unit\n\ + where\n 'r_wxnb.ou_wxnb_m8l123aq.ou_wxnb_5gri123b' @> path;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Organizations +Title: Find all AWS Organizations Organizational Units diff --git a/queries/aws_organizations_organizational_unit_5.yaml b/queries/aws_organizations_organizational_unit_5.yaml index 615ef05f4..ab877d9fc 100755 --- a/queries/aws_organizations_organizational_unit_5.yaml +++ b/queries/aws_organizations_organizational_unit_5.yaml @@ -1,35 +1,21 @@ +Description: Allows users to query AWS Organizations Organizational Units and provides + information about each OU. ID: aws_organizations_organizational_unit_5 -Title: "Find all AWS Organizations Organizational Units" -Description: "Allows users to query AWS Organizations Organizational Units and provides information about each OU." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - parent_id, - path - from - aws_organizations_organizational_unit - where - parent_id = - ( - select - parent_id - from - aws_organizations_organizational_unit - where - name = 'Punisher' - ); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n parent_id,\n path\nfrom\n aws_organizations_organizational_unit\n\ + where\n parent_id =\n (\n select\n parent_id\n from\n aws_organizations_organizational_unit\n\ + \ where\n name = 'Punisher'\n );" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Organizations +Title: Find all AWS Organizations Organizational Units diff --git a/queries/aws_organizations_organizational_unit_6.yaml b/queries/aws_organizations_organizational_unit_6.yaml index ce9bd62be..54645b127 100755 --- a/queries/aws_organizations_organizational_unit_6.yaml +++ b/queries/aws_organizations_organizational_unit_6.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS Organizations Organizational Units and provides + information about each OU. ID: aws_organizations_organizational_unit_6 -Title: "List AWS Organizations Organizational Units" -Description: "Allows users to query AWS Organizations Organizational Units and provides information about each OU." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - parent_id, - path - from - aws_organizations_organizational_unit - where - path ~ 'r_wxnb.*.ou_wxnb_m81234aq.*'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n parent_id,\n path\nfrom\n aws_organizations_organizational_unit\n\ + where\n path ~ 'r_wxnb.*.ou_wxnb_m81234aq.*';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Organizations +Title: List AWS Organizations Organizational Units diff --git a/queries/aws_organizations_policy_1.yaml b/queries/aws_organizations_policy_1.yaml index 6c5946698..0a05fdac4 100755 --- a/queries/aws_organizations_policy_1.yaml +++ b/queries/aws_organizations_policy_1.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS Organizations Policy to retrieve detailed information + on policies within AWS Organizations. This table can be utilized to gain insights + on policy-specific details, such as policy type, content, and associated metadata. ID: aws_organizations_policy_1 -Title: "Find AWS Organizations Policy Details with SQL" -Description: "Allows users to query AWS Organizations Policy to retrieve detailed information on policies within AWS Organizations. This table can be utilized to gain insights on policy-specific details, such as policy type, content, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - arn, - type, - aws_managed - from - aws_organizations_policy - where - type = 'SERVICE_CONTROL_POLICY'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n arn,\n type,\n aws_managed\nfrom\n\ + \ aws_organizations_policy\nwhere\n type = 'SERVICE_CONTROL_POLICY';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Organizations Policy +Title: Find AWS Organizations Policy Details with SQL diff --git a/queries/aws_organizations_policy_2.yaml b/queries/aws_organizations_policy_2.yaml index c8d63eee6..1664606e1 100755 --- a/queries/aws_organizations_policy_2.yaml +++ b/queries/aws_organizations_policy_2.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS Organizations Policy to retrieve detailed information + on policies within AWS Organizations. This table can be utilized to gain insights + on policy-specific details, such as policy type, content, and associated metadata. ID: aws_organizations_policy_2 -Title: "List all Tag Policies in AWS Organizations" -Description: "Allows users to query AWS Organizations Policy to retrieve detailed information on policies within AWS Organizations. This table can be utilized to gain insights on policy-specific details, such as policy type, content, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - name, - arn, - type, - aws_managed - from - aws_organizations_policy - where - not aws_managed - and type = 'TAG_POLICY'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n name,\n arn,\n type,\n aws_managed\nfrom\n\ + \ aws_organizations_policy\nwhere\n not aws_managed\n and type = 'TAG_POLICY';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Organizations +Title: List all Tag Policies in AWS Organizations diff --git a/queries/aws_organizations_policy_3.yaml b/queries/aws_organizations_policy_3.yaml index b4c78afec..e585bb799 100755 --- a/queries/aws_organizations_policy_3.yaml +++ b/queries/aws_organizations_policy_3.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS Organizations Policy to retrieve detailed information + on policies within AWS Organizations. This table can be utilized to gain insights + on policy-specific details, such as policy type, content, and associated metadata. ID: aws_organizations_policy_3 -Title: "Find all AWS Organizations Backup Policies" -Description: "Allows users to query AWS Organizations Policy to retrieve detailed information on policies within AWS Organizations. This table can be utilized to gain insights on policy-specific details, such as policy type, content, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - name, - arn, - type, - aws_managed - from - aws_organizations_policy - where - type = 'BACKUP_POLICY'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n name,\n arn,\n type,\n aws_managed\nfrom\n\ + \ aws_organizations_policy\nwhere\n type = 'BACKUP_POLICY';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Organizations +Title: Find all AWS Organizations Backup Policies diff --git a/queries/aws_organizations_policy_4.yaml b/queries/aws_organizations_policy_4.yaml index cf42523de..040ea9f8d 100755 --- a/queries/aws_organizations_policy_4.yaml +++ b/queries/aws_organizations_policy_4.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS Organizations Policy to retrieve detailed information + on policies within AWS Organizations. This table can be utilized to gain insights + on policy-specific details, such as policy type, content, and associated metadata. ID: aws_organizations_policy_4 -Title: "Find AWS Organizations Policy Details" -Description: "Allows users to query AWS Organizations Policy to retrieve detailed information on policies within AWS Organizations. This table can be utilized to gain insights on policy-specific details, such as policy type, content, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - content ->> 'Version' as policy_version, - content ->> 'Statement' as policy_statement - from - aws_organizations_policy - where - type = 'SERVICE_CONTROL_POLICY'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n content ->> 'Version' as policy_version,\n\ + \ content ->> 'Statement' as policy_statement\nfrom\n aws_organizations_policy\n\ + where\n type = 'SERVICE_CONTROL_POLICY';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Organizations +Title: Find AWS Organizations Policy Details diff --git a/queries/aws_organizations_policy_target_1.yaml b/queries/aws_organizations_policy_target_1.yaml index b444f7d37..509fcb03a 100755 --- a/queries/aws_organizations_policy_target_1.yaml +++ b/queries/aws_organizations_policy_target_1.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS Organizations Policy Targets to retrieve detailed + information about the application of policies to roots, organizational units (OUs), + and accounts. ID: aws_organizations_policy_target_1 -Title: "List all AWS Organizations Policy Targets and Their Details" -Description: "Allows users to query AWS Organizations Policy Targets to retrieve detailed information about the application of policies to roots, organizational units (OUs), and accounts." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - arn, - type, - aws_managed - from - aws_organizations_policy_target - where - type = 'SERVICE_CONTROL_POLICY' - and target_id = '123456789098'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n arn,\n type,\n aws_managed \nfrom\n\ + \ aws_organizations_policy_target \nwhere\n type = 'SERVICE_CONTROL_POLICY'\ + \ \n and target_id = '123456789098';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Organizations +Title: List all AWS Organizations Policy Targets and Their Details diff --git a/queries/aws_organizations_policy_target_2.yaml b/queries/aws_organizations_policy_target_2.yaml index 3eeab6c69..657689f30 100755 --- a/queries/aws_organizations_policy_target_2.yaml +++ b/queries/aws_organizations_policy_target_2.yaml @@ -1,32 +1,24 @@ +Description: Allows users to query AWS Organizations Policy Targets to retrieve detailed + information about the application of policies to roots, organizational units (OUs), + and accounts. ID: aws_organizations_policy_target_2 -Title: "List AWS Organizations Policy Targets with SQL Query" -Description: "Allows users to query AWS Organizations Policy Targets to retrieve detailed information about the application of policies to roots, organizational units (OUs), and accounts." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - name, - arn, - type, - aws_managed - from - aws_organizations_policy_target - where - not aws_managed - and type = 'TAG_POLICY' - and target_id = 'ou-jsdhkek'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n name,\n arn,\n type,\n aws_managed \nfrom\n\ + \ aws_organizations_policy_target \nwhere\n not aws_managed \n and type = 'TAG_POLICY'\ + \ \n and target_id = 'ou-jsdhkek';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Organizations +Title: List AWS Organizations Policy Targets with SQL Query diff --git a/queries/aws_organizations_policy_target_3.yaml b/queries/aws_organizations_policy_target_3.yaml index d56953ba2..61578a07d 100755 --- a/queries/aws_organizations_policy_target_3.yaml +++ b/queries/aws_organizations_policy_target_3.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS Organizations Policy Targets to retrieve detailed + information about the application of policies to roots, organizational units (OUs), + and accounts. ID: aws_organizations_policy_target_3 -Title: "Find AWS Organizations Policy Targets with SQL" -Description: "Allows users to query AWS Organizations Policy Targets to retrieve detailed information about the application of policies to roots, organizational units (OUs), and accounts." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - name, - arn, - type, - aws_managed - from - aws_organizations_policy_target - where - type = 'BACKUP_POLICY' - and target_id = '123456789098'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n name,\n arn,\n type,\n aws_managed\nfrom\n\ + \ aws_organizations_policy_target\nwhere\n type = 'BACKUP_POLICY'\n and target_id\ + \ = '123456789098';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Organizations +Title: Find AWS Organizations Policy Targets with SQL diff --git a/queries/aws_organizations_policy_target_4.yaml b/queries/aws_organizations_policy_target_4.yaml index b60e6d911..38b249020 100755 --- a/queries/aws_organizations_policy_target_4.yaml +++ b/queries/aws_organizations_policy_target_4.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Organizations Policy Targets to retrieve detailed + information about the application of policies to roots, organizational units (OUs), + and accounts. ID: aws_organizations_policy_target_4 -Title: "Find AWS Organizations Policy Targets Information" -Description: "Allows users to query AWS Organizations Policy Targets to retrieve detailed information about the application of policies to roots, organizational units (OUs), and accounts." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - content ->> 'Version' as policy_version, - content ->> 'Statement' as policy_statement - from - aws_organizations_policy_target - where - type = 'SERVICE_CONTROL_POLICY' - and target_id = 'r-9ijkl7'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n content ->> 'Version' as policy_version,\n\ + \ content ->> 'Statement' as policy_statement\nfrom\n aws_organizations_policy_target\n\ + where\n type = 'SERVICE_CONTROL_POLICY'\n and target_id = 'r-9ijkl7';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Organizations +Title: Find AWS Organizations Policy Targets Information diff --git a/queries/aws_organizations_root_1.yaml b/queries/aws_organizations_root_1.yaml index 4c76d1156..0c0bb8a27 100755 --- a/queries/aws_organizations_root_1.yaml +++ b/queries/aws_organizations_root_1.yaml @@ -1,24 +1,20 @@ +Description: Allows users to query AWS Organizations Root to retrieve detailed information + on AWS Organizations Root account. This table can be utilized to gain insights on + organizations root account. ID: aws_organizations_root_1 -Title: "Find AWS Organization Root Account Detailed Info" -Description: "Allows users to query AWS Organizations Root to retrieve detailed information on AWS Organizations Root account. This table can be utilized to gain insights on organizations root account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - arn - from - aws_organizations_root; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n arn\nfrom\n aws_organizations_root;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Organizations +Title: Find AWS Organization Root Account Detailed Info diff --git a/queries/aws_organizations_root_2.yaml b/queries/aws_organizations_root_2.yaml index fa2ea4506..0d09bc763 100755 --- a/queries/aws_organizations_root_2.yaml +++ b/queries/aws_organizations_root_2.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query AWS Organizations Root to retrieve detailed information + on AWS Organizations Root account. This table can be utilized to gain insights on + organizations root account. ID: aws_organizations_root_2 -Title: "Find AWS Organizations Root and Policy Details" -Description: "Allows users to query AWS Organizations Root to retrieve detailed information on AWS Organizations Root account. This table can be utilized to gain insights on organizations root account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - name, - p ->> 'Status' as policy_status, - p ->> 'Type' as policy_type - from - aws_organizations_root, - jsonb_array_elements(policy_types) as p; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n name,\n p ->> 'Status' as policy_status,\n p\ + \ ->> 'Type' as policy_type\nfrom\n aws_organizations_root,\n jsonb_array_elements(policy_types)\ + \ as p;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Organizations +Title: Find AWS Organizations Root and Policy Details diff --git a/queries/aws_pinpoint_app_1.yaml b/queries/aws_pinpoint_app_1.yaml index eb9872ca5..70f7a7cbb 100755 --- a/queries/aws_pinpoint_app_1.yaml +++ b/queries/aws_pinpoint_app_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Pinpoint Applications to gather information + about the applications, such as application ID, name, and creation date. The table + also provides details about the application''s settings and limits. ID: aws_pinpoint_app_1 -Title: "Find all details of AWS Pinpoint Applications" -Description: "Allows users to query AWS Pinpoint Applications to gather information about the applications, such as application ID, name, and creation date. The table also provides details about the application''s settings and limits." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - name, - arn, - limits - from - aws_pinpoint_app; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n name,\n arn,\n limits\nfrom\n aws_pinpoint_app;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Pinpoint +Title: Find all details of AWS Pinpoint Applications diff --git a/queries/aws_pinpoint_app_2.yaml b/queries/aws_pinpoint_app_2.yaml index ce8e60465..f90ce11f9 100755 --- a/queries/aws_pinpoint_app_2.yaml +++ b/queries/aws_pinpoint_app_2.yaml @@ -1,24 +1,21 @@ +Description: Allows users to query AWS Pinpoint Applications to gather information + about the applications, such as application ID, name, and creation date. The table + also provides details about the application''s settings and limits. ID: aws_pinpoint_app_2 -Title: "Find AWS Pinpoint Applications and Details" -Description: "Allows users to query AWS Pinpoint Applications to gather information about the applications, such as application ID, name, and creation date. The table also provides details about the application''s settings and limits." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - quiet_time -> 'Start' as start_time, - quiet_time -> 'End' as end_time - from - aws_pinpoint_app; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n quiet_time -> 'Start' as start_time,\n quiet_time\ + \ -> 'End' as end_time\nfrom\n aws_pinpoint_app;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Pinpoint +Title: Find AWS Pinpoint Applications and Details diff --git a/queries/aws_pinpoint_app_3.yaml b/queries/aws_pinpoint_app_3.yaml index dd25e7006..3e8351799 100755 --- a/queries/aws_pinpoint_app_3.yaml +++ b/queries/aws_pinpoint_app_3.yaml @@ -1,25 +1,22 @@ +Description: Allows users to query AWS Pinpoint Applications to gather information + about the applications, such as application ID, name, and creation date. The table + also provides details about the application''s settings and limits. ID: aws_pinpoint_app_3 -Title: "Find all AWS Pinpoint App details and settings" -Description: "Allows users to query AWS Pinpoint Applications to gather information about the applications, such as application ID, name, and creation date. The table also provides details about the application''s settings and limits." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - campaign_hook -> 'LambdaFunctionName' as lambda_function_name, - campaign_hook -> 'Mode' as mode, - campaign_hook -> 'WebUrl' as web_url - from - aws_pinpoint_app; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n campaign_hook -> 'LambdaFunctionName' as lambda_function_name,\n\ + \ campaign_hook -> 'Mode' as mode,\n campaign_hook -> 'WebUrl' as web_url\n\ + from\n aws_pinpoint_app;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Pinpoint +Title: Find all AWS Pinpoint App details and settings diff --git a/queries/aws_pinpoint_app_4.yaml b/queries/aws_pinpoint_app_4.yaml index a6b8d7ae9..7d385278a 100755 --- a/queries/aws_pinpoint_app_4.yaml +++ b/queries/aws_pinpoint_app_4.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS Pinpoint Applications to gather information + about the applications, such as application ID, name, and creation date. The table + also provides details about the application''s settings and limits. ID: aws_pinpoint_app_4 -Title: "List AWS Pinpoint Application Details and Limits" -Description: "Allows users to query AWS Pinpoint Applications to gather information about the applications, such as application ID, name, and creation date. The table also provides details about the application''s settings and limits." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - limits -> 'Daily' as daily, - limits -> 'Total' as total, - limits -> 'Session' as session, - limits -> 'MaximumDuration' as maximum_duration, - limits -> 'MessagesPerSecond' as messages_per_second - from - aws_pinpoint_app; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n limits -> 'Daily' as daily,\n limits -> 'Total'\ + \ as total,\n limits -> 'Session' as session,\n limits -> 'MaximumDuration'\ + \ as maximum_duration,\n limits -> 'MessagesPerSecond' as messages_per_second\n\ + from\n aws_pinpoint_app;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Pinpoint +Title: List AWS Pinpoint Application Details and Limits diff --git a/queries/aws_pipes_pipe_1.yaml b/queries/aws_pipes_pipe_1.yaml index b2c6df969..9188430ff 100755 --- a/queries/aws_pipes_pipe_1.yaml +++ b/queries/aws_pipes_pipe_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Pipes to obtain detailed information about + individual pipes. ID: aws_pipes_pipe_1 -Title: "Find AWS Pipe Details via SQL Query" -Description: "Allows users to query AWS Pipes to obtain detailed information about individual pipes." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - current_state, - creation_time, - role_arn - from - aws_pipes_pipe; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n current_state,\n creation_time,\n \ + \ role_arn\nfrom\n aws_pipes_pipe;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Pipes +Title: Find AWS Pipe Details via SQL Query diff --git a/queries/aws_pipes_pipe_2.yaml b/queries/aws_pipes_pipe_2.yaml index 1b8933b8c..a5e771d21 100755 --- a/queries/aws_pipes_pipe_2.yaml +++ b/queries/aws_pipes_pipe_2.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query AWS Pipes to obtain detailed information about + individual pipes. ID: aws_pipes_pipe_2 -Title: "List all AWS Pipes with State Details" -Description: "Allows users to query AWS Pipes to obtain detailed information about individual pipes." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - description, - creation_time, - current_state, - desired_state - from - aws_pipes_pipe - where - desired_state <> current_state; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n description,\n creation_time,\n current_state,\n\ + \ desired_state\nfrom\n aws_pipes_pipe\nwhere\n desired_state <> current_state;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Pipes +Title: List all AWS Pipes with State Details diff --git a/queries/aws_pipes_pipe_3.yaml b/queries/aws_pipes_pipe_3.yaml index 1ead735df..dcdaacc98 100755 --- a/queries/aws_pipes_pipe_3.yaml +++ b/queries/aws_pipes_pipe_3.yaml @@ -1,34 +1,31 @@ +Description: Allows users to query AWS Pipes to obtain detailed information about + individual pipes. ID: aws_pipes_pipe_3 -Title: "List all AWS Pipes with Detailed Parameters" -Description: "Allows users to query AWS Pipes to obtain detailed information about individual pipes." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - target_parameters ->> 'BatchJobParameters' as batch_job_parameters, - target_parameters ->> 'CloudWatchLogsParameters' as cloudwatch_logs_parameters, - target_parameters ->> 'EcsTaskParameters' as ecs_task_parameters, - target_parameters ->> 'EventBridgeEventBusParameters' as eventbridge_event_bus_parameters, - target_parameters ->> 'HttpParameters' as http_parameters, - target_parameters ->> 'InputTemplate' as input_template, - target_parameters ->> 'KinesisStreamParameters' as kinesis_stream_parameters, - target_parameters ->> 'LambdaFunctionParameters' as lambda_function_parameters, - target_parameters ->> 'RedshiftDataParameters' as redshift_data_parameters, - target_parameters ->> 'SageMakerPipelineParameters' as sage_maker_pipeline_parameters, - target_parameters ->> 'SqsQueueParameters' as sqs_queue_parameters, - target_parameters ->> 'StepFunctionStateMachineParameters' as step_function_state_machine_parameters - from - aws_pipes_pipe; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n target_parameters ->> 'BatchJobParameters' as\ + \ batch_job_parameters,\n target_parameters ->> 'CloudWatchLogsParameters' as\ + \ cloudwatch_logs_parameters,\n target_parameters ->> 'EcsTaskParameters' as\ + \ ecs_task_parameters,\n target_parameters ->> 'EventBridgeEventBusParameters'\ + \ as eventbridge_event_bus_parameters,\n target_parameters ->> 'HttpParameters'\ + \ as http_parameters,\n target_parameters ->> 'InputTemplate' as input_template,\n\ + \ target_parameters ->> 'KinesisStreamParameters' as kinesis_stream_parameters,\n\ + \ target_parameters ->> 'LambdaFunctionParameters' as lambda_function_parameters,\n\ + \ target_parameters ->> 'RedshiftDataParameters' as redshift_data_parameters,\n\ + \ target_parameters ->> 'SageMakerPipelineParameters' as sage_maker_pipeline_parameters,\n\ + \ target_parameters ->> 'SqsQueueParameters' as sqs_queue_parameters,\n target_parameters\ + \ ->> 'StepFunctionStateMachineParameters' as step_function_state_machine_parameters\n\ + from\n aws_pipes_pipe;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Pipes +Title: List all AWS Pipes with Detailed Parameters diff --git a/queries/aws_pipes_pipe_4.yaml b/queries/aws_pipes_pipe_4.yaml index 71c989e0f..8164b7a9d 100755 --- a/queries/aws_pipes_pipe_4.yaml +++ b/queries/aws_pipes_pipe_4.yaml @@ -1,24 +1,21 @@ +Description: Allows users to query AWS Pipes to obtain detailed information about + individual pipes. ID: aws_pipes_pipe_4 -Title: "List All AWS Pipes and Their Details" -Description: "Allows users to query AWS Pipes to obtain detailed information about individual pipes." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - enrichment_parameters ->> 'HttpParameters' as http_parameters, - enrichment_parameters ->> 'InputTemplate' as input_template - from - aws_pipes_pipe; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n enrichment_parameters ->> 'HttpParameters' as\ + \ http_parameters,\n enrichment_parameters ->> 'InputTemplate' as input_template\n\ + from\n aws_pipes_pipe;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Pipes +Title: List All AWS Pipes and Their Details diff --git a/queries/aws_pipes_pipe_5.yaml b/queries/aws_pipes_pipe_5.yaml index f48122746..a884255c6 100755 --- a/queries/aws_pipes_pipe_5.yaml +++ b/queries/aws_pipes_pipe_5.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query AWS Pipes to obtain detailed information about + individual pipes. ID: aws_pipes_pipe_5 -Title: "List AWS Pipes and Their Details Using SQL" -Description: "Allows users to query AWS Pipes to obtain detailed information about individual pipes." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - creation_time, - current_state, - desired_state, - enrichment, - target - from - aws_pipes_pipe - where - creation_time >= now() - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n creation_time,\n current_state,\n desired_state,\n\ + \ enrichment,\n target\nfrom\n aws_pipes_pipe\nwhere\n creation_time >= now()\ + \ - interval '30' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Pipes +Title: List AWS Pipes and Their Details Using SQL diff --git a/queries/aws_pipes_pipe_6.yaml b/queries/aws_pipes_pipe_6.yaml index f2d65cb66..9d65a078c 100755 --- a/queries/aws_pipes_pipe_6.yaml +++ b/queries/aws_pipes_pipe_6.yaml @@ -1,33 +1,23 @@ +Description: Allows users to query AWS Pipes to obtain detailed information about + individual pipes. ID: aws_pipes_pipe_6 -Title: "List AWS Pipes and Their Associated IAM Roles" -Description: "Allows users to query AWS Pipes to obtain detailed information about individual pipes." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - p.name, - r.arn as role_arn, - r.role_id, - r.permissions_boundary_arn, - r.role_last_used_region, - r.inline_policies, - r.assume_role_policy - from - aws_pipes_pipe as p, - aws_iam_role as r - where - p.role_arn = r.arn; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n p.name,\n r.arn as role_arn,\n r.role_id,\n r.permissions_boundary_arn,\n\ + \ r.role_last_used_region,\n r.inline_policies,\n r.assume_role_policy\nfrom\n\ + \ aws_pipes_pipe as p,\n aws_iam_role as r\nwhere\n p.role_arn = r.arn;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Pipes +Title: List AWS Pipes and Their Associated IAM Roles diff --git a/queries/aws_pricing_product_1.yaml b/queries/aws_pricing_product_1.yaml index bc275772d..60e490c3a 100755 --- a/queries/aws_pricing_product_1.yaml +++ b/queries/aws_pricing_product_1.yaml @@ -1,46 +1,27 @@ +Description: Allows users to query AWS Pricing Product details such as the product''s + description, pricing details, and associated attributes. ID: aws_pricing_product_1 -Title: "Find AWS Pricing Product Details with Attributes" -Description: "Allows users to query AWS Pricing Product details such as the product''s description, pricing details, and associated attributes." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - term, - purchase_option, - lease_contract_length, - unit, - price_per_unit::numeric::money, - currency, - begin_range, - end_range, - effective_date, - description, - attributes ->> 'instanceType', - attributes ->> 'vcpu', - attributes ->> 'memory', - attributes ->> 'operatingSystem', - attributes ->> 'preInstalledSw' - from - aws_pricing_product - where - service_code = 'AmazonEC2' - and filters = '{ - "regionCode": "eu-west-3", - "locationType": "AWS Region", - "instanceType": "c5.2xlarge", - "operatingSystem": "Linux", - "tenancy": "Shared", - "preInstalledSw": "NA", - "capacityStatus": "Used" }'::jsonb; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n term,\n purchase_option,\n lease_contract_length,\n\ + \ unit,\n price_per_unit::numeric::money,\n currency,\n begin_range,\n end_range,\n\ + \ effective_date,\n description,\n attributes ->> 'instanceType',\n attributes\ + \ ->> 'vcpu',\n attributes ->> 'memory',\n attributes ->> 'operatingSystem',\n\ + \ attributes ->> 'preInstalledSw'\nfrom\n aws_pricing_product\nwhere\n service_code\ + \ = 'AmazonEC2'\n and filters = '{\n \"regionCode\": \"eu-west-3\",\n \"locationType\"\ + : \"AWS Region\",\n \"instanceType\": \"c5.2xlarge\",\n \"operatingSystem\"\ + : \"Linux\",\n \"tenancy\": \"Shared\",\n \"preInstalledSw\": \"NA\",\n \"\ + capacityStatus\": \"Used\" }'::jsonb;" Tags: cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Pricing +Title: Find AWS Pricing Product Details with Attributes diff --git a/queries/aws_pricing_product_2.yaml b/queries/aws_pricing_product_2.yaml index be403b541..a9ed96866 100755 --- a/queries/aws_pricing_product_2.yaml +++ b/queries/aws_pricing_product_2.yaml @@ -1,40 +1,25 @@ +Description: Allows users to query AWS Pricing Product details such as the product''s + description, pricing details, and associated attributes. ID: aws_pricing_product_2 -Title: "List AWS Pricing Product Details by Service Code and Filters" -Description: "Allows users to query AWS Pricing Product details such as the product''s description, pricing details, and associated attributes." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - term, - purchase_option, - lease_contract_length, - unit, - price_per_unit::numeric::money, - currency, - attributes ->> 'instanceType', - attributes ->> 'vcpu', - attributes ->> 'memory', - attributes ->> 'databaseEngine', - attributes ->> 'deploymentOption' - from - aws_pricing_product - where - service_code = 'AmazonRDS' - and filters = '{ - "regionCode": "eu-west-3", - "locationType": "AWS Region", - "instanceType": "db.m5.xlarge", - "databaseEngine": "MySQL", - "deploymentOption": "Single-AZ" }'::jsonb; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n term,\n purchase_option,\n lease_contract_length,\n\ + \ unit,\n price_per_unit::numeric::money,\n currency,\n attributes ->> 'instanceType',\n\ + \ attributes ->> 'vcpu',\n attributes ->> 'memory',\n attributes ->> 'databaseEngine',\n\ + \ attributes ->> 'deploymentOption'\nfrom\n aws_pricing_product\nwhere\n service_code\ + \ = 'AmazonRDS'\n and filters = '{\n \"regionCode\": \"eu-west-3\",\n \"locationType\"\ + : \"AWS Region\",\n \"instanceType\": \"db.m5.xlarge\",\n \"databaseEngine\"\ + : \"MySQL\",\n \"deploymentOption\": \"Single-AZ\" }'::jsonb;" Tags: cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Pricing Product +Title: List AWS Pricing Product Details by Service Code and Filters diff --git a/queries/aws_pricing_product_3.yaml b/queries/aws_pricing_product_3.yaml index 6ce99b9bc..57a8ae57a 100755 --- a/queries/aws_pricing_product_3.yaml +++ b/queries/aws_pricing_product_3.yaml @@ -1,40 +1,26 @@ +Description: Allows users to query AWS Pricing Product details such as the product''s + description, pricing details, and associated attributes. ID: aws_pricing_product_3 -Title: "Find AWS ElastiCache Pricing Product with Specific Attributes" -Description: "Allows users to query AWS Pricing Product details such as the product''s description, pricing details, and associated attributes." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - term, - purchase_option, - lease_contract_length, - unit, - price_per_unit::numeric::money, - currency, - attributes ->> 'instanceType', - attributes ->> 'vcpu', - attributes ->> 'memory', - attributes ->> 'cacheEngine' - from - aws_pricing_product - where - service_code = 'AmazonElastiCache' - and filters = '{ - "regionCode": "eu-west-3", - "locationType": "AWS Region", - "instanceType": "cache.m5.xlarge", - "cacheEngine": "Redis" }'::jsonb; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n term,\n purchase_option,\n lease_contract_length,\n\ + \ unit,\n price_per_unit::numeric::money,\n currency,\n attributes ->> 'instanceType',\n\ + \ attributes ->> 'vcpu',\n attributes ->> 'memory',\n attributes ->> 'cacheEngine'\n\ + from\n aws_pricing_product\nwhere\n service_code = 'AmazonElastiCache'\n and\ + \ filters = '{\n \"regionCode\": \"eu-west-3\",\n \"locationType\": \"AWS Region\"\ + ,\n \"instanceType\": \"cache.m5.xlarge\",\n \"cacheEngine\": \"Redis\" }'::jsonb;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Pricing Product +Title: Find AWS ElastiCache Pricing Product with Specific Attributes diff --git a/queries/aws_pricing_service_attribute_1.yaml b/queries/aws_pricing_service_attribute_1.yaml index 6a9b0be96..47116b69c 100755 --- a/queries/aws_pricing_service_attribute_1.yaml +++ b/queries/aws_pricing_service_attribute_1.yaml @@ -1,24 +1,20 @@ +Description: Allows users to query AWS Pricing Service Attributes to gain insights + into product attributes and their respective prices. ID: aws_pricing_service_attribute_1 -Title: "List all AWS Pricing Service Attributes and Prices" -Description: "Allows users to query AWS Pricing Service Attributes to gain insights into product attributes and their respective prices." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service_code, - attribute_name, - attribute_values - from - aws_pricing_service_attribute; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service_code,\n attribute_name,\n attribute_values\n\ + from\n aws_pricing_service_attribute;" Tags: cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Pricing Service +Title: List all AWS Pricing Service Attributes and Prices diff --git a/queries/aws_pricing_service_attribute_2.yaml b/queries/aws_pricing_service_attribute_2.yaml index 5aef29c1b..e2c314b87 100755 --- a/queries/aws_pricing_service_attribute_2.yaml +++ b/queries/aws_pricing_service_attribute_2.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Pricing Service Attributes to gain insights + into product attributes and their respective prices. ID: aws_pricing_service_attribute_2 -Title: "List all AWS Pricing Service Attributes" -Description: "Allows users to query AWS Pricing Service Attributes to gain insights into product attributes and their respective prices." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service_code, - attribute_name, - attribute_values - from - aws_pricing_service_attribute - where - service_code = 'AWSBackup'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service_code,\n attribute_name,\n attribute_values\n\ + from\n aws_pricing_service_attribute\nwhere\n service_code = 'AWSBackup';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Pricing Service +Title: List all AWS Pricing Service Attributes diff --git a/queries/aws_pricing_service_attribute_3.yaml b/queries/aws_pricing_service_attribute_3.yaml index bf4629001..432dfd946 100755 --- a/queries/aws_pricing_service_attribute_3.yaml +++ b/queries/aws_pricing_service_attribute_3.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS Pricing Service Attributes to gain insights + into product attributes and their respective prices. ID: aws_pricing_service_attribute_3 -Title: "Find AWS Pricing Service Attributes for AWSBackup and termType" -Description: "Allows users to query AWS Pricing Service Attributes to gain insights into product attributes and their respective prices." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service_code, - attribute_name, - attribute_values - from - aws_pricing_service_attribute - where - service_code = 'AWSBackup' and attribute_name = 'termType'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service_code,\n attribute_name,\n attribute_values\n\ + from\n aws_pricing_service_attribute\nwhere\n service_code = 'AWSBackup' and\ + \ attribute_name = 'termType';" Tags: cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Pricing Service +Title: Find AWS Pricing Service Attributes for AWSBackup and termType diff --git a/queries/aws_ram_principal_association_1.yaml b/queries/aws_ram_principal_association_1.yaml index ad03bed62..7cbbc0efc 100755 --- a/queries/aws_ram_principal_association_1.yaml +++ b/queries/aws_ram_principal_association_1.yaml @@ -1,27 +1,28 @@ +Description: Allows users to query AWS RAM Principal Associations. The `aws_ram_principal_association` + table in Steampipe provides information about principal associations within AWS + Resource Access Manager (RAM). This table allows DevOps engineers to query principal-specific + details, including resource share ARN, principal ARN, creation time, and associated + tags. Users can utilize this table to gather insights on principal associations, + such as their status, external status, and more. The schema outlines the various + attributes of the principal association, including the resource share ARN, principal + ARN, creation time, and associated tags. ID: aws_ram_principal_association_1 -Title: "List AWS RAM Principal Associations with SQL" -Description: "Allows users to query AWS RAM Principal Associations. The `aws_ram_principal_association` table in Steampipe provides information about principal associations within AWS Resource Access Manager (RAM). This table allows DevOps engineers to query principal-specific details, including resource share ARN, principal ARN, creation time, and associated tags. Users can utilize this table to gather insights on principal associations, such as their status, external status, and more. The schema outlines the various attributes of the principal association, including the resource share ARN, principal ARN, creation time, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - resource_share_name, - resource_share_arn, - associated_entity, - status - from - aws_ram_principal_association; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n resource_share_name,\n resource_share_arn,\n associated_entity,\n\ + \ status\nfrom\n aws_ram_principal_association;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Resource Access Manager +Title: List AWS RAM Principal Associations with SQL diff --git a/queries/aws_ram_principal_association_2.yaml b/queries/aws_ram_principal_association_2.yaml index e11531d55..9d78b41a1 100755 --- a/queries/aws_ram_principal_association_2.yaml +++ b/queries/aws_ram_principal_association_2.yaml @@ -1,29 +1,30 @@ +Description: Allows users to query AWS RAM Principal Associations. The `aws_ram_principal_association` + table in Steampipe provides information about principal associations within AWS + Resource Access Manager (RAM). This table allows DevOps engineers to query principal-specific + details, including resource share ARN, principal ARN, creation time, and associated + tags. Users can utilize this table to gather insights on principal associations, + such as their status, external status, and more. The schema outlines the various + attributes of the principal association, including the resource share ARN, principal + ARN, creation time, and associated tags. ID: aws_ram_principal_association_2 -Title: "List all AWS RAM Principal Associations by SQL Query" -Description: "Allows users to query AWS RAM Principal Associations. The `aws_ram_principal_association` table in Steampipe provides information about principal associations within AWS Resource Access Manager (RAM). This table allows DevOps engineers to query principal-specific details, including resource share ARN, principal ARN, creation time, and associated tags. Users can utilize this table to gather insights on principal associations, such as their status, external status, and more. The schema outlines the various attributes of the principal association, including the resource share ARN, principal ARN, creation time, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - resource_share_name, - resource_share_arn, - associated_entity, - p ->> 'Arn' as resource_share_permission_arn, - p ->> 'Status' as resource_share_permission_status - from - aws_ram_principal_association, - jsonb_array_elements(resource_share_permission) p; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n resource_share_name,\n resource_share_arn,\n associated_entity,\n\ + \ p ->> 'Arn' as resource_share_permission_arn,\n p ->> 'Status' as resource_share_permission_status\n\ + from\n aws_ram_principal_association,\n jsonb_array_elements(resource_share_permission)\ + \ p;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Resource Access Manager +Title: List all AWS RAM Principal Associations by SQL Query diff --git a/queries/aws_ram_principal_association_3.yaml b/queries/aws_ram_principal_association_3.yaml index e7bd93597..74362bbc3 100755 --- a/queries/aws_ram_principal_association_3.yaml +++ b/queries/aws_ram_principal_association_3.yaml @@ -1,27 +1,26 @@ +Description: Allows users to query AWS RAM Principal Associations. The `aws_ram_principal_association` + table in Steampipe provides information about principal associations within AWS + Resource Access Manager (RAM). This table allows DevOps engineers to query principal-specific + details, including resource share ARN, principal ARN, creation time, and associated + tags. Users can utilize this table to gather insights on principal associations, + such as their status, external status, and more. The schema outlines the various + attributes of the principal association, including the resource share ARN, principal + ARN, creation time, and associated tags. ID: aws_ram_principal_association_3 -Title: "List all AWS RAM Principal Associations with Failed Status" -Description: "Allows users to query AWS RAM Principal Associations. The `aws_ram_principal_association` table in Steampipe provides information about principal associations within AWS Resource Access Manager (RAM). This table allows DevOps engineers to query principal-specific details, including resource share ARN, principal ARN, creation time, and associated tags. Users can utilize this table to gather insights on principal associations, such as their status, external status, and more. The schema outlines the various attributes of the principal association, including the resource share ARN, principal ARN, creation time, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - resource_share_name, - resource_share_arn, - associated_entity, - status - from - aws_ram_principal_association - where - status = 'FAILED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n resource_share_name,\n resource_share_arn,\n associated_entity,\n\ + \ status\nfrom\n aws_ram_principal_association\nwhere\n status = 'FAILED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Resource Access Manager +Title: List all AWS RAM Principal Associations with Failed Status diff --git a/queries/aws_ram_resource_association_1.yaml b/queries/aws_ram_resource_association_1.yaml index 0def52f40..425743e5f 100755 --- a/queries/aws_ram_resource_association_1.yaml +++ b/queries/aws_ram_resource_association_1.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS RAM Resource Associations to retrieve information + about the associations between resources and resource shares. ID: aws_ram_resource_association_1 -Title: "List all AWS RAM Resource Associations with SQL" -Description: "Allows users to query AWS RAM Resource Associations to retrieve information about the associations between resources and resource shares." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - resource_share_name, - resource_share_arn, - associated_entity, - status - from - aws_ram_resource_association; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n resource_share_name,\n resource_share_arn,\n associated_entity,\n\ + \ status\nfrom\n aws_ram_resource_association;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS RAM +Title: List all AWS RAM Resource Associations with SQL diff --git a/queries/aws_ram_resource_association_2.yaml b/queries/aws_ram_resource_association_2.yaml index c7a943a7e..05ccf344b 100755 --- a/queries/aws_ram_resource_association_2.yaml +++ b/queries/aws_ram_resource_association_2.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS RAM Resource Associations to retrieve information + about the associations between resources and resource shares. ID: aws_ram_resource_association_2 -Title: "List AWS RAM Resource Associations and Permissions" -Description: "Allows users to query AWS RAM Resource Associations to retrieve information about the associations between resources and resource shares." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - resource_share_name, - resource_share_arn, - associated_entity, - p ->> 'Arn' as resource_share_permission_arn, - p ->> 'Status' as resource_share_permission_status - from - aws_ram_resource_association, - jsonb_array_elements(resource_share_permission) p; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n resource_share_name,\n resource_share_arn,\n associated_entity,\n\ + \ p ->> 'Arn' as resource_share_permission_arn,\n p ->> 'Status' as resource_share_permission_status\n\ + from\n aws_ram_resource_association,\n jsonb_array_elements(resource_share_permission)\ + \ p;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS RAM Resource Association +Title: List AWS RAM Resource Associations and Permissions diff --git a/queries/aws_ram_resource_association_3.yaml b/queries/aws_ram_resource_association_3.yaml index 7332c59a6..21c4d57e0 100755 --- a/queries/aws_ram_resource_association_3.yaml +++ b/queries/aws_ram_resource_association_3.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS RAM Resource Associations to retrieve information + about the associations between resources and resource shares. ID: aws_ram_resource_association_3 -Title: "Find AWS RAM Resource Associations with SQL Query" -Description: "Allows users to query AWS RAM Resource Associations to retrieve information about the associations between resources and resource shares." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - resource_share_name, - resource_share_arn, - associated_entity, - status - from - aws_ram_resource_association - where - status = 'FAILED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n resource_share_name,\n resource_share_arn,\n associated_entity,\n\ + \ status\nfrom\n aws_ram_resource_association\nwhere\n status = 'FAILED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RAM +Title: Find AWS RAM Resource Associations with SQL Query diff --git a/queries/aws_rds_db_cluster_1.yaml b/queries/aws_rds_db_cluster_1.yaml index 8b8cec140..9ed373878 100755 --- a/queries/aws_rds_db_cluster_1.yaml +++ b/queries/aws_rds_db_cluster_1.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS RDS DB Clusters and retrieve valuable information + about the status, configuration, and security settings of each DB cluster. ID: aws_rds_db_cluster_1 -Title: "Find all AWS RDS DB Clusters: Status & Security Details" -Description: "Allows users to query AWS RDS DB Clusters and retrieve valuable information about the status, configuration, and security settings of each DB cluster." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_cluster_identifier, - allocated_storage, - kms_key_id - from - aws_rds_db_cluster - where - kms_key_id is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_cluster_identifier,\n allocated_storage,\n kms_key_id\n\ + from\n aws_rds_db_cluster\nwhere\n kms_key_id is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS DB Cluster +Title: 'Find all AWS RDS DB Clusters: Status & Security Details' diff --git a/queries/aws_rds_db_cluster_2.yaml b/queries/aws_rds_db_cluster_2.yaml index ce20612ab..e61b0a4b6 100755 --- a/queries/aws_rds_db_cluster_2.yaml +++ b/queries/aws_rds_db_cluster_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS RDS DB Clusters and retrieve valuable information + about the status, configuration, and security settings of each DB cluster. ID: aws_rds_db_cluster_2 -Title: "List AWS RDS DB Clusters Status and Configurations" -Description: "Allows users to query AWS RDS DB Clusters and retrieve valuable information about the status, configuration, and security settings of each DB cluster." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_cluster_identifier, - backup_retention_period - from - aws_rds_db_cluster - where - backup_retention_period > 7; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_cluster_identifier,\n backup_retention_period\nfrom\n\ + \ aws_rds_db_cluster\nwhere\n backup_retention_period > 7;" Tags: cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List AWS RDS DB Clusters Status and Configurations diff --git a/queries/aws_rds_db_cluster_3.yaml b/queries/aws_rds_db_cluster_3.yaml index f4e2c3836..9b768421e 100755 --- a/queries/aws_rds_db_cluster_3.yaml +++ b/queries/aws_rds_db_cluster_3.yaml @@ -1,23 +1,20 @@ +Description: Allows users to query AWS RDS DB Clusters and retrieve valuable information + about the status, configuration, and security settings of each DB cluster. ID: aws_rds_db_cluster_3 -Title: "Query AWS RDS DB Clusters for Status and Config Details" -Description: "Allows users to query AWS RDS DB Clusters and retrieve valuable information about the status, configuration, and security settings of each DB cluster." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_cluster_identifier, - jsonb_array_length(availability_zones) availability_zones_count - from - aws_rds_db_cluster; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_cluster_identifier,\n jsonb_array_length(availability_zones)\ + \ availability_zones_count\nfrom\n aws_rds_db_cluster;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS RDS +Title: Query AWS RDS DB Clusters for Status and Config Details diff --git a/queries/aws_rds_db_cluster_4.yaml b/queries/aws_rds_db_cluster_4.yaml index 8559009b7..2157bf448 100755 --- a/queries/aws_rds_db_cluster_4.yaml +++ b/queries/aws_rds_db_cluster_4.yaml @@ -1,29 +1,25 @@ +Description: Allows users to query AWS RDS DB Clusters and retrieve valuable information + about the status, configuration, and security settings of each DB cluster. ID: aws_rds_db_cluster_4 -Title: "List all AWS RDS DB Clusters status and settings" -Description: "Allows users to query AWS RDS DB Clusters and retrieve valuable information about the status, configuration, and security settings of each DB cluster." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_cluster_identifier, - member ->> 'DBClusterParameterGroupStatus' as db_cluster_parameter_group_status, - member ->> 'DBInstanceIdentifier' as db_instance_identifier, - member ->> 'IsClusterWriter' as is_cluster_writer, - member ->> 'PromotionTier' as promotion_tier - from - aws_rds_db_cluster - cross join jsonb_array_elements(members) as member; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_cluster_identifier,\n member ->> 'DBClusterParameterGroupStatus'\ + \ as db_cluster_parameter_group_status,\n member ->> 'DBInstanceIdentifier' as\ + \ db_instance_identifier,\n member ->> 'IsClusterWriter' as is_cluster_writer,\n\ + \ member ->> 'PromotionTier' as promotion_tier\nfrom\n aws_rds_db_cluster\n\ + \ cross join jsonb_array_elements(members) as member;" Tags: cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List all AWS RDS DB Clusters status and settings diff --git a/queries/aws_rds_db_cluster_5.yaml b/queries/aws_rds_db_cluster_5.yaml index 71a74c75b..05240a6c0 100755 --- a/queries/aws_rds_db_cluster_5.yaml +++ b/queries/aws_rds_db_cluster_5.yaml @@ -1,31 +1,27 @@ +Description: Allows users to query AWS RDS DB Clusters and retrieve valuable information + about the status, configuration, and security settings of each DB cluster. ID: aws_rds_db_cluster_5 -Title: "Find AWS RDS DB Clusters Status and Configuration" -Description: "Allows users to query AWS RDS DB Clusters and retrieve valuable information about the status, configuration, and security settings of each DB cluster." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - actions ->> 'ResourceIdentifier' as db_cluster_identifier, - details ->> 'Action' as action, - details ->> 'OptInStatus' as opt_in_status, - details ->> 'ForcedApplyDate' as forced_apply_date, - details ->> 'CurrentApplyDate' as current_apply_date, - details ->> 'AutoAppliedAfterDate' as auto_applied_after_date - from - aws_rds_db_cluster, - jsonb_array_elements(pending_maintenance_actions) as actions, - jsonb_array_elements(actions -> 'PendingMaintenanceActionDetails') as details; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n actions ->> 'ResourceIdentifier' as db_cluster_identifier,\n\ + \ details ->> 'Action' as action,\n details ->> 'OptInStatus' as opt_in_status,\n\ + \ details ->> 'ForcedApplyDate' as forced_apply_date,\n details ->> 'CurrentApplyDate'\ + \ as current_apply_date,\n details ->> 'AutoAppliedAfterDate' as auto_applied_after_date\n\ + from\n aws_rds_db_cluster,\n jsonb_array_elements(pending_maintenance_actions)\ + \ as actions,\n jsonb_array_elements(actions -> 'PendingMaintenanceActionDetails')\ + \ as details;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find AWS RDS DB Clusters Status and Configuration diff --git a/queries/aws_rds_db_cluster_parameter_group_1.yaml b/queries/aws_rds_db_cluster_parameter_group_1.yaml index 44afa78f9..bab76961b 100755 --- a/queries/aws_rds_db_cluster_parameter_group_1.yaml +++ b/queries/aws_rds_db_cluster_parameter_group_1.yaml @@ -1,26 +1,25 @@ +Description: Allows users to query AWS RDS DB Cluster Parameter Groups, providing + detailed information about each parameter group''s configuration, including its + name, family, description, and ARN. This table can be used to identify unused or + misconfigured parameter groups and to ensure they comply with security and operational + best practices. ID: aws_rds_db_cluster_parameter_group_1 -Title: "Find AWS RDS DB Cluster Parameter Groups Configuration" -Description: "Allows users to query AWS RDS DB Cluster Parameter Groups, providing detailed information about each parameter group''s configuration, including its name, family, description, and ARN. This table can be used to identify unused or misconfigured parameter groups and to ensure they comply with security and operational best practices." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - description, - db_parameter_group_family - from - aws_rds_db_cluster_parameter_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n description,\n db_parameter_group_family\n\ + from\n aws_rds_db_cluster_parameter_group;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find AWS RDS DB Cluster Parameter Groups Configuration diff --git a/queries/aws_rds_db_cluster_parameter_group_2.yaml b/queries/aws_rds_db_cluster_parameter_group_2.yaml index cb6a05680..f37312f85 100755 --- a/queries/aws_rds_db_cluster_parameter_group_2.yaml +++ b/queries/aws_rds_db_cluster_parameter_group_2.yaml @@ -1,34 +1,30 @@ +Description: Allows users to query AWS RDS DB Cluster Parameter Groups, providing + detailed information about each parameter group''s configuration, including its + name, family, description, and ARN. This table can be used to identify unused or + misconfigured parameter groups and to ensure they comply with security and operational + best practices. ID: aws_rds_db_cluster_parameter_group_2 -Title: "List all AWS RDS DB Cluster Parameter Groups with Details" -Description: "Allows users to query AWS RDS DB Cluster Parameter Groups, providing detailed information about each parameter group''s configuration, including its name, family, description, and ARN. This table can be used to identify unused or misconfigured parameter groups and to ensure they comply with security and operational best practices." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - db_parameter_group_family, - pg ->> 'ParameterName' as parameter_name, - pg ->> 'ParameterValue' as parameter_value, - pg ->> 'AllowedValues' as allowed_values, - pg ->> 'ApplyType' as apply_type, - pg ->> 'IsModifiable' as is_modifiable, - pg ->> 'DataType' as data_type, - pg ->> 'Description' as description, - pg ->> 'MinimumEngineVersion' as minimum_engine_version - from - aws_rds_db_cluster_parameter_group - cross join jsonb_array_elements(parameters) as pg; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n db_parameter_group_family,\n pg ->> 'ParameterName'\ + \ as parameter_name,\n pg ->> 'ParameterValue' as parameter_value,\n pg ->>\ + \ 'AllowedValues' as allowed_values,\n pg ->> 'ApplyType' as apply_type,\n pg\ + \ ->> 'IsModifiable' as is_modifiable,\n pg ->> 'DataType' as data_type,\n pg\ + \ ->> 'Description' as description,\n pg ->> 'MinimumEngineVersion' as minimum_engine_version\n\ + from\n aws_rds_db_cluster_parameter_group\n cross join jsonb_array_elements(parameters)\ + \ as pg;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List all AWS RDS DB Cluster Parameter Groups with Details diff --git a/queries/aws_rds_db_cluster_snapshot_1.yaml b/queries/aws_rds_db_cluster_snapshot_1.yaml index a1a3edf88..7a9dff398 100755 --- a/queries/aws_rds_db_cluster_snapshot_1.yaml +++ b/queries/aws_rds_db_cluster_snapshot_1.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS RDS DB Cluster Snapshots for detailed information + on each snapshot, such as the snapshot identifier, creation time, status, and more. ID: aws_rds_db_cluster_snapshot_1 -Title: "Find AWS RDS DB Cluster Snapshot Details" -Description: "Allows users to query AWS RDS DB Cluster Snapshots for detailed information on each snapshot, such as the snapshot identifier, creation time, status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_cluster_snapshot_identifier, - type, - storage_encrypted, - split_part(kms_key_id, '/', 1) kms_key_id - from - aws_rds_db_cluster_snapshot - where - not storage_encrypted; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_cluster_snapshot_identifier,\n type,\n storage_encrypted,\n\ + \ split_part(kms_key_id, '/', 1) kms_key_id\nfrom\n aws_rds_db_cluster_snapshot\n\ + where\n not storage_encrypted;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find AWS RDS DB Cluster Snapshot Details diff --git a/queries/aws_rds_db_cluster_snapshot_2.yaml b/queries/aws_rds_db_cluster_snapshot_2.yaml index 86053d2e0..398806181 100755 --- a/queries/aws_rds_db_cluster_snapshot_2.yaml +++ b/queries/aws_rds_db_cluster_snapshot_2.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS RDS DB Cluster Snapshots for detailed information + on each snapshot, such as the snapshot identifier, creation time, status, and more. ID: aws_rds_db_cluster_snapshot_2 -Title: "Find AWS RDS DB Cluster Snapshots Detailed Information" -Description: "Allows users to query AWS RDS DB Cluster Snapshots for detailed information on each snapshot, such as the snapshot identifier, creation time, status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_cluster_snapshot_identifier, - cluster_create_time, - engine, - engine_version, - license_model - from - aws_rds_db_cluster_snapshot; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_cluster_snapshot_identifier,\n cluster_create_time,\n\ + \ engine,\n engine_version,\n license_model\nfrom\n aws_rds_db_cluster_snapshot;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find AWS RDS DB Cluster Snapshots Detailed Information diff --git a/queries/aws_rds_db_cluster_snapshot_3.yaml b/queries/aws_rds_db_cluster_snapshot_3.yaml index 11c438604..eed262f8c 100755 --- a/queries/aws_rds_db_cluster_snapshot_3.yaml +++ b/queries/aws_rds_db_cluster_snapshot_3.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS RDS DB Cluster Snapshots for detailed information + on each snapshot, such as the snapshot identifier, creation time, status, and more. ID: aws_rds_db_cluster_snapshot_3 -Title: "List all AWS RDS DB Cluster Snapshots with Details" -Description: "Allows users to query AWS RDS DB Cluster Snapshots for detailed information on each snapshot, such as the snapshot identifier, creation time, status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_cluster_identifier, - count(db_cluster_snapshot_identifier) snapshot_count - from - aws_rds_db_cluster_snapshot - group by - db_cluster_identifier; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_cluster_identifier,\n count(db_cluster_snapshot_identifier)\ + \ snapshot_count\nfrom\n aws_rds_db_cluster_snapshot\ngroup by\n db_cluster_identifier;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List all AWS RDS DB Cluster Snapshots with Details diff --git a/queries/aws_rds_db_cluster_snapshot_4.yaml b/queries/aws_rds_db_cluster_snapshot_4.yaml index 4c5551081..c5e18041a 100755 --- a/queries/aws_rds_db_cluster_snapshot_4.yaml +++ b/queries/aws_rds_db_cluster_snapshot_4.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS RDS DB Cluster Snapshots for detailed information + on each snapshot, such as the snapshot identifier, creation time, status, and more. ID: aws_rds_db_cluster_snapshot_4 -Title: "List all AWS RDS DB Cluster Snapshots with Details" -Description: "Allows users to query AWS RDS DB Cluster Snapshots for detailed information on each snapshot, such as the snapshot identifier, creation time, status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_cluster_snapshot_identifier, - engine, - type - from - aws_rds_db_cluster_snapshot - where - type = 'manual'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_cluster_snapshot_identifier,\n engine,\n type\n\ + from\n aws_rds_db_cluster_snapshot\nwhere\n type = 'manual';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List all AWS RDS DB Cluster Snapshots with Details diff --git a/queries/aws_rds_db_engine_version_1.yaml b/queries/aws_rds_db_engine_version_1.yaml index 8f38c84b5..16807a400 100755 --- a/queries/aws_rds_db_engine_version_1.yaml +++ b/queries/aws_rds_db_engine_version_1.yaml @@ -1,26 +1,20 @@ +Description: Enables users to query AWS RDS DB Engine Versions to retrieve detailed + information on various database engine versions supported by Amazon RDS. ID: aws_rds_db_engine_version_1 -Title: "Find all AWS RDS DB Engine Versions with SQL" -Description: "Enables users to query AWS RDS DB Engine Versions to retrieve detailed information on various database engine versions supported by Amazon RDS." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - engine, - engine_version, - db_engine_version_description, - status, - major_engine_version - from - aws_rds_db_engine_version; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n engine,\n engine_version,\n db_engine_version_description,\n\ + \ status,\n major_engine_version\nfrom\n aws_rds_db_engine_version;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon RDS +Title: Find all AWS RDS DB Engine Versions with SQL diff --git a/queries/aws_rds_db_engine_version_2.yaml b/queries/aws_rds_db_engine_version_2.yaml index a7c44023e..c6727d291 100755 --- a/queries/aws_rds_db_engine_version_2.yaml +++ b/queries/aws_rds_db_engine_version_2.yaml @@ -1,26 +1,20 @@ +Description: Enables users to query AWS RDS DB Engine Versions to retrieve detailed + information on various database engine versions supported by Amazon RDS. ID: aws_rds_db_engine_version_2 -Title: "List all AWS RDS DB Engine Versions Supporting Read Replicas" -Description: "Enables users to query AWS RDS DB Engine Versions to retrieve detailed information on various database engine versions supported by Amazon RDS." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - engine, - engine_version, - supports_read_replica - from - aws_rds_db_engine_version - where - supports_read_replica; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n engine,\n engine_version,\n supports_read_replica\n\ + from\n aws_rds_db_engine_version\nwhere\n supports_read_replica;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List all AWS RDS DB Engine Versions Supporting Read Replicas diff --git a/queries/aws_rds_db_engine_version_3.yaml b/queries/aws_rds_db_engine_version_3.yaml index 90cda5d55..49070db33 100755 --- a/queries/aws_rds_db_engine_version_3.yaml +++ b/queries/aws_rds_db_engine_version_3.yaml @@ -1,28 +1,22 @@ +Description: Enables users to query AWS RDS DB Engine Versions to retrieve detailed + information on various database engine versions supported by Amazon RDS. ID: aws_rds_db_engine_version_3 -Title: "List all AWS RDS DB Engine Versions with Deprecated Status" -Description: "Enables users to query AWS RDS DB Engine Versions to retrieve detailed information on various database engine versions supported by Amazon RDS." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - engine, - engine_version, - status - from - aws_rds_db_engine_version - where - status = 'deprecated'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n engine,\n engine_version,\n status\nfrom\n aws_rds_db_engine_version\n\ + where\n status = 'deprecated';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List all AWS RDS DB Engine Versions with Deprecated Status diff --git a/queries/aws_rds_db_engine_version_4.yaml b/queries/aws_rds_db_engine_version_4.yaml index af2147113..acb4ff4c6 100755 --- a/queries/aws_rds_db_engine_version_4.yaml +++ b/queries/aws_rds_db_engine_version_4.yaml @@ -1,26 +1,20 @@ +Description: Enables users to query AWS RDS DB Engine Versions to retrieve detailed + information on various database engine versions supported by Amazon RDS. ID: aws_rds_db_engine_version_4 -Title: "Find AWS RDS DB Engine Versions with Detailed Information" -Description: "Enables users to query AWS RDS DB Engine Versions to retrieve detailed information on various database engine versions supported by Amazon RDS." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - engine, - engine_version, - supported_feature_names - from - aws_rds_db_engine_version - where - engine_version = 'specific_engine_version'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n engine,\n engine_version,\n supported_feature_names\n\ + from\n aws_rds_db_engine_version\nwhere\n engine_version = 'specific_engine_version';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon RDS +Title: Find AWS RDS DB Engine Versions with Detailed Information diff --git a/queries/aws_rds_db_engine_version_5.yaml b/queries/aws_rds_db_engine_version_5.yaml index 38437aae1..b9b3ebabb 100755 --- a/queries/aws_rds_db_engine_version_5.yaml +++ b/queries/aws_rds_db_engine_version_5.yaml @@ -1,31 +1,23 @@ +Description: Enables users to query AWS RDS DB Engine Versions to retrieve detailed + information on various database engine versions supported by Amazon RDS. ID: aws_rds_db_engine_version_5 -Title: "List AWS RDS DB Engine Versions with Details" -Description: "Enables users to query AWS RDS DB Engine Versions to retrieve detailed information on various database engine versions supported by Amazon RDS." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - engine, - engine_version, - create_time, - status, - db_engine_media_type, - default_only - from - aws_rds_db_engine_version - where - default_only; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n engine,\n engine_version,\n create_time,\n status,\n\ + \ db_engine_media_type,\n default_only\nfrom\n aws_rds_db_engine_version\n\ + where\n default_only;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon RDS +Title: List AWS RDS DB Engine Versions with Details diff --git a/queries/aws_rds_db_event_subscription_1.yaml b/queries/aws_rds_db_event_subscription_1.yaml index a869b5866..1c141e1f5 100755 --- a/queries/aws_rds_db_event_subscription_1.yaml +++ b/queries/aws_rds_db_event_subscription_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS RDS DB Event Subscriptions to retrieve information + about all event subscriptions for RDS DB instances. ID: aws_rds_db_event_subscription_1 -Title: "List all AWS RDS DB Event Subscriptions Information" -Description: "Allows users to query AWS RDS DB Event Subscriptions to retrieve information about all event subscriptions for RDS DB instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cust_subscription_id, - customer_aws_id, - arn, - status, - enabled - from - aws_rds_db_event_subscription; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cust_subscription_id,\n customer_aws_id,\n arn,\n \ + \ status,\n enabled\nfrom\n aws_rds_db_event_subscription;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List all AWS RDS DB Event Subscriptions Information diff --git a/queries/aws_rds_db_event_subscription_2.yaml b/queries/aws_rds_db_event_subscription_2.yaml index 76f861f43..a260f5794 100755 --- a/queries/aws_rds_db_event_subscription_2.yaml +++ b/queries/aws_rds_db_event_subscription_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS RDS DB Event Subscriptions to retrieve information + about all event subscriptions for RDS DB instances. ID: aws_rds_db_event_subscription_2 -Title: "Find all AWS RDS DB Event Subscriptions" -Description: "Allows users to query AWS RDS DB Event Subscriptions to retrieve information about all event subscriptions for RDS DB instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cust_subscription_id, - enabled - from - aws_rds_db_event_subscription - where - enabled; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cust_subscription_id,\n enabled\nfrom\n aws_rds_db_event_subscription\n\ + where\n enabled;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find all AWS RDS DB Event Subscriptions diff --git a/queries/aws_rds_db_instance_1.yaml b/queries/aws_rds_db_instance_1.yaml index b6b795dc9..9c7693868 100755 --- a/queries/aws_rds_db_instance_1.yaml +++ b/queries/aws_rds_db_instance_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS RDS DB Instances for detailed information about + the configuration, status, and other metadata associated with each database instance. ID: aws_rds_db_instance_1 -Title: "Find all AWS RDS DB Instances Configuration Status" -Description: "Allows users to query AWS RDS DB Instances for detailed information about the configuration, status, and other metadata associated with each database instance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - class, - engine, - engine_version, - publicly_accessible - from - aws_rds_db_instance - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n class,\n engine,\n engine_version,\n\ + \ publicly_accessible\nfrom\n aws_rds_db_instance" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find all AWS RDS DB Instances Configuration Status diff --git a/queries/aws_rds_db_instance_10.yaml b/queries/aws_rds_db_instance_10.yaml index f3e17d499..712b14a46 100755 --- a/queries/aws_rds_db_instance_10.yaml +++ b/queries/aws_rds_db_instance_10.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS RDS DB Instances for detailed information about + the configuration, status, and other metadata associated with each database instance. ID: aws_rds_db_instance_10 -Title: "Find AWS RDS DB Instances Configuration and Status" -Description: "Allows users to query AWS RDS DB Instances for detailed information about the configuration, status, and other metadata associated with each database instance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - certificate ->> 'CertificateArn' as certificate_arn, - certificate ->> 'CertificateType' as certificate_type, - certificate ->> 'ValidFrom' as valid_from, - certificate ->> 'ValidTill' as valid_till - from - aws_rds_db_instance; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n certificate ->> 'CertificateArn' as certificate_arn,\n\ + \ certificate ->> 'CertificateType' as certificate_type,\n certificate ->> 'ValidFrom'\ + \ as valid_from,\n certificate ->> 'ValidTill' as valid_till\nfrom\n aws_rds_db_instance;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find AWS RDS DB Instances Configuration and Status diff --git a/queries/aws_rds_db_instance_11.yaml b/queries/aws_rds_db_instance_11.yaml index d4d50601d..136bc84f0 100755 --- a/queries/aws_rds_db_instance_11.yaml +++ b/queries/aws_rds_db_instance_11.yaml @@ -1,30 +1,25 @@ +Description: Allows users to query AWS RDS DB Instances for detailed information about + the configuration, status, and other metadata associated with each database instance. ID: aws_rds_db_instance_11 -Title: "Query AWS RDS DB Instances for Configuration and Status" -Description: "Allows users to query AWS RDS DB Instances for detailed information about the configuration, status, and other metadata associated with each database instance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - certificate ->> 'CertificateArn' as certificate_arn, - certificate ->> 'CertificateType' as certificate_type, - certificate ->> 'ValidFrom' as valid_from, - certificate ->> 'ValidTill' as valid_till - from - aws_rds_db_instance - where - (certificate ->> 'ValidTill')::timestamp <= (current_date - interval '90' day); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n certificate ->> 'CertificateArn' as certificate_arn,\n\ + \ certificate ->> 'CertificateType' as certificate_type,\n certificate ->> 'ValidFrom'\ + \ as valid_from,\n certificate ->> 'ValidTill' as valid_till\nfrom\n aws_rds_db_instance\n\ + where\n (certificate ->> 'ValidTill')::timestamp <= (current_date - interval\ + \ '90' day);" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Query AWS RDS DB Instances for Configuration and Status diff --git a/queries/aws_rds_db_instance_12.yaml b/queries/aws_rds_db_instance_12.yaml index 795a19d08..fff335bc4 100755 --- a/queries/aws_rds_db_instance_12.yaml +++ b/queries/aws_rds_db_instance_12.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS RDS DB Instances for detailed information about + the configuration, status, and other metadata associated with each database instance. ID: aws_rds_db_instance_12 -Title: "Find Detailed Info on AWS RDS DB Instances" -Description: "Allows users to query AWS RDS DB Instances for detailed information about the configuration, status, and other metadata associated with each database instance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - class, - engine, - engine_version, - kms_key_id, - processor_features - from - aws_rds_db_instance - where - processor_features not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n class,\n engine,\n engine_version,\n\ + \ kms_key_id,\n processor_features\nfrom\n aws_rds_db_instance\nwhere\n processor_features\ + \ not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find Detailed Info on AWS RDS DB Instances diff --git a/queries/aws_rds_db_instance_2.yaml b/queries/aws_rds_db_instance_2.yaml index 4728153db..31587d904 100755 --- a/queries/aws_rds_db_instance_2.yaml +++ b/queries/aws_rds_db_instance_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS RDS DB Instances for detailed information about + the configuration, status, and other metadata associated with each database instance. ID: aws_rds_db_instance_2 -Title: "List all AWS RDS DB Instances with Detailed Information" -Description: "Allows users to query AWS RDS DB Instances for detailed information about the configuration, status, and other metadata associated with each database instance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - publicly_accessible - from - aws_rds_db_instance - where - publicly_accessible; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n publicly_accessible\nfrom\n\ + \ aws_rds_db_instance\nwhere\n publicly_accessible;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List all AWS RDS DB Instances with Detailed Information diff --git a/queries/aws_rds_db_instance_3.yaml b/queries/aws_rds_db_instance_3.yaml index cda4a6cde..7f4b4fb72 100755 --- a/queries/aws_rds_db_instance_3.yaml +++ b/queries/aws_rds_db_instance_3.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS RDS DB Instances for detailed information about + the configuration, status, and other metadata associated with each database instance. ID: aws_rds_db_instance_3 -Title: "Find all AWS RDS DB Instances without IAM Auth" -Description: "Allows users to query AWS RDS DB Instances for detailed information about the configuration, status, and other metadata associated with each database instance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - iam_database_authentication_enabled - from - aws_rds_db_instance - where - not iam_database_authentication_enabled; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n iam_database_authentication_enabled\n\ + from\n aws_rds_db_instance\nwhere\n not iam_database_authentication_enabled;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find all AWS RDS DB Instances without IAM Auth diff --git a/queries/aws_rds_db_instance_4.yaml b/queries/aws_rds_db_instance_4.yaml index 9c8ecb853..c48b4dec5 100755 --- a/queries/aws_rds_db_instance_4.yaml +++ b/queries/aws_rds_db_instance_4.yaml @@ -1,32 +1,26 @@ +Description: Allows users to query AWS RDS DB Instances for detailed information about + the configuration, status, and other metadata associated with each database instance. ID: aws_rds_db_instance_4 -Title: "List detailed configuration and status of AWS RDS DB Instances" -Description: "Allows users to query AWS RDS DB Instances for detailed information about the configuration, status, and other metadata associated with each database instance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier as attached_vpc, - vsg ->> 'VpcSecurityGroupId' as vpc_security_group_id, - vsg ->> 'Status' as status, - sub -> 'SubnetAvailabilityZone' ->> 'Name' as subnet_availability_zone, - sub ->> 'SubnetIdentifier' as subnet_identifier, - sub -> 'SubnetOutpost' ->> 'Arn' as subnet_outpost, - sub ->> 'SubnetStatus' as subnet_status - from - aws_rds_db_instance - cross join jsonb_array_elements(vpc_security_groups) as vsg - cross join jsonb_array_elements(subnets) as sub; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier as attached_vpc,\n vsg ->> 'VpcSecurityGroupId'\ + \ as vpc_security_group_id,\n vsg ->> 'Status' as status,\n sub -> 'SubnetAvailabilityZone'\ + \ ->> 'Name' as subnet_availability_zone,\n sub ->> 'SubnetIdentifier' as subnet_identifier,\n\ + \ sub -> 'SubnetOutpost' ->> 'Arn' as subnet_outpost,\n sub ->> 'SubnetStatus'\ + \ as subnet_status\nfrom\n aws_rds_db_instance\n cross join jsonb_array_elements(vpc_security_groups)\ + \ as vsg\n cross join jsonb_array_elements(subnets) as sub;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS RDS +Title: List detailed configuration and status of AWS RDS DB Instances diff --git a/queries/aws_rds_db_instance_5.yaml b/queries/aws_rds_db_instance_5.yaml index e5b528a1a..38bd3bc94 100755 --- a/queries/aws_rds_db_instance_5.yaml +++ b/queries/aws_rds_db_instance_5.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query AWS RDS DB Instances for detailed information about + the configuration, status, and other metadata associated with each database instance. ID: aws_rds_db_instance_5 -Title: "List all AWS RDS DB Instances and their metadata" -Description: "Allows users to query AWS RDS DB Instances for detailed information about the configuration, status, and other metadata associated with each database instance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - class, - engine, - engine_version, - deletion_protection - from - aws_rds_db_instance - where - not deletion_protection; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n class,\n engine,\n engine_version,\n\ + \ deletion_protection\nfrom\n aws_rds_db_instance\nwhere\n not deletion_protection;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List all AWS RDS DB Instances and their metadata diff --git a/queries/aws_rds_db_instance_6.yaml b/queries/aws_rds_db_instance_6.yaml index 5f3a3b298..fb8c07910 100755 --- a/queries/aws_rds_db_instance_6.yaml +++ b/queries/aws_rds_db_instance_6.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS RDS DB Instances for detailed information about + the configuration, status, and other metadata associated with each database instance. ID: aws_rds_db_instance_6 -Title: "List all AWS RDS DB Instances with Configuration Data" -Description: "Allows users to query AWS RDS DB Instances for detailed information about the configuration, status, and other metadata associated with each database instance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - class, - allocated_storage, - deletion_protection - from - aws_rds_db_instance - where - not storage_encrypted; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n class,\n allocated_storage,\n\ + \ deletion_protection\nfrom\n aws_rds_db_instance\nwhere\n not storage_encrypted;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List all AWS RDS DB Instances with Configuration Data diff --git a/queries/aws_rds_db_instance_7.yaml b/queries/aws_rds_db_instance_7.yaml index 5c255efb9..830ee7027 100755 --- a/queries/aws_rds_db_instance_7.yaml +++ b/queries/aws_rds_db_instance_7.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS RDS DB Instances for detailed information about + the configuration, status, and other metadata associated with each database instance. ID: aws_rds_db_instance_7 -Title: "Find Info on AWS RDS DB Instances' Configuration and Status" -Description: "Allows users to query AWS RDS DB Instances for detailed information about the configuration, status, and other metadata associated with each database instance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - endpoint_address, - endpoint_hosted_zone_id, - endpoint_port - from - aws_rds_db_instance; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n endpoint_address,\n endpoint_hosted_zone_id,\n\ + \ endpoint_port\nfrom\n aws_rds_db_instance;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find Info on AWS RDS DB Instances' Configuration and Status diff --git a/queries/aws_rds_db_instance_8.yaml b/queries/aws_rds_db_instance_8.yaml index 74c0cdce1..ea00226c6 100755 --- a/queries/aws_rds_db_instance_8.yaml +++ b/queries/aws_rds_db_instance_8.yaml @@ -1,54 +1,33 @@ +Description: Allows users to query AWS RDS DB Instances for detailed information about + the configuration, status, and other metadata associated with each database instance. ID: aws_rds_db_instance_8 -Title: "List All AWS RDS DB Instances with SSL Parameter Details" -Description: "Allows users to query AWS RDS DB Instances for detailed information about the configuration, status, and other metadata associated with each database instance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - with db_parameter_group as ( - select - name as db_parameter_group_name, - pg ->> 'ParameterName' as parameter_name, - pg ->> 'ParameterValue' as parameter_value - from - aws_rds_db_parameter_group, - jsonb_array_elements(parameters) as pg - where - -- The example is limited to SQL Server, this may change based on DB engine - pg ->> 'ParameterName' like 'rds.force_ssl' - and name not like 'default.%' - ), - rds_associated_parameter_group as ( - select - db_instance_identifier as db_instance_identifier, - arn, - pg ->> 'DBParameterGroupName' as DBParameterGroupName - from - aws_rds_db_instance, - jsonb_array_elements(db_parameter_groups) as pg - where - engine like 'sqlserve%' - ) - select - rds.db_instance_identifier as name, - rds.DBParameterGroupName, - parameter_name, - parameter_value - from - rds_associated_parameter_group as rds - left join db_parameter_group d on rds.DBParameterGroupName = d.db_parameter_group_name - where - parameter_value = '0' - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "with db_parameter_group as (\n select\n name as db_parameter_group_name,\n\ + \ pg ->> 'ParameterName' as parameter_name,\n pg ->> 'ParameterValue' as\ + \ parameter_value\n from\n aws_rds_db_parameter_group,\n jsonb_array_elements(parameters)\ + \ as pg\n where\n -- The example is limited to SQL Server, this may change\ + \ based on DB engine\n pg ->> 'ParameterName' like 'rds.force_ssl'\n and\ + \ name not like 'default.%'\n),\n rds_associated_parameter_group as (\n select\n\ + \ db_instance_identifier as db_instance_identifier,\n arn,\n pg ->> 'DBParameterGroupName'\ + \ as DBParameterGroupName\n from\n aws_rds_db_instance,\n jsonb_array_elements(db_parameter_groups)\ + \ as pg\n where\n engine like 'sqlserve%'\n)\nselect\n rds.db_instance_identifier\ + \ as name,\n rds.DBParameterGroupName,\n parameter_name,\n parameter_value\n\ + from\n rds_associated_parameter_group as rds\n left join db_parameter_group\ + \ d on rds.DBParameterGroupName = d.db_parameter_group_name\nwhere\n parameter_value\ + \ = '0'" Tags: cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List All AWS RDS DB Instances with SSL Parameter Details diff --git a/queries/aws_rds_db_instance_9.yaml b/queries/aws_rds_db_instance_9.yaml index 61eae664d..ffe5ed268 100755 --- a/queries/aws_rds_db_instance_9.yaml +++ b/queries/aws_rds_db_instance_9.yaml @@ -1,29 +1,25 @@ +Description: Allows users to query AWS RDS DB Instances for detailed information about + the configuration, status, and other metadata associated with each database instance. ID: aws_rds_db_instance_9 -Title: "List all AWS RDS DB Instances with Detailed Information" -Description: "Allows users to query AWS RDS DB Instances for detailed information about the configuration, status, and other metadata associated with each database instance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - actions ->> 'ResourceIdentifier' as db_instance_identifier, - details ->> 'Action' as action, - details ->> 'OptInStatus' as opt_in_status, - details ->> 'ForcedApplyDate' as forced_apply_date, - details ->> 'CurrentApplyDate' as current_apply_date, - details ->> 'AutoAppliedAfterDate' as auto_applied_after_date - from - aws_rds_db_instance, - jsonb_array_elements(pending_maintenance_actions) as actions, - jsonb_array_elements(actions -> 'PendingMaintenanceActionDetails') as details; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n actions ->> 'ResourceIdentifier' as db_instance_identifier,\n\ + \ details ->> 'Action' as action,\n details ->> 'OptInStatus' as opt_in_status,\n\ + \ details ->> 'ForcedApplyDate' as forced_apply_date,\n details ->> 'CurrentApplyDate'\ + \ as current_apply_date,\n details ->> 'AutoAppliedAfterDate' as auto_applied_after_date\n\ + from\n aws_rds_db_instance,\n jsonb_array_elements(pending_maintenance_actions)\ + \ as actions,\n jsonb_array_elements(actions -> 'PendingMaintenanceActionDetails')\ + \ as details;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List all AWS RDS DB Instances with Detailed Information diff --git a/queries/aws_rds_db_instance_automated_backup_1.yaml b/queries/aws_rds_db_instance_automated_backup_1.yaml index 560360122..2e868a999 100755 --- a/queries/aws_rds_db_instance_automated_backup_1.yaml +++ b/queries/aws_rds_db_instance_automated_backup_1.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS RDS DB Instance Automated Backups and retrieve + data about automated backups for RDS DB instances. ID: aws_rds_db_instance_automated_backup_1 -Title: "Find AWS RDS DB Instance Automated Backups" -Description: "Allows users to query AWS RDS DB Instance Automated Backups and retrieve data about automated backups for RDS DB instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - arn, - status, - allocated_storage, - encrypted, - engine - from - aws_rds_db_instance_automated_backup; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n arn,\n status,\n allocated_storage,\n\ + \ encrypted,\n engine\nfrom\n aws_rds_db_instance_automated_backup;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find AWS RDS DB Instance Automated Backups diff --git a/queries/aws_rds_db_instance_automated_backup_2.yaml b/queries/aws_rds_db_instance_automated_backup_2.yaml index 06989932f..db55d8083 100755 --- a/queries/aws_rds_db_instance_automated_backup_2.yaml +++ b/queries/aws_rds_db_instance_automated_backup_2.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS RDS DB Instance Automated Backups and retrieve + data about automated backups for RDS DB instances. ID: aws_rds_db_instance_automated_backup_2 -Title: "Find AWS RDS DB Instance Automated Backups" -Description: "Allows users to query AWS RDS DB Instance Automated Backups and retrieve data about automated backups for RDS DB instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - arn, - status, - backup_target, - instance_create_time, - encrypted, - engine - from - aws_rds_db_instance_automated_backup - where - not encrypted; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n arn,\n status,\n backup_target,\n\ + \ instance_create_time,\n encrypted,\n engine\nfrom\n aws_rds_db_instance_automated_backup\n\ + where\n not encrypted;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find AWS RDS DB Instance Automated Backups diff --git a/queries/aws_rds_db_instance_automated_backup_3.yaml b/queries/aws_rds_db_instance_automated_backup_3.yaml index b57609384..49ddec176 100755 --- a/queries/aws_rds_db_instance_automated_backup_3.yaml +++ b/queries/aws_rds_db_instance_automated_backup_3.yaml @@ -1,32 +1,25 @@ +Description: Allows users to query AWS RDS DB Instance Automated Backups and retrieve + data about automated backups for RDS DB instances. ID: aws_rds_db_instance_automated_backup_3 -Title: "Find Data on AWS RDS DB Instance Automated Backups" -Description: "Allows users to query AWS RDS DB Instance Automated Backups and retrieve data about automated backups for RDS DB instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - iam_database_authentication_enabled, - status, - availability_zone, - dbi_resource_id - from - aws_rds_db_instance_automated_backup - where - not iam_database_authentication_enabled; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n iam_database_authentication_enabled,\n\ + \ status,\n availability_zone,\n dbi_resource_id\nfrom\n aws_rds_db_instance_automated_backup\n\ + where\n not iam_database_authentication_enabled;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find Data on AWS RDS DB Instance Automated Backups diff --git a/queries/aws_rds_db_instance_automated_backup_4.yaml b/queries/aws_rds_db_instance_automated_backup_4.yaml index 06c28e54a..727299540 100755 --- a/queries/aws_rds_db_instance_automated_backup_4.yaml +++ b/queries/aws_rds_db_instance_automated_backup_4.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS RDS DB Instance Automated Backups and retrieve + data about automated backups for RDS DB instances. ID: aws_rds_db_instance_automated_backup_4 -Title: "List all Automated Backups for RDS DB Instances" -Description: "Allows users to query AWS RDS DB Instance Automated Backups and retrieve data about automated backups for RDS DB instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - b.arn, - b.vpc_id, - v.cidr_block, - v.is_default, - v.instance_tenancy - from - aws_rds_db_instance_automated_backup as b, - aws_vpc as v - where - v.vpc_id = b.vpc_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n b.arn,\n b.vpc_id,\n v.cidr_block,\n v.is_default,\n\ + \ v.instance_tenancy\nfrom\n aws_rds_db_instance_automated_backup as b,\n aws_vpc\ + \ as v\nwhere\n v.vpc_id = b.vpc_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List all Automated Backups for RDS DB Instances diff --git a/queries/aws_rds_db_instance_automated_backup_5.yaml b/queries/aws_rds_db_instance_automated_backup_5.yaml index 00624f063..8bed48723 100755 --- a/queries/aws_rds_db_instance_automated_backup_5.yaml +++ b/queries/aws_rds_db_instance_automated_backup_5.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS RDS DB Instance Automated Backups and retrieve + data about automated backups for RDS DB instances. ID: aws_rds_db_instance_automated_backup_5 -Title: "List All AWS RDS DB Instance Automated Backups" -Description: "Allows users to query AWS RDS DB Instance Automated Backups and retrieve data about automated backups for RDS DB instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - arn, - engine, - engine_version, - availability_zone, - backup_retention_period, - status - from - aws_rds_db_instance_automated_backup - where - status = 'retained'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n arn,\n engine,\n engine_version,\n\ + \ availability_zone,\n backup_retention_period,\n status\nfrom\n aws_rds_db_instance_automated_backup\n\ + where\n status = 'retained';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List All AWS RDS DB Instance Automated Backups diff --git a/queries/aws_rds_db_instance_automated_backup_6.yaml b/queries/aws_rds_db_instance_automated_backup_6.yaml index c82c61a58..8e3404198 100755 --- a/queries/aws_rds_db_instance_automated_backup_6.yaml +++ b/queries/aws_rds_db_instance_automated_backup_6.yaml @@ -1,33 +1,24 @@ +Description: Allows users to query AWS RDS DB Instance Automated Backups and retrieve + data about automated backups for RDS DB instances. ID: aws_rds_db_instance_automated_backup_6 -Title: "Find AWS RDS DB Instance Automated Backups via SQL" -Description: "Allows users to query AWS RDS DB Instance Automated Backups and retrieve data about automated backups for RDS DB instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - b.db_instance_identifier, - b.arn as automated_backup_arn, - b.engine, - b.kms_key_id, - k.creation_date as kms_key_creation_date, - k.key_state, - k.key_rotation_enabled - from - aws_rds_db_instance_automated_backup as b, - aws_kms_key as k - where - k.id = b.kms_key_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n b.db_instance_identifier,\n b.arn as automated_backup_arn,\n\ + \ b.engine,\n b.kms_key_id,\n k.creation_date as kms_key_creation_date,\n \ + \ k.key_state,\n k.key_rotation_enabled\nfrom\n aws_rds_db_instance_automated_backup\ + \ as b,\n aws_kms_key as k\nwhere\n k.id = b.kms_key_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find AWS RDS DB Instance Automated Backups via SQL diff --git a/queries/aws_rds_db_instance_metric_connections_1.yaml b/queries/aws_rds_db_instance_metric_connections_1.yaml index 46b56d5ad..c66a034b7 100755 --- a/queries/aws_rds_db_instance_metric_connections_1.yaml +++ b/queries/aws_rds_db_instance_metric_connections_1.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS RDS DBInstance Metrics for a comprehensive + view of the number of database connections. ID: aws_rds_db_instance_metric_connections_1 -Title: "Find AWS RDS DBInstance Metrics for Database Connections" -Description: "Allows users to query AWS RDS DBInstance Metrics for a comprehensive view of the number of database connections." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - minimum, - maximum, - average, - sample_count - from - aws_rds_db_instance_metric_connections - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n minimum,\n \ + \ maximum,\n average,\n sample_count\nfrom\n aws_rds_db_instance_metric_connections\n\ + order by\n db_instance_identifier,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find AWS RDS DBInstance Metrics for Database Connections diff --git a/queries/aws_rds_db_instance_metric_connections_2.yaml b/queries/aws_rds_db_instance_metric_connections_2.yaml index 6aa01e11f..9d4f5f665 100755 --- a/queries/aws_rds_db_instance_metric_connections_2.yaml +++ b/queries/aws_rds_db_instance_metric_connections_2.yaml @@ -1,34 +1,23 @@ +Description: Allows users to query AWS RDS DBInstance Metrics for a comprehensive + view of the number of database connections. ID: aws_rds_db_instance_metric_connections_2 -Title: "Find All AWS RDS DBInstance Connections Metrics" -Description: "Allows users to query AWS RDS DBInstance Metrics for a comprehensive view of the number of database connections." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - minimum, - maximum, - average, - sample_count - from - aws_rds_db_instance_metric_connections - where - average > 100 - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n minimum,\n \ + \ maximum,\n average,\n sample_count\nfrom\n aws_rds_db_instance_metric_connections\n\ + where \n average > 100\norder by\n db_instance_identifier,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find All AWS RDS DBInstance Connections Metrics diff --git a/queries/aws_rds_db_instance_metric_connections_daily_1.yaml b/queries/aws_rds_db_instance_metric_connections_daily_1.yaml index 005d1caf3..c0eafb6cc 100755 --- a/queries/aws_rds_db_instance_metric_connections_daily_1.yaml +++ b/queries/aws_rds_db_instance_metric_connections_daily_1.yaml @@ -1,30 +1,21 @@ +Description: Allows users to query AWS RDS DB Instance Metrics on a daily basis, retrieving + information about the number of database connections. ID: aws_rds_db_instance_metric_connections_daily_1 -Title: "List AWS RDS DB Instance Daily Connections Metrics" -Description: "Allows users to query AWS RDS DB Instance Metrics on a daily basis, retrieving information about the number of database connections." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - minimum, - maximum, - average, - sample_count - from - aws_rds_db_instance_metric_connections_daily - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n minimum,\n \ + \ maximum,\n average,\n sample_count\nfrom\n aws_rds_db_instance_metric_connections_daily\n\ + order by\n db_instance_identifier,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List AWS RDS DB Instance Daily Connections Metrics diff --git a/queries/aws_rds_db_instance_metric_connections_daily_2.yaml b/queries/aws_rds_db_instance_metric_connections_daily_2.yaml index 0c6b1a495..31feb1b36 100755 --- a/queries/aws_rds_db_instance_metric_connections_daily_2.yaml +++ b/queries/aws_rds_db_instance_metric_connections_daily_2.yaml @@ -1,32 +1,21 @@ +Description: Allows users to query AWS RDS DB Instance Metrics on a daily basis, retrieving + information about the number of database connections. ID: aws_rds_db_instance_metric_connections_daily_2 -Title: "List All AWS RDS DB Instance Metric Connections Daily" -Description: "Allows users to query AWS RDS DB Instance Metrics on a daily basis, retrieving information about the number of database connections." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - minimum, - maximum, - average, - sample_count - from - aws_rds_db_instance_metric_connections_daily - where - average > 100 - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n minimum,\n \ + \ maximum,\n average,\n sample_count\nfrom\n aws_rds_db_instance_metric_connections_daily\n\ + where \n average > 100\norder by\n db_instance_identifier,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS RDS +Title: List All AWS RDS DB Instance Metric Connections Daily diff --git a/queries/aws_rds_db_instance_metric_connections_daily_3.yaml b/queries/aws_rds_db_instance_metric_connections_daily_3.yaml index 4e4fca956..20bfc1ff4 100755 --- a/queries/aws_rds_db_instance_metric_connections_daily_3.yaml +++ b/queries/aws_rds_db_instance_metric_connections_daily_3.yaml @@ -1,32 +1,24 @@ +Description: Allows users to query AWS RDS DB Instance Metrics on a daily basis, retrieving + information about the number of database connections. ID: aws_rds_db_instance_metric_connections_daily_3 -Title: "List all AWS RDS DB Instances with Zero Connections Daily" -Description: "Allows users to query AWS RDS DB Instance Metrics on a daily basis, retrieving information about the number of database connections." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - sum(maximum) as total_connections - from - aws_rds_db_instance_metric_connections - where - timestamp > (current_date - interval '7' day) - group by - db_instance_identifier - having - sum(maximum) = 0 - ; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n sum(maximum) as total_connections\n\ + from\n aws_rds_db_instance_metric_connections\nwhere \n timestamp > (current_date\ + \ - interval '7' day)\ngroup by\n db_instance_identifier\nhaving\n sum(maximum)\ + \ = 0 \n;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List all AWS RDS DB Instances with Zero Connections Daily diff --git a/queries/aws_rds_db_instance_metric_connections_hourly_1.yaml b/queries/aws_rds_db_instance_metric_connections_hourly_1.yaml index 026d5ec56..4ce873b37 100755 --- a/queries/aws_rds_db_instance_metric_connections_hourly_1.yaml +++ b/queries/aws_rds_db_instance_metric_connections_hourly_1.yaml @@ -1,32 +1,24 @@ +Description: Allows users to query AWS RDS DB Instance Metrics on an hourly basis, + specifically the connection metrics. It provides data about the number of database + connections to each DB instance in your Amazon RDS environment. ID: aws_rds_db_instance_metric_connections_hourly_1 -Title: "List all AWS RDS DB Instance Connection Metrics Hourly" -Description: "Allows users to query AWS RDS DB Instance Metrics on an hourly basis, specifically the connection metrics. It provides data about the number of database connections to each DB instance in your Amazon RDS environment." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - minimum, - maximum, - average, - sample_count - from - aws_rds_db_instance_metric_connections_hourly - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n minimum,\n \ + \ maximum,\n average,\n sample_count\nfrom\n aws_rds_db_instance_metric_connections_hourly\n\ + order by\n db_instance_identifier,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon RDS +Title: List all AWS RDS DB Instance Connection Metrics Hourly diff --git a/queries/aws_rds_db_instance_metric_connections_hourly_2.yaml b/queries/aws_rds_db_instance_metric_connections_hourly_2.yaml index 59e5e1cda..140b2b20f 100755 --- a/queries/aws_rds_db_instance_metric_connections_hourly_2.yaml +++ b/queries/aws_rds_db_instance_metric_connections_hourly_2.yaml @@ -1,32 +1,22 @@ +Description: Allows users to query AWS RDS DB Instance Metrics on an hourly basis, + specifically the connection metrics. It provides data about the number of database + connections to each DB instance in your Amazon RDS environment. ID: aws_rds_db_instance_metric_connections_hourly_2 -Title: "List all AWS RDS DB Instance Connection Metrics Hourly" -Description: "Allows users to query AWS RDS DB Instance Metrics on an hourly basis, specifically the connection metrics. It provides data about the number of database connections to each DB instance in your Amazon RDS environment." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - minimum, - maximum, - average, - sample_count - from - aws_rds_db_instance_metric_connections_hourly - where - average > 100 - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n minimum,\n \ + \ maximum,\n average,\n sample_count\nfrom\n aws_rds_db_instance_metric_connections_hourly\n\ + where \n average > 100\norder by\n db_instance_identifier,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon RDS +Title: List all AWS RDS DB Instance Connection Metrics Hourly diff --git a/queries/aws_rds_db_instance_metric_cpu_utilization_1.yaml b/queries/aws_rds_db_instance_metric_cpu_utilization_1.yaml index a3e7e5725..0d1a66ce1 100755 --- a/queries/aws_rds_db_instance_metric_cpu_utilization_1.yaml +++ b/queries/aws_rds_db_instance_metric_cpu_utilization_1.yaml @@ -1,30 +1,21 @@ +Description: Allows users to query Amazon RDS DBInstanceCPUUtilization to fetch data + about CPU utilization metrics for RDS DB instances. ID: aws_rds_db_instance_metric_cpu_utilization_1 -Title: "List all CPU utilization metrics for RDS DB instances" -Description: "Allows users to query Amazon RDS DBInstanceCPUUtilization to fetch data about CPU utilization metrics for RDS DB instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - minimum, - maximum, - average, - sample_count - from - aws_rds_db_instance_metric_cpu_utilization - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n minimum,\n \ + \ maximum,\n average,\n sample_count\nfrom\n aws_rds_db_instance_metric_cpu_utilization\n\ + order by\n db_instance_identifier,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon RDS +Title: List all CPU utilization metrics for RDS DB instances diff --git a/queries/aws_rds_db_instance_metric_cpu_utilization_2.yaml b/queries/aws_rds_db_instance_metric_cpu_utilization_2.yaml index bd046e092..6977acd92 100755 --- a/queries/aws_rds_db_instance_metric_cpu_utilization_2.yaml +++ b/queries/aws_rds_db_instance_metric_cpu_utilization_2.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query Amazon RDS DBInstanceCPUUtilization to fetch data + about CPU utilization metrics for RDS DB instances. ID: aws_rds_db_instance_metric_cpu_utilization_2 -Title: "List All Amazon RDS DB Instances with High CPU Utilization" -Description: "Allows users to query Amazon RDS DBInstanceCPUUtilization to fetch data about CPU utilization metrics for RDS DB instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - round(minimum::numeric,2) as min_cpu, - round(maximum::numeric,2) as max_cpu, - round(average::numeric,2) as avg_cpu, - sample_count - from - aws_rds_db_instance_metric_cpu_utilization - where average > 80 - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n round(minimum::numeric,2)\ + \ as min_cpu,\n round(maximum::numeric,2) as max_cpu,\n round(average::numeric,2)\ + \ as avg_cpu,\n sample_count\nfrom\n aws_rds_db_instance_metric_cpu_utilization\n\ + where average > 80\norder by\n db_instance_identifier,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon RDS +Title: List All Amazon RDS DB Instances with High CPU Utilization diff --git a/queries/aws_rds_db_instance_metric_cpu_utilization_daily_1.yaml b/queries/aws_rds_db_instance_metric_cpu_utilization_daily_1.yaml index 5fd6c32bb..9b2209804 100755 --- a/queries/aws_rds_db_instance_metric_cpu_utilization_daily_1.yaml +++ b/queries/aws_rds_db_instance_metric_cpu_utilization_daily_1.yaml @@ -1,30 +1,21 @@ +Description: Allows users to query AWS RDS DB Instances to retrieve daily CPU utilization + metrics. ID: aws_rds_db_instance_metric_cpu_utilization_daily_1 -Title: "List all AWS RDS DB Instances and daily CPU usage metrics" -Description: "Allows users to query AWS RDS DB Instances to retrieve daily CPU utilization metrics." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - minimum, - maximum, - average, - sample_count - from - aws_rds_db_instance_metric_cpu_utilization_daily - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n minimum,\n \ + \ maximum,\n average,\n sample_count\nfrom\n aws_rds_db_instance_metric_cpu_utilization_daily\n\ + order by\n db_instance_identifier,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List all AWS RDS DB Instances and daily CPU usage metrics diff --git a/queries/aws_rds_db_instance_metric_cpu_utilization_daily_2.yaml b/queries/aws_rds_db_instance_metric_cpu_utilization_daily_2.yaml index 4861f5f53..9a1068249 100755 --- a/queries/aws_rds_db_instance_metric_cpu_utilization_daily_2.yaml +++ b/queries/aws_rds_db_instance_metric_cpu_utilization_daily_2.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query AWS RDS DB Instances to retrieve daily CPU utilization + metrics. ID: aws_rds_db_instance_metric_cpu_utilization_daily_2 -Title: "Find AWS RDS DB Instances with High CPU Utilization" -Description: "Allows users to query AWS RDS DB Instances to retrieve daily CPU utilization metrics." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - round(minimum::numeric,2) as min_cpu, - round(maximum::numeric,2) as max_cpu, - round(average::numeric,2) as avg_cpu, - sample_count - from - aws_rds_db_instance_metric_cpu_utilization_daily - where average > 80 - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n round(minimum::numeric,2)\ + \ as min_cpu,\n round(maximum::numeric,2) as max_cpu,\n round(average::numeric,2)\ + \ as avg_cpu,\n sample_count\nfrom\n aws_rds_db_instance_metric_cpu_utilization_daily\n\ + where average > 80\norder by\n db_instance_identifier,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find AWS RDS DB Instances with High CPU Utilization diff --git a/queries/aws_rds_db_instance_metric_cpu_utilization_daily_3.yaml b/queries/aws_rds_db_instance_metric_cpu_utilization_daily_3.yaml index 8a7d52793..e208eae42 100755 --- a/queries/aws_rds_db_instance_metric_cpu_utilization_daily_3.yaml +++ b/queries/aws_rds_db_instance_metric_cpu_utilization_daily_3.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query AWS RDS DB Instances to retrieve daily CPU utilization + metrics. ID: aws_rds_db_instance_metric_cpu_utilization_daily_3 -Title: "Find AWS RDS DB Instances' Daily CPU Utilization Metrics" -Description: "Allows users to query AWS RDS DB Instances to retrieve daily CPU utilization metrics." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - round(minimum::numeric,2) as min_cpu, - round(maximum::numeric,2) as max_cpu, - round(average::numeric,2) as avg_cpu, - sample_count - from - aws_rds_db_instance_metric_cpu_utilization_daily - where average < 2 - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n round(minimum::numeric,2)\ + \ as min_cpu,\n round(maximum::numeric,2) as max_cpu,\n round(average::numeric,2)\ + \ as avg_cpu,\n sample_count\nfrom\n aws_rds_db_instance_metric_cpu_utilization_daily\n\ + where average < 2\norder by\n db_instance_identifier,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find AWS RDS DB Instances' Daily CPU Utilization Metrics diff --git a/queries/aws_rds_db_instance_metric_cpu_utilization_hourly_1.yaml b/queries/aws_rds_db_instance_metric_cpu_utilization_hourly_1.yaml index f2b2c1d89..f7c63b9d8 100755 --- a/queries/aws_rds_db_instance_metric_cpu_utilization_hourly_1.yaml +++ b/queries/aws_rds_db_instance_metric_cpu_utilization_hourly_1.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS RDS DB Instance CPU Utilization Metrics on + an hourly basis. ID: aws_rds_db_instance_metric_cpu_utilization_hourly_1 -Title: "Find AWS RDS DB Instance CPU Utilization Hourly Metrics" -Description: "Allows users to query AWS RDS DB Instance CPU Utilization Metrics on an hourly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - minimum, - maximum, - average, - sample_count - from - aws_rds_db_instance_metric_cpu_utilization_hourly - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n minimum,\n \ + \ maximum,\n average,\n sample_count\nfrom\n aws_rds_db_instance_metric_cpu_utilization_hourly\n\ + order by\n db_instance_identifier,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find AWS RDS DB Instance CPU Utilization Hourly Metrics diff --git a/queries/aws_rds_db_instance_metric_cpu_utilization_hourly_2.yaml b/queries/aws_rds_db_instance_metric_cpu_utilization_hourly_2.yaml index 18f67792f..f28cd2b01 100755 --- a/queries/aws_rds_db_instance_metric_cpu_utilization_hourly_2.yaml +++ b/queries/aws_rds_db_instance_metric_cpu_utilization_hourly_2.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query AWS RDS DB Instance CPU Utilization Metrics on + an hourly basis. ID: aws_rds_db_instance_metric_cpu_utilization_hourly_2 -Title: "Find AWS RDS Instances with High CPU Utilization" -Description: "Allows users to query AWS RDS DB Instance CPU Utilization Metrics on an hourly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - round(minimum::numeric,2) as min_cpu, - round(maximum::numeric,2) as max_cpu, - round(average::numeric,2) as avg_cpu, - sample_count - from - aws_rds_db_instance_metric_cpu_utilization_hourly - where average > 80 - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n round(minimum::numeric,2)\ + \ as min_cpu,\n round(maximum::numeric,2) as max_cpu,\n round(average::numeric,2)\ + \ as avg_cpu,\n sample_count\nfrom\n aws_rds_db_instance_metric_cpu_utilization_hourly\n\ + where average > 80\norder by\n db_instance_identifier,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find AWS RDS Instances with High CPU Utilization diff --git a/queries/aws_rds_db_instance_metric_cpu_utilization_hourly_3.yaml b/queries/aws_rds_db_instance_metric_cpu_utilization_hourly_3.yaml index b0230897b..7def7fac1 100755 --- a/queries/aws_rds_db_instance_metric_cpu_utilization_hourly_3.yaml +++ b/queries/aws_rds_db_instance_metric_cpu_utilization_hourly_3.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query AWS RDS DB Instance CPU Utilization Metrics on + an hourly basis. ID: aws_rds_db_instance_metric_cpu_utilization_hourly_3 -Title: "Find AWS RDS DB Instance CPU Utilization on Hourly Basis" -Description: "Allows users to query AWS RDS DB Instance CPU Utilization Metrics on an hourly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - round(minimum::numeric,2) as min_cpu, - round(maximum::numeric,2) as max_cpu, - round(average::numeric,2) as avg_cpu, - sample_count - from - aws_rds_db_instance_metric_cpu_utilization_hourly - where average < 2 - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n round(minimum::numeric,2)\ + \ as min_cpu,\n round(maximum::numeric,2) as max_cpu,\n round(average::numeric,2)\ + \ as avg_cpu,\n sample_count\nfrom\n aws_rds_db_instance_metric_cpu_utilization_hourly\n\ + where average < 2\norder by\n db_instance_identifier,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find AWS RDS DB Instance CPU Utilization on Hourly Basis diff --git a/queries/aws_rds_db_instance_metric_read_iops_1.yaml b/queries/aws_rds_db_instance_metric_read_iops_1.yaml index f03b1effd..fe290e1d3 100755 --- a/queries/aws_rds_db_instance_metric_read_iops_1.yaml +++ b/queries/aws_rds_db_instance_metric_read_iops_1.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query AWS RDS DBInstanceMetricReadIops to retrieve and + monitor the read IOPS (Input/Output Operations Per Second) metrics for Amazon RDS + DB instances. ID: aws_rds_db_instance_metric_read_iops_1 -Title: "Find AWS RDS Read IOPS Metrics for DB Instances" -Description: "Allows users to query AWS RDS DBInstanceMetricReadIops to retrieve and monitor the read IOPS (Input/Output Operations Per Second) metrics for Amazon RDS DB instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_rds_db_instance_metric_read_iops - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n minimum,\n \ + \ maximum,\n average,\n sum,\n sample_count\nfrom\n aws_rds_db_instance_metric_read_iops\n\ + order by\n db_instance_identifier,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find AWS RDS Read IOPS Metrics for DB Instances diff --git a/queries/aws_rds_db_instance_metric_read_iops_2.yaml b/queries/aws_rds_db_instance_metric_read_iops_2.yaml index 8822735de..0876971ad 100755 --- a/queries/aws_rds_db_instance_metric_read_iops_2.yaml +++ b/queries/aws_rds_db_instance_metric_read_iops_2.yaml @@ -1,35 +1,24 @@ +Description: Allows users to query AWS RDS DBInstanceMetricReadIops to retrieve and + monitor the read IOPS (Input/Output Operations Per Second) metrics for Amazon RDS + DB instances. ID: aws_rds_db_instance_metric_read_iops_2 -Title: "Find Read IOPS Metrics for AWS RDS DB Instances" -Description: "Allows users to query AWS RDS DBInstanceMetricReadIops to retrieve and monitor the read IOPS (Input/Output Operations Per Second) metrics for Amazon RDS DB instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_rds_db_instance_metric_read_iops - where - average > 1000 - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n minimum,\n \ + \ maximum,\n average,\n sum,\n sample_count\nfrom\n aws_rds_db_instance_metric_read_iops\n\ + where\n average > 1000\norder by\n db_instance_identifier,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find Read IOPS Metrics for AWS RDS DB Instances diff --git a/queries/aws_rds_db_instance_metric_read_iops_3.yaml b/queries/aws_rds_db_instance_metric_read_iops_3.yaml index 3fa1d9802..99e166b7d 100755 --- a/queries/aws_rds_db_instance_metric_read_iops_3.yaml +++ b/queries/aws_rds_db_instance_metric_read_iops_3.yaml @@ -1,35 +1,24 @@ +Description: Allows users to query AWS RDS DBInstanceMetricReadIops to retrieve and + monitor the read IOPS (Input/Output Operations Per Second) metrics for Amazon RDS + DB instances. ID: aws_rds_db_instance_metric_read_iops_3 -Title: "Find AWS RDS DBInstance Read IOPS Metrics" -Description: "Allows users to query AWS RDS DBInstanceMetricReadIops to retrieve and monitor the read IOPS (Input/Output Operations Per Second) metrics for Amazon RDS DB instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_rds_db_instance_metric_read_iops - where - maximum > 8000 - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n minimum,\n \ + \ maximum,\n average,\n sum,\n sample_count\nfrom\n aws_rds_db_instance_metric_read_iops\n\ + where\n maximum > 8000\norder by\n db_instance_identifier,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon RDS +Title: Find AWS RDS DBInstance Read IOPS Metrics diff --git a/queries/aws_rds_db_instance_metric_read_iops_4.yaml b/queries/aws_rds_db_instance_metric_read_iops_4.yaml index 44b64460b..76297f6e8 100755 --- a/queries/aws_rds_db_instance_metric_read_iops_4.yaml +++ b/queries/aws_rds_db_instance_metric_read_iops_4.yaml @@ -1,39 +1,27 @@ +Description: Allows users to query AWS RDS DBInstanceMetricReadIops to retrieve and + monitor the read IOPS (Input/Output Operations Per Second) metrics for Amazon RDS + DB instances. ID: aws_rds_db_instance_metric_read_iops_4 -Title: "Find AWS RDS DB Instance Read IOPS Metrics" -Description: "Allows users to query AWS RDS DBInstanceMetricReadIops to retrieve and monitor the read IOPS (Input/Output Operations Per Second) metrics for Amazon RDS DB instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.db_instance_identifier, - r.timestamp, - round(r.average) + round(w.average) as iops_avg, - round(r.average) as read_ops_avg, - round(w.average) as write_ops_avg, - round(r.maximum) + round(w.maximum) as iops_max, - round(r.maximum) as read_ops_max, - round(w.maximum) as write_ops_max, - round(r.minimum) + round(w.minimum) as iops_min, - round(r.minimum) as read_ops_min, - round(w.minimum) as write_ops_min - from - aws_rds_db_instance_metric_read_iops as r, - aws_rds_db_instance_metric_write_iops as w - where - r.db_instance_identifier = w.db_instance_identifier - and r.timestamp = w.timestamp - order by - r.db_instance_identifier, - r.timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n r.db_instance_identifier,\n r.timestamp,\n round(r.average)\ + \ + round(w.average) as iops_avg,\n round(r.average) as read_ops_avg,\n round(w.average)\ + \ as write_ops_avg,\n round(r.maximum) + round(w.maximum) as iops_max,\n round(r.maximum)\ + \ as read_ops_max,\n round(w.maximum) as write_ops_max,\n round(r.minimum) +\ + \ round(w.minimum) as iops_min,\n round(r.minimum) as read_ops_min,\n round(w.minimum)\ + \ as write_ops_min\nfrom \n aws_rds_db_instance_metric_read_iops as r,\n aws_rds_db_instance_metric_write_iops\ + \ as w\nwhere \n r.db_instance_identifier = w.db_instance_identifier\n and r.timestamp\ + \ = w.timestamp\norder by\n r.db_instance_identifier,\n r.timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon RDS +Title: Find AWS RDS DB Instance Read IOPS Metrics diff --git a/queries/aws_rds_db_instance_metric_read_iops_daily_1.yaml b/queries/aws_rds_db_instance_metric_read_iops_daily_1.yaml index 8e9fba611..9a3fee340 100755 --- a/queries/aws_rds_db_instance_metric_read_iops_daily_1.yaml +++ b/queries/aws_rds_db_instance_metric_read_iops_daily_1.yaml @@ -1,33 +1,23 @@ +Description: Allows users to query AWS RDS DBInstance metrics for daily read IOPS + (Input/Output Operations Per Second). ID: aws_rds_db_instance_metric_read_iops_daily_1 -Title: "Find AWS RDS DBInstance daily read IOPS metrics" -Description: "Allows users to query AWS RDS DBInstance metrics for daily read IOPS (Input/Output Operations Per Second)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_rds_db_instance_metric_read_iops_daily - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n minimum,\n \ + \ maximum,\n average,\n sum,\n sample_count\nfrom\n aws_rds_db_instance_metric_read_iops_daily\n\ + order by\n db_instance_identifier,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find AWS RDS DBInstance daily read IOPS metrics diff --git a/queries/aws_rds_db_instance_metric_read_iops_daily_2.yaml b/queries/aws_rds_db_instance_metric_read_iops_daily_2.yaml index 1de48a424..d03aaa48d 100755 --- a/queries/aws_rds_db_instance_metric_read_iops_daily_2.yaml +++ b/queries/aws_rds_db_instance_metric_read_iops_daily_2.yaml @@ -1,33 +1,21 @@ +Description: Allows users to query AWS RDS DBInstance metrics for daily read IOPS + (Input/Output Operations Per Second). ID: aws_rds_db_instance_metric_read_iops_daily_2 -Title: "Find AWS RDS DBInstance Metrics for Daily Read IOPS" -Description: "Allows users to query AWS RDS DBInstance metrics for daily read IOPS (Input/Output Operations Per Second)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_rds_db_instance_metric_read_iops_daily - where - average > 1000 - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n minimum,\n \ + \ maximum,\n average,\n sum,\n sample_count\nfrom\n aws_rds_db_instance_metric_read_iops_daily\n\ + where\n average > 1000\norder by\n db_instance_identifier,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find AWS RDS DBInstance Metrics for Daily Read IOPS diff --git a/queries/aws_rds_db_instance_metric_read_iops_daily_3.yaml b/queries/aws_rds_db_instance_metric_read_iops_daily_3.yaml index 8e08e6e4f..d248e3513 100755 --- a/queries/aws_rds_db_instance_metric_read_iops_daily_3.yaml +++ b/queries/aws_rds_db_instance_metric_read_iops_daily_3.yaml @@ -1,35 +1,23 @@ +Description: Allows users to query AWS RDS DBInstance metrics for daily read IOPS + (Input/Output Operations Per Second). ID: aws_rds_db_instance_metric_read_iops_daily_3 -Title: "Find AWS RDS DBInstance Metrics for Daily Read IOPS" -Description: "Allows users to query AWS RDS DBInstance metrics for daily read IOPS (Input/Output Operations Per Second)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_rds_db_instance_metric_read_iops_daily - where - maximum > 8000 - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n minimum,\n \ + \ maximum,\n average,\n sum,\n sample_count\nfrom\n aws_rds_db_instance_metric_read_iops_daily\n\ + where\n maximum > 8000\norder by\n db_instance_identifier,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find AWS RDS DBInstance Metrics for Daily Read IOPS diff --git a/queries/aws_rds_db_instance_metric_read_iops_daily_4.yaml b/queries/aws_rds_db_instance_metric_read_iops_daily_4.yaml index ac2749f43..cbc795da8 100755 --- a/queries/aws_rds_db_instance_metric_read_iops_daily_4.yaml +++ b/queries/aws_rds_db_instance_metric_read_iops_daily_4.yaml @@ -1,39 +1,27 @@ +Description: Allows users to query AWS RDS DBInstance metrics for daily read IOPS + (Input/Output Operations Per Second). ID: aws_rds_db_instance_metric_read_iops_daily_4 -Title: "List all AWS RDS DBInstance daily read IOPS metrics" -Description: "Allows users to query AWS RDS DBInstance metrics for daily read IOPS (Input/Output Operations Per Second)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.db_instance_identifier, - r.timestamp, - round(r.average) + round(w.average) as iops_avg, - round(r.average) as read_ops_avg, - round(w.average) as write_ops_avg, - round(r.maximum) + round(w.maximum) as iops_max, - round(r.maximum) as read_ops_max, - round(w.maximum) as write_ops_max, - round(r.minimum) + round(w.minimum) as iops_min, - round(r.minimum) as read_ops_min, - round(w.minimum) as write_ops_min - from - aws_rds_db_instance_metric_read_iops_daily as r, - aws_rds_db_instance_metric_write_iops_daily as w - where - r.db_instance_identifier = w.db_instance_identifier - and r.timestamp = w.timestamp - order by - r.db_instance_identifier, - r.timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n r.db_instance_identifier,\n r.timestamp,\n round(r.average)\ + \ + round(w.average) as iops_avg,\n round(r.average) as read_ops_avg,\n round(w.average)\ + \ as write_ops_avg,\n round(r.maximum) + round(w.maximum) as iops_max,\n round(r.maximum)\ + \ as read_ops_max,\n round(w.maximum) as write_ops_max,\n round(r.minimum) +\ + \ round(w.minimum) as iops_min,\n round(r.minimum) as read_ops_min,\n round(w.minimum)\ + \ as write_ops_min\nfrom \n aws_rds_db_instance_metric_read_iops_daily as r,\n\ + \ aws_rds_db_instance_metric_write_iops_daily as w\nwhere \n r.db_instance_identifier\ + \ = w.db_instance_identifier\n and r.timestamp = w.timestamp\norder by\n r.db_instance_identifier,\n\ + \ r.timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List all AWS RDS DBInstance daily read IOPS metrics diff --git a/queries/aws_rds_db_instance_metric_read_iops_hourly_1.yaml b/queries/aws_rds_db_instance_metric_read_iops_hourly_1.yaml index be6dbcab6..8c8073e2f 100755 --- a/queries/aws_rds_db_instance_metric_read_iops_hourly_1.yaml +++ b/queries/aws_rds_db_instance_metric_read_iops_hourly_1.yaml @@ -1,33 +1,23 @@ +Description: Allows users to query AWS RDS DB Instances and retrieve hourly metrics + related to read IOPS (Input/Output Operations Per Second). ID: aws_rds_db_instance_metric_read_iops_hourly_1 -Title: "List all AWS RDS DB Instances with Read IOPS Metrics" -Description: "Allows users to query AWS RDS DB Instances and retrieve hourly metrics related to read IOPS (Input/Output Operations Per Second)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_rds_db_instance_metric_read_iops_hourly - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n minimum,\n \ + \ maximum,\n average,\n sum,\n sample_count\nfrom\n aws_rds_db_instance_metric_read_iops_hourly\n\ + order by\n db_instance_identifier,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List all AWS RDS DB Instances with Read IOPS Metrics diff --git a/queries/aws_rds_db_instance_metric_read_iops_hourly_2.yaml b/queries/aws_rds_db_instance_metric_read_iops_hourly_2.yaml index 3a9ccab9b..eaa90ac8a 100755 --- a/queries/aws_rds_db_instance_metric_read_iops_hourly_2.yaml +++ b/queries/aws_rds_db_instance_metric_read_iops_hourly_2.yaml @@ -1,35 +1,23 @@ +Description: Allows users to query AWS RDS DB Instances and retrieve hourly metrics + related to read IOPS (Input/Output Operations Per Second). ID: aws_rds_db_instance_metric_read_iops_hourly_2 -Title: "Find AWS RDS DB Instances Hourly Read IOPS Over 1000" -Description: "Allows users to query AWS RDS DB Instances and retrieve hourly metrics related to read IOPS (Input/Output Operations Per Second)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_rds_db_instance_metric_read_iops_hourly - where - average > 1000 - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n minimum,\n \ + \ maximum,\n average,\n sum,\n sample_count\nfrom\n aws_rds_db_instance_metric_read_iops_hourly\n\ + where\n average > 1000\norder by\n db_instance_identifier,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find AWS RDS DB Instances Hourly Read IOPS Over 1000 diff --git a/queries/aws_rds_db_instance_metric_read_iops_hourly_3.yaml b/queries/aws_rds_db_instance_metric_read_iops_hourly_3.yaml index 7240f51e9..fff23cbdf 100755 --- a/queries/aws_rds_db_instance_metric_read_iops_hourly_3.yaml +++ b/queries/aws_rds_db_instance_metric_read_iops_hourly_3.yaml @@ -1,33 +1,21 @@ +Description: Allows users to query AWS RDS DB Instances and retrieve hourly metrics + related to read IOPS (Input/Output Operations Per Second). ID: aws_rds_db_instance_metric_read_iops_hourly_3 -Title: "Find AWS RDS DB Instances Reading Over 8000 IOPS" -Description: "Allows users to query AWS RDS DB Instances and retrieve hourly metrics related to read IOPS (Input/Output Operations Per Second)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_rds_db_instance_metric_read_iops_hourly - where - maximum > 8000 - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n minimum,\n \ + \ maximum,\n average,\n sum,\n sample_count\nfrom\n aws_rds_db_instance_metric_read_iops_hourly\n\ + where\n maximum > 8000\norder by\n db_instance_identifier,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find AWS RDS DB Instances Reading Over 8000 IOPS diff --git a/queries/aws_rds_db_instance_metric_read_iops_hourly_4.yaml b/queries/aws_rds_db_instance_metric_read_iops_hourly_4.yaml index 8a8f801cd..0964a23b4 100755 --- a/queries/aws_rds_db_instance_metric_read_iops_hourly_4.yaml +++ b/queries/aws_rds_db_instance_metric_read_iops_hourly_4.yaml @@ -1,39 +1,28 @@ +Description: Allows users to query AWS RDS DB Instances and retrieve hourly metrics + related to read IOPS (Input/Output Operations Per Second). ID: aws_rds_db_instance_metric_read_iops_hourly_4 -Title: "Find AWS RDS Instances Hourly Read IOPS Metrics" -Description: "Allows users to query AWS RDS DB Instances and retrieve hourly metrics related to read IOPS (Input/Output Operations Per Second)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.db_instance_identifier, - r.timestamp, - v.iops as provisioned_iops, - round(r.average) +round(w.average) as iops_avg, - round(r.average) as read_ops_avg, - round(w.average) as write_ops_avg - from - aws_rds_db_instance_metric_read_iops_hourly as r, - aws_rds_db_instance_metric_write_iops_hourly as w, - aws_rds_db_instance as v - where - r.db_instance_identifier = w.db_instance_identifier - and r.timestamp = w.timestamp - and v.db_instance_identifier = r.db_instance_identifier - and r.average + w.average > v.iops - order by - r.db_instance_identifier, - r.timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n r.db_instance_identifier,\n r.timestamp,\n v.iops\ + \ as provisioned_iops,\n round(r.average) +round(w.average) as iops_avg,\n round(r.average)\ + \ as read_ops_avg,\n round(w.average) as write_ops_avg\nfrom \n aws_rds_db_instance_metric_read_iops_hourly\ + \ as r,\n aws_rds_db_instance_metric_write_iops_hourly as w,\n aws_rds_db_instance\ + \ as v\nwhere \n r.db_instance_identifier = w.db_instance_identifier\n and r.timestamp\ + \ = w.timestamp\n and v.db_instance_identifier = r.db_instance_identifier \n\ + \ and r.average + w.average > v.iops\norder by\n r.db_instance_identifier,\n\ + \ r.timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find AWS RDS Instances Hourly Read IOPS Metrics diff --git a/queries/aws_rds_db_instance_metric_read_iops_hourly_5.yaml b/queries/aws_rds_db_instance_metric_read_iops_hourly_5.yaml index 151a6a473..6e5b093c6 100755 --- a/queries/aws_rds_db_instance_metric_read_iops_hourly_5.yaml +++ b/queries/aws_rds_db_instance_metric_read_iops_hourly_5.yaml @@ -1,41 +1,29 @@ +Description: Allows users to query AWS RDS DB Instances and retrieve hourly metrics + related to read IOPS (Input/Output Operations Per Second). ID: aws_rds_db_instance_metric_read_iops_hourly_5 -Title: "List all AWS RDS DB Instances with Hourly Read IOPS Metrics" -Description: "Allows users to query AWS RDS DB Instances and retrieve hourly metrics related to read IOPS (Input/Output Operations Per Second)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.db_instance_identifier, - r.timestamp, - round(r.average) + round(w.average) as iops_avg, - round(r.average) as read_ops_avg, - round(w.average) as write_ops_avg, - round(r.maximum) + round(w.maximum) as iops_max, - round(r.maximum) as read_ops_max, - round(w.maximum) as write_ops_max, - round(r.minimum) + round(w.minimum) as iops_min, - round(r.minimum) as read_ops_min, - round(w.minimum) as write_ops_min - from - aws_rds_db_instance_metric_read_iops_hourly as r, - aws_rds_db_instance_metric_write_iops_hourly as w - where - r.db_instance_identifier = w.db_instance_identifier - and r.timestamp = w.timestamp - order by - r.db_instance_identifier, - r.timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n r.db_instance_identifier,\n r.timestamp,\n round(r.average)\ + \ + round(w.average) as iops_avg,\n round(r.average) as read_ops_avg,\n round(w.average)\ + \ as write_ops_avg,\n round(r.maximum) + round(w.maximum) as iops_max,\n round(r.maximum)\ + \ as read_ops_max,\n round(w.maximum) as write_ops_max,\n round(r.minimum) +\ + \ round(w.minimum) as iops_min,\n round(r.minimum) as read_ops_min,\n round(w.minimum)\ + \ as write_ops_min\nfrom \n aws_rds_db_instance_metric_read_iops_hourly as r,\n\ + \ aws_rds_db_instance_metric_write_iops_hourly as w\nwhere \n r.db_instance_identifier\ + \ = w.db_instance_identifier\n and r.timestamp = w.timestamp\norder by\n r.db_instance_identifier,\n\ + \ r.timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List all AWS RDS DB Instances with Hourly Read IOPS Metrics diff --git a/queries/aws_rds_db_instance_metric_write_iops_1.yaml b/queries/aws_rds_db_instance_metric_write_iops_1.yaml index 33651c8c1..2a5534751 100755 --- a/queries/aws_rds_db_instance_metric_write_iops_1.yaml +++ b/queries/aws_rds_db_instance_metric_write_iops_1.yaml @@ -1,33 +1,23 @@ +Description: Allows users to query AWS RDS DBInstance Write IOPS to retrieve metrics + on the write input/output operations per second. ID: aws_rds_db_instance_metric_write_iops_1 -Title: "List AWS RDS DBInstance Write IOPS Metrics" -Description: "Allows users to query AWS RDS DBInstance Write IOPS to retrieve metrics on the write input/output operations per second." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_rds_db_instance_metric_write_iops - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n minimum,\n \ + \ maximum,\n average,\n sum,\n sample_count\nfrom\n aws_rds_db_instance_metric_write_iops\n\ + order by\n db_instance_identifier,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS DBInstance +Title: List AWS RDS DBInstance Write IOPS Metrics diff --git a/queries/aws_rds_db_instance_metric_write_iops_2.yaml b/queries/aws_rds_db_instance_metric_write_iops_2.yaml index 3887e2e67..89470afc8 100755 --- a/queries/aws_rds_db_instance_metric_write_iops_2.yaml +++ b/queries/aws_rds_db_instance_metric_write_iops_2.yaml @@ -1,33 +1,21 @@ +Description: Allows users to query AWS RDS DBInstance Write IOPS to retrieve metrics + on the write input/output operations per second. ID: aws_rds_db_instance_metric_write_iops_2 -Title: "Find AWS RDS DBInstance Write IOPS Metrics" -Description: "Allows users to query AWS RDS DBInstance Write IOPS to retrieve metrics on the write input/output operations per second." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_rds_db_instance_metric_write_iops - where - average > 1000 - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n minimum,\n \ + \ maximum,\n average,\n sum,\n sample_count\nfrom\n aws_rds_db_instance_metric_write_iops\n\ + where\n average > 1000\norder by\n db_instance_identifier,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS RDS +Title: Find AWS RDS DBInstance Write IOPS Metrics diff --git a/queries/aws_rds_db_instance_metric_write_iops_3.yaml b/queries/aws_rds_db_instance_metric_write_iops_3.yaml index ac07f157f..ca3b83b7d 100755 --- a/queries/aws_rds_db_instance_metric_write_iops_3.yaml +++ b/queries/aws_rds_db_instance_metric_write_iops_3.yaml @@ -1,33 +1,21 @@ +Description: Allows users to query AWS RDS DBInstance Write IOPS to retrieve metrics + on the write input/output operations per second. ID: aws_rds_db_instance_metric_write_iops_3 -Title: "List AWS RDS DBInstance Write IOPS Metrics" -Description: "Allows users to query AWS RDS DBInstance Write IOPS to retrieve metrics on the write input/output operations per second." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_rds_db_instance_metric_write_iops - where - maximum > 8000 - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n minimum,\n \ + \ maximum,\n average,\n sum,\n sample_count\nfrom\n aws_rds_db_instance_metric_write_iops\n\ + where\n maximum > 8000\norder by\n db_instance_identifier,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List AWS RDS DBInstance Write IOPS Metrics diff --git a/queries/aws_rds_db_instance_metric_write_iops_4.yaml b/queries/aws_rds_db_instance_metric_write_iops_4.yaml index 6c2aad7d8..3da0d958e 100755 --- a/queries/aws_rds_db_instance_metric_write_iops_4.yaml +++ b/queries/aws_rds_db_instance_metric_write_iops_4.yaml @@ -1,39 +1,26 @@ +Description: Allows users to query AWS RDS DBInstance Write IOPS to retrieve metrics + on the write input/output operations per second. ID: aws_rds_db_instance_metric_write_iops_4 -Title: "Find AWS RDS Write IOPS Metrics Using SQL" -Description: "Allows users to query AWS RDS DBInstance Write IOPS to retrieve metrics on the write input/output operations per second." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.db_instance_identifier, - r.timestamp, - round(r.average) + round(w.average) as iops_avg, - round(r.average) as read_ops_avg, - round(w.average) as write_ops_avg, - round(r.maximum) + round(w.maximum) as iops_max, - round(r.maximum) as read_ops_max, - round(w.maximum) as write_ops_max, - round(r.minimum) + round(w.minimum) as iops_min, - round(r.minimum) as read_ops_min, - round(w.minimum) as write_ops_min - from - aws_rds_db_instance_metric_read_iops as r, - aws_rds_db_instance_metric_write_iops as w - where - r.db_instance_identifier = w.db_instance_identifier - and r.timestamp = w.timestamp - order by - r.db_instance_identifier, - r.timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n r.db_instance_identifier,\n r.timestamp,\n round(r.average)\ + \ + round(w.average) as iops_avg,\n round(r.average) as read_ops_avg,\n round(w.average)\ + \ as write_ops_avg,\n round(r.maximum) + round(w.maximum) as iops_max,\n round(r.maximum)\ + \ as read_ops_max,\n round(w.maximum) as write_ops_max,\n round(r.minimum) +\ + \ round(w.minimum) as iops_min,\n round(r.minimum) as read_ops_min,\n round(w.minimum)\ + \ as write_ops_min\nfrom \n aws_rds_db_instance_metric_read_iops as r,\n aws_rds_db_instance_metric_write_iops\ + \ as w\nwhere \n r.db_instance_identifier = w.db_instance_identifier\n and r.timestamp\ + \ = w.timestamp\norder by\n r.db_instance_identifier,\n r.timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find AWS RDS Write IOPS Metrics Using SQL diff --git a/queries/aws_rds_db_instance_metric_write_iops_daily_1.yaml b/queries/aws_rds_db_instance_metric_write_iops_daily_1.yaml index a613bcadb..841623156 100755 --- a/queries/aws_rds_db_instance_metric_write_iops_daily_1.yaml +++ b/queries/aws_rds_db_instance_metric_write_iops_daily_1.yaml @@ -1,31 +1,20 @@ +Description: Allows users to query AWS RDS DBInstance metrics for daily write IOPS. ID: aws_rds_db_instance_metric_write_iops_daily_1 -Title: "List Daily Write IOPS for AWS RDS DBInstances" -Description: "Allows users to query AWS RDS DBInstance metrics for daily write IOPS." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_rds_db_instance_metric_write_iops_daily - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n minimum,\n \ + \ maximum,\n average,\n sum,\n sample_count\nfrom\n aws_rds_db_instance_metric_write_iops_daily\n\ + order by\n db_instance_identifier,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List Daily Write IOPS for AWS RDS DBInstances diff --git a/queries/aws_rds_db_instance_metric_write_iops_daily_2.yaml b/queries/aws_rds_db_instance_metric_write_iops_daily_2.yaml index 8c029dc41..5ba5f2c5a 100755 --- a/queries/aws_rds_db_instance_metric_write_iops_daily_2.yaml +++ b/queries/aws_rds_db_instance_metric_write_iops_daily_2.yaml @@ -1,35 +1,22 @@ +Description: Allows users to query AWS RDS DBInstance metrics for daily write IOPS. ID: aws_rds_db_instance_metric_write_iops_daily_2 -Title: "List all AWS RDS DBInstance Daily Write IOPS Metrics" -Description: "Allows users to query AWS RDS DBInstance metrics for daily write IOPS." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_rds_db_instance_metric_write_iops_daily - where - average > 1000 - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n minimum,\n \ + \ maximum,\n average,\n sum,\n sample_count\nfrom\n aws_rds_db_instance_metric_write_iops_daily\n\ + where\n average > 1000\norder by\n db_instance_identifier,\n timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List all AWS RDS DBInstance Daily Write IOPS Metrics diff --git a/queries/aws_rds_db_instance_metric_write_iops_daily_3.yaml b/queries/aws_rds_db_instance_metric_write_iops_daily_3.yaml index 4b9869493..e90afc73e 100755 --- a/queries/aws_rds_db_instance_metric_write_iops_daily_3.yaml +++ b/queries/aws_rds_db_instance_metric_write_iops_daily_3.yaml @@ -1,33 +1,20 @@ +Description: Allows users to query AWS RDS DBInstance metrics for daily write IOPS. ID: aws_rds_db_instance_metric_write_iops_daily_3 -Title: "List AWS RDS DBInstance Daily Write IOPS Metrics" -Description: "Allows users to query AWS RDS DBInstance metrics for daily write IOPS." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_rds_db_instance_metric_write_iops_daily - where - maximum > 8000 - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n minimum,\n \ + \ maximum,\n average,\n sum,\n sample_count\nfrom\n aws_rds_db_instance_metric_write_iops_daily\n\ + where\n maximum > 8000\norder by\n db_instance_identifier,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List AWS RDS DBInstance Daily Write IOPS Metrics diff --git a/queries/aws_rds_db_instance_metric_write_iops_daily_4.yaml b/queries/aws_rds_db_instance_metric_write_iops_daily_4.yaml index 3304144b0..052f11998 100755 --- a/queries/aws_rds_db_instance_metric_write_iops_daily_4.yaml +++ b/queries/aws_rds_db_instance_metric_write_iops_daily_4.yaml @@ -1,39 +1,26 @@ +Description: Allows users to query AWS RDS DBInstance metrics for daily write IOPS. ID: aws_rds_db_instance_metric_write_iops_daily_4 -Title: "List all AWS RDS DBInstance Daily Write IOPS Metrics" -Description: "Allows users to query AWS RDS DBInstance metrics for daily write IOPS." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.db_instance_identifier, - r.timestamp, - round(r.average) + round(w.average) as iops_avg, - round(r.average) as read_ops_avg, - round(w.average) as write_ops_avg, - round(r.maximum) + round(w.maximum) as iops_max, - round(r.maximum) as read_ops_max, - round(w.maximum) as write_ops_max, - round(r.minimum) + round(w.minimum) as iops_min, - round(r.minimum) as read_ops_min, - round(w.minimum) as write_ops_min - from - aws_rds_db_instance_metric_read_iops_daily as r, - aws_rds_db_instance_metric_write_iops_daily as w - where - r.db_instance_identifier = w.db_instance_identifier - and r.timestamp = w.timestamp - order by - r.db_instance_identifier, - r.timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n r.db_instance_identifier,\n r.timestamp,\n round(r.average)\ + \ + round(w.average) as iops_avg,\n round(r.average) as read_ops_avg,\n round(w.average)\ + \ as write_ops_avg,\n round(r.maximum) + round(w.maximum) as iops_max,\n round(r.maximum)\ + \ as read_ops_max,\n round(w.maximum) as write_ops_max,\n round(r.minimum) +\ + \ round(w.minimum) as iops_min,\n round(r.minimum) as read_ops_min,\n round(w.minimum)\ + \ as write_ops_min\nfrom \n aws_rds_db_instance_metric_read_iops_daily as r,\n\ + \ aws_rds_db_instance_metric_write_iops_daily as w\nwhere \n r.db_instance_identifier\ + \ = w.db_instance_identifier\n and r.timestamp = w.timestamp\norder by\n r.db_instance_identifier,\n\ + \ r.timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List all AWS RDS DBInstance Daily Write IOPS Metrics diff --git a/queries/aws_rds_db_instance_metric_write_iops_hourly_1.yaml b/queries/aws_rds_db_instance_metric_write_iops_hourly_1.yaml index 8ba01f53d..ae47904ab 100755 --- a/queries/aws_rds_db_instance_metric_write_iops_hourly_1.yaml +++ b/queries/aws_rds_db_instance_metric_write_iops_hourly_1.yaml @@ -1,31 +1,21 @@ +Description: Allows users to query AWS RDS DBInstance write IOPS metrics on an hourly + basis. ID: aws_rds_db_instance_metric_write_iops_hourly_1 -Title: "List All AWS RDS DBInstance Write IOPS Metrics Hourly" -Description: "Allows users to query AWS RDS DBInstance write IOPS metrics on an hourly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_rds_db_instance_metric_write_iops_hourly - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n minimum,\n \ + \ maximum,\n average,\n sum,\n sample_count\nfrom\n aws_rds_db_instance_metric_write_iops_hourly\n\ + order by\n db_instance_identifier,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List All AWS RDS DBInstance Write IOPS Metrics Hourly diff --git a/queries/aws_rds_db_instance_metric_write_iops_hourly_2.yaml b/queries/aws_rds_db_instance_metric_write_iops_hourly_2.yaml index 1d9c151d4..fc76f9718 100755 --- a/queries/aws_rds_db_instance_metric_write_iops_hourly_2.yaml +++ b/queries/aws_rds_db_instance_metric_write_iops_hourly_2.yaml @@ -1,33 +1,21 @@ +Description: Allows users to query AWS RDS DBInstance write IOPS metrics on an hourly + basis. ID: aws_rds_db_instance_metric_write_iops_hourly_2 -Title: "Find AWS RDS DBInstance Write IOPS Metrics Hourly" -Description: "Allows users to query AWS RDS DBInstance write IOPS metrics on an hourly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_rds_db_instance_metric_write_iops_hourly - where - average > 1000 - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n minimum,\n \ + \ maximum,\n average,\n sum,\n sample_count\nfrom\n aws_rds_db_instance_metric_write_iops_hourly\n\ + where\n average > 1000\norder by\n db_instance_identifier,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find AWS RDS DBInstance Write IOPS Metrics Hourly diff --git a/queries/aws_rds_db_instance_metric_write_iops_hourly_3.yaml b/queries/aws_rds_db_instance_metric_write_iops_hourly_3.yaml index c9b882ec1..017ecb4fe 100755 --- a/queries/aws_rds_db_instance_metric_write_iops_hourly_3.yaml +++ b/queries/aws_rds_db_instance_metric_write_iops_hourly_3.yaml @@ -1,33 +1,21 @@ +Description: Allows users to query AWS RDS DBInstance write IOPS metrics on an hourly + basis. ID: aws_rds_db_instance_metric_write_iops_hourly_3 -Title: "Find AWS RDS DBInstance Write IOPS Metrics Hourly" -Description: "Allows users to query AWS RDS DBInstance write IOPS metrics on an hourly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_instance_identifier, - timestamp, - minimum, - maximum, - average, - sum, - sample_count - from - aws_rds_db_instance_metric_write_iops_hourly - where - maximum > 8000 - order by - db_instance_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_instance_identifier,\n timestamp,\n minimum,\n \ + \ maximum,\n average,\n sum,\n sample_count\nfrom\n aws_rds_db_instance_metric_write_iops_hourly\n\ + where\n maximum > 8000\norder by\n db_instance_identifier,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find AWS RDS DBInstance Write IOPS Metrics Hourly diff --git a/queries/aws_rds_db_instance_metric_write_iops_hourly_4.yaml b/queries/aws_rds_db_instance_metric_write_iops_hourly_4.yaml index 56daee944..32c89cf10 100755 --- a/queries/aws_rds_db_instance_metric_write_iops_hourly_4.yaml +++ b/queries/aws_rds_db_instance_metric_write_iops_hourly_4.yaml @@ -1,39 +1,28 @@ +Description: Allows users to query AWS RDS DBInstance write IOPS metrics on an hourly + basis. ID: aws_rds_db_instance_metric_write_iops_hourly_4 -Title: "List AWS RDS DBInstance Hourly Write IOPS Metrics" -Description: "Allows users to query AWS RDS DBInstance write IOPS metrics on an hourly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.db_instance_identifier, - r.timestamp, - v.iops as provisioned_iops, - round(r.average) +round(w.average) as iops_avg, - round(r.average) as read_ops_avg, - round(w.average) as write_ops_avg - from - aws_rds_db_instance_metric_read_iops_hourly as r, - aws_rds_db_instance_metric_write_iops_hourly as w, - aws_rds_db_instance as v - where - r.db_instance_identifier = w.db_instance_identifier - and r.timestamp = w.timestamp - and v.db_instance_identifier = r.db_instance_identifier - and r.average + w.average > v.iops - order by - r.db_instance_identifier, - r.timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n r.db_instance_identifier,\n r.timestamp,\n v.iops\ + \ as provisioned_iops,\n round(r.average) +round(w.average) as iops_avg,\n round(r.average)\ + \ as read_ops_avg,\n round(w.average) as write_ops_avg\nfrom \n aws_rds_db_instance_metric_read_iops_hourly\ + \ as r,\n aws_rds_db_instance_metric_write_iops_hourly as w,\n aws_rds_db_instance\ + \ as v\nwhere \n r.db_instance_identifier = w.db_instance_identifier\n and r.timestamp\ + \ = w.timestamp\n and v.db_instance_identifier = r.db_instance_identifier \n\ + \ and r.average + w.average > v.iops\norder by\n r.db_instance_identifier,\n\ + \ r.timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List AWS RDS DBInstance Hourly Write IOPS Metrics diff --git a/queries/aws_rds_db_instance_metric_write_iops_hourly_5.yaml b/queries/aws_rds_db_instance_metric_write_iops_hourly_5.yaml index 85b89404e..c55275372 100755 --- a/queries/aws_rds_db_instance_metric_write_iops_hourly_5.yaml +++ b/queries/aws_rds_db_instance_metric_write_iops_hourly_5.yaml @@ -1,41 +1,29 @@ +Description: Allows users to query AWS RDS DBInstance write IOPS metrics on an hourly + basis. ID: aws_rds_db_instance_metric_write_iops_hourly_5 -Title: "Find AWS RDS DBInstance Write IOPS Metrics Hourly" -Description: "Allows users to query AWS RDS DBInstance write IOPS metrics on an hourly basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.db_instance_identifier, - r.timestamp, - round(r.average) + round(w.average) as iops_avg, - round(r.average) as read_ops_avg, - round(w.average) as write_ops_avg, - round(r.maximum) + round(w.maximum) as iops_max, - round(r.maximum) as read_ops_max, - round(w.maximum) as write_ops_max, - round(r.minimum) + round(w.minimum) as iops_min, - round(r.minimum) as read_ops_min, - round(w.minimum) as write_ops_min - from - aws_rds_db_instance_metric_read_iops_hourly as r, - aws_rds_db_instance_metric_write_iops_hourly as w - where - r.db_instance_identifier = w.db_instance_identifier - and r.timestamp = w.timestamp - order by - r.db_instance_identifier, - r.timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n r.db_instance_identifier,\n r.timestamp,\n round(r.average)\ + \ + round(w.average) as iops_avg,\n round(r.average) as read_ops_avg,\n round(w.average)\ + \ as write_ops_avg,\n round(r.maximum) + round(w.maximum) as iops_max,\n round(r.maximum)\ + \ as read_ops_max,\n round(w.maximum) as write_ops_max,\n round(r.minimum) +\ + \ round(w.minimum) as iops_min,\n round(r.minimum) as read_ops_min,\n round(w.minimum)\ + \ as write_ops_min\nfrom \n aws_rds_db_instance_metric_read_iops_hourly as r,\n\ + \ aws_rds_db_instance_metric_write_iops_hourly as w\nwhere \n r.db_instance_identifier\ + \ = w.db_instance_identifier\n and r.timestamp = w.timestamp\norder by\n r.db_instance_identifier,\n\ + \ r.timestamp;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find AWS RDS DBInstance Write IOPS Metrics Hourly diff --git a/queries/aws_rds_db_option_group_1.yaml b/queries/aws_rds_db_option_group_1.yaml index ca5817875..f1f7f6f80 100755 --- a/queries/aws_rds_db_option_group_1.yaml +++ b/queries/aws_rds_db_option_group_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS RDS DB Option Groups and provides information + about the option groups within Amazon Relational Database Service (RDS). ID: aws_rds_db_option_group_1 -Title: "List all AWS RDS DB Option Groups with details" -Description: "Allows users to query AWS RDS DB Option Groups and provides information about the option groups within Amazon Relational Database Service (RDS)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - description, - engine_name, - major_engine_version, - vpc_id - from - aws_rds_db_option_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n description,\n engine_name,\n major_engine_version,\n\ + \ vpc_id\nfrom\n aws_rds_db_option_group;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Relational Database Service +Title: List all AWS RDS DB Option Groups with details diff --git a/queries/aws_rds_db_option_group_2.yaml b/queries/aws_rds_db_option_group_2.yaml index da5a84070..cc4120c50 100755 --- a/queries/aws_rds_db_option_group_2.yaml +++ b/queries/aws_rds_db_option_group_2.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS RDS DB Option Groups and provides information + about the option groups within Amazon Relational Database Service (RDS). ID: aws_rds_db_option_group_2 -Title: "List all AWS RDS DB Option Groups with SQL" -Description: "Allows users to query AWS RDS DB Option Groups and provides information about the option groups within Amazon Relational Database Service (RDS)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - description, - engine_name, - allows_vpc_and_non_vpc_instance_memberships - from - aws_rds_db_option_group - where - allows_vpc_and_non_vpc_instance_memberships; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n description,\n engine_name,\n allows_vpc_and_non_vpc_instance_memberships\n\ + from\n aws_rds_db_option_group\nwhere\n allows_vpc_and_non_vpc_instance_memberships;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Relational Database Service +Title: List all AWS RDS DB Option Groups with SQL diff --git a/queries/aws_rds_db_option_group_3.yaml b/queries/aws_rds_db_option_group_3.yaml index 51ce61dfd..70b8f8ff8 100755 --- a/queries/aws_rds_db_option_group_3.yaml +++ b/queries/aws_rds_db_option_group_3.yaml @@ -1,30 +1,25 @@ +Description: Allows users to query AWS RDS DB Option Groups and provides information + about the option groups within Amazon Relational Database Service (RDS). ID: aws_rds_db_option_group_3 -Title: "Find AWS RDS DB Option Groups within Amazon RDS" -Description: "Allows users to query AWS RDS DB Option Groups and provides information about the option groups within Amazon Relational Database Service (RDS)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - option ->> 'OptionName' as option_name, - option -> 'Permanent' as Permanent, - option -> 'Persistent' as Persistent, - option -> 'VpcSecurityGroupMemberships' as vpc_security_group_membership, - option -> 'Port' as Port - from - aws_rds_db_option_group - cross join jsonb_array_elements(options) as option; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n option ->> 'OptionName' as option_name,\n option\ + \ -> 'Permanent' as Permanent,\n option -> 'Persistent' as Persistent,\n option\ + \ -> 'VpcSecurityGroupMemberships' as vpc_security_group_membership,\n option\ + \ -> 'Port' as Port\nfrom\n aws_rds_db_option_group\n cross join jsonb_array_elements(options)\ + \ as option;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon RDS +Title: Find AWS RDS DB Option Groups within Amazon RDS diff --git a/queries/aws_rds_db_parameter_group_1.yaml b/queries/aws_rds_db_parameter_group_1.yaml index 0c28234e5..57cf7798b 100755 --- a/queries/aws_rds_db_parameter_group_1.yaml +++ b/queries/aws_rds_db_parameter_group_1.yaml @@ -1,26 +1,23 @@ +Description: Allows users to query AWS RDS DB Parameter Groups, providing information + about the configurations that control the behavior of the databases that they are + associated with. ID: aws_rds_db_parameter_group_1 -Title: "Find AWS RDS DB Parameter Groups' Configurations" -Description: "Allows users to query AWS RDS DB Parameter Groups, providing information about the configurations that control the behavior of the databases that they are associated with." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - description, - db_parameter_group_family - from - aws_rds_db_parameter_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n description,\n db_parameter_group_family\n\ + from\n aws_rds_db_parameter_group;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS DB Parameter Groups +Title: Find AWS RDS DB Parameter Groups' Configurations diff --git a/queries/aws_rds_db_parameter_group_2.yaml b/queries/aws_rds_db_parameter_group_2.yaml index bba23b352..36645c3c1 100755 --- a/queries/aws_rds_db_parameter_group_2.yaml +++ b/queries/aws_rds_db_parameter_group_2.yaml @@ -1,34 +1,28 @@ +Description: Allows users to query AWS RDS DB Parameter Groups, providing information + about the configurations that control the behavior of the databases that they are + associated with. ID: aws_rds_db_parameter_group_2 -Title: "List all AWS RDS DB Parameter Groups configurations" -Description: "Allows users to query AWS RDS DB Parameter Groups, providing information about the configurations that control the behavior of the databases that they are associated with." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - db_parameter_group_family, - pg ->> 'ParameterName' as parameter_name, - pg ->> 'ParameterValue' as parameter_value, - pg ->> 'AllowedValues' as allowed_values, - pg ->> 'ApplyType' as apply_type, - pg ->> 'IsModifiable' as is_modifiable, - pg ->> 'DataType' as data_type, - pg ->> 'Description' as description, - pg ->> 'MinimumEngineVersion' as minimum_engine_version - from - aws_rds_db_parameter_group - cross join jsonb_array_elements(parameters) as pg; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n db_parameter_group_family,\n pg ->> 'ParameterName'\ + \ as parameter_name,\n pg ->> 'ParameterValue' as parameter_value,\n pg ->>\ + \ 'AllowedValues' as allowed_values,\n pg ->> 'ApplyType' as apply_type,\n pg\ + \ ->> 'IsModifiable' as is_modifiable,\n pg ->> 'DataType' as data_type,\n pg\ + \ ->> 'Description' as description,\n pg ->> 'MinimumEngineVersion' as minimum_engine_version\n\ + from\n aws_rds_db_parameter_group\n cross join jsonb_array_elements(parameters)\ + \ as pg;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List all AWS RDS DB Parameter Groups configurations diff --git a/queries/aws_rds_db_proxy_1.yaml b/queries/aws_rds_db_proxy_1.yaml index ee10c99f0..2da69bb3d 100755 --- a/queries/aws_rds_db_proxy_1.yaml +++ b/queries/aws_rds_db_proxy_1.yaml @@ -1,24 +1,20 @@ +Description: Allows users to query DB Proxies in Amazon RDS to fetch detailed information + about each proxy, including its ARN, name, engine family, role ARN, status, and + more. ID: aws_rds_db_proxy_1 -Title: "Find Amazon RDS DB Proxy Details via SQL Query" -Description: "Allows users to query DB Proxies in Amazon RDS to fetch detailed information about each proxy, including its ARN, name, engine family, role ARN, status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_proxy_name, - status, - engine_family - from - aws_rds_db_proxy; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_proxy_name,\n status,\n engine_family\nfrom\n aws_rds_db_proxy;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon RDS +Title: Find Amazon RDS DB Proxy Details via SQL Query diff --git a/queries/aws_rds_db_proxy_2.yaml b/queries/aws_rds_db_proxy_2.yaml index 3e72f96ed..8d24a293a 100755 --- a/queries/aws_rds_db_proxy_2.yaml +++ b/queries/aws_rds_db_proxy_2.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query DB Proxies in Amazon RDS to fetch detailed information + about each proxy, including its ARN, name, engine family, role ARN, status, and + more. ID: aws_rds_db_proxy_2 -Title: "List all Detailed Information of Amazon RDS DB Proxies" -Description: "Allows users to query DB Proxies in Amazon RDS to fetch detailed information about each proxy, including its ARN, name, engine family, role ARN, status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_proxy_name, - engine_family, - a ->> 'AuthScheme' as auth_scheme, - a ->> 'Description' as auth_description, - a ->> 'IAMAuth' as iam_auth, - a ->> 'SecretArn' as secret_arn, - a ->> 'UserName' as user_name - from - aws_rds_db_proxy, - jsonb_array_elements(auth) as a; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_proxy_name,\n engine_family,\n a ->> 'AuthScheme'\ + \ as auth_scheme,\n a ->> 'Description' as auth_description,\n a ->> 'IAMAuth'\ + \ as iam_auth,\n a ->> 'SecretArn' as secret_arn,\n a ->> 'UserName' as user_name\n\ + from\n aws_rds_db_proxy,\n jsonb_array_elements(auth) as a;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon RDS +Title: List all Detailed Information of Amazon RDS DB Proxies diff --git a/queries/aws_rds_db_recommendation_1.yaml b/queries/aws_rds_db_recommendation_1.yaml index e11ea6cbd..d810893f4 100755 --- a/queries/aws_rds_db_recommendation_1.yaml +++ b/queries/aws_rds_db_recommendation_1.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query AWS RDS DB Recommendations and retrieve valuable + information about each recommendation''s status, impact, and suggested actions. ID: aws_rds_db_recommendation_1 -Title: "Find AWS RDS DB Recommendations with High Severity" -Description: "Allows users to query AWS RDS DB Recommendations and retrieve valuable information about each recommendation''s status, impact, and suggested actions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - recommendation_id, - title, - severity, - description, - created_time - from - aws_rds_db_recommendation - where - severity = 'high'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n recommendation_id,\n title,\n severity,\n description,\n\ + \ created_time\nfrom\n aws_rds_db_recommendation\nwhere\n severity = 'high';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find AWS RDS DB Recommendations with High Severity diff --git a/queries/aws_rds_db_recommendation_2.yaml b/queries/aws_rds_db_recommendation_2.yaml index 459b72910..e8d20ca34 100755 --- a/queries/aws_rds_db_recommendation_2.yaml +++ b/queries/aws_rds_db_recommendation_2.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS RDS DB Recommendations and retrieve valuable + information about each recommendation''s status, impact, and suggested actions. ID: aws_rds_db_recommendation_2 -Title: "List all AWS RDS DB Recommendations and Details" -Description: "Allows users to query AWS RDS DB Recommendations and retrieve valuable information about each recommendation''s status, impact, and suggested actions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - recommendation_id, - title, - created_time, - description - from - aws_rds_db_recommendation - where - created_time >= now() - interval '30 days'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n recommendation_id,\n title,\n created_time,\n description\n\ + from\n aws_rds_db_recommendation\nwhere\n created_time >= now() - interval '30\ + \ days';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List all AWS RDS DB Recommendations and Details diff --git a/queries/aws_rds_db_recommendation_3.yaml b/queries/aws_rds_db_recommendation_3.yaml index b0f8448fb..96e6e9521 100755 --- a/queries/aws_rds_db_recommendation_3.yaml +++ b/queries/aws_rds_db_recommendation_3.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS RDS DB Recommendations and retrieve valuable + information about each recommendation''s status, impact, and suggested actions. ID: aws_rds_db_recommendation_3 -Title: "Find All Recommendations and Actions for AWS RDS DB" -Description: "Allows users to query AWS RDS DB Recommendations and retrieve valuable information about each recommendation''s status, impact, and suggested actions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - recommendation_id, - title, - recommendation, - recommended_actions - from - aws_rds_db_recommendation; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n recommendation_id,\n title,\n recommendation,\n recommended_actions\n\ + from\n aws_rds_db_recommendation;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find All Recommendations and Actions for AWS RDS DB diff --git a/queries/aws_rds_db_recommendation_4.yaml b/queries/aws_rds_db_recommendation_4.yaml index 4071bb239..16ec542ce 100755 --- a/queries/aws_rds_db_recommendation_4.yaml +++ b/queries/aws_rds_db_recommendation_4.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS RDS DB Recommendations and retrieve valuable + information about each recommendation''s status, impact, and suggested actions. ID: aws_rds_db_recommendation_4 -Title: "List all AWS RDS DB Recommendations and Suggested Actions" -Description: "Allows users to query AWS RDS DB Recommendations and retrieve valuable information about each recommendation''s status, impact, and suggested actions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - recommendation_id, - title, - impact, - description - from - aws_rds_db_recommendation - order by - impact desc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n recommendation_id,\n title,\n impact,\n description\n\ + from\n aws_rds_db_recommendation\norder by\n impact desc;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon RDS +Title: List all AWS RDS DB Recommendations and Suggested Actions diff --git a/queries/aws_rds_db_recommendation_5.yaml b/queries/aws_rds_db_recommendation_5.yaml index 3efae706f..867e96bba 100755 --- a/queries/aws_rds_db_recommendation_5.yaml +++ b/queries/aws_rds_db_recommendation_5.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS RDS DB Recommendations and retrieve valuable + information about each recommendation''s status, impact, and suggested actions. ID: aws_rds_db_recommendation_5 -Title: "Find AWS RDS DB Recommendations and Statuses" -Description: "Allows users to query AWS RDS DB Recommendations and retrieve valuable information about each recommendation''s status, impact, and suggested actions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - recommendation_id, - title, - status, - updated_time - from - aws_rds_db_recommendation - where - status != 'resolved'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n recommendation_id,\n title,\n status,\n updated_time\n\ + from\n aws_rds_db_recommendation\nwhere\n status != 'resolved';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find AWS RDS DB Recommendations and Statuses diff --git a/queries/aws_rds_db_recommendation_6.yaml b/queries/aws_rds_db_recommendation_6.yaml index 1ae1bb53f..baf231a2f 100755 --- a/queries/aws_rds_db_recommendation_6.yaml +++ b/queries/aws_rds_db_recommendation_6.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS RDS DB Recommendations and retrieve valuable + information about each recommendation''s status, impact, and suggested actions. ID: aws_rds_db_recommendation_6 -Title: "Find AWS RDS DB Recommendations and Their Statuses" -Description: "Allows users to query AWS RDS DB Recommendations and retrieve valuable information about each recommendation''s status, impact, and suggested actions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - recommendation_id, - issue_details -> 'PerformanceIssueDetails' ->> 'Analysis' as analysis, - issue_details -> 'PerformanceIssueDetails' ->> 'EndTime' as end_time, - issue_details -> 'PerformanceIssueDetails' ->> 'StartTime' as start_time, - issue_details -> 'PerformanceIssueDetails' -> 'Metrics' as metrics - from - aws_rds_db_recommendation - where - issue_details is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n recommendation_id,\n issue_details -> 'PerformanceIssueDetails'\ + \ ->> 'Analysis' as analysis,\n issue_details -> 'PerformanceIssueDetails' ->>\ + \ 'EndTime' as end_time,\n issue_details -> 'PerformanceIssueDetails' ->> 'StartTime'\ + \ as start_time,\n issue_details -> 'PerformanceIssueDetails' -> 'Metrics' as\ + \ metrics\nfrom\n aws_rds_db_recommendation\nwhere\n issue_details is not null;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS DB Recommendation +Title: Find AWS RDS DB Recommendations and Their Statuses diff --git a/queries/aws_rds_db_recommendation_7.yaml b/queries/aws_rds_db_recommendation_7.yaml index 44f710bc1..74058448f 100755 --- a/queries/aws_rds_db_recommendation_7.yaml +++ b/queries/aws_rds_db_recommendation_7.yaml @@ -1,34 +1,27 @@ +Description: Allows users to query AWS RDS DB Recommendations and retrieve valuable + information about each recommendation''s status, impact, and suggested actions. ID: aws_rds_db_recommendation_7 -Title: "Find all AWS RDS DB recommendation statuses and actions" -Description: "Allows users to query AWS RDS DB Recommendations and retrieve valuable information about each recommendation''s status, impact, and suggested actions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - recommendation_id, - action ->> 'Title' as title, - action ->> 'Status' as status, - action ->> 'ActionId' as action_id, - action ->> 'Operation' as operation, - action -> 'ApplyModes' as apply_modes, - action -> 'Parameters' as parameters, - action ->> 'Description' as description, - action ->> 'IssueDetails' as issue_details, - action -> 'ContextAttributes' as context_attributes - from - aws_rds_db_recommendation, - jsonb_array_elements(recommended_actions) as action; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n recommendation_id,\n action ->> 'Title' as title,\n\ + \ action ->> 'Status' as status,\n action ->> 'ActionId' as action_id,\n action\ + \ ->> 'Operation' as operation,\n action -> 'ApplyModes' as apply_modes,\n action\ + \ -> 'Parameters' as parameters,\n action ->> 'Description' as description,\n\ + \ action ->> 'IssueDetails' as issue_details,\n action -> 'ContextAttributes'\ + \ as context_attributes\nfrom\n aws_rds_db_recommendation,\n jsonb_array_elements(recommended_actions)\ + \ as action;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find all AWS RDS DB recommendation statuses and actions diff --git a/queries/aws_rds_db_snapshot_1.yaml b/queries/aws_rds_db_snapshot_1.yaml index eb66bd852..b2a51305c 100755 --- a/queries/aws_rds_db_snapshot_1.yaml +++ b/queries/aws_rds_db_snapshot_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query Amazon RDS DB Snapshots for information regarding + manual and automatic snapshots of an Amazon RDS DB instance. ID: aws_rds_db_snapshot_1 -Title: "Find Non-encrypted RDS DB Snapshots for AWS" -Description: "Allows users to query Amazon RDS DB Snapshots for information regarding manual and automatic snapshots of an Amazon RDS DB instance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_snapshot_identifier, - encrypted - from - aws_rds_db_snapshot - where - not encrypted; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_snapshot_identifier,\n encrypted\nfrom\n aws_rds_db_snapshot\n\ + where\n not encrypted;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon RDS +Title: Find Non-encrypted RDS DB Snapshots for AWS diff --git a/queries/aws_rds_db_snapshot_2.yaml b/queries/aws_rds_db_snapshot_2.yaml index 8eaae12e5..b16b06428 100755 --- a/queries/aws_rds_db_snapshot_2.yaml +++ b/queries/aws_rds_db_snapshot_2.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query Amazon RDS DB Snapshots for information regarding + manual and automatic snapshots of an Amazon RDS DB instance. ID: aws_rds_db_snapshot_2 -Title: "List Amazon RDS DB manual snapshots" -Description: "Allows users to query Amazon RDS DB Snapshots for information regarding manual and automatic snapshots of an Amazon RDS DB instance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_snapshot_identifier, - type - from - aws_rds_db_snapshot - where - type = 'manual'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_snapshot_identifier,\n type\nfrom\n aws_rds_db_snapshot\n\ + where\n type = 'manual';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon RDS +Title: List Amazon RDS DB manual snapshots diff --git a/queries/aws_rds_db_snapshot_3.yaml b/queries/aws_rds_db_snapshot_3.yaml index ce975c9cb..ddd3d4d03 100755 --- a/queries/aws_rds_db_snapshot_3.yaml +++ b/queries/aws_rds_db_snapshot_3.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query Amazon RDS DB Snapshots for information regarding + manual and automatic snapshots of an Amazon RDS DB instance. ID: aws_rds_db_snapshot_3 -Title: "Find Information on Amazon RDS DB Snapshots" -Description: "Allows users to query Amazon RDS DB Snapshots for information regarding manual and automatic snapshots of an Amazon RDS DB instance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_snapshot_identifier, - encrypted - from - aws_rds_db_snapshot - where - not encrypted; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_snapshot_identifier,\n encrypted\nfrom\n aws_rds_db_snapshot\n\ + where\n not encrypted;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon RDS +Title: Find Information on Amazon RDS DB Snapshots diff --git a/queries/aws_rds_db_snapshot_4.yaml b/queries/aws_rds_db_snapshot_4.yaml index d766b5b24..8d3195eb0 100755 --- a/queries/aws_rds_db_snapshot_4.yaml +++ b/queries/aws_rds_db_snapshot_4.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query Amazon RDS DB Snapshots for information regarding + manual and automatic snapshots of an Amazon RDS DB instance. ID: aws_rds_db_snapshot_4 -Title: "List Amazon RDS DB Snapshots Information" -Description: "Allows users to query Amazon RDS DB Snapshots for information regarding manual and automatic snapshots of an Amazon RDS DB instance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - db_snapshot_identifier, - db_instance_identifier, - engine, - engine_version, - allocated_storage, - storage_type - from - aws_rds_db_snapshot; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n db_snapshot_identifier,\n db_instance_identifier,\n\ + \ engine,\n engine_version,\n allocated_storage,\n storage_type\nfrom\n aws_rds_db_snapshot;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List Amazon RDS DB Snapshots Information diff --git a/queries/aws_rds_db_subnet_group_1.yaml b/queries/aws_rds_db_subnet_group_1.yaml index 15c978408..c6856f412 100755 --- a/queries/aws_rds_db_subnet_group_1.yaml +++ b/queries/aws_rds_db_subnet_group_1.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS RDS DB Subnet Groups to retrieve information + about each DB subnet group configured in an AWS account. ID: aws_rds_db_subnet_group_1 -Title: "Query AWS RDS DB Subnet Groups Information" -Description: "Allows users to query AWS RDS DB Subnet Groups to retrieve information about each DB subnet group configured in an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - status, - vpc_id - from - aws_rds_db_subnet_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n status,\n vpc_id\nfrom\n aws_rds_db_subnet_group;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Query AWS RDS DB Subnet Groups Information diff --git a/queries/aws_rds_db_subnet_group_2.yaml b/queries/aws_rds_db_subnet_group_2.yaml index 89ab5755e..33f11ef38 100755 --- a/queries/aws_rds_db_subnet_group_2.yaml +++ b/queries/aws_rds_db_subnet_group_2.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS RDS DB Subnet Groups to retrieve information + about each DB subnet group configured in an AWS account. ID: aws_rds_db_subnet_group_2 -Title: "List all AWS RDS DB Subnet Groups Information" -Description: "Allows users to query AWS RDS DB Subnet Groups to retrieve information about each DB subnet group configured in an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - subnet -> 'SubnetAvailabilityZone' ->> 'Name' as subnet_availability_zone, - subnet ->> 'SubnetIdentifier' as subnet_identifier, - subnet -> 'SubnetOutpost' ->> 'Arn' as subnet_outpost, - subnet ->> 'SubnetStatus' as subnet_status - from - aws_rds_db_subnet_group - cross join jsonb_array_elements(subnets) as subnet; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n subnet -> 'SubnetAvailabilityZone' ->> 'Name'\ + \ as subnet_availability_zone,\n subnet ->> 'SubnetIdentifier' as subnet_identifier,\n\ + \ subnet -> 'SubnetOutpost' ->> 'Arn' as subnet_outpost,\n subnet ->> 'SubnetStatus'\ + \ as subnet_status\nfrom\n aws_rds_db_subnet_group\n cross join jsonb_array_elements(subnets)\ + \ as subnet;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List all AWS RDS DB Subnet Groups Information diff --git a/queries/aws_rds_db_subnet_group_3.yaml b/queries/aws_rds_db_subnet_group_3.yaml index b7ac2eae5..5b04b6cac 100755 --- a/queries/aws_rds_db_subnet_group_3.yaml +++ b/queries/aws_rds_db_subnet_group_3.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS RDS DB Subnet Groups to retrieve information + about each DB subnet group configured in an AWS account. ID: aws_rds_db_subnet_group_3 -Title: "List all AWS RDS DB Subnet Groups" -Description: "Allows users to query AWS RDS DB Subnet Groups to retrieve information about each DB subnet group configured in an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - tags - from - aws_rds_db_subnet_group - where - not tags :: JSONB ? 'application'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n tags\nfrom\n aws_rds_db_subnet_group\nwhere\n\ + \ not tags :: JSONB ? 'application';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List all AWS RDS DB Subnet Groups diff --git a/queries/aws_rds_reserved_db_instance_1.yaml b/queries/aws_rds_reserved_db_instance_1.yaml index 1d238fbb9..cb418ad39 100755 --- a/queries/aws_rds_reserved_db_instance_1.yaml +++ b/queries/aws_rds_reserved_db_instance_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query RDS Reserved DB Instances in AWS, providing details + such as reservation status, instance type, duration, and associated costs. ID: aws_rds_reserved_db_instance_1 -Title: "List AWS RDS Reserved DB Instances and Details" -Description: "Allows users to query RDS Reserved DB Instances in AWS, providing details such as reservation status, instance type, duration, and associated costs." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - reserved_db_instance_id, - arn, - reserved_db_instances_offering_id, - state, - class - from - aws_rds_reserved_db_instance; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n reserved_db_instance_id,\n arn,\n reserved_db_instances_offering_id,\n\ + \ state,\n class\nfrom\n aws_rds_reserved_db_instance;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List AWS RDS Reserved DB Instances and Details diff --git a/queries/aws_rds_reserved_db_instance_2.yaml b/queries/aws_rds_reserved_db_instance_2.yaml index 283a2868f..e36e17c15 100755 --- a/queries/aws_rds_reserved_db_instance_2.yaml +++ b/queries/aws_rds_reserved_db_instance_2.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query RDS Reserved DB Instances in AWS, providing details + such as reservation status, instance type, duration, and associated costs. ID: aws_rds_reserved_db_instance_2 -Title: "List all AWS RDS Reserved DB Instances" -Description: "Allows users to query RDS Reserved DB Instances in AWS, providing details such as reservation status, instance type, duration, and associated costs." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - reserved_db_instance_id, - arn, - reserved_db_instances_offering_id, - state, - class - from - aws_rds_reserved_db_instance - where - not multi_az; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n reserved_db_instance_id,\n arn,\n reserved_db_instances_offering_id,\n\ + \ state,\n class\nfrom\n aws_rds_reserved_db_instance\nwhere\n not multi_az;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List all AWS RDS Reserved DB Instances diff --git a/queries/aws_rds_reserved_db_instance_3.yaml b/queries/aws_rds_reserved_db_instance_3.yaml index 35f58189e..298f5dec5 100755 --- a/queries/aws_rds_reserved_db_instance_3.yaml +++ b/queries/aws_rds_reserved_db_instance_3.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query RDS Reserved DB Instances in AWS, providing details + such as reservation status, instance type, duration, and associated costs. ID: aws_rds_reserved_db_instance_3 -Title: "Find all RDS Reserved DB Instances with Costs and Status" -Description: "Allows users to query RDS Reserved DB Instances in AWS, providing details such as reservation status, instance type, duration, and associated costs." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - reserved_db_instance_id, - arn, - reserved_db_instances_offering_id, - state, - class - from - aws_rds_reserved_db_instance - where - offering_type = 'All Upfront'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n reserved_db_instance_id,\n arn,\n reserved_db_instances_offering_id,\n\ + \ state,\n class\nfrom\n aws_rds_reserved_db_instance\nwhere\n offering_type\ + \ = 'All Upfront';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: Find all RDS Reserved DB Instances with Costs and Status diff --git a/queries/aws_rds_reserved_db_instance_4.yaml b/queries/aws_rds_reserved_db_instance_4.yaml index 8a623857f..965e6714d 100755 --- a/queries/aws_rds_reserved_db_instance_4.yaml +++ b/queries/aws_rds_reserved_db_instance_4.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query RDS Reserved DB Instances in AWS, providing details + such as reservation status, instance type, duration, and associated costs. ID: aws_rds_reserved_db_instance_4 -Title: "List all Reserved DB Instances in AWS RDS" -Description: "Allows users to query RDS Reserved DB Instances in AWS, providing details such as reservation status, instance type, duration, and associated costs." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - reserved_db_instance_id, - arn, - reserved_db_instances_offering_id, - state, - class - from - aws_rds_reserved_db_instance - order by - duration desc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n reserved_db_instance_id,\n arn,\n reserved_db_instances_offering_id,\n\ + \ state,\n class\nfrom\n aws_rds_reserved_db_instance\norder by\n duration\ + \ desc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List all Reserved DB Instances in AWS RDS diff --git a/queries/aws_rds_reserved_db_instance_5.yaml b/queries/aws_rds_reserved_db_instance_5.yaml index 2ce3e5daf..cd1294a2f 100755 --- a/queries/aws_rds_reserved_db_instance_5.yaml +++ b/queries/aws_rds_reserved_db_instance_5.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query RDS Reserved DB Instances in AWS, providing details + such as reservation status, instance type, duration, and associated costs. ID: aws_rds_reserved_db_instance_5 -Title: "List all AWS RDS Reserved DB Instances and Details" -Description: "Allows users to query RDS Reserved DB Instances in AWS, providing details such as reservation status, instance type, duration, and associated costs." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - reserved_db_instance_id, - arn, - reserved_db_instances_offering_id, - state, - class, - usage_price - from - aws_rds_reserved_db_instance - order by - usage_price desc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n reserved_db_instance_id,\n arn,\n reserved_db_instances_offering_id,\n\ + \ state,\n class,\n usage_price\nfrom\n aws_rds_reserved_db_instance\norder\ + \ by\n usage_price desc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - RDS +Title: List all AWS RDS Reserved DB Instances and Details diff --git a/queries/aws_rds_reserved_db_instance_6.yaml b/queries/aws_rds_reserved_db_instance_6.yaml index 3f331d518..1deb134a7 100755 --- a/queries/aws_rds_reserved_db_instance_6.yaml +++ b/queries/aws_rds_reserved_db_instance_6.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query RDS Reserved DB Instances in AWS, providing details + such as reservation status, instance type, duration, and associated costs. ID: aws_rds_reserved_db_instance_6 -Title: "List all AWS RDS Reserved DB Instances with details and costs" -Description: "Allows users to query RDS Reserved DB Instances in AWS, providing details such as reservation status, instance type, duration, and associated costs." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - reserved_db_instance_id, - arn, - reserved_db_instances_offering_id, - state, - class, - usage_price - from - aws_rds_reserved_db_instance - where - state <> 'active'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n reserved_db_instance_id,\n arn,\n reserved_db_instances_offering_id,\n\ + \ state,\n class,\n usage_price\nfrom\n aws_rds_reserved_db_instance\nwhere\n\ + \ state <> 'active';" Tags: cloud_finops: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon RDS +Title: List all AWS RDS Reserved DB Instances with details and costs diff --git a/queries/aws_redshift_cluster_1.yaml b/queries/aws_redshift_cluster_1.yaml index aae539ed4..5cb64d228 100755 --- a/queries/aws_redshift_cluster_1.yaml +++ b/queries/aws_redshift_cluster_1.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS Redshift Clusters and retrieve comprehensive + information about each cluster, including its configuration, status, performance, + and security settings. ID: aws_redshift_cluster_1 -Title: "List all AWS Redshift Clusters including Configurations" -Description: "Allows users to query AWS Redshift Clusters and retrieve comprehensive information about each cluster, including its configuration, status, performance, and security settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_identifier, - arn, - node_type, - region - from - aws_redshift_cluster; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_identifier,\n arn,\n node_type,\n region\n\ + from\n aws_redshift_cluster;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Redshift +Title: List all AWS Redshift Clusters including Configurations diff --git a/queries/aws_redshift_cluster_2.yaml b/queries/aws_redshift_cluster_2.yaml index 87d7eb8cc..6ac20f021 100755 --- a/queries/aws_redshift_cluster_2.yaml +++ b/queries/aws_redshift_cluster_2.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Redshift Clusters and retrieve comprehensive + information about each cluster, including its configuration, status, performance, + and security settings. ID: aws_redshift_cluster_2 -Title: "Find all AWS Redshift Clusters with Configuration Details" -Description: "Allows users to query AWS Redshift Clusters and retrieve comprehensive information about each cluster, including its configuration, status, performance, and security settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_identifier, - node_type, - number_of_nodes, - publicly_accessible - from - aws_redshift_cluster - where - publicly_accessible; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_identifier,\n node_type,\n number_of_nodes,\n\ + \ publicly_accessible\nfrom\n aws_redshift_cluster\nwhere\n publicly_accessible;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift +Title: Find all AWS Redshift Clusters with Configuration Details diff --git a/queries/aws_redshift_cluster_3.yaml b/queries/aws_redshift_cluster_3.yaml index ae1056107..557dcd406 100755 --- a/queries/aws_redshift_cluster_3.yaml +++ b/queries/aws_redshift_cluster_3.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Redshift Clusters and retrieve comprehensive + information about each cluster, including its configuration, status, performance, + and security settings. ID: aws_redshift_cluster_3 -Title: "Find AWS Redshift Cluster Configurations and Details" -Description: "Allows users to query AWS Redshift Clusters and retrieve comprehensive information about each cluster, including its configuration, status, performance, and security settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_identifier, - node_type, - number_of_nodes, - vpc_id - from - aws_redshift_cluster - where - vpc_id is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_identifier,\n node_type,\n number_of_nodes,\n\ + \ vpc_id\nfrom\n aws_redshift_cluster\nwhere\n vpc_id is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift +Title: Find AWS Redshift Cluster Configurations and Details diff --git a/queries/aws_redshift_cluster_4.yaml b/queries/aws_redshift_cluster_4.yaml index 3b7048207..d8a3f762e 100755 --- a/queries/aws_redshift_cluster_4.yaml +++ b/queries/aws_redshift_cluster_4.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Redshift Clusters and retrieve comprehensive + information about each cluster, including its configuration, status, performance, + and security settings. ID: aws_redshift_cluster_4 -Title: "List all AWS Redshift Clusters and list configurations" -Description: "Allows users to query AWS Redshift Clusters and retrieve comprehensive information about each cluster, including its configuration, status, performance, and security settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_identifier, - node_type, - number_of_nodes, - encrypted - from - aws_redshift_cluster - where - not encrypted; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_identifier,\n node_type,\n number_of_nodes,\n\ + \ encrypted\nfrom\n aws_redshift_cluster\nwhere\n not encrypted;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift +Title: List all AWS Redshift Clusters and list configurations diff --git a/queries/aws_redshift_cluster_5.yaml b/queries/aws_redshift_cluster_5.yaml index f88b1df71..d271fca2e 100755 --- a/queries/aws_redshift_cluster_5.yaml +++ b/queries/aws_redshift_cluster_5.yaml @@ -1,25 +1,23 @@ +Description: Allows users to query AWS Redshift Clusters and retrieve comprehensive + information about each cluster, including its configuration, status, performance, + and security settings. ID: aws_redshift_cluster_5 -Title: "List all AWS Redshift Clusters and Their Status" -Description: "Allows users to query AWS Redshift Clusters and retrieve comprehensive information about each cluster, including its configuration, status, performance, and security settings." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_identifier, - logging_status -> 'LoggingEnabled' as LoggingEnabled - from - aws_redshift_cluster - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_identifier,\n logging_status -> 'LoggingEnabled'\ + \ as LoggingEnabled\nfrom\n aws_redshift_cluster" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift +Title: List all AWS Redshift Clusters and Their Status diff --git a/queries/aws_redshift_cluster_metric_cpu_utilization_daily_1.yaml b/queries/aws_redshift_cluster_metric_cpu_utilization_daily_1.yaml index 02733a73a..d4b415ae6 100755 --- a/queries/aws_redshift_cluster_metric_cpu_utilization_daily_1.yaml +++ b/queries/aws_redshift_cluster_metric_cpu_utilization_daily_1.yaml @@ -1,30 +1,21 @@ +Description: Allows users to query AWS Redshift Cluster CPU Utilization Metrics on + a daily basis. ID: aws_redshift_cluster_metric_cpu_utilization_daily_1 -Title: "List AWS Redshift CPU Utilization Metrics by day" -Description: "Allows users to query AWS Redshift Cluster CPU Utilization Metrics on a daily basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_identifier, - timestamp, - minimum, - maximum, - average, - sample_count - from - aws_redshift_cluster_metric_cpu_utilization_daily - order by - cluster_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_identifier,\n timestamp,\n minimum,\n maximum,\n\ + \ average,\n sample_count\nfrom\n aws_redshift_cluster_metric_cpu_utilization_daily\n\ + order by\n cluster_identifier,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift +Title: List AWS Redshift CPU Utilization Metrics by day diff --git a/queries/aws_redshift_cluster_metric_cpu_utilization_daily_2.yaml b/queries/aws_redshift_cluster_metric_cpu_utilization_daily_2.yaml index 08bce09fa..af6ba5dac 100755 --- a/queries/aws_redshift_cluster_metric_cpu_utilization_daily_2.yaml +++ b/queries/aws_redshift_cluster_metric_cpu_utilization_daily_2.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query AWS Redshift Cluster CPU Utilization Metrics on + a daily basis. ID: aws_redshift_cluster_metric_cpu_utilization_daily_2 -Title: "Find Daily AWS Redshift Cluster High CPU Utilization" -Description: "Allows users to query AWS Redshift Cluster CPU Utilization Metrics on a daily basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_identifier, - timestamp, - round(minimum::numeric,2) as min_cpu, - round(maximum::numeric,2) as max_cpu, - round(average::numeric,2) as avg_cpu, - sample_count - from - aws_redshift_cluster_metric_cpu_utilization_daily - where average > 80 - order by - cluster_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_identifier,\n timestamp,\n round(minimum::numeric,2)\ + \ as min_cpu,\n round(maximum::numeric,2) as max_cpu,\n round(average::numeric,2)\ + \ as avg_cpu,\n sample_count\nfrom\n aws_redshift_cluster_metric_cpu_utilization_daily\n\ + where average > 80\norder by\n cluster_identifier,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift +Title: Find Daily AWS Redshift Cluster High CPU Utilization diff --git a/queries/aws_redshift_cluster_metric_cpu_utilization_daily_3.yaml b/queries/aws_redshift_cluster_metric_cpu_utilization_daily_3.yaml index d65527346..65028170c 100755 --- a/queries/aws_redshift_cluster_metric_cpu_utilization_daily_3.yaml +++ b/queries/aws_redshift_cluster_metric_cpu_utilization_daily_3.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query AWS Redshift Cluster CPU Utilization Metrics on + a daily basis. ID: aws_redshift_cluster_metric_cpu_utilization_daily_3 -Title: "List AWS Redshift Cluster CPU Utilization Metrics Daily" -Description: "Allows users to query AWS Redshift Cluster CPU Utilization Metrics on a daily basis." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_identifier, - timestamp, - round(minimum::numeric,2) as min_cpu, - round(maximum::numeric,2) as max_cpu, - round(average::numeric,2) as avg_cpu, - sample_count - from - aws_redshift_cluster_metric_cpu_utilization_daily - where average < 2 - order by - cluster_identifier, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_identifier,\n timestamp,\n round(minimum::numeric,2)\ + \ as min_cpu,\n round(maximum::numeric,2) as max_cpu,\n round(average::numeric,2)\ + \ as avg_cpu,\n sample_count\nfrom\n aws_redshift_cluster_metric_cpu_utilization_daily\n\ + where average < 2\norder by\n cluster_identifier,\n timestamp;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift +Title: List AWS Redshift Cluster CPU Utilization Metrics Daily diff --git a/queries/aws_redshift_event_subscription_1.yaml b/queries/aws_redshift_event_subscription_1.yaml index b4868b54b..7294e0fea 100755 --- a/queries/aws_redshift_event_subscription_1.yaml +++ b/queries/aws_redshift_event_subscription_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Redshift Event Subscriptions, providing insights + into the subscription''s configuration, status, and associated Redshift clusters. ID: aws_redshift_event_subscription_1 -Title: "List All AWS Redshift Event Subscription Configurations" -Description: "Allows users to query AWS Redshift Event Subscriptions, providing insights into the subscription''s configuration, status, and associated Redshift clusters." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cust_subscription_id, - customer_aws_id, - status, - sns_topic_arn, - subscription_creation_time - from - aws_redshift_event_subscription; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cust_subscription_id,\n customer_aws_id,\n status,\n\ + \ sns_topic_arn,\n subscription_creation_time\nfrom\n aws_redshift_event_subscription;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift +Title: List All AWS Redshift Event Subscription Configurations diff --git a/queries/aws_redshift_event_subscription_2.yaml b/queries/aws_redshift_event_subscription_2.yaml index f92f75123..8f5dbb800 100755 --- a/queries/aws_redshift_event_subscription_2.yaml +++ b/queries/aws_redshift_event_subscription_2.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query AWS Redshift Event Subscriptions, providing insights + into the subscription''s configuration, status, and associated Redshift clusters. ID: aws_redshift_event_subscription_2 -Title: "Find all AWS Redshift Event Subscriptions" -Description: "Allows users to query AWS Redshift Event Subscriptions, providing insights into the subscription''s configuration, status, and associated Redshift clusters." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cust_subscription_id, - customer_aws_id, - status, - enabled, - sns_topic_arn, - subscription_creation_time - from - aws_redshift_event_subscription - where - enabled is false; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cust_subscription_id,\n customer_aws_id,\n status,\n\ + \ enabled,\n sns_topic_arn,\n subscription_creation_time\nfrom\n aws_redshift_event_subscription\n\ + where\n enabled is false;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift +Title: Find all AWS Redshift Event Subscriptions diff --git a/queries/aws_redshift_event_subscription_3.yaml b/queries/aws_redshift_event_subscription_3.yaml index a49d68b2d..40451847d 100755 --- a/queries/aws_redshift_event_subscription_3.yaml +++ b/queries/aws_redshift_event_subscription_3.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Redshift Event Subscriptions, providing insights + into the subscription''s configuration, status, and associated Redshift clusters. ID: aws_redshift_event_subscription_3 -Title: "List all AWS Redshift Event Subscriptions and Their Configurations" -Description: "Allows users to query AWS Redshift Event Subscriptions, providing insights into the subscription''s configuration, status, and associated Redshift clusters." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cust_subscription_id, - severity, - source_type, - event_categories_list, - source_ids_list - from - aws_redshift_event_subscription; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cust_subscription_id,\n severity,\n source_type,\n\ + \ event_categories_list,\n source_ids_list\nfrom\n aws_redshift_event_subscription;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift +Title: List all AWS Redshift Event Subscriptions and Their Configurations diff --git a/queries/aws_redshift_event_subscription_4.yaml b/queries/aws_redshift_event_subscription_4.yaml index d1628a3fa..0eb16b529 100755 --- a/queries/aws_redshift_event_subscription_4.yaml +++ b/queries/aws_redshift_event_subscription_4.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS Redshift Event Subscriptions, providing insights + into the subscription''s configuration, status, and associated Redshift clusters. ID: aws_redshift_event_subscription_4 -Title: "Find AWS Redshift Event Subscriptions with Configuration and Status" -Description: "Allows users to query AWS Redshift Event Subscriptions, providing insights into the subscription''s configuration, status, and associated Redshift clusters." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - e.cust_subscription_id, - e.status, - s.kms_master_key_id, - s.topic_arn as arn - from - aws_redshift_event_subscription as e - join aws_sns_topic as s on s.topic_arn = e.sns_topic_arn - where - s.kms_master_key_id is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n e.cust_subscription_id,\n e.status,\n s.kms_master_key_id,\n\ + \ s.topic_arn as arn\nfrom\n aws_redshift_event_subscription as e\n join aws_sns_topic\ + \ as s on s.topic_arn = e.sns_topic_arn\nwhere\n s.kms_master_key_id is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Redshift +Title: Find AWS Redshift Event Subscriptions with Configuration and Status diff --git a/queries/aws_redshift_parameter_group_1.yaml b/queries/aws_redshift_parameter_group_1.yaml index 85a522312..22c615b9e 100755 --- a/queries/aws_redshift_parameter_group_1.yaml +++ b/queries/aws_redshift_parameter_group_1.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query Amazon Redshift Parameter Groups to obtain detailed + information about the configuration parameters and settings for Redshift clusters. + This can be useful for managing and optimizing the performance of Redshift databases. ID: aws_redshift_parameter_group_1 -Title: "List all Amazon Redshift Parameter Groups configuration settings" -Description: "Allows users to query Amazon Redshift Parameter Groups to obtain detailed information about the configuration parameters and settings for Redshift clusters. This can be useful for managing and optimizing the performance of Redshift databases." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - description, - family - from - aws_redshift_parameter_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n description,\n family\nfrom\n aws_redshift_parameter_group;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Redshift +Title: List all Amazon Redshift Parameter Groups configuration settings diff --git a/queries/aws_redshift_parameter_group_2.yaml b/queries/aws_redshift_parameter_group_2.yaml index 923afbdee..10350f5ae 100755 --- a/queries/aws_redshift_parameter_group_2.yaml +++ b/queries/aws_redshift_parameter_group_2.yaml @@ -1,35 +1,27 @@ +Description: Allows users to query Amazon Redshift Parameter Groups to obtain detailed + information about the configuration parameters and settings for Redshift clusters. + This can be useful for managing and optimizing the performance of Redshift databases. ID: aws_redshift_parameter_group_2 -Title: "Find Amazon Redshift Parameter Groups Configuration" -Description: "Allows users to query Amazon Redshift Parameter Groups to obtain detailed information about the configuration parameters and settings for Redshift clusters. This can be useful for managing and optimizing the performance of Redshift databases." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - p ->> 'ParameterName' as parameter_name, - p ->> 'ParameterValue' as parameter_value, - p ->> 'Description' as description, - p ->> 'Source' as source, - p ->> 'DataType' as data_type, - p ->> 'ApplyType' as apply_type, - p ->> 'IsModifiable' as is_modifiable, - p ->> 'AllowedValues' as allowed_values, - p ->> 'MinimumEngineVersion' as minimum_engine_version - from - aws_redshift_parameter_group, - jsonb_array_elements(parameters) as p - where - p ->> 'ParameterName' = 'require_ssl' - and p ->> 'ParameterValue' = 'false'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n p ->> 'ParameterName' as parameter_name,\n \ + \ p ->> 'ParameterValue' as parameter_value,\n p ->> 'Description' as description,\n\ + \ p ->> 'Source' as source,\n p ->> 'DataType' as data_type,\n p ->> 'ApplyType'\ + \ as apply_type,\n p ->> 'IsModifiable' as is_modifiable,\n p ->> 'AllowedValues'\ + \ as allowed_values,\n p ->> 'MinimumEngineVersion' as minimum_engine_version\n\ + from\n aws_redshift_parameter_group,\n jsonb_array_elements(parameters) as p\n\ + where\n p ->> 'ParameterName' = 'require_ssl'\n and p ->> 'ParameterValue' =\ + \ 'false';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Redshift +Title: Find Amazon Redshift Parameter Groups Configuration diff --git a/queries/aws_redshift_snapshot_1.yaml b/queries/aws_redshift_snapshot_1.yaml index 0d90a7460..9744f51ed 100755 --- a/queries/aws_redshift_snapshot_1.yaml +++ b/queries/aws_redshift_snapshot_1.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query Redshift Snapshots, providing details about each + snapshot''s configuration, status, and associated metadata. ID: aws_redshift_snapshot_1 -Title: "List AWS Redshift Snapshots with Their Configuration" -Description: "Allows users to query Redshift Snapshots, providing details about each snapshot''s configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - snapshot_identifier, - cluster_identifier, - node_type, - encrypted - from - aws_redshift_snapshot; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n snapshot_identifier,\n cluster_identifier,\n node_type,\n\ + \ encrypted\nfrom\n aws_redshift_snapshot;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift +Title: List AWS Redshift Snapshots with Their Configuration diff --git a/queries/aws_redshift_snapshot_2.yaml b/queries/aws_redshift_snapshot_2.yaml index e8fe2fed6..b9abc207f 100755 --- a/queries/aws_redshift_snapshot_2.yaml +++ b/queries/aws_redshift_snapshot_2.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query Redshift Snapshots, providing details about each + snapshot''s configuration, status, and associated metadata. ID: aws_redshift_snapshot_2 -Title: "List all AWS Redshift Snapshots with Configuration Details" -Description: "Allows users to query Redshift Snapshots, providing details about each snapshot''s configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - snapshot_identifier, - snapshot_type - from - aws_redshift_snapshot - where - snapshot_type = 'manual'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n snapshot_identifier,\n snapshot_type\nfrom\n aws_redshift_snapshot\n\ + where\n snapshot_type = 'manual';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift +Title: List all AWS Redshift Snapshots with Configuration Details diff --git a/queries/aws_redshift_snapshot_3.yaml b/queries/aws_redshift_snapshot_3.yaml index 2e43d5f3e..67b7b0ead 100755 --- a/queries/aws_redshift_snapshot_3.yaml +++ b/queries/aws_redshift_snapshot_3.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query Redshift Snapshots, providing details about each + snapshot''s configuration, status, and associated metadata. ID: aws_redshift_snapshot_3 -Title: "List All AWS Redshift Snapshots Configuration and Status" -Description: "Allows users to query Redshift Snapshots, providing details about each snapshot''s configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - snapshot_identifier, - cluster_identifier, - node_type, - number_of_nodes, - encrypted - from - aws_redshift_snapshot - where - not encrypted; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n snapshot_identifier,\n cluster_identifier,\n node_type,\n\ + \ number_of_nodes,\n encrypted\nfrom\n aws_redshift_snapshot\nwhere\n not\ + \ encrypted;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift +Title: List All AWS Redshift Snapshots Configuration and Status diff --git a/queries/aws_redshift_snapshot_4.yaml b/queries/aws_redshift_snapshot_4.yaml index 4f2847784..94ae6c7f6 100755 --- a/queries/aws_redshift_snapshot_4.yaml +++ b/queries/aws_redshift_snapshot_4.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query Redshift Snapshots, providing details about each + snapshot''s configuration, status, and associated metadata. ID: aws_redshift_snapshot_4 -Title: "List all AWS Redshift Snapshots with Details" -Description: "Allows users to query Redshift Snapshots, providing details about each snapshot''s configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - snapshot_identifier, - cluster_identifier, - number_of_nodes, - cluster_version, - engine_full_version, - restorable_node_types - from - aws_redshift_snapshot; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n snapshot_identifier,\n cluster_identifier,\n number_of_nodes,\n\ + \ cluster_version,\n engine_full_version,\n restorable_node_types\nfrom\n \ + \ aws_redshift_snapshot;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift +Title: List all AWS Redshift Snapshots with Details diff --git a/queries/aws_redshift_snapshot_5.yaml b/queries/aws_redshift_snapshot_5.yaml index b48c1a43d..858e8f89a 100755 --- a/queries/aws_redshift_snapshot_5.yaml +++ b/queries/aws_redshift_snapshot_5.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query Redshift Snapshots, providing details about each + snapshot''s configuration, status, and associated metadata. ID: aws_redshift_snapshot_5 -Title: "Find AWS Redshift Snapshots and Restore Access Details" -Description: "Allows users to query Redshift Snapshots, providing details about each snapshot''s configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - snapshot_identifier, - accounts_with_restore_access - from - aws_redshift_snapshot - where - accounts_with_restore_access is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n snapshot_identifier,\n accounts_with_restore_access\n\ + from\n aws_redshift_snapshot\nwhere\n accounts_with_restore_access is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift +Title: Find AWS Redshift Snapshots and Restore Access Details diff --git a/queries/aws_redshift_snapshot_6.yaml b/queries/aws_redshift_snapshot_6.yaml index 90271484f..27e4d106e 100755 --- a/queries/aws_redshift_snapshot_6.yaml +++ b/queries/aws_redshift_snapshot_6.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query Redshift Snapshots, providing details about each + snapshot''s configuration, status, and associated metadata. ID: aws_redshift_snapshot_6 -Title: "List all AWS Redshift Snapshots with details" -Description: "Allows users to query Redshift Snapshots, providing details about each snapshot''s configuration, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - snapshot_identifier, - p ->> 'AccountId' as account_id, - p ->> 'AccountAlias' as account_alias - from - aws_redshift_snapshot, - jsonb_array_elements(accounts_with_restore_access) as p; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n snapshot_identifier,\n p ->> 'AccountId' as account_id,\n\ + \ p ->> 'AccountAlias' as account_alias\nfrom\n aws_redshift_snapshot,\n jsonb_array_elements(accounts_with_restore_access)\ + \ as p;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift +Title: List all AWS Redshift Snapshots with details diff --git a/queries/aws_redshift_subnet_group_1.yaml b/queries/aws_redshift_subnet_group_1.yaml index 5e73e63ba..30b86dd2c 100755 --- a/queries/aws_redshift_subnet_group_1.yaml +++ b/queries/aws_redshift_subnet_group_1.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS Redshift Subnet Groups and get detailed information + about each subnet group, including its name, description, VPC ID, subnet IDs, and + status. ID: aws_redshift_subnet_group_1 -Title: "List all AWS Redshift Subnet Groups and their details" -Description: "Allows users to query AWS Redshift Subnet Groups and get detailed information about each subnet group, including its name, description, VPC ID, subnet IDs, and status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_subnet_group_name, - description, - subnet_group_status, - vpc_id - from - aws_redshift_subnet_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_subnet_group_name,\n description,\n subnet_group_status,\n\ + \ vpc_id\nfrom\n aws_redshift_subnet_group;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift +Title: List all AWS Redshift Subnet Groups and their details diff --git a/queries/aws_redshift_subnet_group_2.yaml b/queries/aws_redshift_subnet_group_2.yaml index 32a7ad9e7..4fca456f2 100755 --- a/queries/aws_redshift_subnet_group_2.yaml +++ b/queries/aws_redshift_subnet_group_2.yaml @@ -1,29 +1,26 @@ +Description: Allows users to query AWS Redshift Subnet Groups and get detailed information + about each subnet group, including its name, description, VPC ID, subnet IDs, and + status. ID: aws_redshift_subnet_group_2 -Title: "Find AWS Redshift Subnet Group Details and Status" -Description: "Allows users to query AWS Redshift Subnet Groups and get detailed information about each subnet group, including its name, description, VPC ID, subnet IDs, and status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_subnet_group_name, - subnet -> 'SubnetAvailabilityZone' ->> 'Name' as subnet_availability_zone, - subnet -> 'SubnetAvailabilityZone' ->> 'SupportedPlatforms' as supported_platforms, - subnet ->> 'SubnetIdentifier' as subnet_identifier, - subnet ->> 'SubnetStatus' as subnet_status - from - aws_redshift_subnet_group, - jsonb_array_elements(subnets) as subnet; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_subnet_group_name,\n subnet -> 'SubnetAvailabilityZone'\ + \ ->> 'Name' as subnet_availability_zone,\n subnet -> 'SubnetAvailabilityZone'\ + \ ->> 'SupportedPlatforms' as supported_platforms,\n subnet ->> 'SubnetIdentifier'\ + \ as subnet_identifier,\n subnet ->> 'SubnetStatus' as subnet_status\nfrom\n\ + \ aws_redshift_subnet_group,\n jsonb_array_elements(subnets) as subnet;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift +Title: Find AWS Redshift Subnet Group Details and Status diff --git a/queries/aws_redshift_subnet_group_3.yaml b/queries/aws_redshift_subnet_group_3.yaml index 78b56ac17..015951d70 100755 --- a/queries/aws_redshift_subnet_group_3.yaml +++ b/queries/aws_redshift_subnet_group_3.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS Redshift Subnet Groups and get detailed information + about each subnet group, including its name, description, VPC ID, subnet IDs, and + status. ID: aws_redshift_subnet_group_3 -Title: "Find AWS Redshift Subnet Groups and Their Details" -Description: "Allows users to query AWS Redshift Subnet Groups and get detailed information about each subnet group, including its name, description, VPC ID, subnet IDs, and status." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - cluster_subnet_group_name, - tags - from - aws_redshift_subnet_group - where - not tags :: JSONB ? 'application'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n cluster_subnet_group_name,\n tags\nfrom\n aws_redshift_subnet_group\n\ + where\n not tags :: JSONB ? 'application';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift +Title: Find AWS Redshift Subnet Groups and Their Details diff --git a/queries/aws_redshiftserverless_namespace_1.yaml b/queries/aws_redshiftserverless_namespace_1.yaml index 1f136eaa1..67341fc00 100755 --- a/queries/aws_redshiftserverless_namespace_1.yaml +++ b/queries/aws_redshiftserverless_namespace_1.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS Redshift Serverless Namespace data. This table + provides information about each namespace within an AWS Redshift Serverless cluster. + It allows DevOps engineers to query namespace-specific details, including the namespace + ARN, creation date, and associated metadata. ID: aws_redshiftserverless_namespace_1 -Title: "List AWS Redshift Serverless Namespace Details" -Description: "Allows users to query AWS Redshift Serverless Namespace data. This table provides information about each namespace within an AWS Redshift Serverless cluster. It allows DevOps engineers to query namespace-specific details, including the namespace ARN, creation date, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - namespace_name, - namespace_arn, - namespace_id, - creation_date, - db_name, - region, - status - from - aws_redshiftserverless_namespace; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n namespace_name,\n namespace_arn,\n namespace_id,\n\ + \ creation_date,\n db_name,\n region,\n status\nfrom\n aws_redshiftserverless_namespace;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift Serverless +Title: List AWS Redshift Serverless Namespace Details diff --git a/queries/aws_redshiftserverless_namespace_2.yaml b/queries/aws_redshiftserverless_namespace_2.yaml index b52692206..ecb743e83 100755 --- a/queries/aws_redshiftserverless_namespace_2.yaml +++ b/queries/aws_redshiftserverless_namespace_2.yaml @@ -1,32 +1,25 @@ +Description: Allows users to query AWS Redshift Serverless Namespace data. This table + provides information about each namespace within an AWS Redshift Serverless cluster. + It allows DevOps engineers to query namespace-specific details, including the namespace + ARN, creation date, and associated metadata. ID: aws_redshiftserverless_namespace_2 -Title: "List AWS Redshift Serverless Namespace Details" -Description: "Allows users to query AWS Redshift Serverless Namespace data. This table provides information about each namespace within an AWS Redshift Serverless cluster. It allows DevOps engineers to query namespace-specific details, including the namespace ARN, creation date, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - namespace_name, - namespace_arn, - namespace_id, - creation_date, - db_name, - region, - status - from - aws_redshiftserverless_namespace - where - status <> 'AVAILABLE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n namespace_name,\n namespace_arn,\n namespace_id,\n\ + \ creation_date,\n db_name,\n region,\n status\nfrom\n aws_redshiftserverless_namespace\n\ + where\n status <> 'AVAILABLE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift Serverless +Title: List AWS Redshift Serverless Namespace Details diff --git a/queries/aws_redshiftserverless_namespace_3.yaml b/queries/aws_redshiftserverless_namespace_3.yaml index 4474d6e81..c0a8a27e9 100755 --- a/queries/aws_redshiftserverless_namespace_3.yaml +++ b/queries/aws_redshiftserverless_namespace_3.yaml @@ -1,32 +1,25 @@ +Description: Allows users to query AWS Redshift Serverless Namespace data. This table + provides information about each namespace within an AWS Redshift Serverless cluster. + It allows DevOps engineers to query namespace-specific details, including the namespace + ARN, creation date, and associated metadata. ID: aws_redshiftserverless_namespace_3 -Title: "List all AWS Redshift Serverless Namespace Data" -Description: "Allows users to query AWS Redshift Serverless Namespace data. This table provides information about each namespace within an AWS Redshift Serverless cluster. It allows DevOps engineers to query namespace-specific details, including the namespace ARN, creation date, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - namespace_name, - namespace_arn, - namespace_id, - creation_date, - db_name, - region, - status - from - aws_redshiftserverless_namespace - where - kms_key_id is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n namespace_name,\n namespace_arn,\n namespace_id,\n\ + \ creation_date,\n db_name,\n region,\n status\nfrom\n aws_redshiftserverless_namespace\n\ + where\n kms_key_id is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift Serverless +Title: List all AWS Redshift Serverless Namespace Data diff --git a/queries/aws_redshiftserverless_namespace_4.yaml b/queries/aws_redshiftserverless_namespace_4.yaml index 5bb0dc82d..c6dd87625 100755 --- a/queries/aws_redshiftserverless_namespace_4.yaml +++ b/queries/aws_redshiftserverless_namespace_4.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query AWS Redshift Serverless Namespace data. This table + provides information about each namespace within an AWS Redshift Serverless cluster. + It allows DevOps engineers to query namespace-specific details, including the namespace + ARN, creation date, and associated metadata. ID: aws_redshiftserverless_namespace_4 -Title: "List AWS Redshift Serverless Namespace Details" -Description: "Allows users to query AWS Redshift Serverless Namespace data. This table provides information about each namespace within an AWS Redshift Serverless cluster. It allows DevOps engineers to query namespace-specific details, including the namespace ARN, creation date, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - namespace_name, - namespace_arn, - namespace_id, - creation_date, - default_iam_role_arn - from - aws_redshiftserverless_namespace; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n namespace_name,\n namespace_arn,\n namespace_id,\n\ + \ creation_date,\n default_iam_role_arn\nfrom\n aws_redshiftserverless_namespace;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift Serverless +Title: List AWS Redshift Serverless Namespace Details diff --git a/queries/aws_redshiftserverless_workgroup_1.yaml b/queries/aws_redshiftserverless_workgroup_1.yaml index 865d0a8f4..776755327 100755 --- a/queries/aws_redshiftserverless_workgroup_1.yaml +++ b/queries/aws_redshiftserverless_workgroup_1.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS Redshift Serverless Workgroup information, + including workgroup details, query execution settings, and enforce workgroup configuration. ID: aws_redshiftserverless_workgroup_1 -Title: "List AWS Redshift Serverless Workgroup Details" -Description: "Allows users to query AWS Redshift Serverless Workgroup information, including workgroup details, query execution settings, and enforce workgroup configuration." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workgroup_name, - workgroup_arn, - workgroup_id, - base_capacity, - creation_date, - region, - status - from - aws_redshiftserverless_workgroup; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workgroup_name,\n workgroup_arn,\n workgroup_id,\n\ + \ base_capacity,\n creation_date,\n region,\n status\nfrom\n aws_redshiftserverless_workgroup;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift Serverless +Title: List AWS Redshift Serverless Workgroup Details diff --git a/queries/aws_redshiftserverless_workgroup_2.yaml b/queries/aws_redshiftserverless_workgroup_2.yaml index 6972a4d9f..a1f40b620 100755 --- a/queries/aws_redshiftserverless_workgroup_2.yaml +++ b/queries/aws_redshiftserverless_workgroup_2.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS Redshift Serverless Workgroup information, + including workgroup details, query execution settings, and enforce workgroup configuration. ID: aws_redshiftserverless_workgroup_2 -Title: "List all AWS Redshift Serverless Workgroup details" -Description: "Allows users to query AWS Redshift Serverless Workgroup information, including workgroup details, query execution settings, and enforce workgroup configuration." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workgroup_name, - workgroup_arn, - workgroup_id, - base_capacity, - creation_date, - region, - status - from - aws_redshiftserverless_workgroup - where - status <> 'AVAILABLE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workgroup_name,\n workgroup_arn,\n workgroup_id,\n\ + \ base_capacity,\n creation_date,\n region,\n status\nfrom\n aws_redshiftserverless_workgroup\n\ + where\n status <> 'AVAILABLE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift Serverless +Title: List all AWS Redshift Serverless Workgroup details diff --git a/queries/aws_redshiftserverless_workgroup_3.yaml b/queries/aws_redshiftserverless_workgroup_3.yaml index 9d9c7a125..de741059c 100755 --- a/queries/aws_redshiftserverless_workgroup_3.yaml +++ b/queries/aws_redshiftserverless_workgroup_3.yaml @@ -1,30 +1,21 @@ +Description: Allows users to query AWS Redshift Serverless Workgroup information, + including workgroup details, query execution settings, and enforce workgroup configuration. ID: aws_redshiftserverless_workgroup_3 -Title: "List all AWS Redshift Serverless Workgroup Details" -Description: "Allows users to query AWS Redshift Serverless Workgroup information, including workgroup details, query execution settings, and enforce workgroup configuration." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workgroup_name, - workgroup_arn, - workgroup_id, - base_capacity, - creation_date, - region, - status - from - aws_redshiftserverless_workgroup - where - publicly_accessible; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workgroup_name,\n workgroup_arn,\n workgroup_id,\n\ + \ base_capacity,\n creation_date,\n region,\n status\nfrom\n aws_redshiftserverless_workgroup\n\ + where\n publicly_accessible;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift Serverless +Title: List all AWS Redshift Serverless Workgroup Details diff --git a/queries/aws_redshiftserverless_workgroup_4.yaml b/queries/aws_redshiftserverless_workgroup_4.yaml index 5caf2d205..d66aaad64 100755 --- a/queries/aws_redshiftserverless_workgroup_4.yaml +++ b/queries/aws_redshiftserverless_workgroup_4.yaml @@ -1,24 +1,20 @@ +Description: Allows users to query AWS Redshift Serverless Workgroup information, + including workgroup details, query execution settings, and enforce workgroup configuration. ID: aws_redshiftserverless_workgroup_4 -Title: "List all AWS Redshift Serverless Workgroup details" -Description: "Allows users to query AWS Redshift Serverless Workgroup information, including workgroup details, query execution settings, and enforce workgroup configuration." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - sum(base_capacity) total_base_capacity - from - aws_redshiftserverless_workgroup - where - status = 'AVAILABLE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n sum(base_capacity) total_base_capacity\nfrom\n aws_redshiftserverless_workgroup\n\ + where\n status = 'AVAILABLE';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift Serverless +Title: List all AWS Redshift Serverless Workgroup details diff --git a/queries/aws_redshiftserverless_workgroup_5.yaml b/queries/aws_redshiftserverless_workgroup_5.yaml index 4f81fb5dc..6475b6509 100755 --- a/queries/aws_redshiftserverless_workgroup_5.yaml +++ b/queries/aws_redshiftserverless_workgroup_5.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS Redshift Serverless Workgroup information, + including workgroup details, query execution settings, and enforce workgroup configuration. ID: aws_redshiftserverless_workgroup_5 -Title: "List all AWS Redshift Serverless Workgroup details" -Description: "Allows users to query AWS Redshift Serverless Workgroup information, including workgroup details, query execution settings, and enforce workgroup configuration." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workgroup_arn, - endpoint ->> 'Address' as endpoint_address, - endpoint ->> 'Port' as endpoint_port, - endpoint -> 'VpcEndpoints' as endpoint_vpc_details - from - aws_redshiftserverless_workgroup; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workgroup_arn,\n endpoint ->> 'Address' as endpoint_address,\n\ + \ endpoint ->> 'Port' as endpoint_port,\n endpoint -> 'VpcEndpoints' as endpoint_vpc_details\n\ + from\n aws_redshiftserverless_workgroup;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift Serverless +Title: List all AWS Redshift Serverless Workgroup details diff --git a/queries/aws_redshiftserverless_workgroup_6.yaml b/queries/aws_redshiftserverless_workgroup_6.yaml index 64cb02827..1f3a13429 100755 --- a/queries/aws_redshiftserverless_workgroup_6.yaml +++ b/queries/aws_redshiftserverless_workgroup_6.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS Redshift Serverless Workgroup information, + including workgroup details, query execution settings, and enforce workgroup configuration. ID: aws_redshiftserverless_workgroup_6 -Title: "List All Details of AWS Redshift Serverless Workgroup" -Description: "Allows users to query AWS Redshift Serverless Workgroup information, including workgroup details, query execution settings, and enforce workgroup configuration." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workgroup_arn, - p ->> 'ParameterKey' as parameter_key, - p ->> 'ParameterValue' as parameter_value - from - aws_redshiftserverless_workgroup, - jsonb_array_elements(config_parameters) p; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workgroup_arn,\n p ->> 'ParameterKey' as parameter_key,\n\ + \ p ->> 'ParameterValue' as parameter_value\nfrom\n aws_redshiftserverless_workgroup,\n\ + \ jsonb_array_elements(config_parameters) p;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Redshift Serverless +Title: List All Details of AWS Redshift Serverless Workgroup diff --git a/queries/aws_region_1.yaml b/queries/aws_region_1.yaml index 23e792afe..2a2cdda1c 100755 --- a/queries/aws_region_1.yaml +++ b/queries/aws_region_1.yaml @@ -1,23 +1,19 @@ +Description: Allows users to query AWS Region to retrieve details about AWS regions + including their names, descriptions, and statuses. ID: aws_region_1 -Title: "List all AWS Region Details Including Names and Statuses" -Description: "Allows users to query AWS Region to retrieve details about AWS regions including their names, descriptions, and statuses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - opt_in_status - from - aws_region; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n opt_in_status\nfrom\n aws_region;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Regions +Title: List all AWS Region Details Including Names and Statuses diff --git a/queries/aws_region_2.yaml b/queries/aws_region_2.yaml index aa2349696..872f7d2a2 100755 --- a/queries/aws_region_2.yaml +++ b/queries/aws_region_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Region to retrieve details about AWS regions + including their names, descriptions, and statuses. ID: aws_region_2 -Title: "Find AWS Region Details and Statuses" -Description: "Allows users to query AWS Region to retrieve details about AWS regions including their names, descriptions, and statuses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - opt_in_status - from - aws_region - where - opt_in_status = 'not-opted-in'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n opt_in_status\nfrom\n aws_region\nwhere\n \ + \ opt_in_status = 'not-opted-in';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Region +Title: Find AWS Region Details and Statuses diff --git a/queries/aws_resource_explorer_index_1.yaml b/queries/aws_resource_explorer_index_1.yaml index b7bf1697a..6ee623c5a 100755 --- a/queries/aws_resource_explorer_index_1.yaml +++ b/queries/aws_resource_explorer_index_1.yaml @@ -1,24 +1,19 @@ +Description: Allows users to query AWS Resource Explorer Index, providing a comprehensive + view of all resources across different AWS services in a single table. ID: aws_resource_explorer_index_1 -Title: "List all resources across AWS services" -Description: "Allows users to query AWS Resource Explorer Index, providing a comprehensive view of all resources across different AWS services in a single table." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - region, - type - from - aws_resource_explorer_index; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n region,\n type\nfrom\n aws_resource_explorer_index;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Resource Explorer +Title: List all resources across AWS services diff --git a/queries/aws_resource_explorer_index_2.yaml b/queries/aws_resource_explorer_index_2.yaml index 5596aba32..4ee459cdb 100755 --- a/queries/aws_resource_explorer_index_2.yaml +++ b/queries/aws_resource_explorer_index_2.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Resource Explorer Index, providing a comprehensive + view of all resources across different AWS services in a single table. ID: aws_resource_explorer_index_2 -Title: "List all AWS resources from Resource Explorer Index" -Description: "Allows users to query AWS Resource Explorer Index, providing a comprehensive view of all resources across different AWS services in a single table." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - region, - type - from - aws_resource_explorer_index - where - type = 'AGGREGATOR'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n region,\n type\nfrom\n aws_resource_explorer_index\n\ + where\n type = 'AGGREGATOR';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Resource Explorer +Title: List all AWS resources from Resource Explorer Index diff --git a/queries/aws_resource_explorer_search_1.yaml b/queries/aws_resource_explorer_search_1.yaml index 9ebf0005a..230b12076 100755 --- a/queries/aws_resource_explorer_search_1.yaml +++ b/queries/aws_resource_explorer_search_1.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query AWS Resource Explorer to obtain a structured view + of all resources across AWS services. It provides detailed information about each + resource, including the service name, resource type, resource ID, and associated + tags. ID: aws_resource_explorer_search_1 -Title: "Find all AWS resources with details across services" -Description: "Allows users to query AWS Resource Explorer to obtain a structured view of all resources across AWS services. It provides detailed information about each resource, including the service name, resource type, resource ID, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - region, - resource_type, - service, - owning_account_id - from - aws_resource_explorer_search; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n region,\n resource_type,\n service,\n owning_account_id\n\ + from\n aws_resource_explorer_search;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Resource Explorer +Title: Find all AWS resources with details across services diff --git a/queries/aws_resource_explorer_search_2.yaml b/queries/aws_resource_explorer_search_2.yaml index 631793c17..86060188c 100755 --- a/queries/aws_resource_explorer_search_2.yaml +++ b/queries/aws_resource_explorer_search_2.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS Resource Explorer to obtain a structured view + of all resources across AWS services. It provides detailed information about each + resource, including the service name, resource type, resource ID, and associated + tags. ID: aws_resource_explorer_search_2 -Title: "Find AWS Resource Details with AWS Resource Explorer" -Description: "Allows users to query AWS Resource Explorer to obtain a structured view of all resources across AWS services. It provides detailed information about each resource, including the service name, resource type, resource ID, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - region, - resource_type, - service, - owning_account_id - from - aws_resource_explorer_search - where - query = '-service:iam'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n region,\n resource_type,\n service,\n owning_account_id\n\ + from\n aws_resource_explorer_search\nwhere\n query = '-service:iam';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Resource Explorer +Title: Find AWS Resource Details with AWS Resource Explorer diff --git a/queries/aws_resource_explorer_search_3.yaml b/queries/aws_resource_explorer_search_3.yaml index 4714225c4..e8f72f0bd 100755 --- a/queries/aws_resource_explorer_search_3.yaml +++ b/queries/aws_resource_explorer_search_3.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Resource Explorer to obtain a structured view + of all resources across AWS services. It provides detailed information about each + resource, including the service name, resource type, resource ID, and associated + tags. ID: aws_resource_explorer_search_3 -Title: "List all AWS resources with detailed information" -Description: "Allows users to query AWS Resource Explorer to obtain a structured view of all resources across AWS services. It provides detailed information about each resource, including the service name, resource type, resource ID, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - region, - resource_type, - service, - owning_account_id - from - aws_resource_explorer_search - where - query = '-service:iam region:us-*'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n region,\n resource_type,\n service,\n owning_account_id\n\ + from\n aws_resource_explorer_search\nwhere\n query = '-service:iam region:us-*';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Resource Explorer +Title: List all AWS resources with detailed information diff --git a/queries/aws_resource_explorer_search_4.yaml b/queries/aws_resource_explorer_search_4.yaml index faec018cf..77647ae75 100755 --- a/queries/aws_resource_explorer_search_4.yaml +++ b/queries/aws_resource_explorer_search_4.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS Resource Explorer to obtain a structured view + of all resources across AWS services. It provides detailed information about each + resource, including the service name, resource type, resource ID, and associated + tags. ID: aws_resource_explorer_search_4 -Title: "List All AWS Resources in Resource Explorer" -Description: "Allows users to query AWS Resource Explorer to obtain a structured view of all resources across AWS services. It provides detailed information about each resource, including the service name, resource type, resource ID, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - region, - resource_type, - service, - owning_account_id - from - aws_resource_explorer_search - where - query = 'resourcetype:iam:user'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n region,\n resource_type,\n service,\n owning_account_id\n\ + from\n aws_resource_explorer_search\nwhere\n query = 'resourcetype:iam:user';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Resource Explorer +Title: List All AWS Resources in Resource Explorer diff --git a/queries/aws_resource_explorer_search_5.yaml b/queries/aws_resource_explorer_search_5.yaml index a19929ac1..db7244ada 100755 --- a/queries/aws_resource_explorer_search_5.yaml +++ b/queries/aws_resource_explorer_search_5.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS Resource Explorer to obtain a structured view + of all resources across AWS services. It provides detailed information about each + resource, including the service name, resource type, resource ID, and associated + tags. ID: aws_resource_explorer_search_5 -Title: "List all Resources Across AWS Services" -Description: "Allows users to query AWS Resource Explorer to obtain a structured view of all resources across AWS services. It provides detailed information about each resource, including the service name, resource type, resource ID, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - region, - resource_type, - service, - owning_account_id - from - aws_resource_explorer_search - where - query = '-tag:none'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n region,\n resource_type,\n service,\n owning_account_id\n\ + from\n aws_resource_explorer_search\nwhere\n query = '-tag:none';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Resource Explorer +Title: List all Resources Across AWS Services diff --git a/queries/aws_resource_explorer_search_6.yaml b/queries/aws_resource_explorer_search_6.yaml index 86eb4e76a..a403c9b80 100755 --- a/queries/aws_resource_explorer_search_6.yaml +++ b/queries/aws_resource_explorer_search_6.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Resource Explorer to obtain a structured view + of all resources across AWS services. It provides detailed information about each + resource, including the service name, resource type, resource ID, and associated + tags. ID: aws_resource_explorer_search_6 -Title: "List all resources across AWS services" -Description: "Allows users to query AWS Resource Explorer to obtain a structured view of all resources across AWS services. It provides detailed information about each resource, including the service name, resource type, resource ID, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - region, - resource_type, - service, - owning_account_id - from - aws_resource_explorer_search - where - query = 'tag.key:environment'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n region,\n resource_type,\n service,\n owning_account_id\n\ + from\n aws_resource_explorer_search\nwhere\n query = 'tag.key:environment';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Resource Explorer +Title: List all resources across AWS services diff --git a/queries/aws_resource_explorer_search_7.yaml b/queries/aws_resource_explorer_search_7.yaml index de26a188b..d998b5dc2 100755 --- a/queries/aws_resource_explorer_search_7.yaml +++ b/queries/aws_resource_explorer_search_7.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS Resource Explorer to obtain a structured view + of all resources across AWS services. It provides detailed information about each + resource, including the service name, resource type, resource ID, and associated + tags. ID: aws_resource_explorer_search_7 -Title: "List all resources across AWS services" -Description: "Allows users to query AWS Resource Explorer to obtain a structured view of all resources across AWS services. It provides detailed information about each resource, including the service name, resource type, resource ID, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - region, - resource_type, - service, - owning_account_id - from - aws_resource_explorer_search - where - query = 'region:global'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n region,\n resource_type,\n service,\n owning_account_id\n\ + from\n aws_resource_explorer_search\nwhere\n query = 'region:global';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Resource Explorer +Title: List all resources across AWS services diff --git a/queries/aws_resource_explorer_search_8.yaml b/queries/aws_resource_explorer_search_8.yaml index 4a76d17b7..f959557a5 100755 --- a/queries/aws_resource_explorer_search_8.yaml +++ b/queries/aws_resource_explorer_search_8.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Resource Explorer to obtain a structured view + of all resources across AWS services. It provides detailed information about each + resource, including the service name, resource type, resource ID, and associated + tags. ID: aws_resource_explorer_search_8 -Title: "List all AWS resources with details using Resource Explorer" -Description: "Allows users to query AWS Resource Explorer to obtain a structured view of all resources across AWS services. It provides detailed information about each resource, including the service name, resource type, resource ID, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - region, - resource_type, - service, - owning_account_id - from - aws_resource_explorer_search - where - view_arn = 'arn:aws:resource-explorer-2:ap-south-1:111122223333:view/view1/7c9e9845-4736-409f-9c0f-673fe7ce3e46'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n region,\n resource_type,\n service,\n owning_account_id\n\ + from\n aws_resource_explorer_search\nwhere\n view_arn = 'arn:aws:resource-explorer-2:ap-south-1:111122223333:view/view1/7c9e9845-4736-409f-9c0f-673fe7ce3e46';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Resource Explorer +Title: List all AWS resources with details using Resource Explorer diff --git a/queries/aws_resource_explorer_supported_resource_type_1.yaml b/queries/aws_resource_explorer_supported_resource_type_1.yaml index d09ed9cb6..07ee10f64 100755 --- a/queries/aws_resource_explorer_supported_resource_type_1.yaml +++ b/queries/aws_resource_explorer_supported_resource_type_1.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS Resource Explorer Supported Resource Types + to obtain details about supported resource types for AWS Resource Groups. ID: aws_resource_explorer_supported_resource_type_1 -Title: "Find AWS Resource Explorer Supported Resource Types" -Description: "Allows users to query AWS Resource Explorer Supported Resource Types to obtain details about supported resource types for AWS Resource Groups." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service, - resource_type - from - aws_resource_explorer_supported_resource_type; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service,\n resource_type\nfrom\n aws_resource_explorer_supported_resource_type;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Resource Explorer +Title: Find AWS Resource Explorer Supported Resource Types diff --git a/queries/aws_resource_explorer_supported_resource_type_2.yaml b/queries/aws_resource_explorer_supported_resource_type_2.yaml index 50f180360..547524d79 100755 --- a/queries/aws_resource_explorer_supported_resource_type_2.yaml +++ b/queries/aws_resource_explorer_supported_resource_type_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Resource Explorer Supported Resource Types + to obtain details about supported resource types for AWS Resource Groups. ID: aws_resource_explorer_supported_resource_type_2 -Title: "Find supported AWS Resource Explorer types for Resource Groups" -Description: "Allows users to query AWS Resource Explorer Supported Resource Types to obtain details about supported resource types for AWS Resource Groups." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service, - resource_type - from - aws_resource_explorer_supported_resource_type - where - service = 'iam'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service,\n resource_type\nfrom\n aws_resource_explorer_supported_resource_type\n\ + where\n service = 'iam';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Resource Explorer +Title: Find supported AWS Resource Explorer types for Resource Groups diff --git a/queries/aws_route53_domain_1.yaml b/queries/aws_route53_domain_1.yaml index d901ac7a1..faa3de058 100755 --- a/queries/aws_route53_domain_1.yaml +++ b/queries/aws_route53_domain_1.yaml @@ -1,24 +1,20 @@ +Description: Allows users to query AWS Route 53 Domains for detailed information about + domain names, including their status, expiration date, and associated tags. ID: aws_route53_domain_1 -Title: "Find all AWS Route 53 Domains Information" -Description: "Allows users to query AWS Route 53 Domains for detailed information about domain names, including their status, expiration date, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - auto_renew, - expiration_date - from - aws_route53_domain; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n auto_renew,\n expiration_date\nfrom\n\ + \ aws_route53_domain;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: Find all AWS Route 53 Domains Information diff --git a/queries/aws_route53_domain_2.yaml b/queries/aws_route53_domain_2.yaml index 21baa5bad..02a9ba7d2 100755 --- a/queries/aws_route53_domain_2.yaml +++ b/queries/aws_route53_domain_2.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Route 53 Domains for detailed information about + domain names, including their status, expiration date, and associated tags. ID: aws_route53_domain_2 -Title: "List all AWS Route 53 Domains with Details" -Description: "Allows users to query AWS Route 53 Domains for detailed information about domain names, including their status, expiration date, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - auto_renew, - expiration_date - from - aws_route53_domain - where - auto_renew; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n auto_renew,\n expiration_date\nfrom\n\ + \ aws_route53_domain\nwhere\n auto_renew;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: List all AWS Route 53 Domains with Details diff --git a/queries/aws_route53_domain_3.yaml b/queries/aws_route53_domain_3.yaml index fbf24296b..327ff1127 100755 --- a/queries/aws_route53_domain_3.yaml +++ b/queries/aws_route53_domain_3.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Route 53 Domains for detailed information about + domain names, including their status, expiration date, and associated tags. ID: aws_route53_domain_3 -Title: "Find AWS Route 53 Domains with Transfer Lock Status" -Description: "Allows users to query AWS Route 53 Domains for detailed information about domain names, including their status, expiration date, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - domain_name, - expiration_date, - transfer_lock - from - aws_route53_domain - where - transfer_lock; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n domain_name,\n expiration_date,\n transfer_lock\nfrom\n\ + \ aws_route53_domain\nwhere\n transfer_lock;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: Find AWS Route 53 Domains with Transfer Lock Status diff --git a/queries/aws_route53_health_check_1.yaml b/queries/aws_route53_health_check_1.yaml index 09f4a6be7..315560a51 100755 --- a/queries/aws_route53_health_check_1.yaml +++ b/queries/aws_route53_health_check_1.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS Route 53 Health Check data, providing information + about health checks within AWS Route 53. This includes details such as health check + configuration, health check status, and associated metadata. ID: aws_route53_health_check_1 -Title: "List all Health Check Details in AWS Route 53" -Description: "Allows users to query AWS Route 53 Health Check data, providing information about health checks within AWS Route 53. This includes details such as health check configuration, health check status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - akas, - id, - health_check_version, - health_check_config - from - aws_route53_health_check; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n akas,\n id,\n health_check_version,\n health_check_config\n\ + from \n aws_route53_health_check;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: List all Health Check Details in AWS Route 53 diff --git a/queries/aws_route53_health_check_2.yaml b/queries/aws_route53_health_check_2.yaml index 0661af02d..7101b7ac2 100755 --- a/queries/aws_route53_health_check_2.yaml +++ b/queries/aws_route53_health_check_2.yaml @@ -1,32 +1,28 @@ +Description: Allows users to query AWS Route 53 Health Check data, providing information + about health checks within AWS Route 53. This includes details such as health check + configuration, health check status, and associated metadata. ID: aws_route53_health_check_2 -Title: "List all AWS Route 53 Health Check Data and Configuration" -Description: "Allows users to query AWS Route 53 Health Check data, providing information about health checks within AWS Route 53. This includes details such as health check configuration, health check status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - health_check_version, - cloud_watch_alarm_configuration ->> 'ComparisonOperator' as cloud_watch_comparison_operator, - cloud_watch_alarm_configuration ->> 'Dimensions' as cloud_watch_dimensions, - cloud_watch_alarm_configuration ->> 'EvaluationPeriods' as cloud_watch_evaluation_periods, - cloud_watch_alarm_configuration ->> 'MetricName' as cloud_watch_metric_name, - cloud_watch_alarm_configuration ->> 'Period' as cloud_watch_period, - cloud_watch_alarm_configuration ->> 'Statistic' as cloud_watch_statistic, - cloud_watch_alarm_configuration ->> 'Threshold' as cloud_watch_threshold - from - aws_route53_health_check - where - cloud_watch_alarm_configuration is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n health_check_version,\n cloud_watch_alarm_configuration\ + \ ->> 'ComparisonOperator' as cloud_watch_comparison_operator,\n cloud_watch_alarm_configuration\ + \ ->> 'Dimensions' as cloud_watch_dimensions,\n cloud_watch_alarm_configuration\ + \ ->> 'EvaluationPeriods' as cloud_watch_evaluation_periods,\n cloud_watch_alarm_configuration\ + \ ->> 'MetricName' as cloud_watch_metric_name,\n cloud_watch_alarm_configuration\ + \ ->> 'Period' as cloud_watch_period,\n cloud_watch_alarm_configuration ->> 'Statistic'\ + \ as cloud_watch_statistic,\n cloud_watch_alarm_configuration ->> 'Threshold'\ + \ as cloud_watch_threshold\nfrom \n aws_route53_health_check\nwhere\n cloud_watch_alarm_configuration\ + \ is not null;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: List all AWS Route 53 Health Check Data and Configuration diff --git a/queries/aws_route53_health_check_3.yaml b/queries/aws_route53_health_check_3.yaml index a0e7a0e53..ea6b437dc 100755 --- a/queries/aws_route53_health_check_3.yaml +++ b/queries/aws_route53_health_check_3.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS Route 53 Health Check data, providing information + about health checks within AWS Route 53. This includes details such as health check + configuration, health check status, and associated metadata. ID: aws_route53_health_check_3 -Title: "Find AWS Route 53 Health Check Configuration and Status" -Description: "Allows users to query AWS Route 53 Health Check data, providing information about health checks within AWS Route 53. This includes details such as health check configuration, health check status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - health_check_version, - linked_service_description, - linked_service_principal - from - aws_route53_health_check - where - linked_service_description is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n health_check_version,\n linked_service_description,\n\ + \ linked_service_principal\nfrom \n aws_route53_health_check\nwhere\n linked_service_description\ + \ is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: Find AWS Route 53 Health Check Configuration and Status diff --git a/queries/aws_route53_health_check_4.yaml b/queries/aws_route53_health_check_4.yaml index 75e9594c2..f708e1ffa 100755 --- a/queries/aws_route53_health_check_4.yaml +++ b/queries/aws_route53_health_check_4.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query AWS Route 53 Health Check data, providing information + about health checks within AWS Route 53. This includes details such as health check + configuration, health check status, and associated metadata. ID: aws_route53_health_check_4 -Title: "List all AWS Route 53 Health Check using SQL" -Description: "Allows users to query AWS Route 53 Health Check data, providing information about health checks within AWS Route 53. This includes details such as health check configuration, health check status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - health_check_version, - health_check_config ->> 'Disabled' as disabled - from - aws_route53_health_check - where - cast(health_check_config ->> 'Disabled' as boolean); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n health_check_version,\n health_check_config ->>\ + \ 'Disabled' as disabled\nfrom \n aws_route53_health_check \nwhere\n cast(health_check_config\ + \ ->> 'Disabled' as boolean);" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Route 53 +Title: List all AWS Route 53 Health Check using SQL diff --git a/queries/aws_route53_health_check_5.yaml b/queries/aws_route53_health_check_5.yaml index d0821e9fc..785def92c 100755 --- a/queries/aws_route53_health_check_5.yaml +++ b/queries/aws_route53_health_check_5.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query AWS Route 53 Health Check data, providing information + about health checks within AWS Route 53. This includes details such as health check + configuration, health check status, and associated metadata. ID: aws_route53_health_check_5 -Title: "Find AWS Route 53 Health Check Configuration Details" -Description: "Allows users to query AWS Route 53 Health Check data, providing information about health checks within AWS Route 53. This includes details such as health check configuration, health check status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - health_check_version, - health_check_config ->> 'FullyQualifiedDomainName' as fully_qualified_domain_name, - health_check_config ->> 'IPAddress' as ip_address, - health_check_config ->> 'Port' as port, - health_check_config ->> 'Type' as type, - health_check_config ->> 'RequestInterval' as request_interval - from - aws_route53_health_check; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n health_check_version,\n health_check_config ->>\ + \ 'FullyQualifiedDomainName' as fully_qualified_domain_name,\n health_check_config\ + \ ->> 'IPAddress' as ip_address,\n health_check_config ->> 'Port' as port,\n\ + \ health_check_config ->> 'Type' as type,\n health_check_config ->> 'RequestInterval'\ + \ as request_interval\nfrom \n aws_route53_health_check;" Tags: cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: Find AWS Route 53 Health Check Configuration Details diff --git a/queries/aws_route53_health_check_6.yaml b/queries/aws_route53_health_check_6.yaml index b8f113bb6..735ea0895 100755 --- a/queries/aws_route53_health_check_6.yaml +++ b/queries/aws_route53_health_check_6.yaml @@ -1,31 +1,26 @@ +Description: Allows users to query AWS Route 53 Health Check data, providing information + about health checks within AWS Route 53. This includes details such as health check + configuration, health check status, and associated metadata. ID: aws_route53_health_check_6 -Title: "Find AWS Route 53 Health Check Details and Status" -Description: "Allows users to query AWS Route 53 Health Check data, providing information about health checks within AWS Route 53. This includes details such as health check configuration, health check status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - health_check_version, - health_check_config ->> 'FullyQualifiedDomainName' as fully_qualified_domain_name, - health_check_config ->> 'IPAddress' as ip_address, - health_check_config ->> 'Port' as port, - health_check_config ->> 'Type' as type, - health_check_config ->> 'RequestInterval' as request_interval, - health_check_config ->> 'AlarmIdentifier' as alarm_identifier - from - aws_route53_health_check - where - health_check_config ->> 'AlarmIdentifier' is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n health_check_version,\n health_check_config ->>\ + \ 'FullyQualifiedDomainName' as fully_qualified_domain_name,\n health_check_config\ + \ ->> 'IPAddress' as ip_address,\n health_check_config ->> 'Port' as port,\n\ + \ health_check_config ->> 'Type' as type,\n health_check_config ->> 'RequestInterval'\ + \ as request_interval,\n health_check_config ->> 'AlarmIdentifier' as alarm_identifier\n\ + from \n aws_route53_health_check\nwhere\n health_check_config ->> 'AlarmIdentifier'\ + \ is not null;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: Find AWS Route 53 Health Check Details and Status diff --git a/queries/aws_route53_health_check_7.yaml b/queries/aws_route53_health_check_7.yaml index 55698a76a..58bc1cb62 100755 --- a/queries/aws_route53_health_check_7.yaml +++ b/queries/aws_route53_health_check_7.yaml @@ -1,33 +1,27 @@ +Description: Allows users to query AWS Route 53 Health Check data, providing information + about health checks within AWS Route 53. This includes details such as health check + configuration, health check status, and associated metadata. ID: aws_route53_health_check_7 -Title: "Find AWS Route 53 Health Check Details" -Description: "Allows users to query AWS Route 53 Health Check data, providing information about health checks within AWS Route 53. This includes details such as health check configuration, health check status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.id, - r.health_check_version, - hc ->> 'IPAddress' as ip_address, - hc ->> 'Region' as region, - hc-> 'StatusReport' as status_report - from - aws_route53_health_check as r, - jsonb_array_elements(health_check_status) hc - where - hc-> 'StatusReport' ->> 'Status' not like '%Success%'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n r.id,\n r.health_check_version,\n hc ->> 'IPAddress'\ + \ as ip_address,\n hc ->> 'Region' as region,\n hc-> 'StatusReport' as status_report\n\ + from \n aws_route53_health_check as r,\n jsonb_array_elements(health_check_status)\ + \ hc \nwhere \n hc-> 'StatusReport' ->> 'Status' not like '%Success%';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: Find AWS Route 53 Health Check Details diff --git a/queries/aws_route53_query_log_1.yaml b/queries/aws_route53_query_log_1.yaml index f76e7b883..9b0439bc8 100755 --- a/queries/aws_route53_query_log_1.yaml +++ b/queries/aws_route53_query_log_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Route 53 Query Log data, providing insights + into DNS queries made to Route 53 hosted zones. ID: aws_route53_query_log_1 -Title: "List all AWS Route 53 Query Log DNS queries" -Description: "Allows users to query AWS Route 53 Query Log data, providing insights into DNS queries made to Route 53 hosted zones." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - hosted_zone_id, - cloud_watch_logs_log_group_arn, - title, - akas - from - aws_route53_query_log; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n hosted_zone_id,\n cloud_watch_logs_log_group_arn,\n\ + \ title,\n akas\nfrom\n aws_route53_query_log;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: List all AWS Route 53 Query Log DNS queries diff --git a/queries/aws_route53_query_log_2.yaml b/queries/aws_route53_query_log_2.yaml index 4c4ea47b0..2e30fcce9 100755 --- a/queries/aws_route53_query_log_2.yaml +++ b/queries/aws_route53_query_log_2.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS Route 53 Query Log data, providing insights + into DNS queries made to Route 53 hosted zones. ID: aws_route53_query_log_2 -Title: "Find AWS Route 53 Query Log Data with SQL" -Description: "Allows users to query AWS Route 53 Query Log data, providing insights into DNS queries made to Route 53 hosted zones." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - l.id, - l.hosted_zone_id, - z.private_zone, - z.resource_record_set_count - from - aws_route53_query_log as l, - aws_route53_zone as z - where - z.id = l.hosted_zone_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n l.id,\n l.hosted_zone_id,\n z.private_zone,\n z.resource_record_set_count\n\ + from\n aws_route53_query_log as l,\n aws_route53_zone as z\nwhere\n z.id =\ + \ l.hosted_zone_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: Find AWS Route 53 Query Log Data with SQL diff --git a/queries/aws_route53_query_log_3.yaml b/queries/aws_route53_query_log_3.yaml index 9b328c579..bda2565e0 100755 --- a/queries/aws_route53_query_log_3.yaml +++ b/queries/aws_route53_query_log_3.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Route 53 Query Log data, providing insights + into DNS queries made to Route 53 hosted zones. ID: aws_route53_query_log_3 -Title: "List all DNS Queries from AWS Route 53 Query Log" -Description: "Allows users to query AWS Route 53 Query Log data, providing insights into DNS queries made to Route 53 hosted zones." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - hosted_zone_id, - count(id) - from - aws_route53_query_log - group by - hosted_zone_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n hosted_zone_id,\n count(id)\nfrom\n aws_route53_query_log\n\ + group by\n hosted_zone_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: List all DNS Queries from AWS Route 53 Query Log diff --git a/queries/aws_route53_record_1.yaml b/queries/aws_route53_record_1.yaml index 9ce06d097..f3cd4dc5f 100755 --- a/queries/aws_route53_record_1.yaml +++ b/queries/aws_route53_record_1.yaml @@ -1,27 +1,25 @@ +Description: Allows users to query Route 53 DNS records within Amazon Web Services. + The `aws_route53_record` table in Steampipe provides information about DNS records + within AWS Route 53. This table allows DevOps engineers to query record-specific + details, including type, name, TTL, and associated metadata. Users can utilize this + table to gather insights on DNS records, such as record types, verification of TTL + values, and more. ID: aws_route53_record_1 -Title: "Find AWS Route 53 Record Details Using SQL" -Description: "Allows users to query Route 53 DNS records within Amazon Web Services. The `aws_route53_record` table in Steampipe provides information about DNS records within AWS Route 53. This table allows DevOps engineers to query record-specific details, including type, name, TTL, and associated metadata. Users can utilize this table to gather insights on DNS records, such as record types, verification of TTL values, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - type, - records, - alias_target - from - aws_route53_record; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n type,\n records,\n alias_target\nfrom\n aws_route53_record;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: Find AWS Route 53 Record Details Using SQL diff --git a/queries/aws_route53_record_2.yaml b/queries/aws_route53_record_2.yaml index ee101fbe3..e97fb13f9 100755 --- a/queries/aws_route53_record_2.yaml +++ b/queries/aws_route53_record_2.yaml @@ -1,29 +1,26 @@ +Description: Allows users to query Route 53 DNS records within Amazon Web Services. + The `aws_route53_record` table in Steampipe provides information about DNS records + within AWS Route 53. This table allows DevOps engineers to query record-specific + details, including type, name, TTL, and associated metadata. Users can utilize this + table to gather insights on DNS records, such as record types, verification of TTL + values, and more. ID: aws_route53_record_2 -Title: "Find AWS Route 53 DNS Records with Steampipe SQL" -Description: "Allows users to query Route 53 DNS records within Amazon Web Services. The `aws_route53_record` table in Steampipe provides information about DNS records within AWS Route 53. This table allows DevOps engineers to query record-specific details, including type, name, TTL, and associated metadata. Users can utilize this table to gather insights on DNS records, such as record types, verification of TTL values, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.name, - r.type, - record - from - aws_route53_record as r, - jsonb_array_elements_text(records) as record - where - name = 'test.com.'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n r.name,\n r.type,\n record\nfrom\n aws_route53_record\ + \ as r,\n jsonb_array_elements_text(records) as record\nwhere\n name = 'test.com.';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 DNS +Title: Find AWS Route 53 DNS Records with Steampipe SQL diff --git a/queries/aws_route53_record_3.yaml b/queries/aws_route53_record_3.yaml index 11be5f4b4..615f07a94 100755 --- a/queries/aws_route53_record_3.yaml +++ b/queries/aws_route53_record_3.yaml @@ -1,27 +1,24 @@ +Description: Allows users to query Route 53 DNS records within Amazon Web Services. + The `aws_route53_record` table in Steampipe provides information about DNS records + within AWS Route 53. This table allows DevOps engineers to query record-specific + details, including type, name, TTL, and associated metadata. Users can utilize this + table to gather insights on DNS records, such as record types, verification of TTL + values, and more. ID: aws_route53_record_3 -Title: "Find DNS Records with AWS Route 53 Using Steampipe" -Description: "Allows users to query Route 53 DNS records within Amazon Web Services. The `aws_route53_record` table in Steampipe provides information about DNS records within AWS Route 53. This table allows DevOps engineers to query record-specific details, including type, name, TTL, and associated metadata. Users can utilize this table to gather insights on DNS records, such as record types, verification of TTL values, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.name, - r.type, - record - from - aws_route53_record as r, - jsonb_array_elements_text(records) as record - where - r.type = 'NS'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n r.name,\n r.type,\n record\nfrom\n aws_route53_record\ + \ as r,\n jsonb_array_elements_text(records) as record\nwhere\n r.type = 'NS';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: Find DNS Records with AWS Route 53 Using Steampipe diff --git a/queries/aws_route53_record_4.yaml b/queries/aws_route53_record_4.yaml index 8e486b51f..6304e5633 100755 --- a/queries/aws_route53_record_4.yaml +++ b/queries/aws_route53_record_4.yaml @@ -1,30 +1,27 @@ +Description: Allows users to query Route 53 DNS records within Amazon Web Services. + The `aws_route53_record` table in Steampipe provides information about DNS records + within AWS Route 53. This table allows DevOps engineers to query record-specific + details, including type, name, TTL, and associated metadata. Users can utilize this + table to gather insights on DNS records, such as record types, verification of TTL + values, and more. ID: aws_route53_record_4 -Title: "List AWS Route 53 DNS Record Details" -Description: "Allows users to query Route 53 DNS records within Amazon Web Services. The `aws_route53_record` table in Steampipe provides information about DNS records within AWS Route 53. This table allows DevOps engineers to query record-specific details, including type, name, TTL, and associated metadata. Users can utilize this table to gather insights on DNS records, such as record types, verification of TTL values, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.name, - r.type, - record - from - aws_route53_record as r, - jsonb_array_elements_text(records) as record - where - r.name = 'test.com.' - and r.type = 'NS'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n r.name,\n r.type,\n record\nfrom\n aws_route53_record\ + \ as r,\n jsonb_array_elements_text(records) as record\nwhere\n r.name = 'test.com.'\n\ + \ and r.type = 'NS';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: List AWS Route 53 DNS Record Details diff --git a/queries/aws_route53_record_5.yaml b/queries/aws_route53_record_5.yaml index 4cf9c1e6c..c16e4b0e3 100755 --- a/queries/aws_route53_record_5.yaml +++ b/queries/aws_route53_record_5.yaml @@ -1,27 +1,24 @@ +Description: Allows users to query Route 53 DNS records within Amazon Web Services. + The `aws_route53_record` table in Steampipe provides information about DNS records + within AWS Route 53. This table allows DevOps engineers to query record-specific + details, including type, name, TTL, and associated metadata. Users can utilize this + table to gather insights on DNS records, such as record types, verification of TTL + values, and more. ID: aws_route53_record_5 -Title: "Find DNS Record Details in AWS Route 53" -Description: "Allows users to query Route 53 DNS records within Amazon Web Services. The `aws_route53_record` table in Steampipe provides information about DNS records within AWS Route 53. This table allows DevOps engineers to query record-specific details, including type, name, TTL, and associated metadata. Users can utilize this table to gather insights on DNS records, such as record types, verification of TTL values, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - type, - count(*) - from - aws_route53_record - group by - type - order by - count desc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n type,\n count(*)\nfrom\n aws_route53_record\ngroup\ + \ by\n type\norder by\n count desc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: Find DNS Record Details in AWS Route 53 diff --git a/queries/aws_route53_record_6.yaml b/queries/aws_route53_record_6.yaml index bd5af688d..b8050f104 100755 --- a/queries/aws_route53_record_6.yaml +++ b/queries/aws_route53_record_6.yaml @@ -1,32 +1,26 @@ +Description: Allows users to query Route 53 DNS records within Amazon Web Services. + The `aws_route53_record` table in Steampipe provides information about DNS records + within AWS Route 53. This table allows DevOps engineers to query record-specific + details, including type, name, TTL, and associated metadata. Users can utilize this + table to gather insights on DNS records, such as record types, verification of TTL + values, and more. ID: aws_route53_record_6 -Title: "List all DNS records in AWS Route 53 using SQL" -Description: "Allows users to query Route 53 DNS records within Amazon Web Services. The `aws_route53_record` table in Steampipe provides information about DNS records within AWS Route 53. This table allows DevOps engineers to query record-specific details, including type, name, TTL, and associated metadata. Users can utilize this table to gather insights on DNS records, such as record types, verification of TTL values, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - type, - records, - alias_target, - geo_location ->> 'ContinentCode' as continent, - geo_location ->> 'CountryCode' as country, - geo_location ->> 'SubdivisionCode' as subdivision - from - aws_route53_record - where - geo_location is not null - order by - name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n type,\n records,\n alias_target,\n geo_location\ + \ ->> 'ContinentCode' as continent,\n geo_location ->> 'CountryCode' as country,\n\ + \ geo_location ->> 'SubdivisionCode' as subdivision\nfrom\n aws_route53_record\n\ + where\n geo_location is not null\norder by\n name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - DNS +Title: List all DNS records in AWS Route 53 using SQL diff --git a/queries/aws_route53_record_7.yaml b/queries/aws_route53_record_7.yaml index 3e014cae9..de04ca3ba 100755 --- a/queries/aws_route53_record_7.yaml +++ b/queries/aws_route53_record_7.yaml @@ -1,30 +1,27 @@ +Description: Allows users to query Route 53 DNS records within Amazon Web Services. + The `aws_route53_record` table in Steampipe provides information about DNS records + within AWS Route 53. This table allows DevOps engineers to query record-specific + details, including type, name, TTL, and associated metadata. Users can utilize this + table to gather insights on DNS records, such as record types, verification of TTL + values, and more. ID: aws_route53_record_7 -Title: "Find all DNS Records in AWS Route 53" -Description: "Allows users to query Route 53 DNS records within Amazon Web Services. The `aws_route53_record` table in Steampipe provides information about DNS records within AWS Route 53. This table allows DevOps engineers to query record-specific details, including type, name, TTL, and associated metadata. Users can utilize this table to gather insights on DNS records, such as record types, verification of TTL values, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - type, - count(*) - from - aws_route53_record - left join jsonb_array_elements_text(records) as record on true - group by - name, - type; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n type,\n count(*)\nfrom\n aws_route53_record\n\ + \ left join jsonb_array_elements_text(records) as record on true\ngroup by\n\ + \ name,\n type;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: Find all DNS Records in AWS Route 53 diff --git a/queries/aws_route53_resolver_endpoint_1.yaml b/queries/aws_route53_resolver_endpoint_1.yaml index 246d08224..8f711b071 100755 --- a/queries/aws_route53_resolver_endpoint_1.yaml +++ b/queries/aws_route53_resolver_endpoint_1.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS Route 53 Resolver Endpoints, providing detailed + information about each endpoint, including its ID, direction, IP addresses, and + status, among other details. ID: aws_route53_resolver_endpoint_1 -Title: "List all AWS Route 53 Resolver Endpoints with Details" -Description: "Allows users to query AWS Route 53 Resolver Endpoints, providing detailed information about each endpoint, including its ID, direction, IP addresses, and status, among other details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - direction, - ip_address_count - status - from - aws_route53_resolver_endpoint; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n direction,\n ip_address_count\n status\n\ + from\n aws_route53_resolver_endpoint;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 Resolver +Title: List all AWS Route 53 Resolver Endpoints with Details diff --git a/queries/aws_route53_resolver_endpoint_2.yaml b/queries/aws_route53_resolver_endpoint_2.yaml index eb235d2d1..ec4efee5a 100755 --- a/queries/aws_route53_resolver_endpoint_2.yaml +++ b/queries/aws_route53_resolver_endpoint_2.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS Route 53 Resolver Endpoints, providing detailed + information about each endpoint, including its ID, direction, IP addresses, and + status, among other details. ID: aws_route53_resolver_endpoint_2 -Title: "List AWS Route 53 Resolver Endpoints with Details" -Description: "Allows users to query AWS Route 53 Resolver Endpoints, providing detailed information about each endpoint, including its ID, direction, IP addresses, and status, among other details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - direction, - ip_address_count - status - from - aws_route53_resolver_endpoint - where - id = 'rslvr-out-ebb7db0b7498463eb'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n direction,\n ip_address_count\n status\n\ + from\n aws_route53_resolver_endpoint\nwhere\n id = 'rslvr-out-ebb7db0b7498463eb';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: List AWS Route 53 Resolver Endpoints with Details diff --git a/queries/aws_route53_resolver_endpoint_3.yaml b/queries/aws_route53_resolver_endpoint_3.yaml index 6e8b19570..41a721224 100755 --- a/queries/aws_route53_resolver_endpoint_3.yaml +++ b/queries/aws_route53_resolver_endpoint_3.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS Route 53 Resolver Endpoints, providing detailed + information about each endpoint, including its ID, direction, IP addresses, and + status, among other details. ID: aws_route53_resolver_endpoint_3 -Title: "List all AWS Route 53 Resolver Endpoints Needing Action" -Description: "Allows users to query AWS Route 53 Resolver Endpoints, providing detailed information about each endpoint, including its ID, direction, IP addresses, and status, among other details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - direction, - status, - status_message - from - aws_route53_resolver_endpoint - where - status = 'ACTION_NEEDED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n direction,\n status,\n status_message\n\ + from\n aws_route53_resolver_endpoint\nwhere\n status = 'ACTION_NEEDED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 Resolver +Title: List all AWS Route 53 Resolver Endpoints Needing Action diff --git a/queries/aws_route53_resolver_endpoint_4.yaml b/queries/aws_route53_resolver_endpoint_4.yaml index d507321c7..767df6f4c 100755 --- a/queries/aws_route53_resolver_endpoint_4.yaml +++ b/queries/aws_route53_resolver_endpoint_4.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query AWS Route 53 Resolver Endpoints, providing detailed + information about each endpoint, including its ID, direction, IP addresses, and + status, among other details. ID: aws_route53_resolver_endpoint_4 -Title: "List All AWS Route 53 Resolver Endpoints and Details" -Description: "Allows users to query AWS Route 53 Resolver Endpoints, providing detailed information about each endpoint, including its ID, direction, IP addresses, and status, among other details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - p ->> 'Ip' as ip, - p ->> 'Status' as status, - p ->> 'SubnetId' as subnet_id - from - aws_route53_resolver_endpoint, - jsonb_array_elements(ip_addresses) as p; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n p ->> 'Ip' as ip,\n p ->> 'Status' as status,\n\ + \ p ->> 'SubnetId' as subnet_id\nfrom\n aws_route53_resolver_endpoint,\n jsonb_array_elements(ip_addresses)\ + \ as p;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: List All AWS Route 53 Resolver Endpoints and Details diff --git a/queries/aws_route53_resolver_query_log_config_1.yaml b/queries/aws_route53_resolver_query_log_config_1.yaml index 6c7d4c374..cf4945b22 100755 --- a/queries/aws_route53_resolver_query_log_config_1.yaml +++ b/queries/aws_route53_resolver_query_log_config_1.yaml @@ -1,27 +1,19 @@ +Description: Allows users to query AWS Route 53 Resolver Query Log Configurations. ID: aws_route53_resolver_query_log_config_1 -Title: "Find Route 53 Resolver Query Log Configurations" -Description: "Allows users to query AWS Route 53 Resolver Query Log Configurations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - arn, - creation_time, - share_status, - status - from - aws_route53_resolver_query_log_config; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n arn,\n creation_time,\n share_status,\n\ + \ status\nfrom\n aws_route53_resolver_query_log_config;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: Find Route 53 Resolver Query Log Configurations diff --git a/queries/aws_route53_resolver_query_log_config_2.yaml b/queries/aws_route53_resolver_query_log_config_2.yaml index 49895d478..2128f5d35 100755 --- a/queries/aws_route53_resolver_query_log_config_2.yaml +++ b/queries/aws_route53_resolver_query_log_config_2.yaml @@ -1,34 +1,24 @@ +Description: Allows users to query AWS Route 53 Resolver Query Log Configurations. ID: aws_route53_resolver_query_log_config_2 -Title: "List all AWS Route 53 Resolver Query Log Configurations" -Description: "Allows users to query AWS Route 53 Resolver Query Log Configurations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - arn, - creation_time, - share_status, - status, - destination_arn - from - aws_route53_resolver_query_log_config - where - owner_id <> account_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n arn,\n creation_time,\n share_status,\n\ + \ status,\n destination_arn\nfrom\n aws_route53_resolver_query_log_config\n\ + where\n owner_id <> account_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 cloud_traffic_analytics: - - "true" + - 'true' +Title: List all AWS Route 53 Resolver Query Log Configurations diff --git a/queries/aws_route53_resolver_query_log_config_3.yaml b/queries/aws_route53_resolver_query_log_config_3.yaml index 8e1fdcd56..c05e3b20e 100755 --- a/queries/aws_route53_resolver_query_log_config_3.yaml +++ b/queries/aws_route53_resolver_query_log_config_3.yaml @@ -1,27 +1,19 @@ +Description: Allows users to query AWS Route 53 Resolver Query Log Configurations. ID: aws_route53_resolver_query_log_config_3 -Title: "Find AWS Route 53 Resolver Query Log Configurations" -Description: "Allows users to query AWS Route 53 Resolver Query Log Configurations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - creator_request_id, - destination_arn - from - aws_route53_resolver_query_log_config - where - status = 'FAILED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n creator_request_id,\n destination_arn\n\ + from\n aws_route53_resolver_query_log_config\nwhere\n status = 'FAILED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: Find AWS Route 53 Resolver Query Log Configurations diff --git a/queries/aws_route53_resolver_query_log_config_4.yaml b/queries/aws_route53_resolver_query_log_config_4.yaml index 5491d3f05..c7935ce55 100755 --- a/queries/aws_route53_resolver_query_log_config_4.yaml +++ b/queries/aws_route53_resolver_query_log_config_4.yaml @@ -1,27 +1,19 @@ +Description: Allows users to query AWS Route 53 Resolver Query Log Configurations. ID: aws_route53_resolver_query_log_config_4 -Title: "Find AWS Route 53 Resolver Query Log Configurations" -Description: "Allows users to query AWS Route 53 Resolver Query Log Configurations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - share_status, - association_count - from - aws_route53_resolver_query_log_config - where - share_status = 'SHARED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n share_status,\n association_count\n\ + from\n aws_route53_resolver_query_log_config\nwhere\n share_status = 'SHARED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: Find AWS Route 53 Resolver Query Log Configurations diff --git a/queries/aws_route53_resolver_query_log_config_5.yaml b/queries/aws_route53_resolver_query_log_config_5.yaml index ae9bb55fe..63a8fd125 100755 --- a/queries/aws_route53_resolver_query_log_config_5.yaml +++ b/queries/aws_route53_resolver_query_log_config_5.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query AWS Route 53 Resolver Query Log Configurations. ID: aws_route53_resolver_query_log_config_5 -Title: "Find AWS Route 53 Resolver Query Log Configurations" -Description: "Allows users to query AWS Route 53 Resolver Query Log Configurations." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - creation_time, - destination_arn, - status - from - aws_route53_resolver_query_log_config - where - creation_time >= now() - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n creation_time,\n destination_arn,\n\ + \ status\nfrom\n aws_route53_resolver_query_log_config\nwhere\n creation_time\ + \ >= now() - interval '30' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: Find AWS Route 53 Resolver Query Log Configurations diff --git a/queries/aws_route53_resolver_rule_1.yaml b/queries/aws_route53_resolver_rule_1.yaml index 641d2d13c..98e1a6934 100755 --- a/queries/aws_route53_resolver_rule_1.yaml +++ b/queries/aws_route53_resolver_rule_1.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS Route 53 Resolver Rule to obtain data on DNS + resolver rules configured in an AWS account. ID: aws_route53_resolver_rule_1 -Title: "List all AWS Route 53 Resolver Rules" -Description: "Allows users to query AWS Route 53 Resolver Rule to obtain data on DNS resolver rules configured in an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - domain_name owner_id, - resolver_endpoint_id, - rule_type, - share_status, - status - from - aws_route53_resolver_rule; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n domain_name owner_id,\n resolver_endpoint_id,\n\ + \ rule_type,\n share_status,\n status\nfrom\n aws_route53_resolver_rule;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: List all AWS Route 53 Resolver Rules diff --git a/queries/aws_route53_resolver_rule_2.yaml b/queries/aws_route53_resolver_rule_2.yaml index 2b9b3c967..e90fe0d68 100755 --- a/queries/aws_route53_resolver_rule_2.yaml +++ b/queries/aws_route53_resolver_rule_2.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Route 53 Resolver Rule to obtain data on DNS + resolver rules configured in an AWS account. ID: aws_route53_resolver_rule_2 -Title: "Find Route 53 Resolver Rules Configured in AWS Account" -Description: "Allows users to query AWS Route 53 Resolver Rule to obtain data on DNS resolver rules configured in an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - arn, - resolver_rule_associations - from - aws_route53_resolver_rule - Where - resolver_rule_associations = '[]'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n arn,\n resolver_rule_associations\n\ + from\n aws_route53_resolver_rule\nWhere\n resolver_rule_associations = '[]';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: Find Route 53 Resolver Rules Configured in AWS Account diff --git a/queries/aws_route53_resolver_rule_3.yaml b/queries/aws_route53_resolver_rule_3.yaml index 94f8f3545..83a80a995 100755 --- a/queries/aws_route53_resolver_rule_3.yaml +++ b/queries/aws_route53_resolver_rule_3.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Route 53 Resolver Rule to obtain data on DNS + resolver rules configured in an AWS account. ID: aws_route53_resolver_rule_3 -Title: "Find AWS Route 53 Resolver Rule Data in AWS Account" -Description: "Allows users to query AWS Route 53 Resolver Rule to obtain data on DNS resolver rules configured in an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - p ->> 'Ip' as ip, - p ->> 'Port' as port - from - aws_route53_resolver_rule, - jsonb_array_elements(target_ips) as p; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n p ->> 'Ip' as ip,\n p ->> 'Port' as port\n\ + from\n aws_route53_resolver_rule,\n jsonb_array_elements(target_ips) as p;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: Find AWS Route 53 Resolver Rule Data in AWS Account diff --git a/queries/aws_route53_resolver_rule_4.yaml b/queries/aws_route53_resolver_rule_4.yaml index b60aad9c1..196c7715c 100755 --- a/queries/aws_route53_resolver_rule_4.yaml +++ b/queries/aws_route53_resolver_rule_4.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Route 53 Resolver Rule to obtain data on DNS + resolver rules configured in an AWS account. ID: aws_route53_resolver_rule_4 -Title: "Find all AWS Route 53 Resolver Rules Configuration" -Description: "Allows users to query AWS Route 53 Resolver Rule to obtain data on DNS resolver rules configured in an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - share_status, - rule_type - from - aws_route53_resolver_rule - where - share_status = 'SHARED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n share_status,\n rule_type\nfrom\n aws_route53_resolver_rule\n\ + where\n share_status = 'SHARED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: Find all AWS Route 53 Resolver Rules Configuration diff --git a/queries/aws_route53_traffic_policy_1.yaml b/queries/aws_route53_traffic_policy_1.yaml index b4a076ac9..2ab26e970 100755 --- a/queries/aws_route53_traffic_policy_1.yaml +++ b/queries/aws_route53_traffic_policy_1.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS Route 53 Traffic Policies to retrieve information + about each policy''s versions, including the policy identifier, name, type, and + document. This table also provides data related to the policy''s associated metadata. ID: aws_route53_traffic_policy_1 -Title: "List all AWS Route 53 Traffic Policies and Metadata" -Description: "Allows users to query AWS Route 53 Traffic Policies to retrieve information about each policy''s versions, including the policy identifier, name, type, and document. This table also provides data related to the policy''s associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - version, - document, - region - from - aws_route53_traffic_policy; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n version,\n document,\n region\nfrom\ + \ \n aws_route53_traffic_policy;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: List all AWS Route 53 Traffic Policies and Metadata diff --git a/queries/aws_route53_traffic_policy_2.yaml b/queries/aws_route53_traffic_policy_2.yaml index a196198f7..9fd337761 100755 --- a/queries/aws_route53_traffic_policy_2.yaml +++ b/queries/aws_route53_traffic_policy_2.yaml @@ -1,35 +1,23 @@ +Description: Allows users to query AWS Route 53 Traffic Policies to retrieve information + about each policy''s versions, including the policy identifier, name, type, and + document. This table also provides data related to the policy''s associated metadata. ID: aws_route53_traffic_policy_2 -Title: "Find All AWS Route 53 Traffic Policy Versions and Metadata" -Description: "Allows users to query AWS Route 53 Traffic Policies to retrieve information about each policy''s versions, including the policy identifier, name, type, and document. This table also provides data related to the policy''s associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - policy.id, - policy.version, - comment - from - aws_route53_traffic_policy policy, - (select - id, - max(version) as version - from - aws_route53_traffic_policy - group by - id) as latest - where - latest.id = policy.id - and latest.version = policy.version; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n name,\n policy.id,\n policy.version, \n comment \n\ + from \n aws_route53_traffic_policy policy,\n (select\n id,\n max(version)\ + \ as version\n from \n aws_route53_traffic_policy \n group by \n id) as\ + \ latest\nwhere \n latest.id = policy.id \n and latest.version = policy.version;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: Find All AWS Route 53 Traffic Policy Versions and Metadata diff --git a/queries/aws_route53_traffic_policy_3.yaml b/queries/aws_route53_traffic_policy_3.yaml index 958e4a22b..1e0a13176 100755 --- a/queries/aws_route53_traffic_policy_3.yaml +++ b/queries/aws_route53_traffic_policy_3.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS Route 53 Traffic Policies to retrieve information + about each policy''s versions, including the policy identifier, name, type, and + document. This table also provides data related to the policy''s associated metadata. ID: aws_route53_traffic_policy_3 -Title: "List all AWS Route 53 Traffic Policies with Versions" -Description: "Allows users to query AWS Route 53 Traffic Policies to retrieve information about each policy''s versions, including the policy identifier, name, type, and document. This table also provides data related to the policy''s associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - document ->> 'RecordType' as dns_type, - count(id) as "policies" - from - aws_route53_traffic_policy - group by - dns_type; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n document ->> 'RecordType' as dns_type,\n count(id) as\ + \ \"policies\"\nfrom\n aws_route53_traffic_policy\ngroup by \n dns_type;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: List all AWS Route 53 Traffic Policies with Versions diff --git a/queries/aws_route53_traffic_policy_instance_1.yaml b/queries/aws_route53_traffic_policy_instance_1.yaml index 5da36ad81..475f39823 100755 --- a/queries/aws_route53_traffic_policy_instance_1.yaml +++ b/queries/aws_route53_traffic_policy_instance_1.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query AWS Route 53 Traffic Policy Instances, providing + detailed information about each instance such as the ID, version, DNS name, and + more. This table is useful for gaining insights into the configuration and status + of traffic policy instances. ID: aws_route53_traffic_policy_instance_1 -Title: "List all AWS Route 53 Traffic Policy Instances" -Description: "Allows users to query AWS Route 53 Traffic Policy Instances, providing detailed information about each instance such as the ID, version, DNS name, and more. This table is useful for gaining insights into the configuration and status of traffic policy instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - hosted_zone_id, - ttl, - region - from - aws_route53_traffic_policy_instance; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n hosted_zone_id,\n ttl,\n region\nfrom\ + \ \n aws_route53_traffic_policy_instance;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: List all AWS Route 53 Traffic Policy Instances diff --git a/queries/aws_route53_traffic_policy_instance_2.yaml b/queries/aws_route53_traffic_policy_instance_2.yaml index 74ec38571..fd5866b03 100755 --- a/queries/aws_route53_traffic_policy_instance_2.yaml +++ b/queries/aws_route53_traffic_policy_instance_2.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS Route 53 Traffic Policy Instances, providing + detailed information about each instance such as the ID, version, DNS name, and + more. This table is useful for gaining insights into the configuration and status + of traffic policy instances. ID: aws_route53_traffic_policy_instance_2 -Title: "List all AWS Route 53 Traffic Policy Instances" -Description: "Allows users to query AWS Route 53 Traffic Policy Instances, providing detailed information about each instance such as the ID, version, DNS name, and more. This table is useful for gaining insights into the configuration and status of traffic policy instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - i.name, - i.id, - h.id as hosted_zone_id, - h.name as hosted_zone_name, - h.caller_reference, - h.private_zone - from - aws_route53_traffic_policy_instance i - join aws_route53_zone h on i.hosted_zone_id = h.id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n i.name,\n i.id,\n h.id as hosted_zone_id,\n h.name\ + \ as hosted_zone_name,\n h.caller_reference,\n h.private_zone\nfrom \n aws_route53_traffic_policy_instance\ + \ i\n join aws_route53_zone h on i.hosted_zone_id = h.id;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: List all AWS Route 53 Traffic Policy Instances diff --git a/queries/aws_route53_traffic_policy_instance_3.yaml b/queries/aws_route53_traffic_policy_instance_3.yaml index 0a9eb30f1..7e0138d12 100755 --- a/queries/aws_route53_traffic_policy_instance_3.yaml +++ b/queries/aws_route53_traffic_policy_instance_3.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS Route 53 Traffic Policy Instances, providing + detailed information about each instance such as the ID, version, DNS name, and + more. This table is useful for gaining insights into the configuration and status + of traffic policy instances. ID: aws_route53_traffic_policy_instance_3 -Title: "List all AWS Route 53 Traffic Policy Instances" -Description: "Allows users to query AWS Route 53 Traffic Policy Instances, providing detailed information about each instance such as the ID, version, DNS name, and more. This table is useful for gaining insights into the configuration and status of traffic policy instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - i.name, - i.id, - traffic_policy_id, - p.name as traffic_policy_name, - traffic_policy_type, - traffic_policy_version, - p.document - from - aws_route53_traffic_policy_instance i - join aws_route53_traffic_policy p on i.traffic_policy_id = p.id - and i.traffic_policy_version = p.version; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n i.name,\n i.id,\n traffic_policy_id,\n p.name as\ + \ traffic_policy_name,\n traffic_policy_type,\n traffic_policy_version,\n p.document\n\ + from \n aws_route53_traffic_policy_instance i\n join aws_route53_traffic_policy\ + \ p on i.traffic_policy_id = p.id \n and i.traffic_policy_version = p.version;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: List all AWS Route 53 Traffic Policy Instances diff --git a/queries/aws_route53_traffic_policy_instance_4.yaml b/queries/aws_route53_traffic_policy_instance_4.yaml index ade70b0ab..147dae202 100755 --- a/queries/aws_route53_traffic_policy_instance_4.yaml +++ b/queries/aws_route53_traffic_policy_instance_4.yaml @@ -1,30 +1,25 @@ +Description: Allows users to query AWS Route 53 Traffic Policy Instances, providing + detailed information about each instance such as the ID, version, DNS name, and + more. This table is useful for gaining insights into the configuration and status + of traffic policy instances. ID: aws_route53_traffic_policy_instance_4 -Title: "List All AWS Route 53 Traffic Policy Instances" -Description: "Allows users to query AWS Route 53 Traffic Policy Instances, providing detailed information about each instance such as the ID, version, DNS name, and more. This table is useful for gaining insights into the configuration and status of traffic policy instances." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - state, - hosted_zone_id, - message as failed_reason - from - aws_route53_traffic_policy_instance - where - state = 'Failed'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n state,\n hosted_zone_id,\n message\ + \ as failed_reason\nfrom \n aws_route53_traffic_policy_instance\nwhere\n state\ + \ = 'Failed';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: List All AWS Route 53 Traffic Policy Instances diff --git a/queries/aws_route53_vpc_association_authorization_1.yaml b/queries/aws_route53_vpc_association_authorization_1.yaml index 3016eaf9d..bfe98a59d 100755 --- a/queries/aws_route53_vpc_association_authorization_1.yaml +++ b/queries/aws_route53_vpc_association_authorization_1.yaml @@ -1,26 +1,21 @@ +Description: Gets a list of the VPCs that were created by other accounts and that + can be associated with a specified hosted zone because you''ve submitted one or + more `CreateVPCAssociationAuthorization` requests. ID: aws_route53_vpc_association_authorization_1 -Title: "List all VPCs created by other accounts for a hosted zone" -Description: "Gets a list of the VPCs that were created by other accounts and that can be associated with a specified hosted zone because you''ve submitted one or more `CreateVPCAssociationAuthorization` requests." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - hosted_zone_id, - vpc_id, - vpc_region - from - aws_route53_vpc_association_authorization - where - hosted_zone_id = 'Z3M3LMPEXAMPLE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n hosted_zone_id,\n vpc_id,\n vpc_region\nfrom\n aws_route53_vpc_association_authorization\n\ + where\n hosted_zone_id = 'Z3M3LMPEXAMPLE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route53 +Title: List all VPCs created by other accounts for a hosted zone diff --git a/queries/aws_route53_vpc_association_authorization_2.yaml b/queries/aws_route53_vpc_association_authorization_2.yaml index 867175509..9c4620df7 100755 --- a/queries/aws_route53_vpc_association_authorization_2.yaml +++ b/queries/aws_route53_vpc_association_authorization_2.yaml @@ -1,28 +1,21 @@ +Description: Gets a list of the VPCs that were created by other accounts and that + can be associated with a specified hosted zone because you''ve submitted one or + more `CreateVPCAssociationAuthorization` requests. ID: aws_route53_vpc_association_authorization_2 -Title: "List all VPCs from other accounts for Route53 association" -Description: "Gets a list of the VPCs that were created by other accounts and that can be associated with a specified hosted zone because you''ve submitted one or more `CreateVPCAssociationAuthorization` requests." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - hosted_zone_id, - vpc_id, - vpc_region - from - aws_route53_vpc_association_authorization - where - hosted_zone_id = 'Z3M3LMPEXAMPLE' - order by - vpc_region desc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n hosted_zone_id,\n vpc_id,\n vpc_region\nfrom\n aws_route53_vpc_association_authorization\n\ + where\n hosted_zone_id = 'Z3M3LMPEXAMPLE'\norder by\n vpc_region desc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route53 +Title: List all VPCs from other accounts for Route53 association diff --git a/queries/aws_route53_vpc_association_authorization_3.yaml b/queries/aws_route53_vpc_association_authorization_3.yaml index cb7d12999..959954878 100755 --- a/queries/aws_route53_vpc_association_authorization_3.yaml +++ b/queries/aws_route53_vpc_association_authorization_3.yaml @@ -1,30 +1,24 @@ +Description: Gets a list of the VPCs that were created by other accounts and that + can be associated with a specified hosted zone because you''ve submitted one or + more `CreateVPCAssociationAuthorization` requests. ID: aws_route53_vpc_association_authorization_3 -Title: "List all VPCs for AWS Route53 VPC Association Authorization" -Description: "Gets a list of the VPCs that were created by other accounts and that can be associated with a specified hosted zone because you''ve submitted one or more `CreateVPCAssociationAuthorization` requests." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - auth.hosted_zone_id, - z.name, - auth.vpc_id, - auth.vpc_region - from - aws_route53_vpc_association_authorization auth - inner join - aws_route53_zone z on auth.hosted_zone_id = z.id - where z.name = 'mycooldomain.xyz'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n auth.hosted_zone_id,\n z.name,\n auth.vpc_id,\n auth.vpc_region\n\ + from\n aws_route53_vpc_association_authorization auth\ninner join\n aws_route53_zone\ + \ z on auth.hosted_zone_id = z.id\nwhere z.name = 'mycooldomain.xyz';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route53 +Title: List all VPCs for AWS Route53 VPC Association Authorization diff --git a/queries/aws_route53_zone_1.yaml b/queries/aws_route53_zone_1.yaml index 4806cb725..20604a8ab 100755 --- a/queries/aws_route53_zone_1.yaml +++ b/queries/aws_route53_zone_1.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Route 53 Zone details including hosted zone + ID, name, type, record set count, and associated tags. ID: aws_route53_zone_1 -Title: "List AWS Route 53 Zone Details Including Hosted Zone ID" -Description: "Allows users to query AWS Route 53 Zone details including hosted zone ID, name, type, record set count, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - private_zone, - resource_record_set_count - from - aws_route53_zone; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n private_zone,\n resource_record_set_count\n\ + from \n aws_route53_zone;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: List AWS Route 53 Zone Details Including Hosted Zone ID diff --git a/queries/aws_route53_zone_2.yaml b/queries/aws_route53_zone_2.yaml index cba2faa11..ef958baa5 100755 --- a/queries/aws_route53_zone_2.yaml +++ b/queries/aws_route53_zone_2.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query AWS Route 53 Zone details including hosted zone + ID, name, type, record set count, and associated tags. ID: aws_route53_zone_2 -Title: "List all AWS Route 53 Zone Details Including Tags and Counts" -Description: "Allows users to query AWS Route 53 Zone details including hosted zone ID, name, type, record set count, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - comment, - private_zone, - resource_record_set_count - from - aws_route53_zone - where - private_zone; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n comment,\n private_zone,\n resource_record_set_count\n\ + from \n aws_route53_zone\nwhere\n private_zone;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: List all AWS Route 53 Zone Details Including Tags and Counts diff --git a/queries/aws_route53_zone_3.yaml b/queries/aws_route53_zone_3.yaml index 73f758e50..2110436cd 100755 --- a/queries/aws_route53_zone_3.yaml +++ b/queries/aws_route53_zone_3.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS Route 53 Zone details including hosted zone + ID, name, type, record set count, and associated tags. ID: aws_route53_zone_3 -Title: "List AWS Route 53 Zone Details Including Hosted Zone ID" -Description: "Allows users to query AWS Route 53 Zone details including hosted zone ID, name, type, record set count, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - comment, - private_zone, - resource_record_set_count - from - aws_route53_zone - where - not private_zone; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n comment,\n private_zone,\n resource_record_set_count\n\ + from \n aws_route53_zone\nwhere\n not private_zone;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: List AWS Route 53 Zone Details Including Hosted Zone ID diff --git a/queries/aws_route53_zone_4.yaml b/queries/aws_route53_zone_4.yaml index 4a171b3cf..25e4b12c2 100755 --- a/queries/aws_route53_zone_4.yaml +++ b/queries/aws_route53_zone_4.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS Route 53 Zone details including hosted zone + ID, name, type, record set count, and associated tags. ID: aws_route53_zone_4 -Title: "List all AWS Route 53 Zone details including record count" -Description: "Allows users to query AWS Route 53 Zone details including hosted zone ID, name, type, record set count, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - private_zone, - resource_record_set_count - from - aws_route53_zone - where - name like '%.turbot.com. - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n private_zone,\n resource_record_set_count\n\ + from \n aws_route53_zone\nwhere\n name like '%.turbot.com." Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: List all AWS Route 53 Zone details including record count diff --git a/queries/aws_route53_zone_5.yaml b/queries/aws_route53_zone_5.yaml index eb4fcb402..5ca0a2889 100755 --- a/queries/aws_route53_zone_5.yaml +++ b/queries/aws_route53_zone_5.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Route 53 Zone details including hosted zone + ID, name, type, record set count, and associated tags. ID: aws_route53_zone_5 -Title: "List AWS Route 53 Zone Details with Associated Tags" -Description: "Allows users to query AWS Route 53 Zone details including hosted zone ID, name, type, record set count, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - v ->> 'VPCId' as vpc_id, - v ->> 'VPCRegion' as vpc_region - from - aws_route53_zone, - jsonb_array_elements(vpcs) as v; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n name,\n id,\n v ->> 'VPCId' as vpc_id,\n v ->> 'VPCRegion'\ + \ as vpc_region\nfrom\n aws_route53_zone,\n jsonb_array_elements(vpcs) as v;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: List AWS Route 53 Zone Details with Associated Tags diff --git a/queries/aws_route53_zone_6.yaml b/queries/aws_route53_zone_6.yaml index 7e4636bf0..2c2bb4103 100755 --- a/queries/aws_route53_zone_6.yaml +++ b/queries/aws_route53_zone_6.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query AWS Route 53 Zone details including hosted zone + ID, name, type, record set count, and associated tags. ID: aws_route53_zone_6 -Title: "List AWS Route 53 Zone Details including Hosted Zone ID" -Description: "Allows users to query AWS Route 53 Zone details including hosted zone ID, name, type, record set count, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - v.vpc_id as vpc_id, - v.cidr_block as cidr_block, - v.is_default as is_default, - v.dhcp_options_id as dhcp_options_id - from - aws_route53_zone, - jsonb_array_elements(vpcs) as p, - aws_vpc as v - where - p ->> 'VPCId' = v.vpc_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n name,\n id,\n v.vpc_id as vpc_id,\n v.cidr_block\ + \ as cidr_block,\n v.is_default as is_default,\n v.dhcp_options_id as dhcp_options_id\n\ + from\n aws_route53_zone,\n jsonb_array_elements(vpcs) as p,\n aws_vpc as v\n\ + where\n p ->> 'VPCId' = v.vpc_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Route 53 +Title: List AWS Route 53 Zone Details including Hosted Zone ID diff --git a/queries/aws_s3_access_point_1.yaml b/queries/aws_s3_access_point_1.yaml index b5fad09ce..19b16e382 100755 --- a/queries/aws_s3_access_point_1.yaml +++ b/queries/aws_s3_access_point_1.yaml @@ -1,24 +1,19 @@ +Description: Allows users to query AWS S3 Access Point details such as name, bucket, + network origin, policy status, creation time, and more. ID: aws_s3_access_point_1 -Title: "List all AWS S3 Access Point details using SQL" -Description: "Allows users to query AWS S3 Access Point details such as name, bucket, network origin, policy status, creation time, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - access_point_arn, - bucket_name - from - aws_s3_access_point; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n access_point_arn,\n bucket_name\nfrom\n aws_s3_access_point;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: List all AWS S3 Access Point details using SQL diff --git a/queries/aws_s3_access_point_2.yaml b/queries/aws_s3_access_point_2.yaml index 37b75f7ce..85e69cf60 100755 --- a/queries/aws_s3_access_point_2.yaml +++ b/queries/aws_s3_access_point_2.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS S3 Access Point details such as name, bucket, + network origin, policy status, creation time, and more. ID: aws_s3_access_point_2 -Title: "List all AWS S3 Access Point details" -Description: "Allows users to query AWS S3 Access Point details such as name, bucket, network origin, policy status, creation time, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - access_point_arn, - vpc_id - from - aws_s3_access_point - where - vpc_id is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n access_point_arn,\n vpc_id\nfrom\n aws_s3_access_point\n\ + where\n vpc_id is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: List all AWS S3 Access Point details diff --git a/queries/aws_s3_access_point_3.yaml b/queries/aws_s3_access_point_3.yaml index c35e43a00..5a7eac00e 100755 --- a/queries/aws_s3_access_point_3.yaml +++ b/queries/aws_s3_access_point_3.yaml @@ -1,33 +1,24 @@ +Description: Allows users to query AWS S3 Access Point details such as name, bucket, + network origin, policy status, creation time, and more. ID: aws_s3_access_point_3 -Title: "Find AWS S3 Access Point details with public policies" -Description: "Allows users to query AWS S3 Access Point details such as name, bucket, network origin, policy status, creation time, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - block_public_acls, - block_public_policy, - ignore_public_acls, - restrict_public_buckets - from - aws_s3_access_point - where - not block_public_acls - or not block_public_policy - or not ignore_public_acls - or not restrict_public_buckets; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n block_public_acls,\n block_public_policy,\n\ + \ ignore_public_acls,\n restrict_public_buckets\nfrom\n aws_s3_access_point\n\ + where\n not block_public_acls\n or not block_public_policy\n or not ignore_public_acls\n\ + \ or not restrict_public_buckets;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: Find AWS S3 Access Point details with public policies diff --git a/queries/aws_s3_access_point_4.yaml b/queries/aws_s3_access_point_4.yaml index 2af971fdd..bb5c4307d 100755 --- a/queries/aws_s3_access_point_4.yaml +++ b/queries/aws_s3_access_point_4.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS S3 Access Point details such as name, bucket, + network origin, policy status, creation time, and more. ID: aws_s3_access_point_4 -Title: "List all AWS S3 Access Point details including name and policy" -Description: "Allows users to query AWS S3 Access Point details such as name, bucket, network origin, policy status, creation time, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - access_point_policy_is_public - from - aws_s3_access_point - where - access_point_policy_is_public; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n access_point_policy_is_public\nfrom\n aws_s3_access_point\n\ + where\n access_point_policy_is_public;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: List all AWS S3 Access Point details including name and policy diff --git a/queries/aws_s3_access_point_5.yaml b/queries/aws_s3_access_point_5.yaml index a3a032a48..715937671 100755 --- a/queries/aws_s3_access_point_5.yaml +++ b/queries/aws_s3_access_point_5.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS S3 Access Point details such as name, bucket, + network origin, policy status, creation time, and more. ID: aws_s3_access_point_5 -Title: "List AWS S3 Access Point Details Including Name, Bucket" -Description: "Allows users to query AWS S3 Access Point details such as name, bucket, network origin, policy status, creation time, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - bucket_name, - count(name) access_point_count - from - aws_s3_access_point - group by - bucket_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n bucket_name,\n count(name) access_point_count\nfrom\n\ + \ aws_s3_access_point\ngroup by\n bucket_name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 Access Point +Title: List AWS S3 Access Point Details Including Name, Bucket diff --git a/queries/aws_s3_bucket_1.yaml b/queries/aws_s3_bucket_1.yaml index bfcb18bf1..05bc3f3f1 100755 --- a/queries/aws_s3_bucket_1.yaml +++ b/queries/aws_s3_bucket_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS S3 buckets for detailed information about their + configuration, policies, and permissions. ID: aws_s3_bucket_1 -Title: "List all AWS S3 Buckets with Configuration and Policies" -Description: "Allows users to query AWS S3 buckets for detailed information about their configuration, policies, and permissions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - region, - account_id, - bucket_policy_is_public - from - aws_s3_bucket; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n region,\n account_id,\n bucket_policy_is_public\n\ + from\n aws_s3_bucket;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: List all AWS S3 Buckets with Configuration and Policies diff --git a/queries/aws_s3_bucket_10.yaml b/queries/aws_s3_bucket_10.yaml index b6b8611d7..a92dd0d41 100755 --- a/queries/aws_s3_bucket_10.yaml +++ b/queries/aws_s3_bucket_10.yaml @@ -1,38 +1,26 @@ +Description: Allows users to query AWS S3 buckets for detailed information about their + configuration, policies, and permissions. ID: aws_s3_bucket_10 -Title: "Find AWS S3 Bucket Policies and Permissions" -Description: "Allows users to query AWS S3 buckets for detailed information about their configuration, policies, and permissions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - p as principal, - a as action, - s ->> 'Effect' as effect, - s -> 'Condition' as conditions - from - aws_s3_bucket, - jsonb_array_elements(policy_std -> 'Statement') as s, - jsonb_array_elements_text(s -> 'Principal' -> 'AWS') as p, - string_to_array(p, ':') as pa, - jsonb_array_elements_text(s -> 'Action') as a - where - s ->> 'Effect' = 'Allow' - and ( - pa[5] != account_id - or p = '*' - ); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n p as principal,\n a as action,\n s ->> 'Effect'\ + \ as effect,\n s -> 'Condition' as conditions\nfrom\n aws_s3_bucket,\n jsonb_array_elements(policy_std\ + \ -> 'Statement') as s,\n jsonb_array_elements_text(s -> 'Principal' -> 'AWS')\ + \ as p,\n string_to_array(p, ':') as pa,\n jsonb_array_elements_text(s -> 'Action')\ + \ as a\nwhere\n s ->> 'Effect' = 'Allow'\n and (\n pa[5] != account_id\n\ + \ or p = '*'\n );" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: Find AWS S3 Bucket Policies and Permissions diff --git a/queries/aws_s3_bucket_11.yaml b/queries/aws_s3_bucket_11.yaml index 7dd93d1d5..3dbb895e5 100755 --- a/queries/aws_s3_bucket_11.yaml +++ b/queries/aws_s3_bucket_11.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS S3 buckets for detailed information about their + configuration, policies, and permissions. ID: aws_s3_bucket_11 -Title: "Find AWS S3 Buckets with Object Lock Enabled" -Description: "Allows users to query AWS S3 buckets for detailed information about their configuration, policies, and permissions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - object_lock_configuration ->> 'ObjectLockEnabled' as object_lock_enabled - from - aws_s3_bucket - where - object_lock_configuration ->> 'ObjectLockEnabled' = 'Enabled'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n object_lock_configuration ->> 'ObjectLockEnabled'\ + \ as object_lock_enabled\nfrom\n aws_s3_bucket\nwhere\n object_lock_configuration\ + \ ->> 'ObjectLockEnabled' = 'Enabled';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: Find AWS S3 Buckets with Object Lock Enabled diff --git a/queries/aws_s3_bucket_12.yaml b/queries/aws_s3_bucket_12.yaml index 6c83c5e06..00076afbb 100755 --- a/queries/aws_s3_bucket_12.yaml +++ b/queries/aws_s3_bucket_12.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS S3 buckets for detailed information about their + configuration, policies, and permissions. ID: aws_s3_bucket_12 -Title: "Find all detailed AWS S3 Bucket Information via SQL" -Description: "Allows users to query AWS S3 buckets for detailed information about their configuration, policies, and permissions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - website_configuration -> 'IndexDocument' ->> 'Suffix' as suffix - from - aws_s3_bucket - where - website_configuration -> 'IndexDocument' ->> 'Suffix' is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n website_configuration -> 'IndexDocument' ->>\ + \ 'Suffix' as suffix\nfrom\n aws_s3_bucket\nwhere\n website_configuration ->\ + \ 'IndexDocument' ->> 'Suffix' is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: Find all detailed AWS S3 Bucket Information via SQL diff --git a/queries/aws_s3_bucket_13.yaml b/queries/aws_s3_bucket_13.yaml index 5482d5094..523f2c164 100755 --- a/queries/aws_s3_bucket_13.yaml +++ b/queries/aws_s3_bucket_13.yaml @@ -1,26 +1,23 @@ +Description: Allows users to query AWS S3 buckets for detailed information about their + configuration, policies, and permissions. ID: aws_s3_bucket_13 -Title: "Find all AWS S3 Buckets Configuration and Permissions" -Description: "Allows users to query AWS S3 buckets for detailed information about their configuration, policies, and permissions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - b.name, - r ->> 'ObjectOwnership' as object_ownership - from - aws_s3_bucket as b, - jsonb_array_elements(object_ownership_controls -> 'Rules') as r; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n b.name,\n r ->> 'ObjectOwnership' as object_ownership\n\ + from\n aws_s3_bucket as b,\n jsonb_array_elements(object_ownership_controls\ + \ -> 'Rules') as r;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: Find all AWS S3 Buckets Configuration and Permissions diff --git a/queries/aws_s3_bucket_2.yaml b/queries/aws_s3_bucket_2.yaml index 269f56240..eece9993c 100755 --- a/queries/aws_s3_bucket_2.yaml +++ b/queries/aws_s3_bucket_2.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS S3 buckets for detailed information about their + configuration, policies, and permissions. ID: aws_s3_bucket_2 -Title: "Find AWS S3 Buckets Missing Versioning Using SQL" -Description: "Allows users to query AWS S3 buckets for detailed information about their configuration, policies, and permissions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - region, - account_id, - versioning_enabled - from - aws_s3_bucket - where - not versioning_enabled; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n region,\n account_id,\n versioning_enabled\n\ + from\n aws_s3_bucket\nwhere\n not versioning_enabled;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: Find AWS S3 Buckets Missing Versioning Using SQL diff --git a/queries/aws_s3_bucket_3.yaml b/queries/aws_s3_bucket_3.yaml index d84b34611..19eb8d259 100755 --- a/queries/aws_s3_bucket_3.yaml +++ b/queries/aws_s3_bucket_3.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS S3 buckets for detailed information about their + configuration, policies, and permissions. ID: aws_s3_bucket_3 -Title: "Find AWS S3 buckets with no server-side encryption" -Description: "Allows users to query AWS S3 buckets for detailed information about their configuration, policies, and permissions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - server_side_encryption_configuration - from - aws_s3_bucket - where - server_side_encryption_configuration is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n server_side_encryption_configuration\nfrom\n\ + \ aws_s3_bucket\nwhere\n server_side_encryption_configuration is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: Find AWS S3 buckets with no server-side encryption diff --git a/queries/aws_s3_bucket_4.yaml b/queries/aws_s3_bucket_4.yaml index ad12a8c49..fdf843685 100755 --- a/queries/aws_s3_bucket_4.yaml +++ b/queries/aws_s3_bucket_4.yaml @@ -1,33 +1,24 @@ +Description: Allows users to query AWS S3 buckets for detailed information about their + configuration, policies, and permissions. ID: aws_s3_bucket_4 -Title: "Find AWS S3 Buckets with Public Access Details" -Description: "Allows users to query AWS S3 buckets for detailed information about their configuration, policies, and permissions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - block_public_acls, - block_public_policy, - ignore_public_acls, - restrict_public_buckets - from - aws_s3_bucket - where - not block_public_acls - or not block_public_policy - or not ignore_public_acls - or not restrict_public_buckets; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n block_public_acls,\n block_public_policy,\n\ + \ ignore_public_acls,\n restrict_public_buckets\nfrom\n aws_s3_bucket\nwhere\n\ + \ not block_public_acls\n or not block_public_policy\n or not ignore_public_acls\n\ + \ or not restrict_public_buckets;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: Find AWS S3 Buckets with Public Access Details diff --git a/queries/aws_s3_bucket_5.yaml b/queries/aws_s3_bucket_5.yaml index 44768beb3..5e37628f9 100755 --- a/queries/aws_s3_bucket_5.yaml +++ b/queries/aws_s3_bucket_5.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS S3 buckets for detailed information about their + configuration, policies, and permissions. ID: aws_s3_bucket_5 -Title: "Find All AWS S3 Bucket Policies and Configurations" -Description: "Allows users to query AWS S3 buckets for detailed information about their configuration, policies, and permissions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - bucket_policy_is_public - from - aws_s3_bucket - where - bucket_policy_is_public; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n bucket_policy_is_public\nfrom\n aws_s3_bucket\n\ + where\n bucket_policy_is_public;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: Find All AWS S3 Bucket Policies and Configurations diff --git a/queries/aws_s3_bucket_6.yaml b/queries/aws_s3_bucket_6.yaml index 432006d00..59416264d 100755 --- a/queries/aws_s3_bucket_6.yaml +++ b/queries/aws_s3_bucket_6.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS S3 buckets for detailed information about their + configuration, policies, and permissions. ID: aws_s3_bucket_6 -Title: "Find AWS S3 Buckets with Specific Logging Target" -Description: "Allows users to query AWS S3 buckets for detailed information about their configuration, policies, and permissions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - logging ->> 'TargetBucket' as target_bucket - from - aws_s3_bucket - where - logging ->> 'TargetBucket' = name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n logging ->> 'TargetBucket' as target_bucket\n\ + from\n aws_s3_bucket\nwhere\n logging ->> 'TargetBucket' = name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: Find AWS S3 Buckets with Specific Logging Target diff --git a/queries/aws_s3_bucket_7.yaml b/queries/aws_s3_bucket_7.yaml index 69f50e875..ed5ec7ecd 100755 --- a/queries/aws_s3_bucket_7.yaml +++ b/queries/aws_s3_bucket_7.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS S3 buckets for detailed information about their + configuration, policies, and permissions. ID: aws_s3_bucket_7 -Title: "Find all AWS S3 Buckets Information with SQL" -Description: "Allows users to query AWS S3 buckets for detailed information about their configuration, policies, and permissions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - tags ->> 'fizz' as fizz - from - aws_s3_bucket - where - tags ->> 'application' is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n tags ->> 'fizz' as fizz\nfrom\n aws_s3_bucket\n\ + where\n tags ->> 'application' is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: Find all AWS S3 Buckets Information with SQL diff --git a/queries/aws_s3_bucket_8.yaml b/queries/aws_s3_bucket_8.yaml index b168c25bb..d3f288c42 100755 --- a/queries/aws_s3_bucket_8.yaml +++ b/queries/aws_s3_bucket_8.yaml @@ -1,39 +1,27 @@ +Description: Allows users to query AWS S3 buckets for detailed information about their + configuration, policies, and permissions. ID: aws_s3_bucket_8 -Title: "Find all AWS S3 buckets with insecure policies" -Description: "Allows users to query AWS S3 buckets for detailed information about their configuration, policies, and permissions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - p as principal, - a as action, - s ->> 'Effect' as effect, - s ->> 'Condition' as conditions, - ssl - from - aws_s3_bucket, - jsonb_array_elements(policy_std -> 'Statement') as s, - jsonb_array_elements_text(s -> 'Principal' -> 'AWS') as p, - jsonb_array_elements_text(s -> 'Action') as a, - jsonb_array_elements_text( - s -> 'Condition' -> 'Bool' -> 'aws:securetransport' - ) as ssl - where - p = '*' - and s ->> 'Effect' = 'Deny' - and ssl :: bool = false; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n p as principal,\n a as action,\n s ->> 'Effect'\ + \ as effect,\n s ->> 'Condition' as conditions,\n ssl\nfrom\n aws_s3_bucket,\n\ + \ jsonb_array_elements(policy_std -> 'Statement') as s,\n jsonb_array_elements_text(s\ + \ -> 'Principal' -> 'AWS') as p,\n jsonb_array_elements_text(s -> 'Action') as\ + \ a,\n jsonb_array_elements_text(\n s -> 'Condition' -> 'Bool' -> 'aws:securetransport'\n\ + \ ) as ssl\nwhere\n p = '*'\n and s ->> 'Effect' = 'Deny'\n and ssl :: bool\ + \ = false;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: Find all AWS S3 buckets with insecure policies diff --git a/queries/aws_s3_bucket_9.yaml b/queries/aws_s3_bucket_9.yaml index c4c103349..f8d2e5889 100755 --- a/queries/aws_s3_bucket_9.yaml +++ b/queries/aws_s3_bucket_9.yaml @@ -1,41 +1,27 @@ +Description: Allows users to query AWS S3 buckets for detailed information about their + configuration, policies, and permissions. ID: aws_s3_bucket_9 -Title: "Find AWS S3 Buckets with Specific Policies and Permissions" -Description: "Allows users to query AWS S3 buckets for detailed information about their configuration, policies, and permissions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name - from - aws_s3_bucket - where - name not in ( - select - name - from - aws_s3_bucket, - jsonb_array_elements(policy_std -> 'Statement') as s, - jsonb_array_elements_text(s -> 'Principal' -> 'AWS') as p, - jsonb_array_elements_text(s -> 'Action') as a, - jsonb_array_elements_text( - s -> 'Condition' -> 'Bool' -> 'aws:securetransport' - ) as ssl - where - p = '*' - and s ->> 'Effect' = 'Deny' - and ssl :: bool = false - ); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name\nfrom\n aws_s3_bucket\nwhere\n name not in (\n\ + \ select\n name\n from\n aws_s3_bucket,\n jsonb_array_elements(policy_std\ + \ -> 'Statement') as s,\n jsonb_array_elements_text(s -> 'Principal' -> 'AWS')\ + \ as p,\n jsonb_array_elements_text(s -> 'Action') as a,\n jsonb_array_elements_text(\n\ + \ s -> 'Condition' -> 'Bool' -> 'aws:securetransport'\n ) as ssl\n\ + \ where\n p = '*'\n and s ->> 'Effect' = 'Deny'\n and ssl ::\ + \ bool = false\n );" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: Find AWS S3 Buckets with Specific Policies and Permissions diff --git a/queries/aws_s3_bucket_intelligent_tiering_configuration_1.yaml b/queries/aws_s3_bucket_intelligent_tiering_configuration_1.yaml index a1efe79b3..8c8e8dbb4 100755 --- a/queries/aws_s3_bucket_intelligent_tiering_configuration_1.yaml +++ b/queries/aws_s3_bucket_intelligent_tiering_configuration_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query Intelligent Tiering configurations for S3 buckets. + It provides information about each configuration, including the bucket name, the + ID of the configuration, and the status of the configuration. ID: aws_s3_bucket_intelligent_tiering_configuration_1 -Title: "List all Intelligent Tiering Configurations in AWS S3" -Description: "Allows users to query Intelligent Tiering configurations for S3 buckets. It provides information about each configuration, including the bucket name, the ID of the configuration, and the status of the configuration." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - bucket_name, - id, - status, - tierings - from - aws_s3_bucket_intelligent_tiering_configuration; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n bucket_name,\n id,\n status,\n tierings\nfrom\n aws_s3_bucket_intelligent_tiering_configuration;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 Bucket +Title: List all Intelligent Tiering Configurations in AWS S3 diff --git a/queries/aws_s3_bucket_intelligent_tiering_configuration_2.yaml b/queries/aws_s3_bucket_intelligent_tiering_configuration_2.yaml index a5a3be1b2..d53c65be7 100755 --- a/queries/aws_s3_bucket_intelligent_tiering_configuration_2.yaml +++ b/queries/aws_s3_bucket_intelligent_tiering_configuration_2.yaml @@ -1,45 +1,28 @@ +Description: Allows users to query Intelligent Tiering configurations for S3 buckets. + It provides information about each configuration, including the bucket name, the + ID of the configuration, and the status of the configuration. ID: aws_s3_bucket_intelligent_tiering_configuration_2 -Title: "List all AWS S3 Buckets with Intelligent Tiering Configuration" -Description: "Allows users to query Intelligent Tiering configurations for S3 buckets. It provides information about each configuration, including the bucket name, the ID of the configuration, and the status of the configuration." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - with intelligent_tiering_configuration as MATERIALIZED ( - select - bucket_name, id, status - from - aws_s3_bucket_intelligent_tiering_configuration ), - bucket as MATERIALIZED ( - select - name, region - from - aws_s3_bucket ) - select distinct - b.name, - b.region, - case - when - i.id is null - then - 'Bucket does not have intelligent tiering configured' - else - 'Bucket has intelligent tiering configured' - end - as intelligent_tiering_configuration_status - from - bucket as b - left join - intelligent_tiering_configuration as i - on b.name = i.bucket_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "with intelligent_tiering_configuration as MATERIALIZED (\nselect\n\ + \ bucket_name, id, status\nfrom\n aws_s3_bucket_intelligent_tiering_configuration\ + \ ),\n bucket as MATERIALIZED (\n select\n name, region\n from\n aws_s3_bucket\ + \ )\n select distinct\n b.name,\n b.region,\n case\n \ + \ when\n i.id is null\n then\n 'Bucket does not have\ + \ intelligent tiering configured'\n else\n 'Bucket has intelligent\ + \ tiering configured'\n end\n as intelligent_tiering_configuration_status\n\ + \ from\n bucket as b\n left join\n intelligent_tiering_configuration\ + \ as i\n on b.name = i.bucket_name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: List all AWS S3 Buckets with Intelligent Tiering Configuration diff --git a/queries/aws_s3_bucket_intelligent_tiering_configuration_3.yaml b/queries/aws_s3_bucket_intelligent_tiering_configuration_3.yaml index 0f0ed610c..675d31852 100755 --- a/queries/aws_s3_bucket_intelligent_tiering_configuration_3.yaml +++ b/queries/aws_s3_bucket_intelligent_tiering_configuration_3.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query Intelligent Tiering configurations for S3 buckets. + It provides information about each configuration, including the bucket name, the + ID of the configuration, and the status of the configuration. ID: aws_s3_bucket_intelligent_tiering_configuration_3 -Title: "List all Intelligent Tiering configurations for S3 buckets" -Description: "Allows users to query Intelligent Tiering configurations for S3 buckets. It provides information about each configuration, including the bucket name, the ID of the configuration, and the status of the configuration." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - bucket_name, - id, - status, - tierings - from - aws_s3_bucket_intelligent_tiering_configuration - where - status = 'Enabled'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n bucket_name,\n id,\n status,\n tierings\nfrom\n aws_s3_bucket_intelligent_tiering_configuration\n\ + where\n status = 'Enabled';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: List all Intelligent Tiering configurations for S3 buckets diff --git a/queries/aws_s3_bucket_intelligent_tiering_configuration_4.yaml b/queries/aws_s3_bucket_intelligent_tiering_configuration_4.yaml index 6551b9b49..3d804a5a0 100755 --- a/queries/aws_s3_bucket_intelligent_tiering_configuration_4.yaml +++ b/queries/aws_s3_bucket_intelligent_tiering_configuration_4.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query Intelligent Tiering configurations for S3 buckets. + It provides information about each configuration, including the bucket name, the + ID of the configuration, and the status of the configuration. ID: aws_s3_bucket_intelligent_tiering_configuration_4 -Title: "Find all Intelligent Tiering Configurations in AWS S3 Buckets" -Description: "Allows users to query Intelligent Tiering configurations for S3 buckets. It provides information about each configuration, including the bucket name, the ID of the configuration, and the status of the configuration." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - s.bucket_name, - s.id, - s.status, - t ->> 'AccessTier' as access_tier, - t ->> 'Days' as days - from - aws_s3_bucket_intelligent_tiering_configuration as s, - jsonb_array_elements(tierings) as t; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n s.bucket_name,\n s.id,\n s.status,\n t ->> 'AccessTier'\ + \ as access_tier,\n t ->> 'Days' as days\nfrom\n aws_s3_bucket_intelligent_tiering_configuration\ + \ as s,\n jsonb_array_elements(tierings) as t;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: Find all Intelligent Tiering Configurations in AWS S3 Buckets diff --git a/queries/aws_s3_bucket_intelligent_tiering_configuration_5.yaml b/queries/aws_s3_bucket_intelligent_tiering_configuration_5.yaml index cc9d4b4a3..57372fed7 100755 --- a/queries/aws_s3_bucket_intelligent_tiering_configuration_5.yaml +++ b/queries/aws_s3_bucket_intelligent_tiering_configuration_5.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query Intelligent Tiering configurations for S3 buckets. + It provides information about each configuration, including the bucket name, the + ID of the configuration, and the status of the configuration. ID: aws_s3_bucket_intelligent_tiering_configuration_5 -Title: "Find all Intelligent Tiering Configurations in AWS S3 Buckets" -Description: "Allows users to query Intelligent Tiering configurations for S3 buckets. It provides information about each configuration, including the bucket name, the ID of the configuration, and the status of the configuration." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - bucket_name, - id, - filter -> 'And' as filter_and, - filter -> 'Prefix' as filter_prefix, - filter -> 'Tag' as filter_tag - from - aws_s3_bucket_intelligent_tiering_configuration; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n bucket_name,\n id,\n filter -> 'And' as filter_and,\n\ + \ filter -> 'Prefix' as filter_prefix,\n filter -> 'Tag' as filter_tag\nfrom\n\ + \ aws_s3_bucket_intelligent_tiering_configuration;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: Find all Intelligent Tiering Configurations in AWS S3 Buckets diff --git a/queries/aws_s3_multi_region_access_point_1.yaml b/queries/aws_s3_multi_region_access_point_1.yaml index 8356ab92c..7288d20b7 100755 --- a/queries/aws_s3_multi_region_access_point_1.yaml +++ b/queries/aws_s3_multi_region_access_point_1.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS S3 Multi-Region Access Points to retrieve information + about their configuration, status, and associated policies. ID: aws_s3_multi_region_access_point_1 -Title: "List all AWS S3 Multi-Region Access Points configuration and status" -Description: "Allows users to query AWS S3 Multi-Region Access Points to retrieve information about their configuration, status, and associated policies." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - alias, - status, - created_at - from - aws_s3_multi_region_access_point; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n alias,\n status,\n created_at\nfrom\n aws_s3_multi_region_access_point;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 Multi-Region Access Point +Title: List all AWS S3 Multi-Region Access Points configuration and status diff --git a/queries/aws_s3_multi_region_access_point_2.yaml b/queries/aws_s3_multi_region_access_point_2.yaml index 821f4ffb5..3643a6616 100755 --- a/queries/aws_s3_multi_region_access_point_2.yaml +++ b/queries/aws_s3_multi_region_access_point_2.yaml @@ -1,31 +1,26 @@ +Description: Allows users to query AWS S3 Multi-Region Access Points to retrieve information + about their configuration, status, and associated policies. ID: aws_s3_multi_region_access_point_2 -Title: "Find AWS S3 Multi-Region Access Points configuration and status" -Description: "Allows users to query AWS S3 Multi-Region Access Points to retrieve information about their configuration, status, and associated policies." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - public_access_block ->> 'BlockPublicAcls' as block_public_acls, - public_access_block ->> 'BlockPublicPolicy' as block_public_policy, - public_access_block ->> 'IgnorePublicAcls' as ignore_public_acls, - public_access_block ->> 'RestrictPublicBuckets' as restrict_public_buckets - from - aws_s3_multi_region_access_point - where - public_access_block ->> 'BlockPublicAcls'::text = 'true' - and public_access_block ->> 'BlockPublicPolicy'::text = 'true' - and public_access_block ->> 'IgnorePublicAcls'::text = 'true' - and public_access_block ->> 'RestrictPublicBuckets'::text = 'true'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n public_access_block ->> 'BlockPublicAcls' as\ + \ block_public_acls,\n public_access_block ->> 'BlockPublicPolicy' as block_public_policy,\n\ + \ public_access_block ->> 'IgnorePublicAcls' as ignore_public_acls,\n public_access_block\ + \ ->> 'RestrictPublicBuckets' as restrict_public_buckets \nfrom\n aws_s3_multi_region_access_point\ + \ \nwhere\n public_access_block ->> 'BlockPublicAcls'::text = 'true' \n and\ + \ public_access_block ->> 'BlockPublicPolicy'::text = 'true' \n and public_access_block\ + \ ->> 'IgnorePublicAcls'::text = 'true' \n and public_access_block ->> 'RestrictPublicBuckets'::text\ + \ = 'true';" Tags: cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: Find AWS S3 Multi-Region Access Points configuration and status diff --git a/queries/aws_s3_multi_region_access_point_3.yaml b/queries/aws_s3_multi_region_access_point_3.yaml index de57a62f3..f0d94b590 100755 --- a/queries/aws_s3_multi_region_access_point_3.yaml +++ b/queries/aws_s3_multi_region_access_point_3.yaml @@ -1,24 +1,20 @@ +Description: Allows users to query AWS S3 Multi-Region Access Points to retrieve information + about their configuration, status, and associated policies. ID: aws_s3_multi_region_access_point_3 -Title: "Find AWS S3 Multi-Region Access Point Configuration and Policies" -Description: "Allows users to query AWS S3 Multi-Region Access Points to retrieve information about their configuration, status, and associated policies." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - policy -> 'Established' -> 'Policy' as established_policy, - policy -> 'Proposed' -> 'Policy' as proposed_policy - from - aws_s3_multi_region_access_point; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n policy -> 'Established' -> 'Policy' as established_policy,\n\ + \ policy -> 'Proposed' -> 'Policy' as proposed_policy\nfrom\n aws_s3_multi_region_access_point;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: Find AWS S3 Multi-Region Access Point Configuration and Policies diff --git a/queries/aws_s3_multi_region_access_point_4.yaml b/queries/aws_s3_multi_region_access_point_4.yaml index 4e52c3797..81e50fda9 100755 --- a/queries/aws_s3_multi_region_access_point_4.yaml +++ b/queries/aws_s3_multi_region_access_point_4.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS S3 Multi-Region Access Points to retrieve information + about their configuration, status, and associated policies. ID: aws_s3_multi_region_access_point_4 -Title: "List all AWS S3 Multi-Region Access Points and Configuration" -Description: "Allows users to query AWS S3 Multi-Region Access Points to retrieve information about their configuration, status, and associated policies." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r ->> 'Bucket' as bucket_name, - count(name) access_point_count - from - aws_s3_multi_region_access_point, - jsonb_array_elements(regions) as r - group by - bucket_name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n r ->> 'Bucket' as bucket_name,\n count(name) access_point_count\n\ + from\n aws_s3_multi_region_access_point,\n jsonb_array_elements(regions) as\ + \ r\ngroup by\n bucket_name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS S3 +Title: List all AWS S3 Multi-Region Access Points and Configuration diff --git a/queries/aws_s3_multi_region_access_point_5.yaml b/queries/aws_s3_multi_region_access_point_5.yaml index 206ee1998..ca56147b1 100755 --- a/queries/aws_s3_multi_region_access_point_5.yaml +++ b/queries/aws_s3_multi_region_access_point_5.yaml @@ -1,32 +1,24 @@ +Description: Allows users to query AWS S3 Multi-Region Access Points to retrieve information + about their configuration, status, and associated policies. ID: aws_s3_multi_region_access_point_5 -Title: "Query AWS S3 Multi-Region Access Points Configuration" -Description: "Allows users to query AWS S3 Multi-Region Access Points to retrieve information about their configuration, status, and associated policies." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - a.name, - r ->> 'Bucket' as bucket_name, - b.creation_date as bucket_creation_date, - b.bucket_policy_is_public, - b.versioning_enabled - from - aws_s3_multi_region_access_point as a, - jsonb_array_elements(a.regions) as r, - aws_s3_bucket as b - where - b.name = r ->> 'Bucket'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n a.name,\n r ->> 'Bucket' as bucket_name,\n b.creation_date\ + \ as bucket_creation_date,\n b.bucket_policy_is_public,\n b.versioning_enabled\n\ + from\n aws_s3_multi_region_access_point as a,\n jsonb_array_elements(a.regions)\ + \ as r,\n aws_s3_bucket as b\nwhere\n b.name = r ->> 'Bucket';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: Query AWS S3 Multi-Region Access Points Configuration diff --git a/queries/aws_s3_object_1.yaml b/queries/aws_s3_object_1.yaml index 34c9c7819..9f363db15 100755 --- a/queries/aws_s3_object_1.yaml +++ b/queries/aws_s3_object_1.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query AWS S3 Objects and retrieve metadata and details + about each object stored in S3 buckets. ID: aws_s3_object_1 -Title: "Find AWS S3 Objects and Retrieve Metadata Details" -Description: "Allows users to query AWS S3 Objects and retrieve metadata and details about each object stored in S3 buckets." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - key, - arn, - bucket_name, - last_modified, - storage_class, - version_id - from - aws_s3_object - where - bucket_name = 'steampipe-test'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n key,\n arn,\n bucket_name,\n last_modified,\n storage_class,\n\ + \ version_id\nfrom\n aws_s3_object\nwhere\n bucket_name = 'steampipe-test';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: Find AWS S3 Objects and Retrieve Metadata Details diff --git a/queries/aws_s3_object_10.yaml b/queries/aws_s3_object_10.yaml index 5b140d78a..fe7a97d3d 100755 --- a/queries/aws_s3_object_10.yaml +++ b/queries/aws_s3_object_10.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS S3 Objects and retrieve metadata and details + about each object stored in S3 buckets. ID: aws_s3_object_10 -Title: "Find AWS S3 Object Metadata and Details" -Description: "Allows users to query AWS S3 Objects and retrieve metadata and details about each object stored in S3 buckets." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - key, - bucket_name, - jsonb_pretty(tags) as tags - from - aws_s3_object - where - bucket_name = 'steampipe-test' - and tags ->> 'application' is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n key,\n bucket_name,\n jsonb_pretty(tags) as tags\n\ + from\n aws_s3_object\nwhere\n bucket_name = 'steampipe-test'\n and tags ->>\ + \ 'application' is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: Find AWS S3 Object Metadata and Details diff --git a/queries/aws_s3_object_11.yaml b/queries/aws_s3_object_11.yaml index bd2d0d4eb..e2c6f4ba6 100755 --- a/queries/aws_s3_object_11.yaml +++ b/queries/aws_s3_object_11.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS S3 Objects and retrieve metadata and details + about each object stored in S3 buckets. ID: aws_s3_object_11 -Title: "Find all AWS S3 Object Metadata and Details" -Description: "Allows users to query AWS S3 Objects and retrieve metadata and details about each object stored in S3 buckets." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - key, - o.arn as object_arn, - bucket_name, - last_modified, - bucket_key_enabled - from - aws_s3_object as o, - aws_s3_bucket as b - where - o.bucket_name = b.name - and not bucket_key_enabled; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n key,\n o.arn as object_arn,\n bucket_name,\n last_modified,\n\ + \ bucket_key_enabled\nfrom\n aws_s3_object as o,\n aws_s3_bucket as b\nwhere\n\ + \ o.bucket_name = b.name\n and not bucket_key_enabled;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: Find all AWS S3 Object Metadata and Details diff --git a/queries/aws_s3_object_12.yaml b/queries/aws_s3_object_12.yaml index 8cd04aa46..0507ea28e 100755 --- a/queries/aws_s3_object_12.yaml +++ b/queries/aws_s3_object_12.yaml @@ -1,41 +1,25 @@ +Description: Allows users to query AWS S3 Objects and retrieve metadata and details + about each object stored in S3 buckets. ID: aws_s3_object_12 -Title: "Find all AWS S3 Object Metadata and Details" -Description: "Allows users to query AWS S3 Objects and retrieve metadata and details about each object stored in S3 buckets." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - key, - arn, - bucket_name, - last_modified, - storage_class - from - aws_s3_object - where - bucket_name in - ( - select - name - from - aws_s3_bucket - where - not block_public_acls - or not block_public_policy - or not ignore_public_acls - or not restrict_public_buckets - ); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n key,\n arn,\n bucket_name,\n last_modified,\n storage_class\n\ + from\n aws_s3_object\nwhere\n bucket_name in\n (\n select\n name\n\ + \ from\n aws_s3_bucket\n where\n not block_public_acls\n \ + \ or not block_public_policy\n or not ignore_public_acls\n or not restrict_public_buckets\n\ + \ );" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: Find all AWS S3 Object Metadata and Details diff --git a/queries/aws_s3_object_13.yaml b/queries/aws_s3_object_13.yaml index 5bd5f58c2..1e1167fc6 100755 --- a/queries/aws_s3_object_13.yaml +++ b/queries/aws_s3_object_13.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS S3 Objects and retrieve metadata and details + about each object stored in S3 buckets. ID: aws_s3_object_13 -Title: "List all AWS S3 Object Metadata and Details" -Description: "Allows users to query AWS S3 Objects and retrieve metadata and details about each object stored in S3 buckets." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - s.key, - b ->> 'awsAccountId' as account_id, - b ->> 'digestEndTime' as digest_end_time, - b ->> 'digestPublicKeyFingerprint' as digest_public_key_fingerprint, - b ->> 'digestS3Bucket' as digest_s3_bucket, - b ->> 'digestStartTime' as digest_start_time - from - aws_s3_object as s, - jsonb_array_elements(body::jsonb) as b - where - bucket_name = 'steampipe-test' - and prefix = 'test1/log_text.txt'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n s.key,\n b ->> 'awsAccountId' as account_id,\n b ->>\ + \ 'digestEndTime' as digest_end_time,\n b ->> 'digestPublicKeyFingerprint' as\ + \ digest_public_key_fingerprint,\n b ->> 'digestS3Bucket' as digest_s3_bucket,\n\ + \ b ->> 'digestStartTime' as digest_start_time\nfrom\n aws_s3_object as s,\n\ + \ jsonb_array_elements(body::jsonb) as b\nwhere\n bucket_name = 'steampipe-test'\n\ + \ and prefix = 'test1/log_text.txt';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: List all AWS S3 Object Metadata and Details diff --git a/queries/aws_s3_object_2.yaml b/queries/aws_s3_object_2.yaml index 2d0445ed5..548632671 100755 --- a/queries/aws_s3_object_2.yaml +++ b/queries/aws_s3_object_2.yaml @@ -1,30 +1,21 @@ +Description: Allows users to query AWS S3 Objects and retrieve metadata and details + about each object stored in S3 buckets. ID: aws_s3_object_2 -Title: "List all AWS S3 Object Metadata and Details" -Description: "Allows users to query AWS S3 Objects and retrieve metadata and details about each object stored in S3 buckets." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - key, - arn, - bucket_name, - last_modified, - storage_class, - version_id - from - aws_s3_object - where - bucket_name = 'steampipe-test' - and prefix = 'test/logs/2021/03/01/12'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n key,\n arn,\n bucket_name,\n last_modified,\n storage_class,\n\ + \ version_id\nfrom\n aws_s3_object\nwhere\n bucket_name = 'steampipe-test'\n\ + \ and prefix = 'test/logs/2021/03/01/12';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 Object +Title: List all AWS S3 Object Metadata and Details diff --git a/queries/aws_s3_object_3.yaml b/queries/aws_s3_object_3.yaml index 23a9f8903..2a8510aa0 100755 --- a/queries/aws_s3_object_3.yaml +++ b/queries/aws_s3_object_3.yaml @@ -1,30 +1,21 @@ +Description: Allows users to query AWS S3 Objects and retrieve metadata and details + about each object stored in S3 buckets. ID: aws_s3_object_3 -Title: "Find AWS S3 Object Metadata and Details with SQL" -Description: "Allows users to query AWS S3 Objects and retrieve metadata and details about each object stored in S3 buckets." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - key, - arn, - bucket_name, - last_modified, - storage_class, - version_id - from - aws_s3_object - where - bucket_name = 'steampipe-test' - and prefix = 'test/logs/2021/03/01/12/abc.txt'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n key,\n arn,\n bucket_name,\n last_modified,\n storage_class,\n\ + \ version_id\nfrom\n aws_s3_object\nwhere\n bucket_name = 'steampipe-test'\n\ + \ and prefix = 'test/logs/2021/03/01/12/abc.txt';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: Find AWS S3 Object Metadata and Details with SQL diff --git a/queries/aws_s3_object_4.yaml b/queries/aws_s3_object_4.yaml index b48ca06f8..42811091a 100755 --- a/queries/aws_s3_object_4.yaml +++ b/queries/aws_s3_object_4.yaml @@ -1,30 +1,21 @@ +Description: Allows users to query AWS S3 Objects and retrieve metadata and details + about each object stored in S3 buckets. ID: aws_s3_object_4 -Title: "List all AWS S3 Objects with Encryptions Using SQL" -Description: "Allows users to query AWS S3 Objects and retrieve metadata and details about each object stored in S3 buckets." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - key, - arn, - bucket_name, - last_modified, - storage_class, - version_id - from - aws_s3_object - where - bucket_name = 'steampipe-test' - and sse_kms_key_id is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n key,\n arn,\n bucket_name,\n last_modified,\n storage_class,\n\ + \ version_id\nfrom\n aws_s3_object\nwhere\n bucket_name = 'steampipe-test'\n\ + \ and sse_kms_key_id is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: List all AWS S3 Objects with Encryptions Using SQL diff --git a/queries/aws_s3_object_5.yaml b/queries/aws_s3_object_5.yaml index 129251541..d1432e36f 100755 --- a/queries/aws_s3_object_5.yaml +++ b/queries/aws_s3_object_5.yaml @@ -1,30 +1,21 @@ +Description: Allows users to query AWS S3 Objects and retrieve metadata and details + about each object stored in S3 buckets. ID: aws_s3_object_5 -Title: "List all AWS S3 Objects and Metadata" -Description: "Allows users to query AWS S3 Objects and retrieve metadata and details about each object stored in S3 buckets." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - key, - arn, - bucket_name, - last_modified, - storage_class, - version_id - from - aws_s3_object - where - bucket_name = 'steampipe-test' - and last_modified < current_date - interval '3 months'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n key,\n arn,\n bucket_name,\n last_modified,\n storage_class,\n\ + \ version_id\nfrom\n aws_s3_object\nwhere\n bucket_name = 'steampipe-test'\n\ + \ and last_modified < current_date - interval '3 months';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: List all AWS S3 Objects and Metadata diff --git a/queries/aws_s3_object_6.yaml b/queries/aws_s3_object_6.yaml index e7a374e12..bd21a65e2 100755 --- a/queries/aws_s3_object_6.yaml +++ b/queries/aws_s3_object_6.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS S3 Objects and retrieve metadata and details + about each object stored in S3 buckets. ID: aws_s3_object_6 -Title: "List AWS S3 Objects and Retrieve Metadata Details" -Description: "Allows users to query AWS S3 Objects and retrieve metadata and details about each object stored in S3 buckets." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - s.key, - s.bucket_name, - s.owner, - acl_grant -> 'Grantee' as grantee, - acl_grant ->> 'Permission' as permission - from - aws_s3_object as s, - jsonb_array_elements(aws_s3_object.acl -> 'Grants') as acl_grant - where - bucket_name = 'steampipe-test' - and acl_grant ->> 'Permission' = 'FULL_CONTROL' - and acl_grant -> 'Grantee' ->> 'ID' != aws_s3_object.owner ->> 'ID'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n s.key,\n s.bucket_name,\n s.owner,\n acl_grant ->\ + \ 'Grantee' as grantee,\n acl_grant ->> 'Permission' as permission\nfrom\n aws_s3_object\ + \ as s,\n jsonb_array_elements(aws_s3_object.acl -> 'Grants') as acl_grant\n\ + where\n bucket_name = 'steampipe-test'\n and acl_grant ->> 'Permission' = 'FULL_CONTROL'\n\ + \ and acl_grant -> 'Grantee' ->> 'ID' != aws_s3_object.owner ->> 'ID';" Tags: cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: List AWS S3 Objects and Retrieve Metadata Details diff --git a/queries/aws_s3_object_7.yaml b/queries/aws_s3_object_7.yaml index 8615a36ac..0782ca162 100755 --- a/queries/aws_s3_object_7.yaml +++ b/queries/aws_s3_object_7.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS S3 Objects and retrieve metadata and details + about each object stored in S3 buckets. ID: aws_s3_object_7 -Title: "Find all AWS S3 Object Metadata and Details" -Description: "Allows users to query AWS S3 Objects and retrieve metadata and details about each object stored in S3 buckets." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - key, - bucket_name, - object_lock_legal_hold_status - from - aws_s3_object - where - bucket_name = 'steampipe-test' - and object_lock_legal_hold_status = 'ON'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n key,\n bucket_name,\n object_lock_legal_hold_status\n\ + from\n aws_s3_object\nwhere\n bucket_name = 'steampipe-test'\n and object_lock_legal_hold_status\ + \ = 'ON';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: Find all AWS S3 Object Metadata and Details diff --git a/queries/aws_s3_object_8.yaml b/queries/aws_s3_object_8.yaml index a0a433e5e..460535bea 100755 --- a/queries/aws_s3_object_8.yaml +++ b/queries/aws_s3_object_8.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query AWS S3 Objects and retrieve metadata and details + about each object stored in S3 buckets. ID: aws_s3_object_8 -Title: "List all AWS S3 Object Metadata and Details" -Description: "Allows users to query AWS S3 Objects and retrieve metadata and details about each object stored in S3 buckets." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - key, - bucket_name, - object_lock_retain_until_date, - object_lock_mode, - object_lock_legal_hold_status - from - aws_s3_object - where - bucket_name = 'steampipe-test' - and object_lock_mode = 'GOVERNANCE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n key,\n bucket_name,\n object_lock_retain_until_date,\n\ + \ object_lock_mode,\n object_lock_legal_hold_status\nfrom\n aws_s3_object\n\ + where\n bucket_name = 'steampipe-test'\n and object_lock_mode = 'GOVERNANCE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: List all AWS S3 Object Metadata and Details diff --git a/queries/aws_s3_object_9.yaml b/queries/aws_s3_object_9.yaml index 61841b32a..1bc5cdcea 100755 --- a/queries/aws_s3_object_9.yaml +++ b/queries/aws_s3_object_9.yaml @@ -1,33 +1,26 @@ +Description: Allows users to query AWS S3 Objects and retrieve metadata and details + about each object stored in S3 buckets. ID: aws_s3_object_9 -Title: "Find metadata and details of AWS S3 Objects" -Description: "Allows users to query AWS S3 Objects and retrieve metadata and details about each object stored in S3 buckets." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - s.key, - s.bucket_name, - s.object_lock_retain_until_date, - s.object_lock_mode, - s.object_lock_legal_hold_status - from - aws_s3_object as s - where - bucket_name = 'steampipe-test' - and object_lock_retain_until_date > current_date + interval '1 year'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n s.key,\n s.bucket_name,\n s.object_lock_retain_until_date,\n\ + \ s.object_lock_mode,\n s.object_lock_legal_hold_status\nfrom\n aws_s3_object\ + \ as s\nwhere\n bucket_name = 'steampipe-test'\n and object_lock_retain_until_date\ + \ > current_date + interval '1 year';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: Find metadata and details of AWS S3 Objects diff --git a/queries/aws_s3_object_version_1.yaml b/queries/aws_s3_object_version_1.yaml index 848de53ca..1baa6c364 100755 --- a/queries/aws_s3_object_version_1.yaml +++ b/queries/aws_s3_object_version_1.yaml @@ -1,29 +1,22 @@ +Description: Allows querying information about versions of objects stored in Amazon + S3 buckets. This table provides details such as bucket name, delimiter, encoding + type, version ID marker, prefix, whether the results are truncated, common prefixes, + delete markers, and version information. ID: aws_s3_object_version_1 -Title: "List all AWS S3 Object Versions in Bucket" -Description: "Allows querying information about versions of objects stored in Amazon S3 buckets. This table provides details such as bucket name, delimiter, encoding type, version ID marker, prefix, whether the results are truncated, common prefixes, delete markers, and version information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - bucket_name, - key, - storage_class, - version_id, - is_latest, - size - from - aws_s3_object_version - where - bucket_name = 'testbucket'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n bucket_name,\n key,\n storage_class,\n version_id,\n\ + \ is_latest,\n size\nfrom\n aws_s3_object_version\nwhere\n bucket_name = 'testbucket';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon S3 +Title: List all AWS S3 Object Versions in Bucket diff --git a/queries/aws_s3_object_version_2.yaml b/queries/aws_s3_object_version_2.yaml index a821ca182..3e206ef18 100755 --- a/queries/aws_s3_object_version_2.yaml +++ b/queries/aws_s3_object_version_2.yaml @@ -1,33 +1,23 @@ +Description: Allows querying information about versions of objects stored in Amazon + S3 buckets. This table provides details such as bucket name, delimiter, encoding + type, version ID marker, prefix, whether the results are truncated, common prefixes, + delete markers, and version information. ID: aws_s3_object_version_2 -Title: "Find all AWS S3 Object Versions in Buckets" -Description: "Allows querying information about versions of objects stored in Amazon S3 buckets. This table provides details such as bucket name, delimiter, encoding type, version ID marker, prefix, whether the results are truncated, common prefixes, delete markers, and version information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - bucket_name, - key, - storage_class, - version_id, - is_latest, - size, - etag, - owner_id - from - aws_s3_object_version - where - bucket_name = 'testbucket' - and - key = 'test/template.txt'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n bucket_name,\n key,\n storage_class,\n version_id,\n\ + \ is_latest,\n size,\n etag,\n owner_id\nfrom\n aws_s3_object_version\nwhere\n\ + \ bucket_name = 'testbucket'\nand\n key = 'test/template.txt';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - S3 +Title: Find all AWS S3 Object Versions in Buckets diff --git a/queries/aws_s3_object_version_3.yaml b/queries/aws_s3_object_version_3.yaml index dd47ffd6c..a6fa24881 100755 --- a/queries/aws_s3_object_version_3.yaml +++ b/queries/aws_s3_object_version_3.yaml @@ -1,7 +1,7 @@ ID: aws_s3_object_version_3 Title: "Find AWS S3 Object Versions and Details" Description: "Allows querying information about versions of objects stored in Amazon S3 buckets. This table provides details such as bucket name, delimiter, encoding type, version ID marker, prefix, whether the results are truncated, common prefixes, delete markers, and version information." -Connector: [] +IntegrationTypeName: [] Query: Engine: "" QueryToExecute: "" diff --git a/queries/aws_sagemaker_app_1.yaml b/queries/aws_sagemaker_app_1.yaml index fa6cdcb53..1dac07b3a 100755 --- a/queries/aws_sagemaker_app_1.yaml +++ b/queries/aws_sagemaker_app_1.yaml @@ -1,25 +1,19 @@ +Description: Allows users to query AWS SageMaker App data, providing detailed insights + into application configurations, user settings, and associated metadata. ID: aws_sagemaker_app_1 -Title: "List all AWS SageMaker App configurations" -Description: "Allows users to query AWS SageMaker App data, providing detailed insights into application configurations, user settings, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - creation_time, - status - from - aws_sagemaker_app; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n creation_time,\n status\nfrom\n aws_sagemaker_app;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SageMaker +Title: List all AWS SageMaker App configurations diff --git a/queries/aws_sagemaker_app_2.yaml b/queries/aws_sagemaker_app_2.yaml index 2fcfaa4a2..9ef369b30 100755 --- a/queries/aws_sagemaker_app_2.yaml +++ b/queries/aws_sagemaker_app_2.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS SageMaker App data, providing detailed insights + into application configurations, user settings, and associated metadata. ID: aws_sagemaker_app_2 -Title: "Find AWS SageMaker App Configurations and Metadata" -Description: "Allows users to query AWS SageMaker App data, providing detailed insights into application configurations, user settings, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - creation_time, - status, - failure_reason - from - aws_sagemaker_app - where - status = 'Failed'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n creation_time,\n status,\n failure_reason\n\ + from\n aws_sagemaker_app\nwhere \n status = 'Failed';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SageMaker App +Title: Find AWS SageMaker App Configurations and Metadata diff --git a/queries/aws_sagemaker_domain_1.yaml b/queries/aws_sagemaker_domain_1.yaml index 32b0d2eaa..089960839 100755 --- a/queries/aws_sagemaker_domain_1.yaml +++ b/queries/aws_sagemaker_domain_1.yaml @@ -1,25 +1,19 @@ +Description: Allows users to query AWS SageMaker Domains to retrieve data about AWS + SageMaker Studio domains, including domain details, status, and associated metadata. ID: aws_sagemaker_domain_1 -Title: "Find AWS SageMaker Domains and Metadata Details" -Description: "Allows users to query AWS SageMaker Domains to retrieve data about AWS SageMaker Studio domains, including domain details, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - creation_time, - status - from - aws_sagemaker_domain; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n creation_time,\n status\nfrom\n aws_sagemaker_domain;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SageMaker Studio +Title: Find AWS SageMaker Domains and Metadata Details diff --git a/queries/aws_sagemaker_domain_2.yaml b/queries/aws_sagemaker_domain_2.yaml index 9ed9cab59..d85e9b118 100755 --- a/queries/aws_sagemaker_domain_2.yaml +++ b/queries/aws_sagemaker_domain_2.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS SageMaker Domains to retrieve data about AWS + SageMaker Studio domains, including domain details, status, and associated metadata. ID: aws_sagemaker_domain_2 -Title: "List all AWS SageMaker Studio Domain Details and Status" -Description: "Allows users to query AWS SageMaker Domains to retrieve data about AWS SageMaker Studio domains, including domain details, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - creation_time, - home_efs_file_system_id, - kms_key_id - from - aws_sagemaker_domain - where - kms_key_id is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n creation_time,\n home_efs_file_system_id,\n\ + \ kms_key_id\nfrom\n aws_sagemaker_domain\nwhere \n kms_key_id is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SageMaker +Title: List all AWS SageMaker Studio Domain Details and Status diff --git a/queries/aws_sagemaker_domain_3.yaml b/queries/aws_sagemaker_domain_3.yaml index d4cb0cfca..d8c670c02 100755 --- a/queries/aws_sagemaker_domain_3.yaml +++ b/queries/aws_sagemaker_domain_3.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS SageMaker Domains to retrieve data about AWS + SageMaker Studio domains, including domain details, status, and associated metadata. ID: aws_sagemaker_domain_3 -Title: "Find AWS SageMaker Domains and Their Details" -Description: "Allows users to query AWS SageMaker Domains to retrieve data about AWS SageMaker Studio domains, including domain details, status, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - creation_time, - app_network_access_type - from - aws_sagemaker_domain - where - app_network_access_type = 'PublicInternetOnly'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n creation_time,\n app_network_access_type\n\ + from\n aws_sagemaker_domain\nwhere \n app_network_access_type = 'PublicInternetOnly';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SageMaker Studio +Title: Find AWS SageMaker Domains and Their Details diff --git a/queries/aws_sagemaker_endpoint_configuration_1.yaml b/queries/aws_sagemaker_endpoint_configuration_1.yaml index 075d02c31..79b5ab039 100755 --- a/queries/aws_sagemaker_endpoint_configuration_1.yaml +++ b/queries/aws_sagemaker_endpoint_configuration_1.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS SageMaker Endpoint Configurations to retrieve + detailed information about each endpoint configuration in the AWS SageMaker service. ID: aws_sagemaker_endpoint_configuration_1 -Title: "List all AWS SageMaker Endpoint Configurations with Details" -Description: "Allows users to query AWS SageMaker Endpoint Configurations to retrieve detailed information about each endpoint configuration in the AWS SageMaker service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - kms_key_id, - creation_time, - production_variants, - tags - from - aws_sagemaker_endpoint_configuration; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n kms_key_id,\n creation_time,\n production_variants,\n\ + \ tags\nfrom\n aws_sagemaker_endpoint_configuration;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SageMaker +Title: List all AWS SageMaker Endpoint Configurations with Details diff --git a/queries/aws_sagemaker_endpoint_configuration_2.yaml b/queries/aws_sagemaker_endpoint_configuration_2.yaml index d83bcb80c..38fcc0068 100755 --- a/queries/aws_sagemaker_endpoint_configuration_2.yaml +++ b/queries/aws_sagemaker_endpoint_configuration_2.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS SageMaker Endpoint Configurations to retrieve + detailed information about each endpoint configuration in the AWS SageMaker service. ID: aws_sagemaker_endpoint_configuration_2 -Title: "Find AWS SageMaker Endpoint Configuration details" -Description: "Allows users to query AWS SageMaker Endpoint Configurations to retrieve detailed information about each endpoint configuration in the AWS SageMaker service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - kms_key_id - from - aws_sagemaker_endpoint_configuration - where - kms_key_id is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n kms_key_id\nfrom\n aws_sagemaker_endpoint_configuration\n\ + where\n kms_key_id is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SageMaker +Title: Find AWS SageMaker Endpoint Configuration details diff --git a/queries/aws_sagemaker_model_1.yaml b/queries/aws_sagemaker_model_1.yaml index 725dd55e4..113623b66 100755 --- a/queries/aws_sagemaker_model_1.yaml +++ b/queries/aws_sagemaker_model_1.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS SageMaker Models for detailed information about + each model, including its name, ARN, creation time, execution role, and more. ID: aws_sagemaker_model_1 -Title: "Find all AWS SageMaker Models Using SQL" -Description: "Allows users to query AWS SageMaker Models for detailed information about each model, including its name, ARN, creation time, execution role, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - creation_time, - enable_network_isolation - from - aws_sagemaker_model; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n creation_time,\n enable_network_isolation\n\ + from\n aws_sagemaker_model;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SageMaker +Title: Find all AWS SageMaker Models Using SQL diff --git a/queries/aws_sagemaker_model_2.yaml b/queries/aws_sagemaker_model_2.yaml index 3be4922e6..f8c3bf631 100755 --- a/queries/aws_sagemaker_model_2.yaml +++ b/queries/aws_sagemaker_model_2.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS SageMaker Models for detailed information about + each model, including its name, ARN, creation time, execution role, and more. ID: aws_sagemaker_model_2 -Title: "List AWS SageMaker Models with Detailed Information" -Description: "Allows users to query AWS SageMaker Models for detailed information about each model, including its name, ARN, creation time, execution role, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - creation_time, - enable_network_isolation - from - aws_sagemaker_model - where - enable_network_isolation; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n creation_time,\n enable_network_isolation\n\ + from\n aws_sagemaker_model\nwhere\n enable_network_isolation;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SageMaker +Title: List AWS SageMaker Models with Detailed Information diff --git a/queries/aws_sagemaker_notebook_instance_1.yaml b/queries/aws_sagemaker_notebook_instance_1.yaml index cfe705620..e35a6da7c 100755 --- a/queries/aws_sagemaker_notebook_instance_1.yaml +++ b/queries/aws_sagemaker_notebook_instance_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS SageMaker Notebook Instances to gather information + about their configuration, status, and other related details. ID: aws_sagemaker_notebook_instance_1 -Title: "Find all AWS SageMaker Notebook Instances Configuration" -Description: "Allows users to query AWS SageMaker Notebook Instances to gather information about their configuration, status, and other related details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - creation_time, - instance_type, - notebook_instance_status - from - aws_sagemaker_notebook_instance; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n creation_time,\n instance_type,\n \ + \ notebook_instance_status\nfrom\n aws_sagemaker_notebook_instance;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SageMaker +Title: Find all AWS SageMaker Notebook Instances Configuration diff --git a/queries/aws_sagemaker_notebook_instance_2.yaml b/queries/aws_sagemaker_notebook_instance_2.yaml index 38a8dae74..9dbb9437a 100755 --- a/queries/aws_sagemaker_notebook_instance_2.yaml +++ b/queries/aws_sagemaker_notebook_instance_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS SageMaker Notebook Instances to gather information + about their configuration, status, and other related details. ID: aws_sagemaker_notebook_instance_2 -Title: "List all AWS SageMaker Notebook Instance details" -Description: "Allows users to query AWS SageMaker Notebook Instances to gather information about their configuration, status, and other related details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - kms_key_id - from - aws_sagemaker_notebook_instance - where - kms_key_id is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n kms_key_id\nfrom\n aws_sagemaker_notebook_instance\n\ + where\n kms_key_id is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS SageMaker +Title: List all AWS SageMaker Notebook Instance details diff --git a/queries/aws_sagemaker_notebook_instance_3.yaml b/queries/aws_sagemaker_notebook_instance_3.yaml index a4a9e603f..4e6bb2781 100755 --- a/queries/aws_sagemaker_notebook_instance_3.yaml +++ b/queries/aws_sagemaker_notebook_instance_3.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS SageMaker Notebook Instances to gather information + about their configuration, status, and other related details. ID: aws_sagemaker_notebook_instance_3 -Title: "List all AWS SageMaker Notebook Instances Configuration" -Description: "Allows users to query AWS SageMaker Notebook Instances to gather information about their configuration, status, and other related details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - direct_internet_access - from - aws_sagemaker_notebook_instance - where - direct_internet_access = 'Disabled'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n direct_internet_access\nfrom\n aws_sagemaker_notebook_instance\n\ + where\n direct_internet_access = 'Disabled';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SageMaker +Title: List all AWS SageMaker Notebook Instances Configuration diff --git a/queries/aws_sagemaker_notebook_instance_4.yaml b/queries/aws_sagemaker_notebook_instance_4.yaml index b60c1d8e1..e975114c0 100755 --- a/queries/aws_sagemaker_notebook_instance_4.yaml +++ b/queries/aws_sagemaker_notebook_instance_4.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS SageMaker Notebook Instances to gather information + about their configuration, status, and other related details. ID: aws_sagemaker_notebook_instance_4 -Title: "Find AWS SageMaker Notebook Instances by Configuration" -Description: "Allows users to query AWS SageMaker Notebook Instances to gather information about their configuration, status, and other related details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - root_access - from - aws_sagemaker_notebook_instance - where - root_access = 'Enabled'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n root_access\nfrom\n aws_sagemaker_notebook_instance\n\ + where\n root_access = 'Enabled';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SageMaker +Title: Find AWS SageMaker Notebook Instances by Configuration diff --git a/queries/aws_sagemaker_training_job_1.yaml b/queries/aws_sagemaker_training_job_1.yaml index 2234ad90e..18d204b3d 100755 --- a/queries/aws_sagemaker_training_job_1.yaml +++ b/queries/aws_sagemaker_training_job_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS SageMaker Training Jobs to retrieve information + about individual training jobs. ID: aws_sagemaker_training_job_1 -Title: "List all AWS SageMaker Training Jobs using SQL" -Description: "Allows users to query AWS SageMaker Training Jobs to retrieve information about individual training jobs." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - training_job_status, - creation_time, - last_modified_time - from - aws_sagemaker_training_job; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n training_job_status,\n creation_time,\n\ + \ last_modified_time\nfrom\n aws_sagemaker_training_job;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SageMaker +Title: List all AWS SageMaker Training Jobs using SQL diff --git a/queries/aws_sagemaker_training_job_2.yaml b/queries/aws_sagemaker_training_job_2.yaml index 4cd8dd68a..cb9c15525 100755 --- a/queries/aws_sagemaker_training_job_2.yaml +++ b/queries/aws_sagemaker_training_job_2.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS SageMaker Training Jobs to retrieve information + about individual training jobs. ID: aws_sagemaker_training_job_2 -Title: "List AWS SageMaker Training Jobs via SQL" -Description: "Allows users to query AWS SageMaker Training Jobs to retrieve information about individual training jobs." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - resource_config ->> 'InstanceType' as instance_type, - resource_config ->> 'InstanceCount' as instance_count, - resource_config ->> 'VolumeKmsKeyId' as volume_kms_id, - resource_config ->> 'VolumeSizeInGB' as volume_size - from - aws_sagemaker_training_job; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n resource_config ->> 'InstanceType' as\ + \ instance_type,\n resource_config ->> 'InstanceCount' as instance_count,\n \ + \ resource_config ->> 'VolumeKmsKeyId' as volume_kms_id,\n resource_config ->>\ + \ 'VolumeSizeInGB' as volume_size\nfrom\n aws_sagemaker_training_job;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SageMaker +Title: List AWS SageMaker Training Jobs via SQL diff --git a/queries/aws_sagemaker_training_job_3.yaml b/queries/aws_sagemaker_training_job_3.yaml index 6dba51163..3d4d5f03a 100755 --- a/queries/aws_sagemaker_training_job_3.yaml +++ b/queries/aws_sagemaker_training_job_3.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS SageMaker Training Jobs to retrieve information + about individual training jobs. ID: aws_sagemaker_training_job_3 -Title: "Find AWS SageMaker Training Jobs with Status Failed" -Description: "Allows users to query AWS SageMaker Training Jobs to retrieve information about individual training jobs." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - training_job_status, - failure_reason - from - aws_sagemaker_training_job - where - training_job_status = 'Failed'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n training_job_status,\n failure_reason\n\ + from\n aws_sagemaker_training_job\nwhere\n training_job_status = 'Failed';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SageMaker +Title: Find AWS SageMaker Training Jobs with Status Failed diff --git a/queries/aws_secretsmanager_secret_1.yaml b/queries/aws_secretsmanager_secret_1.yaml index abd48d10c..c1d3a8243 100755 --- a/queries/aws_secretsmanager_secret_1.yaml +++ b/queries/aws_secretsmanager_secret_1.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Secrets Manager Secret data, including metadata, + versions, rotation configuration, and more. ID: aws_secretsmanager_secret_1 -Title: "List AWS Secrets Manager Secret Data and Metadata" -Description: "Allows users to query AWS Secrets Manager Secret data, including metadata, versions, rotation configuration, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - created_date, - description, - last_accessed_date - from - aws_secretsmanager_secret; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n created_date,\n description,\n last_accessed_date\n\ + from\n aws_secretsmanager_secret;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Secrets Manager +Title: List AWS Secrets Manager Secret Data and Metadata diff --git a/queries/aws_secretsmanager_secret_2.yaml b/queries/aws_secretsmanager_secret_2.yaml index 304786736..44010aa15 100755 --- a/queries/aws_secretsmanager_secret_2.yaml +++ b/queries/aws_secretsmanager_secret_2.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS Secrets Manager Secret data, including metadata, + versions, rotation configuration, and more. ID: aws_secretsmanager_secret_2 -Title: "List AWS Secrets Manager Secret Data Including Metadata" -Description: "Allows users to query AWS Secrets Manager Secret data, including metadata, versions, rotation configuration, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - created_date, - description, - rotation_enabled - from - aws_secretsmanager_secret - where - not rotation_enabled; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n created_date,\n description,\n rotation_enabled\n\ + from\n aws_secretsmanager_secret\nwhere\n not rotation_enabled;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Secrets Manager +Title: List AWS Secrets Manager Secret Data Including Metadata diff --git a/queries/aws_secretsmanager_secret_3.yaml b/queries/aws_secretsmanager_secret_3.yaml index 561c35543..ca258dd53 100755 --- a/queries/aws_secretsmanager_secret_3.yaml +++ b/queries/aws_secretsmanager_secret_3.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS Secrets Manager Secret data, including metadata, + versions, rotation configuration, and more. ID: aws_secretsmanager_secret_3 -Title: "Find AWS Secrets Manager Secret Data and Metadata" -Description: "Allows users to query AWS Secrets Manager Secret data, including metadata, versions, rotation configuration, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - created_date, - description, - rotation_enabled, - rotation_rules - from - aws_secretsmanager_secret - where - rotation_rules -> 'AutomaticallyAfterDays' > '7'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n created_date,\n description,\n rotation_enabled,\n\ + \ rotation_rules\nfrom\n aws_secretsmanager_secret\nwhere\n rotation_rules\ + \ -> 'AutomaticallyAfterDays' > '7';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Secrets Manager +Title: Find AWS Secrets Manager Secret Data and Metadata diff --git a/queries/aws_secretsmanager_secret_4.yaml b/queries/aws_secretsmanager_secret_4.yaml index 9b60a6717..c9347ea53 100755 --- a/queries/aws_secretsmanager_secret_4.yaml +++ b/queries/aws_secretsmanager_secret_4.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS Secrets Manager Secret data, including metadata, + versions, rotation configuration, and more. ID: aws_secretsmanager_secret_4 -Title: "Find AWS Secrets Manager Secret Data" -Description: "Allows users to query AWS Secrets Manager Secret data, including metadata, versions, rotation configuration, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - created_date, - description, - replication_status - from - aws_secretsmanager_secret - where - replication_status is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n created_date,\n description,\n replication_status\n\ + from\n aws_secretsmanager_secret\nwhere\n replication_status is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Secrets Manager +Title: Find AWS Secrets Manager Secret Data diff --git a/queries/aws_secretsmanager_secret_5.yaml b/queries/aws_secretsmanager_secret_5.yaml index 5fed72f30..870b8912b 100755 --- a/queries/aws_secretsmanager_secret_5.yaml +++ b/queries/aws_secretsmanager_secret_5.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query AWS Secrets Manager Secret data, including metadata, + versions, rotation configuration, and more. ID: aws_secretsmanager_secret_5 -Title: "List AWS Secrets Manager Secret Data and Configuration" -Description: "Allows users to query AWS Secrets Manager Secret data, including metadata, versions, rotation configuration, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - jsonb_pretty(policy) as policy, - jsonb_pretty(policy_std) as policy_std - from - aws_secretsmanager_secret; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n jsonb_pretty(policy) as policy,\n jsonb_pretty(policy_std)\ + \ as policy_std\nfrom\n aws_secretsmanager_secret;" Tags: cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Secrets Manager +Title: List AWS Secrets Manager Secret Data and Configuration diff --git a/queries/aws_securityhub_action_target_1.yaml b/queries/aws_securityhub_action_target_1.yaml index d5d4f0344..1c3b9a6ff 100755 --- a/queries/aws_securityhub_action_target_1.yaml +++ b/queries/aws_securityhub_action_target_1.yaml @@ -1,24 +1,20 @@ +Description: Allows users to query AWS Security Hub Action Targets, providing detailed + information about each action target within AWS Security Hub, including its ARN, + name, and description. ID: aws_securityhub_action_target_1 -Title: "List AWS Security Hub Action Targets" -Description: "Allows users to query AWS Security Hub Action Targets, providing detailed information about each action target within AWS Security Hub, including its ARN, name, and description." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - region - from - aws_securityhub_action_target; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n region\nfrom\n aws_securityhub_action_target;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: List AWS Security Hub Action Targets diff --git a/queries/aws_securityhub_action_target_2.yaml b/queries/aws_securityhub_action_target_2.yaml index 3de580b33..c06baeae4 100755 --- a/queries/aws_securityhub_action_target_2.yaml +++ b/queries/aws_securityhub_action_target_2.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS Security Hub Action Targets, providing detailed + information about each action target within AWS Security Hub, including its ARN, + name, and description. ID: aws_securityhub_action_target_2 -Title: "List AWS Security Hub Action Targets with Details" -Description: "Allows users to query AWS Security Hub Action Targets, providing detailed information about each action target within AWS Security Hub, including its ARN, name, and description." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - region - from - aws_securityhub_action_target - where - arn = 'arn:aws:securityhub:ap-south-1:*****:action/custom/test'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n region\nfrom\n aws_securityhub_action_target\n\ + where\n arn = 'arn:aws:securityhub:ap-south-1:*****:action/custom/test';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: List AWS Security Hub Action Targets with Details diff --git a/queries/aws_securityhub_enabled_product_subscription_1.yaml b/queries/aws_securityhub_enabled_product_subscription_1.yaml index dfa103610..5375d992b 100755 --- a/queries/aws_securityhub_enabled_product_subscription_1.yaml +++ b/queries/aws_securityhub_enabled_product_subscription_1.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query details of enabled product subscriptions in AWS + Security Hub, providing insights into their activation, integration types, and company + information. ID: aws_securityhub_enabled_product_subscription_1 -Title: "Find AWS Security Hub Enabled Product Subscriptions" -Description: "Allows users to query details of enabled product subscriptions in AWS Security Hub, providing insights into their activation, integration types, and company information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - title, - akas - from - aws_securityhub_enabled_product_subscription; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n title,\n akas\nfrom\n aws_securityhub_enabled_product_subscription;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find AWS Security Hub Enabled Product Subscriptions diff --git a/queries/aws_securityhub_enabled_product_subscription_2.yaml b/queries/aws_securityhub_enabled_product_subscription_2.yaml index afdf09e20..b5cadc1a6 100755 --- a/queries/aws_securityhub_enabled_product_subscription_2.yaml +++ b/queries/aws_securityhub_enabled_product_subscription_2.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query details of enabled product subscriptions in AWS + Security Hub, providing insights into their activation, integration types, and company + information. ID: aws_securityhub_enabled_product_subscription_2 -Title: "Query AWS Security Hub Enabled Product Subscriptions" -Description: "Allows users to query details of enabled product subscriptions in AWS Security Hub, providing insights into their activation, integration types, and company information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - s.arn as subscription_arn, - p.product_arn, - p.name as product_name, - p.company_name as product_company_name, - p.marketplace_url, - p.integration_types - from - aws_securityhub_enabled_product_subscription as s, - aws_securityhub_product as p, - jsonb_array_elements(p.product_subscription_resource_policy -> 'Statement') as m - where - (m ->> 'Resource') = s.arn; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n s.arn as subscription_arn,\n p.product_arn,\n p.name\ + \ as product_name,\n p.company_name as product_company_name,\n p.marketplace_url,\n\ + \ p.integration_types\nfrom\n aws_securityhub_enabled_product_subscription as\ + \ s,\n aws_securityhub_product as p,\n jsonb_array_elements(p.product_subscription_resource_policy\ + \ -> 'Statement') as m\nwhere\n (m ->> 'Resource') = s.arn;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Query AWS Security Hub Enabled Product Subscriptions diff --git a/queries/aws_securityhub_finding_1.yaml b/queries/aws_securityhub_finding_1.yaml index 76d50f3c0..81cc1e4b5 100755 --- a/queries/aws_securityhub_finding_1.yaml +++ b/queries/aws_securityhub_finding_1.yaml @@ -1,31 +1,26 @@ +Description: Allows users to query AWS Security Hub Findings to gather information + about security issues identified within AWS resources. This includes details such + as the severity, status, and description of the finding, the resources affected, + and any remediation steps recommended. ID: aws_securityhub_finding_1 -Title: "Find AWS Security Hub Findings: Details and Remediation" -Description: "Allows users to query AWS Security Hub Findings to gather information about security issues identified within AWS resources. This includes details such as the severity, status, and description of the finding, the resources affected, and any remediation steps recommended." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - id, - company_name, - created_at, - criticality, - confidence - from - aws_securityhub_finding; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n id,\n company_name,\n created_at,\n criticality,\n\ + \ confidence\nfrom\n aws_securityhub_finding;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Security Hub +Title: 'Find AWS Security Hub Findings: Details and Remediation' diff --git a/queries/aws_securityhub_finding_10.yaml b/queries/aws_securityhub_finding_10.yaml index 3c3915952..a36e7760d 100755 --- a/queries/aws_securityhub_finding_10.yaml +++ b/queries/aws_securityhub_finding_10.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS Security Hub Findings to gather information + about security issues identified within AWS resources. This includes details such + as the severity, status, and description of the finding, the resources affected, + and any remediation steps recommended. ID: aws_securityhub_finding_10 -Title: "Find all AWS Security Hub Findings with Status Details" -Description: "Allows users to query AWS Security Hub Findings to gather information about security issues identified within AWS resources. This includes details such as the severity, status, and description of the finding, the resources affected, and any remediation steps recommended." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - id, - product_arn, - product_name, - workflow_status - from - aws_securityhub_finding - where - workflow_status = 'NOTIFIED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n id,\n product_arn,\n product_name,\n workflow_status\n\ + from\n aws_securityhub_finding\nwhere \n workflow_status = 'NOTIFIED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Security Hub +Title: Find all AWS Security Hub Findings with Status Details diff --git a/queries/aws_securityhub_finding_11.yaml b/queries/aws_securityhub_finding_11.yaml index 6b45e9a14..dd0006f3f 100755 --- a/queries/aws_securityhub_finding_11.yaml +++ b/queries/aws_securityhub_finding_11.yaml @@ -1,33 +1,28 @@ +Description: Allows users to query AWS Security Hub Findings to gather information + about security issues identified within AWS resources. This includes details such + as the severity, status, and description of the finding, the resources affected, + and any remediation steps recommended. ID: aws_securityhub_finding_11 -Title: "Find AWS EC2 Security Issues with Severity and Status" -Description: "Allows users to query AWS Security Hub Findings to gather information about security issues identified within AWS resources. This includes details such as the severity, status, and description of the finding, the resources affected, and any remediation steps recommended." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - id, - network ->> 'DestinationDomain' as network_destination_domain, - network ->> 'DestinationIpV4' as network_destination_ip_v4, - network ->> 'DestinationIpV6' as network_destination_ip_v6, - network ->> 'DestinationPort' as network_destination_port, - network ->> 'Protocol' as network_protocol, - network ->> 'SourceIpV4' as network_source_ip_v4, - network ->> 'SourceIpV6' as network_source_ip_v6, - network ->> 'SourcePort' as network_source_port - from - aws_securityhub_finding - where - title = 'EC2 instance involved in SSH brute force attacks.'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n id,\n network ->> 'DestinationDomain' as network_destination_domain,\n\ + \ network ->> 'DestinationIpV4' as network_destination_ip_v4,\n network ->>\ + \ 'DestinationIpV6' as network_destination_ip_v6,\n network ->> 'DestinationPort'\ + \ as network_destination_port,\n network ->> 'Protocol' as network_protocol,\n\ + \ network ->> 'SourceIpV4' as network_source_ip_v4,\n network ->> 'SourceIpV6'\ + \ as network_source_ip_v6,\n network ->> 'SourcePort' as network_source_port\n\ + from\n aws_securityhub_finding\nwhere \n title = 'EC2 instance involved in SSH\ + \ brute force attacks.';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find AWS EC2 Security Issues with Severity and Status diff --git a/queries/aws_securityhub_finding_12.yaml b/queries/aws_securityhub_finding_12.yaml index 3c8c46943..d30262d43 100755 --- a/queries/aws_securityhub_finding_12.yaml +++ b/queries/aws_securityhub_finding_12.yaml @@ -1,40 +1,34 @@ +Description: Allows users to query AWS Security Hub Findings to gather information + about security issues identified within AWS resources. This includes details such + as the severity, status, and description of the finding, the resources affected, + and any remediation steps recommended. ID: aws_securityhub_finding_12 -Title: "List AWS Security Hub Findings with Details" -Description: "Allows users to query AWS Security Hub Findings to gather information about security issues identified within AWS resources. This includes details such as the severity, status, and description of the finding, the resources affected, and any remediation steps recommended." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - id, - patch_summary ->> 'Id' as patch_id, - patch_summary ->> 'FailedCount' as failed_count, - patch_summary ->> 'InstalledCount' as installed_count, - patch_summary ->> 'InstalledOtherCount' as installed_other_count, - patch_summary ->> 'InstalledPendingReboot' as installed_pending_reboot, - patch_summary ->> 'InstalledRejectedCount' as installed_rejected_count, - patch_summary ->> 'MissingCount' as missing_count, - patch_summary ->> 'Operation' as operation, - patch_summary ->> 'OperationEndTime' as operation_end_time, - patch_summary ->> 'OperationStartTime' as operation_start_time, - patch_summary ->> 'RebootOption' as reboot_option - from - aws_securityhub_finding - where - title = 'EC2 instance involved in SSH brute force attacks.'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n id,\n patch_summary ->> 'Id' as patch_id,\n\ + \ patch_summary ->> 'FailedCount' as failed_count,\n patch_summary ->> 'InstalledCount'\ + \ as installed_count,\n patch_summary ->> 'InstalledOtherCount' as installed_other_count,\n\ + \ patch_summary ->> 'InstalledPendingReboot' as installed_pending_reboot,\n \ + \ patch_summary ->> 'InstalledRejectedCount' as installed_rejected_count,\n patch_summary\ + \ ->> 'MissingCount' as missing_count,\n patch_summary ->> 'Operation' as operation,\n\ + \ patch_summary ->> 'OperationEndTime' as operation_end_time,\n patch_summary\ + \ ->> 'OperationStartTime' as operation_start_time,\n patch_summary ->> 'RebootOption'\ + \ as reboot_option\nfrom\n aws_securityhub_finding\nwhere \n title = 'EC2 instance\ + \ involved in SSH brute force attacks.';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: List AWS Security Hub Findings with Details diff --git a/queries/aws_securityhub_finding_13.yaml b/queries/aws_securityhub_finding_13.yaml index 3596cf97a..875905703 100755 --- a/queries/aws_securityhub_finding_13.yaml +++ b/queries/aws_securityhub_finding_13.yaml @@ -1,39 +1,32 @@ +Description: Allows users to query AWS Security Hub Findings to gather information + about security issues identified within AWS resources. This includes details such + as the severity, status, and description of the finding, the resources affected, + and any remediation steps recommended. ID: aws_securityhub_finding_13 -Title: "Find AWS Security Hub Findings and their Details" -Description: "Allows users to query AWS Security Hub Findings to gather information about security issues identified within AWS resources. This includes details such as the severity, status, and description of the finding, the resources affected, and any remediation steps recommended." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - v ->> 'Id' as vulnerabilitie_id, - v -> 'Vendor' ->> 'Name' as vendor_name, - v -> 'Vendor' ->> 'Url' as vendor_url, - v -> 'Vendor' ->> 'VendorCreatedAt' as vendor_created_at, - v -> 'Vendor' ->> 'VendorSeverity' as vendor_severity, - v -> 'Vendor' ->> 'VendorUpdatedAt' as vendor_updated_at, - v ->> 'Cvss' as cvss, - v ->> 'ReferenceUrls' as reference_urls, - v ->> 'RelatedVulnerabilities' as related_vulnerabilities, - v ->> 'VulnerablePackages' as vulnerable_packages - from - aws_securityhub_finding, - jsonb_array_elements(vulnerabilities) as v - where - title = 'EC2 instance involved in SSH brute force attacks.'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n v ->> 'Id' as vulnerabilitie_id,\n v -> 'Vendor'\ + \ ->> 'Name' as vendor_name,\n v -> 'Vendor' ->> 'Url' as vendor_url,\n v ->\ + \ 'Vendor' ->> 'VendorCreatedAt' as vendor_created_at,\n v -> 'Vendor' ->> 'VendorSeverity'\ + \ as vendor_severity,\n v -> 'Vendor' ->> 'VendorUpdatedAt' as vendor_updated_at,\n\ + \ v ->> 'Cvss' as cvss,\n v ->> 'ReferenceUrls' as reference_urls,\n v ->>\ + \ 'RelatedVulnerabilities' as related_vulnerabilities,\n v ->> 'VulnerablePackages'\ + \ as vulnerable_packages\nfrom\n aws_securityhub_finding,\n jsonb_array_elements(vulnerabilities)\ + \ as v\nwhere \n title = 'EC2 instance involved in SSH brute force attacks.';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find AWS Security Hub Findings and their Details diff --git a/queries/aws_securityhub_finding_14.yaml b/queries/aws_securityhub_finding_14.yaml index fe7b3bc06..2321d3fe6 100755 --- a/queries/aws_securityhub_finding_14.yaml +++ b/queries/aws_securityhub_finding_14.yaml @@ -1,43 +1,33 @@ +Description: Allows users to query AWS Security Hub Findings to gather information + about security issues identified within AWS resources. This includes details such + as the severity, status, and description of the finding, the resources affected, + and any remediation steps recommended. ID: aws_securityhub_finding_14 -Title: "Find all AWS Security Hub Findings and Details" -Description: "Allows users to query AWS Security Hub Findings to gather information about security issues identified within AWS resources. This includes details such as the severity, status, and description of the finding, the resources affected, and any remediation steps recommended." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - distinct i.instance_id, - i.instance_state, - i.instance_type, - f.title, - f.compliance_status, - f.severity ->> 'Original' as severity_original - from - aws_ec2_instance as i, - aws_securityhub_finding as f, - jsonb_array_elements(resources) as r - where - compliance_status = 'FAILED' - and - r ->> 'Type' = 'AwsEc2Instance' - and - i.arn = r ->> 'Id'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n distinct i.instance_id,\n i.instance_state,\n i.instance_type,\n\ + \ f.title,\n f.compliance_status,\n f.severity ->> 'Original' as severity_original\n\ + from\n aws_ec2_instance as i,\n aws_securityhub_finding as f,\n jsonb_array_elements(resources)\ + \ as r\nwhere\n compliance_status = 'FAILED'\nand\n r ->> 'Type' = 'AwsEc2Instance'\n\ + and\n i.arn = r ->> 'Id';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find all AWS Security Hub Findings and Details diff --git a/queries/aws_securityhub_finding_15.yaml b/queries/aws_securityhub_finding_15.yaml index 8c10c6781..3927de4e1 100755 --- a/queries/aws_securityhub_finding_15.yaml +++ b/queries/aws_securityhub_finding_15.yaml @@ -1,30 +1,25 @@ +Description: Allows users to query AWS Security Hub Findings to gather information + about security issues identified within AWS resources. This includes details such + as the severity, status, and description of the finding, the resources affected, + and any remediation steps recommended. ID: aws_securityhub_finding_15 -Title: "List AWS Security Hub Findings by Resource Type" -Description: "Allows users to query AWS Security Hub Findings to gather information about security issues identified within AWS resources. This includes details such as the severity, status, and description of the finding, the resources affected, and any remediation steps recommended." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r ->> 'Type' as resource_type, - count(r ->> 'Type') - from - aws_securityhub_finding, - jsonb_array_elements(resources) as r - group by - r ->> 'Type' - order by - count desc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n r ->> 'Type' as resource_type,\n count(r ->> 'Type')\n\ + from\n aws_securityhub_finding,\n jsonb_array_elements(resources) as r\ngroup\ + \ by\n r ->> 'Type'\norder by\n count desc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: List AWS Security Hub Findings by Resource Type diff --git a/queries/aws_securityhub_finding_16.yaml b/queries/aws_securityhub_finding_16.yaml index 1fabdbfc8..b6b90a0d6 100755 --- a/queries/aws_securityhub_finding_16.yaml +++ b/queries/aws_securityhub_finding_16.yaml @@ -1,33 +1,27 @@ +Description: Allows users to query AWS Security Hub Findings to gather information + about security issues identified within AWS resources. This includes details such + as the severity, status, and description of the finding, the resources affected, + and any remediation steps recommended. ID: aws_securityhub_finding_16 -Title: "Find AWS Security Hub Findings Details Including Severity" -Description: "Allows users to query AWS Security Hub Findings to gather information about security issues identified within AWS resources. This includes details such as the severity, status, and description of the finding, the resources affected, and any remediation steps recommended." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - id, - company_name, - created_at, - criticality, - confidence - from - aws_securityhub_finding - where - standards_control_arn like '%cis-aws-foundations-benchmark%'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n id,\n company_name,\n created_at,\n criticality,\n\ + \ confidence\nfrom\n aws_securityhub_finding\nwhere\n standards_control_arn\ + \ like '%cis-aws-foundations-benchmark%';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find AWS Security Hub Findings Details Including Severity diff --git a/queries/aws_securityhub_finding_17.yaml b/queries/aws_securityhub_finding_17.yaml index 379b6474d..d4b6e7bc0 100755 --- a/queries/aws_securityhub_finding_17.yaml +++ b/queries/aws_securityhub_finding_17.yaml @@ -1,34 +1,25 @@ +Description: Allows users to query AWS Security Hub Findings to gather information + about security issues identified within AWS resources. This includes details such + as the severity, status, and description of the finding, the resources affected, + and any remediation steps recommended. ID: aws_securityhub_finding_17 -Title: "Find AWS Security Hub Findings and Severity Details" -Description: "Allows users to query AWS Security Hub Findings to gather information about security issues identified within AWS resources. This includes details such as the severity, status, and description of the finding, the resources affected, and any remediation steps recommended." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - f.title, - f.id, - f.company_name, - f.created_at, - f.criticality, - f.confidence - from - aws_securityhub_finding as f, - aws_securityhub_standards_control as c - where - c.arn = f.standards_control_arn - and - c.control_id = 'Config.1'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n f.title,\n f.id,\n f.company_name,\n f.created_at,\n\ + \ f.criticality,\n f.confidence\nfrom \n aws_securityhub_finding as f,\n aws_securityhub_standards_control\ + \ as c\nwhere \n c.arn = f.standards_control_arn\nand\n c.control_id = 'Config.1';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find AWS Security Hub Findings and Severity Details diff --git a/queries/aws_securityhub_finding_18.yaml b/queries/aws_securityhub_finding_18.yaml index 73d906f92..ecc3d5aa4 100755 --- a/queries/aws_securityhub_finding_18.yaml +++ b/queries/aws_securityhub_finding_18.yaml @@ -1,35 +1,29 @@ +Description: Allows users to query AWS Security Hub Findings to gather information + about security issues identified within AWS resources. This includes details such + as the severity, status, and description of the finding, the resources affected, + and any remediation steps recommended. ID: aws_securityhub_finding_18 -Title: "List all AWS Security Hub Findings for Compliance Failures" -Description: "Allows users to query AWS Security Hub Findings to gather information about security issues identified within AWS resources. This includes details such as the severity, status, and description of the finding, the resources affected, and any remediation steps recommended." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - distinct r ->> 'Id' as resource_arn, - r ->> 'Type' as resource_type, - f.title, - f.compliance_status, - f.severity ->> 'Original' as severity_original - from - aws_securityhub_finding as f, - jsonb_array_elements(resources) as r - where - f.compliance_status = 'FAILED' - and - standards_control_arn like '%cis-aws-foundations-benchmark%'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n distinct r ->> 'Id' as resource_arn,\n r ->> 'Type'\ + \ as resource_type,\n f.title,\n f.compliance_status,\n f.severity ->> 'Original'\ + \ as severity_original\nfrom\n aws_securityhub_finding as f,\n jsonb_array_elements(resources)\ + \ as r\nwhere\n f.compliance_status = 'FAILED'\nand\n standards_control_arn\ + \ like '%cis-aws-foundations-benchmark%';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: List all AWS Security Hub Findings for Compliance Failures diff --git a/queries/aws_securityhub_finding_19.yaml b/queries/aws_securityhub_finding_19.yaml index 33db1cdd6..6cf7b7c4b 100755 --- a/queries/aws_securityhub_finding_19.yaml +++ b/queries/aws_securityhub_finding_19.yaml @@ -1,31 +1,26 @@ +Description: Allows users to query AWS Security Hub Findings to gather information + about security issues identified within AWS resources. This includes details such + as the severity, status, and description of the finding, the resources affected, + and any remediation steps recommended. ID: aws_securityhub_finding_19 -Title: "Find AWS Security Hub Findings in Production Environment" -Description: "Allows users to query AWS Security Hub Findings to gather information about security issues identified within AWS resources. This includes details such as the severity, status, and description of the finding, the resources affected, and any remediation steps recommended." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - distinct r ->> 'Id' as resource_arn, - r ->> 'Type' as resource_type, - f.title, - f.compliance_status, - f.severity ->> 'Original' as severity_original - from - aws_securityhub_finding as f, - jsonb_array_elements(resources) as r - where - r -> 'Tags' ->> 'Environment' = 'PROD'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n distinct r ->> 'Id' as resource_arn,\n r ->> 'Type'\ + \ as resource_type,\n f.title,\n f.compliance_status,\n f.severity ->> 'Original'\ + \ as severity_original\nfrom\n aws_securityhub_finding as f,\n jsonb_array_elements(resources)\ + \ as r\nwhere\n r -> 'Tags' ->> 'Environment' = 'PROD';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find AWS Security Hub Findings in Production Environment diff --git a/queries/aws_securityhub_finding_2.yaml b/queries/aws_securityhub_finding_2.yaml index 2e730f14c..fd8b07927 100755 --- a/queries/aws_securityhub_finding_2.yaml +++ b/queries/aws_securityhub_finding_2.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS Security Hub Findings to gather information + about security issues identified within AWS resources. This includes details such + as the severity, status, and description of the finding, the resources affected, + and any remediation steps recommended. ID: aws_securityhub_finding_2 -Title: "List AWS Security Hub Findings by Severity" -Description: "Allows users to query AWS Security Hub Findings to gather information about security issues identified within AWS resources. This includes details such as the severity, status, and description of the finding, the resources affected, and any remediation steps recommended." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - product_arn, - product_name, - severity ->> 'Original' as severity_original - from - aws_securityhub_finding - where - severity ->> 'Original' = 'HIGH'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n product_arn,\n product_name,\n severity ->>\ + \ 'Original' as severity_original\nfrom\n aws_securityhub_finding\nwhere\n severity\ + \ ->> 'Original' = 'HIGH';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Security Hub +Title: List AWS Security Hub Findings by Severity diff --git a/queries/aws_securityhub_finding_20.yaml b/queries/aws_securityhub_finding_20.yaml index 16b93eec9..a72eca988 100755 --- a/queries/aws_securityhub_finding_20.yaml +++ b/queries/aws_securityhub_finding_20.yaml @@ -1,30 +1,25 @@ +Description: Allows users to query AWS Security Hub Findings to gather information + about security issues identified within AWS resources. This includes details such + as the severity, status, and description of the finding, the resources affected, + and any remediation steps recommended. ID: aws_securityhub_finding_20 -Title: "List all Security Hub findings with environment tags" -Description: "Allows users to query AWS Security Hub Findings to gather information about security issues identified within AWS resources. This includes details such as the severity, status, and description of the finding, the resources affected, and any remediation steps recommended." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r -> 'Tags' ->> 'Environment' as environment, - count(r ->> 'Tags') - from - aws_securityhub_finding as f, - jsonb_array_elements(resources) as r - group by - r -> 'Tags' ->> 'Environment' - order by - count desc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n r -> 'Tags' ->> 'Environment' as environment,\n count(r\ + \ ->> 'Tags')\nfrom\n aws_securityhub_finding as f,\n jsonb_array_elements(resources)\ + \ as r\ngroup by\n r -> 'Tags' ->> 'Environment'\norder by\n count desc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Security Hub +Title: List all Security Hub findings with environment tags diff --git a/queries/aws_securityhub_finding_21.yaml b/queries/aws_securityhub_finding_21.yaml index c6a0ec7eb..c49ba2c70 100755 --- a/queries/aws_securityhub_finding_21.yaml +++ b/queries/aws_securityhub_finding_21.yaml @@ -1,30 +1,25 @@ +Description: Allows users to query AWS Security Hub Findings to gather information + about security issues identified within AWS resources. This includes details such + as the severity, status, and description of the finding, the resources affected, + and any remediation steps recommended. ID: aws_securityhub_finding_21 -Title: "Find AWS Security Hub Findings with Details" -Description: "Allows users to query AWS Security Hub Findings to gather information about security issues identified within AWS resources. This includes details such as the severity, status, and description of the finding, the resources affected, and any remediation steps recommended." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - f.severity ->> 'Original' as severity, - r ->> 'Type' as resource_type, - source_account_id - from - aws_securityhub_finding as f, - jsonb_array_elements(resources) r - where - source_account_id = '0123456789012'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n f.severity ->> 'Original' as severity,\n r\ + \ ->> 'Type' as resource_type,\n source_account_id\nfrom\n aws_securityhub_finding\ + \ as f,\n jsonb_array_elements(resources) r\nwhere\n source_account_id = '0123456789012';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Security Hub +Title: Find AWS Security Hub Findings with Details diff --git a/queries/aws_securityhub_finding_22.yaml b/queries/aws_securityhub_finding_22.yaml index d126f6fa2..a273899f6 100755 --- a/queries/aws_securityhub_finding_22.yaml +++ b/queries/aws_securityhub_finding_22.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS Security Hub Findings to gather information + about security issues identified within AWS resources. This includes details such + as the severity, status, and description of the finding, the resources affected, + and any remediation steps recommended. ID: aws_securityhub_finding_22 -Title: "Find all Security Hub Findings and Details" -Description: "Allows users to query AWS Security Hub Findings to gather information about security issues identified within AWS resources. This includes details such as the severity, status, and description of the finding, the resources affected, and any remediation steps recommended." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - source_account_id, - count(*) as finding_count - from - aws_securityhub_finding - group by - source_account_id - order by - source_account_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n source_account_id,\n count(*) as finding_count\nfrom\n\ + \ aws_securityhub_finding\ngroup by\n source_account_id\norder by\n source_account_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find all Security Hub Findings and Details diff --git a/queries/aws_securityhub_finding_3.yaml b/queries/aws_securityhub_finding_3.yaml index 886d090b1..423bff7b2 100755 --- a/queries/aws_securityhub_finding_3.yaml +++ b/queries/aws_securityhub_finding_3.yaml @@ -1,29 +1,25 @@ +Description: Allows users to query AWS Security Hub Findings to gather information + about security issues identified within AWS resources. This includes details such + as the severity, status, and description of the finding, the resources affected, + and any remediation steps recommended. ID: aws_securityhub_finding_3 -Title: "List all AWS Security Hub Findings and Severity" -Description: "Allows users to query AWS Security Hub Findings to gather information about security issues identified within AWS resources. This includes details such as the severity, status, and description of the finding, the resources affected, and any remediation steps recommended." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - severity ->> 'Original' as severity_original, - count(severity ->> 'Original') - from - aws_securityhub_finding - group by - severity ->> 'Original' - order by - severity ->> 'Original'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n severity ->> 'Original' as severity_original,\n count(severity\ + \ ->> 'Original')\nfrom\n aws_securityhub_finding\ngroup by\n severity ->> 'Original'\n\ + order by\n severity ->> 'Original';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: List all AWS Security Hub Findings and Severity diff --git a/queries/aws_securityhub_finding_4.yaml b/queries/aws_securityhub_finding_4.yaml index 77f32a37e..5498acd4f 100755 --- a/queries/aws_securityhub_finding_4.yaml +++ b/queries/aws_securityhub_finding_4.yaml @@ -1,32 +1,27 @@ +Description: Allows users to query AWS Security Hub Findings to gather information + about security issues identified within AWS resources. This includes details such + as the severity, status, and description of the finding, the resources affected, + and any remediation steps recommended. ID: aws_securityhub_finding_4 -Title: "Find AWS Security Hub Findings with Failed Status" -Description: "Allows users to query AWS Security Hub Findings to gather information about security issues identified within AWS resources. This includes details such as the severity, status, and description of the finding, the resources affected, and any remediation steps recommended." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - product_arn, - product_name, - compliance ->> 'Status' as compliance_status, - compliance ->> 'StatusReasons' as compliance_status_reasons - from - aws_securityhub_finding - where - compliance ->> 'Status' = 'FAILED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n product_arn,\n product_name,\n compliance\ + \ ->> 'Status' as compliance_status,\n compliance ->> 'StatusReasons' as compliance_status_reasons\n\ + from\n aws_securityhub_finding\nwhere\n compliance ->> 'Status' = 'FAILED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find AWS Security Hub Findings with Failed Status diff --git a/queries/aws_securityhub_finding_5.yaml b/queries/aws_securityhub_finding_5.yaml index 8ab9e93f0..26294b61c 100755 --- a/queries/aws_securityhub_finding_5.yaml +++ b/queries/aws_securityhub_finding_5.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS Security Hub Findings to gather information + about security issues identified within AWS resources. This includes details such + as the severity, status, and description of the finding, the resources affected, + and any remediation steps recommended. ID: aws_securityhub_finding_5 -Title: "Find all AWS Security Hub Findings with SQL" -Description: "Allows users to query AWS Security Hub Findings to gather information about security issues identified within AWS resources. This includes details such as the severity, status, and description of the finding, the resources affected, and any remediation steps recommended." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - product_arn, - product_name, - malware - from - aws_securityhub_finding - where - malware is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n product_arn,\n product_name,\n malware\n\ + from\n aws_securityhub_finding\nwhere\n malware is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Security Hub +Title: Find all AWS Security Hub Findings with SQL diff --git a/queries/aws_securityhub_finding_6.yaml b/queries/aws_securityhub_finding_6.yaml index 763bdf663..3a9e73f74 100755 --- a/queries/aws_securityhub_finding_6.yaml +++ b/queries/aws_securityhub_finding_6.yaml @@ -1,33 +1,27 @@ +Description: Allows users to query AWS Security Hub Findings to gather information + about security issues identified within AWS resources. This includes details such + as the severity, status, and description of the finding, the resources affected, + and any remediation steps recommended. ID: aws_securityhub_finding_6 -Title: "List AWS Security Hub Findings for Critical Issues" -Description: "Allows users to query AWS Security Hub Findings to gather information about security issues identified within AWS resources. This includes details such as the severity, status, and description of the finding, the resources affected, and any remediation steps recommended." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - product_arn, - product_name, - severity ->> 'Original' as severity_original - from - aws_securityhub_finding - where - severity ->> 'Original' = 'CRITICAL' - and - created_at >= now() - interval '10' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n product_arn,\n product_name,\n severity ->>\ + \ 'Original' as severity_original\nfrom\n aws_securityhub_finding\nwhere\n severity\ + \ ->> 'Original' = 'CRITICAL'\nand \n created_at >= now() - interval '10' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: List AWS Security Hub Findings for Critical Issues diff --git a/queries/aws_securityhub_finding_7.yaml b/queries/aws_securityhub_finding_7.yaml index d6ecee3ed..477b23cf5 100755 --- a/queries/aws_securityhub_finding_7.yaml +++ b/queries/aws_securityhub_finding_7.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS Security Hub Findings to gather information + about security issues identified within AWS resources. This includes details such + as the severity, status, and description of the finding, the resources affected, + and any remediation steps recommended. ID: aws_securityhub_finding_7 -Title: "Find all AWS Security Hub Findings with SQL" -Description: "Allows users to query AWS Security Hub Findings to gather information about security issues identified within AWS resources. This includes details such as the severity, status, and description of the finding, the resources affected, and any remediation steps recommended." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - product_arn, - product_name, - criticality - from - aws_securityhub_finding - order by - criticality desc nulls last; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n product_arn,\n product_name,\n criticality\n\ + from\n aws_securityhub_finding\norder by \n criticality desc nulls last;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Security Hub +Title: Find all AWS Security Hub Findings with SQL diff --git a/queries/aws_securityhub_finding_8.yaml b/queries/aws_securityhub_finding_8.yaml index 0606f4342..e81aedda0 100755 --- a/queries/aws_securityhub_finding_8.yaml +++ b/queries/aws_securityhub_finding_8.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS Security Hub Findings to gather information + about security issues identified within AWS resources. This includes details such + as the severity, status, and description of the finding, the resources affected, + and any remediation steps recommended. ID: aws_securityhub_finding_8 -Title: "Find all AWS Security Hub Findings with Issues" -Description: "Allows users to query AWS Security Hub Findings to gather information about security issues identified within AWS resources. This includes details such as the severity, status, and description of the finding, the resources affected, and any remediation steps recommended." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - id, - product_arn, - product_name, - company_name - from - aws_securityhub_finding - where - company_name = 'Turbot'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n id,\n product_arn,\n product_name,\n company_name\n\ + from\n aws_securityhub_finding\nwhere \n company_name = 'Turbot';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find all AWS Security Hub Findings with Issues diff --git a/queries/aws_securityhub_finding_9.yaml b/queries/aws_securityhub_finding_9.yaml index 07243b6c4..98eb30c7e 100755 --- a/queries/aws_securityhub_finding_9.yaml +++ b/queries/aws_securityhub_finding_9.yaml @@ -1,29 +1,25 @@ +Description: Allows users to query AWS Security Hub Findings to gather information + about security issues identified within AWS resources. This includes details such + as the severity, status, and description of the finding, the resources affected, + and any remediation steps recommended. ID: aws_securityhub_finding_9 -Title: "Find all Security Hub Findings within AWS Resources" -Description: "Allows users to query AWS Security Hub Findings to gather information about security issues identified within AWS resources. This includes details such as the severity, status, and description of the finding, the resources affected, and any remediation steps recommended." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - product_arn, - product_name, - updated_at - from - aws_securityhub_finding - where - updated_at >= now() - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n product_arn,\n product_name,\n updated_at\n\ + from\n aws_securityhub_finding\nwhere\n updated_at >= now() - interval '30'\ + \ day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find all Security Hub Findings within AWS Resources diff --git a/queries/aws_securityhub_finding_aggregator_1.yaml b/queries/aws_securityhub_finding_aggregator_1.yaml index 9c69ef0da..d04b5859e 100755 --- a/queries/aws_securityhub_finding_aggregator_1.yaml +++ b/queries/aws_securityhub_finding_aggregator_1.yaml @@ -1,26 +1,23 @@ +Description: Allows users to query AWS Security Hub Finding Aggregator to gather information + about the findings that are generated by the integrated third-party products and + AWS services. ID: aws_securityhub_finding_aggregator_1 -Title: "List all findings in AWS Security Hub Aggregator" -Description: "Allows users to query AWS Security Hub Finding Aggregator to gather information about the findings that are generated by the integrated third-party products and AWS services." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - finding_aggregation_region, - region_linking_mode - from - aws_securityhub_finding_aggregator; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n finding_aggregation_region,\n region_linking_mode\n\ + from\n aws_securityhub_finding_aggregator;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Security Hub +Title: List all findings in AWS Security Hub Aggregator diff --git a/queries/aws_securityhub_finding_aggregator_2.yaml b/queries/aws_securityhub_finding_aggregator_2.yaml index c9fce1060..af56c23bf 100755 --- a/queries/aws_securityhub_finding_aggregator_2.yaml +++ b/queries/aws_securityhub_finding_aggregator_2.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS Security Hub Finding Aggregator to gather information + about the findings that are generated by the integrated third-party products and + AWS services. ID: aws_securityhub_finding_aggregator_2 -Title: "Find information in AWS Security Hub Finding Aggregator" -Description: "Allows users to query AWS Security Hub Finding Aggregator to gather information about the findings that are generated by the integrated third-party products and AWS services." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - finding_aggregation_region, - region_linking_mode - from - aws_securityhub_finding_aggregator - where - region_linking_mode = 'ALL_REGIONS'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n finding_aggregation_region,\n region_linking_mode\n\ + from\n aws_securityhub_finding_aggregator\nwhere\n region_linking_mode = 'ALL_REGIONS';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub Finding Aggregator +Title: Find information in AWS Security Hub Finding Aggregator diff --git a/queries/aws_securityhub_finding_aggregator_3.yaml b/queries/aws_securityhub_finding_aggregator_3.yaml index d38ea238c..0ad1d82ae 100755 --- a/queries/aws_securityhub_finding_aggregator_3.yaml +++ b/queries/aws_securityhub_finding_aggregator_3.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS Security Hub Finding Aggregator to gather information + about the findings that are generated by the integrated third-party products and + AWS services. ID: aws_securityhub_finding_aggregator_3 -Title: "Find Info About AWS Security Hub Finding Aggregator" -Description: "Allows users to query AWS Security Hub Finding Aggregator to gather information about the findings that are generated by the integrated third-party products and AWS services." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - region_linking_mode, - r as linked_region - from - aws_securityhub_finding_aggregator, - jsonb_array_elements_text(regions) as r - where - region_linking_mode = 'SPECIFIED_REGIONS'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n region_linking_mode,\n r as linked_region\n\ + from\n aws_securityhub_finding_aggregator,\n jsonb_array_elements_text(regions)\ + \ as r\nwhere\n region_linking_mode = 'SPECIFIED_REGIONS';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Security Hub +Title: Find Info About AWS Security Hub Finding Aggregator diff --git a/queries/aws_securityhub_finding_aggregator_4.yaml b/queries/aws_securityhub_finding_aggregator_4.yaml index 60240ca14..77ecc7bd4 100755 --- a/queries/aws_securityhub_finding_aggregator_4.yaml +++ b/queries/aws_securityhub_finding_aggregator_4.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS Security Hub Finding Aggregator to gather information + about the findings that are generated by the integrated third-party products and + AWS services. ID: aws_securityhub_finding_aggregator_4 -Title: "Find Security Hub Findings Aggregator Details in AWS" -Description: "Allows users to query AWS Security Hub Finding Aggregator to gather information about the findings that are generated by the integrated third-party products and AWS services." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - a.name as linked_region - from - aws_securityhub_finding_aggregator as f, - aws_region as a, - jsonb_array_elements_text(f.regions) as r - where - region_linking_mode = 'ALL_REGIONS_EXCEPT_SPECIFIED' - and - a.name <> r; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n a.name as linked_region\nfrom\n aws_securityhub_finding_aggregator\ + \ as f,\n aws_region as a,\n jsonb_array_elements_text(f.regions) as r\nwhere\n\ + \ region_linking_mode = 'ALL_REGIONS_EXCEPT_SPECIFIED'\nand\n a.name <> r;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find Security Hub Findings Aggregator Details in AWS diff --git a/queries/aws_securityhub_hub_1.yaml b/queries/aws_securityhub_hub_1.yaml index 17deb09fd..850cbe9cb 100755 --- a/queries/aws_securityhub_hub_1.yaml +++ b/queries/aws_securityhub_hub_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query Security Hub to retrieve information about the + Hub resources. ID: aws_securityhub_hub_1 -Title: "Find AWS Security Hub Resources Information" -Description: "Allows users to query Security Hub to retrieve information about the Hub resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - hub_arn, - auto_enable_controls, - subscribed_at, - region - from - aws_securityhub_hub; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n hub_arn,\n auto_enable_controls,\n subscribed_at,\n\ + \ region\nfrom\n aws_securityhub_hub;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find AWS Security Hub Resources Information diff --git a/queries/aws_securityhub_hub_2.yaml b/queries/aws_securityhub_hub_2.yaml index 79ce9f876..39f43f71b 100755 --- a/queries/aws_securityhub_hub_2.yaml +++ b/queries/aws_securityhub_hub_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query Security Hub to retrieve information about the + Hub resources. ID: aws_securityhub_hub_2 -Title: "List all Hub resources from AWS Security Hub" -Description: "Allows users to query Security Hub to retrieve information about the Hub resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - hub_arn, - auto_enable_controls - from - aws_securityhub_hub - where - not auto_enable_controls; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n hub_arn,\n auto_enable_controls\nfrom\n aws_securityhub_hub\n\ + where\n not auto_enable_controls;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: List all Hub resources from AWS Security Hub diff --git a/queries/aws_securityhub_hub_3.yaml b/queries/aws_securityhub_hub_3.yaml index 800103930..8c75d05eb 100755 --- a/queries/aws_securityhub_hub_3.yaml +++ b/queries/aws_securityhub_hub_3.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query Security Hub to retrieve information about the + Hub resources. ID: aws_securityhub_hub_3 -Title: "Find Administrator Account Info in AWS Security Hub" -Description: "Allows users to query Security Hub to retrieve information about the Hub resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - hub_arn, - auto_enable_controls, - administrator_account ->> 'AccountId' as administrator_account_id, - administrator_account ->> 'InvitationId' as administrator_invitation_id, - administrator_account ->> 'InvitedAt' as administrator_invitation_time, - administrator_account ->> 'MemberStatus' as administrator_status - from - aws_securityhub_hub - where - administrator_account is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n hub_arn,\n auto_enable_controls,\n administrator_account\ + \ ->> 'AccountId' as administrator_account_id,\n administrator_account ->> 'InvitationId'\ + \ as administrator_invitation_id,\n administrator_account ->> 'InvitedAt' as\ + \ administrator_invitation_time,\n administrator_account ->> 'MemberStatus' as\ + \ administrator_status\nfrom\n aws_securityhub_hub\nwhere\n administrator_account\ + \ is not null;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find Administrator Account Info in AWS Security Hub diff --git a/queries/aws_securityhub_insight_1.yaml b/queries/aws_securityhub_insight_1.yaml index a33182783..11f740b25 100755 --- a/queries/aws_securityhub_insight_1.yaml +++ b/queries/aws_securityhub_insight_1.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS Security Hub Insights to retrieve information + about the insights in AWS Security Hub. This includes details such as insight ARN, + name, filters, group by attributes, and more. ID: aws_securityhub_insight_1 -Title: "Find Insights in AWS Security Hub with SQL" -Description: "Allows users to query AWS Security Hub Insights to retrieve information about the insights in AWS Security Hub. This includes details such as insight ARN, name, filters, group by attributes, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - group_by_attribute, - region - from - aws_securityhub_insight; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n group_by_attribute,\n region\nfrom\n\ + \ aws_securityhub_insight;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find Insights in AWS Security Hub with SQL diff --git a/queries/aws_securityhub_insight_10.yaml b/queries/aws_securityhub_insight_10.yaml index da52ee9ba..dde81d94a 100755 --- a/queries/aws_securityhub_insight_10.yaml +++ b/queries/aws_securityhub_insight_10.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS Security Hub Insights to retrieve information + about the insights in AWS Security Hub. This includes details such as insight ARN, + name, filters, group by attributes, and more. ID: aws_securityhub_insight_10 -Title: "Find AWS Security Hub Insights Details Using SQL" -Description: "Allows users to query AWS Security Hub Insights to retrieve information about the insights in AWS Security Hub. This includes details such as insight ARN, name, filters, group by attributes, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - filters ->> 'RecordState' as record_state - from - aws_securityhub_insight - where - name = 'sp'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n filters ->> 'RecordState' as record_state\n\ + from\n aws_securityhub_insight\nwhere\n name = 'sp';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find AWS Security Hub Insights Details Using SQL diff --git a/queries/aws_securityhub_insight_2.yaml b/queries/aws_securityhub_insight_2.yaml index ad0a5f6fd..19a2a9677 100755 --- a/queries/aws_securityhub_insight_2.yaml +++ b/queries/aws_securityhub_insight_2.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Security Hub Insights to retrieve information + about the insights in AWS Security Hub. This includes details such as insight ARN, + name, filters, group by attributes, and more. ID: aws_securityhub_insight_2 -Title: "List all AWS Security Hub Insights with Details" -Description: "Allows users to query AWS Security Hub Insights to retrieve information about the insights in AWS Security Hub. This includes details such as insight ARN, name, filters, group by attributes, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - group_by_attribute, - region - from - aws_securityhub_insight - where - group_by_attribute = 'ResourceId'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n group_by_attribute,\n region\nfrom\n\ + \ aws_securityhub_insight\nwhere\n group_by_attribute = 'ResourceId';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: List all AWS Security Hub Insights with Details diff --git a/queries/aws_securityhub_insight_3.yaml b/queries/aws_securityhub_insight_3.yaml index 9ec6344c5..85a93e48f 100755 --- a/queries/aws_securityhub_insight_3.yaml +++ b/queries/aws_securityhub_insight_3.yaml @@ -1,26 +1,23 @@ +Description: Allows users to query AWS Security Hub Insights to retrieve information + about the insights in AWS Security Hub. This includes details such as insight ARN, + name, filters, group by attributes, and more. ID: aws_securityhub_insight_3 -Title: "Find AWS Security Hub Insights Details using SQL" -Description: "Allows users to query AWS Security Hub Insights to retrieve information about the insights in AWS Security Hub. This includes details such as insight ARN, name, filters, group by attributes, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - filters ->> 'WorkflowStatus' as workflow_status - from - aws_securityhub_insight; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n filters ->> 'WorkflowStatus' as workflow_status\n\ + from\n aws_securityhub_insight;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find AWS Security Hub Insights Details using SQL diff --git a/queries/aws_securityhub_insight_4.yaml b/queries/aws_securityhub_insight_4.yaml index 4878b0f8e..828d63a58 100755 --- a/queries/aws_securityhub_insight_4.yaml +++ b/queries/aws_securityhub_insight_4.yaml @@ -1,24 +1,21 @@ +Description: Allows users to query AWS Security Hub Insights to retrieve information + about the insights in AWS Security Hub. This includes details such as insight ARN, + name, filters, group by attributes, and more. ID: aws_securityhub_insight_4 -Title: "Find AWS Security Hub Insights with Severity Filters" -Description: "Allows users to query AWS Security Hub Insights to retrieve information about the insights in AWS Security Hub. This includes details such as insight ARN, name, filters, group by attributes, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - filters ->> 'SeverityLabel' as severity_label - from - aws_securityhub_insight; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n filters ->> 'SeverityLabel' as severity_label\n\ + from\n aws_securityhub_insight;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find AWS Security Hub Insights with Severity Filters diff --git a/queries/aws_securityhub_insight_5.yaml b/queries/aws_securityhub_insight_5.yaml index 243d74602..921f3f8f7 100755 --- a/queries/aws_securityhub_insight_5.yaml +++ b/queries/aws_securityhub_insight_5.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query AWS Security Hub Insights to retrieve information + about the insights in AWS Security Hub. This includes details such as insight ARN, + name, filters, group by attributes, and more. ID: aws_securityhub_insight_5 -Title: "Find AWS Security Hub Insights with Critical Severity" -Description: "Allows users to query AWS Security Hub Insights to retrieve information about the insights in AWS Security Hub. This includes details such as insight ARN, name, filters, group by attributes, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - filters ->> 'SeverityLabel' as severity - from - aws_securityhub_insight - where - filters ->> 'SeverityLabel' = '{"Comparison": "EQUALS", "Value": "CRITICAL"}' - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n filters ->> 'SeverityLabel' as severity\n\ + from\n aws_securityhub_insight\nwhere\n filters ->> 'SeverityLabel' = '{\"Comparison\"\ + : \"EQUALS\", \"Value\": \"CRITICAL\"}'" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find AWS Security Hub Insights with Critical Severity diff --git a/queries/aws_securityhub_insight_6.yaml b/queries/aws_securityhub_insight_6.yaml index 798bf13f6..0b31a5185 100755 --- a/queries/aws_securityhub_insight_6.yaml +++ b/queries/aws_securityhub_insight_6.yaml @@ -1,28 +1,25 @@ +Description: Allows users to query AWS Security Hub Insights to retrieve information + about the insights in AWS Security Hub. This includes details such as insight ARN, + name, filters, group by attributes, and more. ID: aws_securityhub_insight_6 -Title: "List all AWS Security Hub Insights with Filters and Grouping" -Description: "Allows users to query AWS Security Hub Insights to retrieve information about the insights in AWS Security Hub. This includes details such as insight ARN, name, filters, group by attributes, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - filters ->> 'ThreatIntelIndicatorType' as threat_intelligence_details - from - aws_securityhub_insight - where - filters ->> 'ThreatIntelIndicatorType' = '{"Comparison": "EQUALS", "Value": "IPV4_ADDRESS"}' - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n filters ->> 'ThreatIntelIndicatorType'\ + \ as threat_intelligence_details\nfrom\n aws_securityhub_insight\nwhere\n filters\ + \ ->> 'ThreatIntelIndicatorType' = '{\"Comparison\": \"EQUALS\", \"Value\": \"\ + IPV4_ADDRESS\"}'" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Security Hub +Title: List all AWS Security Hub Insights with Filters and Grouping diff --git a/queries/aws_securityhub_insight_7.yaml b/queries/aws_securityhub_insight_7.yaml index 2f02e404f..0120d4a39 100755 --- a/queries/aws_securityhub_insight_7.yaml +++ b/queries/aws_securityhub_insight_7.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query AWS Security Hub Insights to retrieve information + about the insights in AWS Security Hub. This includes details such as insight ARN, + name, filters, group by attributes, and more. ID: aws_securityhub_insight_7 -Title: "Find All AWS Security Hub Insights with SQL Query" -Description: "Allows users to query AWS Security Hub Insights to retrieve information about the insights in AWS Security Hub. This includes details such as insight ARN, name, filters, group by attributes, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - filters ->> 'ComplianceStatus' as compliance_status - from - aws_securityhub_insight - where - filters ->> 'ComplianceStatus' = '{"Comparison": "EQUALS", "Value": "FAILED"}' - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n filters ->> 'ComplianceStatus' as compliance_status\n\ + from\n aws_securityhub_insight\nwhere\n filters ->> 'ComplianceStatus' = '{\"\ + Comparison\": \"EQUALS\", \"Value\": \"FAILED\"}'" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find All AWS Security Hub Insights with SQL Query diff --git a/queries/aws_securityhub_insight_8.yaml b/queries/aws_securityhub_insight_8.yaml index ae6a8a443..cdea5ec10 100755 --- a/queries/aws_securityhub_insight_8.yaml +++ b/queries/aws_securityhub_insight_8.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query AWS Security Hub Insights to retrieve information + about the insights in AWS Security Hub. This includes details such as insight ARN, + name, filters, group by attributes, and more. ID: aws_securityhub_insight_8 -Title: "List all AWS Security Hub Insights with Details" -Description: "Allows users to query AWS Security Hub Insights to retrieve information about the insights in AWS Security Hub. This includes details such as insight ARN, name, filters, group by attributes, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - filters ->> 'MalwareName' as malware_name, - filters ->> 'MalwarePath' as malware_path, - filters ->> 'MalwareType' as malware_type - from - aws_securityhub_insight; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n filters ->> 'MalwareName' as malware_name,\n\ + \ filters ->> 'MalwarePath' as malware_path,\n filters ->> 'MalwareType' as\ + \ malware_type\nfrom\n aws_securityhub_insight;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: List all AWS Security Hub Insights with Details diff --git a/queries/aws_securityhub_insight_9.yaml b/queries/aws_securityhub_insight_9.yaml index 1a9277117..baab6b458 100755 --- a/queries/aws_securityhub_insight_9.yaml +++ b/queries/aws_securityhub_insight_9.yaml @@ -1,35 +1,30 @@ +Description: Allows users to query AWS Security Hub Insights to retrieve information + about the insights in AWS Security Hub. This includes details such as insight ARN, + name, filters, group by attributes, and more. ID: aws_securityhub_insight_9 -Title: "Find AWS Security Hub Insights and Network Attributes" -Description: "Allows users to query AWS Security Hub Insights to retrieve information about the insights in AWS Security Hub. This includes details such as insight ARN, name, filters, group by attributes, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - filters ->> 'NetworkSourceDomain' as network_source_domain, - filters ->> 'NetworkDestinationDomain' as network_destination_domain, - filters ->> 'NetworkSourceIpV4' as network_source_ip_v4, - filters ->> 'NetworkDestinationIpV4' as network_destination_ip_v4, - filters ->> 'NetworkSourceIpV6' as network_source_ip_v6, - filters ->> 'NetworkDestinationIpV6' as network_destination_ip_v6, - filters ->> 'NetworkSourcePort' as network_source_port, - filters ->> 'NetworkDestinationPort' as network_destination_port - from - aws_securityhub_insight; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n filters ->> 'NetworkSourceDomain' as\ + \ network_source_domain,\n filters ->> 'NetworkDestinationDomain' as network_destination_domain,\n\ + \ filters ->> 'NetworkSourceIpV4' as network_source_ip_v4,\n filters ->> 'NetworkDestinationIpV4'\ + \ as network_destination_ip_v4,\n filters ->> 'NetworkSourceIpV6' as network_source_ip_v6,\n\ + \ filters ->> 'NetworkDestinationIpV6' as network_destination_ip_v6,\n filters\ + \ ->> 'NetworkSourcePort' as network_source_port,\n filters ->> 'NetworkDestinationPort'\ + \ as network_destination_port\nfrom\n aws_securityhub_insight;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find AWS Security Hub Insights and Network Attributes diff --git a/queries/aws_securityhub_member_1.yaml b/queries/aws_securityhub_member_1.yaml index 9b2d37cf3..47c704c20 100755 --- a/queries/aws_securityhub_member_1.yaml +++ b/queries/aws_securityhub_member_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Security Hub Members for detailed information + about each member''s account, including its ID, email, status, and more. ID: aws_securityhub_member_1 -Title: "Find AWS Security Hub Members for Detailed Information" -Description: "Allows users to query AWS Security Hub Members for detailed information about each member''s account, including its ID, email, status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - member_account_id, - email, - administrator_id, - member_status, - updated_at - from - aws_securityhub_member; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n member_account_id,\n email,\n administrator_id,\n \ + \ member_status,\n updated_at\nfrom\n aws_securityhub_member;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find AWS Security Hub Members for Detailed Information diff --git a/queries/aws_securityhub_member_2.yaml b/queries/aws_securityhub_member_2.yaml index 72111d1cf..384e4b58c 100755 --- a/queries/aws_securityhub_member_2.yaml +++ b/queries/aws_securityhub_member_2.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS Security Hub Members for detailed information + about each member''s account, including its ID, email, status, and more. ID: aws_securityhub_member_2 -Title: "Find AWS Security Hub Members with Detailed Info" -Description: "Allows users to query AWS Security Hub Members for detailed information about each member''s account, including its ID, email, status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - member_account_id, - email, - administrator_id, - member_status, - updated_at, - invited_at - from - aws_securityhub_member - where - member_status = 'Enabled'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n member_account_id,\n email,\n administrator_id,\n \ + \ member_status,\n updated_at,\n invited_at\nfrom\n aws_securityhub_member\n\ + where\n member_status = 'Enabled';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find AWS Security Hub Members with Detailed Info diff --git a/queries/aws_securityhub_member_3.yaml b/queries/aws_securityhub_member_3.yaml index 9b40f6160..f5c0c65ac 100755 --- a/queries/aws_securityhub_member_3.yaml +++ b/queries/aws_securityhub_member_3.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS Security Hub Members for detailed information + about each member''s account, including its ID, email, status, and more. ID: aws_securityhub_member_3 -Title: "List all AWS Security Hub Members with Detailed Information" -Description: "Allows users to query AWS Security Hub Members for detailed information about each member''s account, including its ID, email, status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - member_account_id, - email, - administrator_id, - member_status, - updated_at - from - aws_securityhub_member - where - member_status = 'Created'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n member_account_id,\n email,\n administrator_id,\n \ + \ member_status,\n updated_at\nfrom\n aws_securityhub_member\nwhere\n member_status\ + \ = 'Created';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: List all AWS Security Hub Members with Detailed Information diff --git a/queries/aws_securityhub_member_4.yaml b/queries/aws_securityhub_member_4.yaml index 92ad84656..fb9ed8fac 100755 --- a/queries/aws_securityhub_member_4.yaml +++ b/queries/aws_securityhub_member_4.yaml @@ -1,33 +1,24 @@ +Description: Allows users to query AWS Security Hub Members for detailed information + about each member''s account, including its ID, email, status, and more. ID: aws_securityhub_member_4 -Title: "List all AWS Security Hub Members with details" -Description: "Allows users to query AWS Security Hub Members for detailed information about each member''s account, including its ID, email, status, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - member_account_id, - email, - administrator_id, - member_status, - updated_at, - invited_at - from - aws_securityhub_member - where - member_status = 'Enabled' - and - invited_at <= (now() - interval '10' day); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n member_account_id,\n email,\n administrator_id,\n \ + \ member_status,\n updated_at,\n invited_at\nfrom\n aws_securityhub_member\n\ + where\n member_status = 'Enabled'\nand\n invited_at <= (now() - interval '10'\ + \ day);" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: List all AWS Security Hub Members with details diff --git a/queries/aws_securityhub_product_1.yaml b/queries/aws_securityhub_product_1.yaml index 64d4c557b..0f5aff67a 100755 --- a/queries/aws_securityhub_product_1.yaml +++ b/queries/aws_securityhub_product_1.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Security Hub Product details for comprehensive + security and compliance insights. ID: aws_securityhub_product_1 -Title: "Find AWS Security Hub Product Details for Security Insights" -Description: "Allows users to query AWS Security Hub Product details for comprehensive security and compliance insights." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - product_arn, - company_name, - description - from - aws_securityhub_product; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n product_arn,\n company_name,\n description\n\ + from\n aws_securityhub_product;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find AWS Security Hub Product Details for Security Insights diff --git a/queries/aws_securityhub_product_2.yaml b/queries/aws_securityhub_product_2.yaml index 78652e9e4..284320212 100755 --- a/queries/aws_securityhub_product_2.yaml +++ b/queries/aws_securityhub_product_2.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Security Hub Product details for comprehensive + security and compliance insights. ID: aws_securityhub_product_2 -Title: "Find AWS Security Hub Product Details" -Description: "Allows users to query AWS Security Hub Product details for comprehensive security and compliance insights." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - company_name, - description - from - aws_securityhub_product - where - company_name = 'AWS'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n company_name,\n description\nfrom\n aws_securityhub_product\n\ + where\n company_name = 'AWS';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find AWS Security Hub Product Details diff --git a/queries/aws_securityhub_product_3.yaml b/queries/aws_securityhub_product_3.yaml index cefb7b540..2865ae3cd 100755 --- a/queries/aws_securityhub_product_3.yaml +++ b/queries/aws_securityhub_product_3.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Security Hub Product details for comprehensive + security and compliance insights. ID: aws_securityhub_product_3 -Title: "Find AWS Security Hub Products for Security Insights" -Description: "Allows users to query AWS Security Hub Product details for comprehensive security and compliance insights." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - product_arn, - company_name - from - aws_securityhub_product, - jsonb_array_elements_text(integration_types) as i - where - i = 'SEND_FINDINGS_TO_SECURITY_HUB'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n product_arn,\n company_name\nfrom\n aws_securityhub_product,\n\ + \ jsonb_array_elements_text(integration_types) as i\nwhere\n i = 'SEND_FINDINGS_TO_SECURITY_HUB';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find AWS Security Hub Products for Security Insights diff --git a/queries/aws_securityhub_standards_control_1.yaml b/queries/aws_securityhub_standards_control_1.yaml index b78b44cd9..7c4a0e1b6 100755 --- a/queries/aws_securityhub_standards_control_1.yaml +++ b/queries/aws_securityhub_standards_control_1.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query AWS Security Hub Standards Control data including + details about each security standard control available in an AWS account. ID: aws_securityhub_standards_control_1 -Title: "Find AWS Security Hub Standards Control Data" -Description: "Allows users to query AWS Security Hub Standards Control data including details about each security standard control available in an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - control_id, - control_status, - severity_rating - from - aws_securityhub_standards_control; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n control_id,\n control_status,\n severity_rating\nfrom\n\ + \ aws_securityhub_standards_control;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find AWS Security Hub Standards Control Data diff --git a/queries/aws_securityhub_standards_control_2.yaml b/queries/aws_securityhub_standards_control_2.yaml index 305a23432..f39113c72 100755 --- a/queries/aws_securityhub_standards_control_2.yaml +++ b/queries/aws_securityhub_standards_control_2.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Security Hub Standards Control data including + details about each security standard control available in an AWS account. ID: aws_securityhub_standards_control_2 -Title: "List details of AWS Security Hub Standards Controls" -Description: "Allows users to query AWS Security Hub Standards Control data including details about each security standard control available in an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - control_id, - control_status, - severity_rating - from - aws_securityhub_standards_control - where - control_status = 'DISABLED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n control_id,\n control_status,\n severity_rating\nfrom\n\ + \ aws_securityhub_standards_control\nwhere\n control_status = 'DISABLED';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub Standards Control +Title: List details of AWS Security Hub Standards Controls diff --git a/queries/aws_securityhub_standards_control_3.yaml b/queries/aws_securityhub_standards_control_3.yaml index 73a6925a5..783791148 100755 --- a/queries/aws_securityhub_standards_control_3.yaml +++ b/queries/aws_securityhub_standards_control_3.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS Security Hub Standards Control data including + details about each security standard control available in an AWS account. ID: aws_securityhub_standards_control_3 -Title: "List AWS Security Hub Standards Control Data Details" -Description: "Allows users to query AWS Security Hub Standards Control data including details about each security standard control available in an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - severity_rating, - count(severity_rating) - from - aws_securityhub_standards_control - group by - severity_rating - order by - severity_rating; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n severity_rating,\n count(severity_rating)\nfrom\n aws_securityhub_standards_control\n\ + group by\n severity_rating\norder by\n severity_rating;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: List AWS Security Hub Standards Control Data Details diff --git a/queries/aws_securityhub_standards_control_4.yaml b/queries/aws_securityhub_standards_control_4.yaml index 04aa953b8..83b214c61 100755 --- a/queries/aws_securityhub_standards_control_4.yaml +++ b/queries/aws_securityhub_standards_control_4.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Security Hub Standards Control data including + details about each security standard control available in an AWS account. ID: aws_securityhub_standards_control_4 -Title: "Find AWS Security Hub Standards Control with High Severity" -Description: "Allows users to query AWS Security Hub Standards Control data including details about each security standard control available in an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - control_id, - control_status, - severity_rating - from - aws_securityhub_standards_control - where - severity_rating = 'HIGH'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n control_id,\n control_status,\n severity_rating\nfrom\n\ + \ aws_securityhub_standards_control\nwhere\n severity_rating = 'HIGH';" Tags: cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find AWS Security Hub Standards Control with High Severity diff --git a/queries/aws_securityhub_standards_control_5.yaml b/queries/aws_securityhub_standards_control_5.yaml index d7de56f4d..a6b5dd63d 100755 --- a/queries/aws_securityhub_standards_control_5.yaml +++ b/queries/aws_securityhub_standards_control_5.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS Security Hub Standards Control data including + details about each security standard control available in an AWS account. ID: aws_securityhub_standards_control_5 -Title: "Find details of AWS Security Hub Standards Control" -Description: "Allows users to query AWS Security Hub Standards Control data including details about each security standard control available in an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - control_id, - control_status, - severity_rating - from - aws_securityhub_standards_control - where - control_status_updated_at >= (now() - interval '30' day); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n control_id,\n control_status,\n severity_rating\nfrom\n\ + \ aws_securityhub_standards_control\nwhere\n control_status_updated_at >= (now()\ + \ - interval '30' day);" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find details of AWS Security Hub Standards Control diff --git a/queries/aws_securityhub_standards_control_6.yaml b/queries/aws_securityhub_standards_control_6.yaml index 4f00d2c6f..3fc8dde6c 100755 --- a/queries/aws_securityhub_standards_control_6.yaml +++ b/queries/aws_securityhub_standards_control_6.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Security Hub Standards Control data including + details about each security standard control available in an AWS account. ID: aws_securityhub_standards_control_6 -Title: "List AWS Security Hub Standards Control Data" -Description: "Allows users to query AWS Security Hub Standards Control data including details about each security standard control available in an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - control_id, - control_status, - severity_rating - from - aws_securityhub_standards_control - where - severity_rating = 'CRITICAL' - and arn like '%cis-aws-foundations-benchmark%'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n control_id,\n control_status,\n severity_rating\nfrom\n\ + \ aws_securityhub_standards_control\nwhere\n severity_rating = 'CRITICAL'\n\ + \ and arn like '%cis-aws-foundations-benchmark%';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Security Hub +Title: List AWS Security Hub Standards Control Data diff --git a/queries/aws_securityhub_standards_control_7.yaml b/queries/aws_securityhub_standards_control_7.yaml index 406c11036..76c143238 100755 --- a/queries/aws_securityhub_standards_control_7.yaml +++ b/queries/aws_securityhub_standards_control_7.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS Security Hub Standards Control data including + details about each security standard control available in an AWS account. ID: aws_securityhub_standards_control_7 -Title: "Find AWS Security Hub Standards Control Details" -Description: "Allows users to query AWS Security Hub Standards Control data including details about each security standard control available in an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - control_id, - r as related_requirements - from - aws_securityhub_standards_control, - jsonb_array_elements_text(related_requirements) as r - where - control_id like '%S3%' - group by - control_id, r - order by - control_id, r; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n control_id,\n r as related_requirements\nfrom\n aws_securityhub_standards_control,\n\ + \ jsonb_array_elements_text(related_requirements) as r\nwhere\n control_id like\ + \ '%S3%'\ngroup by\n control_id, r\norder by\n control_id, r;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find AWS Security Hub Standards Control Details diff --git a/queries/aws_securityhub_standards_control_8.yaml b/queries/aws_securityhub_standards_control_8.yaml index 5a996a411..888719989 100755 --- a/queries/aws_securityhub_standards_control_8.yaml +++ b/queries/aws_securityhub_standards_control_8.yaml @@ -1,30 +1,21 @@ +Description: Allows users to query AWS Security Hub Standards Control data including + details about each security standard control available in an AWS account. ID: aws_securityhub_standards_control_8 -Title: "Find AWS Security Hub Standards Control Data" -Description: "Allows users to query AWS Security Hub Standards Control data including details about each security standard control available in an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r as related_requirements, - control_id - from - aws_securityhub_standards_control, - jsonb_array_elements_text(related_requirements) as r - where - r like '%PCI%' - group by - r, control_id - order by - r, control_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n r as related_requirements,\n control_id\nfrom\n aws_securityhub_standards_control,\n\ + \ jsonb_array_elements_text(related_requirements) as r\nwhere\n r like '%PCI%'\n\ + group by\n r, control_id\norder by\n r, control_id;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find AWS Security Hub Standards Control Data diff --git a/queries/aws_securityhub_standards_subscription_1.yaml b/queries/aws_securityhub_standards_subscription_1.yaml index 5fe676c04..3f123c905 100755 --- a/queries/aws_securityhub_standards_subscription_1.yaml +++ b/queries/aws_securityhub_standards_subscription_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Security Hub Standards Subscriptions, providing + detailed information about each standard subscription in AWS Security Hub. ID: aws_securityhub_standards_subscription_1 -Title: "Find AWS Security Hub Standards Subscription Details" -Description: "Allows users to query AWS Security Hub Standards Subscriptions, providing detailed information about each standard subscription in AWS Security Hub." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - standards_arn, - description, - region - from - aws_securityhub_standards_subscription; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n standards_arn,\n description,\n region\nfrom\n\ + \ aws_securityhub_standards_subscription;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub Standards +Title: Find AWS Security Hub Standards Subscription Details diff --git a/queries/aws_securityhub_standards_subscription_2.yaml b/queries/aws_securityhub_standards_subscription_2.yaml index 81c7b1afe..0e77f2288 100755 --- a/queries/aws_securityhub_standards_subscription_2.yaml +++ b/queries/aws_securityhub_standards_subscription_2.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Security Hub Standards Subscriptions, providing + detailed information about each standard subscription in AWS Security Hub. ID: aws_securityhub_standards_subscription_2 -Title: "List all AWS Security Hub Standards Subscriptions" -Description: "Allows users to query AWS Security Hub Standards Subscriptions, providing detailed information about each standard subscription in AWS Security Hub." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - standards_arn, - enabled_by_default - from - aws_securityhub_standards_subscription - where - enabled_by_default; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n standards_arn,\n enabled_by_default\nfrom\n\ + \ aws_securityhub_standards_subscription\nwhere\n enabled_by_default;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: List all AWS Security Hub Standards Subscriptions diff --git a/queries/aws_securityhub_standards_subscription_3.yaml b/queries/aws_securityhub_standards_subscription_3.yaml index c48ba225b..30097f000 100755 --- a/queries/aws_securityhub_standards_subscription_3.yaml +++ b/queries/aws_securityhub_standards_subscription_3.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS Security Hub Standards Subscriptions, providing + detailed information about each standard subscription in AWS Security Hub. ID: aws_securityhub_standards_subscription_3 -Title: "Find AWS Security Hub Standard Subscriptions Details" -Description: "Allows users to query AWS Security Hub Standards Subscriptions, providing detailed information about each standard subscription in AWS Security Hub." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - standards_arn, - standards_subscription_arn, - standards_status, - standards_status_reason_code - from - aws_securityhub_standards_subscription - where - standards_status <> 'READY'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n standards_arn,\n standards_subscription_arn,\n\ + \ standards_status,\n standards_status_reason_code\nfrom\n aws_securityhub_standards_subscription\n\ + where\n standards_status <> 'READY';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Hub +Title: Find AWS Security Hub Standard Subscriptions Details diff --git a/queries/aws_securityhub_standards_subscription_4.yaml b/queries/aws_securityhub_standards_subscription_4.yaml index a663b0cb1..f8493f092 100755 --- a/queries/aws_securityhub_standards_subscription_4.yaml +++ b/queries/aws_securityhub_standards_subscription_4.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS Security Hub Standards Subscriptions, providing + detailed information about each standard subscription in AWS Security Hub. ID: aws_securityhub_standards_subscription_4 -Title: "Find all AWS Security Hub Standards Subscriptions" -Description: "Allows users to query AWS Security Hub Standards Subscriptions, providing detailed information about each standard subscription in AWS Security Hub." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - standards_arn, - standards_managed_by ->> 'Company' as standards_managed_by_company - from - aws_securityhub_standards_subscription - where - standards_managed_by ->> 'Company' <> 'AWS'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n standards_arn,\n standards_managed_by ->> 'Company'\ + \ as standards_managed_by_company\nfrom\n aws_securityhub_standards_subscription\n\ + where\n standards_managed_by ->> 'Company' <> 'AWS';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Security Hub +Title: Find all AWS Security Hub Standards Subscriptions diff --git a/queries/aws_securitylake_data_lake_1.yaml b/queries/aws_securitylake_data_lake_1.yaml index 0538eb103..12c0f8a4b 100755 --- a/queries/aws_securitylake_data_lake_1.yaml +++ b/queries/aws_securitylake_data_lake_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Lake Formation Data Lakes for information such + as the Data Lake name, creation time, last modified time, and more. ID: aws_securitylake_data_lake_1 -Title: "List all AWS Lake Formation Data Lakes Information" -Description: "Allows users to query AWS Lake Formation Data Lakes for information such as the Data Lake name, creation time, last modified time, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - encryption_key, - replication_role_arn, - s3_bucket_arn, - status - from - aws_securitylake_data_lake; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n encryption_key,\n replication_role_arn,\n s3_bucket_arn,\n\ + \ status\nfrom\n aws_securitylake_data_lake;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lake Formation +Title: List all AWS Lake Formation Data Lakes Information diff --git a/queries/aws_securitylake_data_lake_2.yaml b/queries/aws_securitylake_data_lake_2.yaml index 3661dd949..0484c76f3 100755 --- a/queries/aws_securitylake_data_lake_2.yaml +++ b/queries/aws_securitylake_data_lake_2.yaml @@ -1,32 +1,24 @@ +Description: Allows users to query AWS Lake Formation Data Lakes for information such + as the Data Lake name, creation time, last modified time, and more. ID: aws_securitylake_data_lake_2 -Title: "Find all AWS Lake Formation Data Lakes with Details" -Description: "Allows users to query AWS Lake Formation Data Lakes for information such as the Data Lake name, creation time, last modified time, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - distinct b.name as bucket_name, - l.s3_bucket_arn, - b.creation_date, - b.bucket_policy_is_public, - b.versioning_enabled, - b.block_public_acls - from - aws_securitylake_data_lake as l, - aws_s3_bucket as b - where - l.s3_bucket_arn = b.arn; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n distinct b.name as bucket_name,\n l.s3_bucket_arn,\n\ + \ b.creation_date,\n b.bucket_policy_is_public,\n b.versioning_enabled,\n \ + \ b.block_public_acls\nfrom\n aws_securitylake_data_lake as l,\n aws_s3_bucket\ + \ as b\nwhere\n l.s3_bucket_arn = b.arn;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lake Formation +Title: Find all AWS Lake Formation Data Lakes with Details diff --git a/queries/aws_securitylake_data_lake_3.yaml b/queries/aws_securitylake_data_lake_3.yaml index dddf0f568..12df9c3ea 100755 --- a/queries/aws_securitylake_data_lake_3.yaml +++ b/queries/aws_securitylake_data_lake_3.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS Lake Formation Data Lakes for information such + as the Data Lake name, creation time, last modified time, and more. ID: aws_securitylake_data_lake_3 -Title: "List AWS Lake Formation Data Lakes with Key Details" -Description: "Allows users to query AWS Lake Formation Data Lakes for information such as the Data Lake name, creation time, last modified time, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - l.encryption_key, - l.replication_role_arn, - l.s3_bucket_arn, - l.status, - r ->> 'RetentionPeriod' as retention_period, - r ->> 'StorageClass' as storage_class - from - aws_securitylake_data_lake as l, - jsonb_array_elements(retention_settings) as r; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n l.encryption_key,\n l.replication_role_arn,\n l.s3_bucket_arn,\n\ + \ l.status,\n r ->> 'RetentionPeriod' as retention_period,\n r ->> 'StorageClass'\ + \ as storage_class\nfrom\n aws_securitylake_data_lake as l,\n jsonb_array_elements(retention_settings)\ + \ as r;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lake Formation +Title: List AWS Lake Formation Data Lakes with Key Details diff --git a/queries/aws_securitylake_data_lake_4.yaml b/queries/aws_securitylake_data_lake_4.yaml index 577472329..7a450d9a3 100755 --- a/queries/aws_securitylake_data_lake_4.yaml +++ b/queries/aws_securitylake_data_lake_4.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Lake Formation Data Lakes for information such + as the Data Lake name, creation time, last modified time, and more. ID: aws_securitylake_data_lake_4 -Title: "List all AWS Lake Formation Data Lakes and Details" -Description: "Allows users to query AWS Lake Formation Data Lakes for information such as the Data Lake name, creation time, last modified time, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - encryption_key, - replication_role_arn, - s3_bucket_arn, - status - from - aws_securitylake_data_lake - where - status = 'PENDING'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n encryption_key,\n replication_role_arn,\n s3_bucket_arn,\n\ + \ status\nfrom\n aws_securitylake_data_lake\nwhere\n status = 'PENDING';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Lake Formation +Title: List all AWS Lake Formation Data Lakes and Details diff --git a/queries/aws_securitylake_subscriber_1.yaml b/queries/aws_securitylake_subscriber_1.yaml index 38589ca87..f11311a4e 100755 --- a/queries/aws_securitylake_subscriber_1.yaml +++ b/queries/aws_securitylake_subscriber_1.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS Security Lake Subscriber data, providing information + about each subscriber''s details in the AWS Security Lake service. This includes + subscriber status, endpoint type, and subscription creation time. ID: aws_securitylake_subscriber_1 -Title: "List AWS Security Lake Subscriber Details" -Description: "Allows users to query AWS Security Lake Subscriber data, providing information about each subscriber''s details in the AWS Security Lake service. This includes subscriber status, endpoint type, and subscription creation time." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - subscriber_name, - subscription_id, - created_at, - role_arn, - s3_bucket_arn, - subscription_endpoint - from - aws_securitylake_subscriber; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n subscriber_name,\n subscription_id,\n created_at,\n\ + \ role_arn,\n s3_bucket_arn,\n subscription_endpoint\nfrom\n aws_securitylake_subscriber;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Security Lake +Title: List AWS Security Lake Subscriber Details diff --git a/queries/aws_securitylake_subscriber_2.yaml b/queries/aws_securitylake_subscriber_2.yaml index f0d773703..e0b7fcbf0 100755 --- a/queries/aws_securitylake_subscriber_2.yaml +++ b/queries/aws_securitylake_subscriber_2.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Security Lake Subscriber data, providing information + about each subscriber''s details in the AWS Security Lake service. This includes + subscriber status, endpoint type, and subscription creation time. ID: aws_securitylake_subscriber_2 -Title: "List all AWS Security Lake Subscriber details" -Description: "Allows users to query AWS Security Lake Subscriber data, providing information about each subscriber''s details in the AWS Security Lake service. This includes subscriber status, endpoint type, and subscription creation time." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - subscriber_name, - subscription_id, - created_at, - role_arn, - s3_bucket_arn, - subscription_endpoint - from - aws_securitylake_subscriber - where - created_at <= created_at - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n subscriber_name,\n subscription_id,\n created_at,\n\ + \ role_arn,\n s3_bucket_arn,\n subscription_endpoint\nfrom\n aws_securitylake_subscriber\n\ + where\n created_at <= created_at - interval '30' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Security Lake +Title: List all AWS Security Lake Subscriber details diff --git a/queries/aws_securitylake_subscriber_3.yaml b/queries/aws_securitylake_subscriber_3.yaml index c412eedf0..be7aa854b 100755 --- a/queries/aws_securitylake_subscriber_3.yaml +++ b/queries/aws_securitylake_subscriber_3.yaml @@ -1,34 +1,27 @@ +Description: Allows users to query AWS Security Lake Subscriber data, providing information + about each subscriber''s details in the AWS Security Lake service. This includes + subscriber status, endpoint type, and subscription creation time. ID: aws_securitylake_subscriber_3 -Title: "List AWS Security Lake Subscriber Details and Roles" -Description: "Allows users to query AWS Security Lake Subscriber data, providing information about each subscriber''s details in the AWS Security Lake service. This includes subscriber status, endpoint type, and subscription creation time." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - s.subscriber_name, - s.subscription_id, - r.arn, - r.inline_policies, - r.attached_policy_arns, - r.assume_role_policy - from - aws_securitylake_subscriber as s, - aws_iam_role as r - where - s.role_arn = r.arn; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n s.subscriber_name,\n s.subscription_id,\n r.arn,\n\ + \ r.inline_policies,\n r.attached_policy_arns,\n r.assume_role_policy\nfrom\n\ + \ aws_securitylake_subscriber as s,\n aws_iam_role as r\nwhere\n s.role_arn\ + \ = r.arn;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Lake +Title: List AWS Security Lake Subscriber Details and Roles diff --git a/queries/aws_securitylake_subscriber_4.yaml b/queries/aws_securitylake_subscriber_4.yaml index 1fcd1740b..40c6f0838 100755 --- a/queries/aws_securitylake_subscriber_4.yaml +++ b/queries/aws_securitylake_subscriber_4.yaml @@ -1,32 +1,25 @@ +Description: Allows users to query AWS Security Lake Subscriber data, providing information + about each subscriber''s details in the AWS Security Lake service. This includes + subscriber status, endpoint type, and subscription creation time. ID: aws_securitylake_subscriber_4 -Title: "Find all subscribers in AWS Security Lake with details" -Description: "Allows users to query AWS Security Lake Subscriber data, providing information about each subscriber''s details in the AWS Security Lake service. This includes subscriber status, endpoint type, and subscription creation time." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - s.subscriber_name, - s.subscription_id, - b.arn, - b.event_notification_configuration, - b.server_side_encryption_configuration, - b.acl - from - aws_securitylake_subscriber as s, - aws_s3_bucket as b - where - s.s3_bucket_arn = b.arn; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n s.subscriber_name,\n s.subscription_id,\n b.arn,\n\ + \ b.event_notification_configuration,\n b.server_side_encryption_configuration,\n\ + \ b.acl\nfrom\n aws_securitylake_subscriber as s,\n aws_s3_bucket as b\nwhere\n\ + \ s.s3_bucket_arn = b.arn;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Lake +Title: Find all subscribers in AWS Security Lake with details diff --git a/queries/aws_securitylake_subscriber_5.yaml b/queries/aws_securitylake_subscriber_5.yaml index b668cd344..7b854861d 100755 --- a/queries/aws_securitylake_subscriber_5.yaml +++ b/queries/aws_securitylake_subscriber_5.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS Security Lake Subscriber data, providing information + about each subscriber''s details in the AWS Security Lake service. This includes + subscriber status, endpoint type, and subscription creation time. ID: aws_securitylake_subscriber_5 -Title: "List all AWS Security Lake Subscriber Details" -Description: "Allows users to query AWS Security Lake Subscriber data, providing information about each subscriber''s details in the AWS Security Lake service. This includes subscriber status, endpoint type, and subscription creation time." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - subscriber_name, - created_at, - subscription_status, - s3_bucket_arn, - sns_arn - from - aws_securitylake_subscriber - where - subscription_status <> 'ACTIVE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n subscriber_name,\n created_at,\n subscription_status,\n\ + \ s3_bucket_arn,\n sns_arn\nfrom\n aws_securitylake_subscriber\nwhere\n subscription_status\ + \ <> 'ACTIVE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Security Lake +Title: List all AWS Security Lake Subscriber Details diff --git a/queries/aws_serverlessapplicationrepository_application_1.yaml b/queries/aws_serverlessapplicationrepository_application_1.yaml index 636895aa9..1c9cc521f 100755 --- a/queries/aws_serverlessapplicationrepository_application_1.yaml +++ b/queries/aws_serverlessapplicationrepository_application_1.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS Serverless Application Repository Applications + to fetch details like application name, status, author, description, labels, license + URL, creation time, and more. ID: aws_serverlessapplicationrepository_application_1 -Title: "List AWS Serverless Application Repository Applications" -Description: "Allows users to query AWS Serverless Application Repository Applications to fetch details like application name, status, author, description, labels, license URL, creation time, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - author, - creation_time, - description - from - aws_serverlessapplicationrepository_application; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n author,\n creation_time,\n description\n\ + from\n aws_serverlessapplicationrepository_application;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Serverless Application Repository +Title: List AWS Serverless Application Repository Applications diff --git a/queries/aws_serverlessapplicationrepository_application_2.yaml b/queries/aws_serverlessapplicationrepository_application_2.yaml index 44b8955bb..55cd29573 100755 --- a/queries/aws_serverlessapplicationrepository_application_2.yaml +++ b/queries/aws_serverlessapplicationrepository_application_2.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Serverless Application Repository Applications + to fetch details like application name, status, author, description, labels, license + URL, creation time, and more. ID: aws_serverlessapplicationrepository_application_2 -Title: "List AWS Serverless App Repo Applications by Verified Author" -Description: "Allows users to query AWS Serverless Application Repository Applications to fetch details like application name, status, author, description, labels, license URL, creation time, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - author, - is_verified_author - from - aws_serverlessapplicationrepository_application - where - is_verified_author; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n author,\n is_verified_author\nfrom\n\ + \ aws_serverlessapplicationrepository_application\nwhere\n is_verified_author;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Serverless Application Repository +Title: List AWS Serverless App Repo Applications by Verified Author diff --git a/queries/aws_serverlessapplicationrepository_application_3.yaml b/queries/aws_serverlessapplicationrepository_application_3.yaml index 2ed98d82e..2ccbb09a3 100755 --- a/queries/aws_serverlessapplicationrepository_application_3.yaml +++ b/queries/aws_serverlessapplicationrepository_application_3.yaml @@ -1,27 +1,24 @@ +Description: Allows users to query AWS Serverless Application Repository Applications + to fetch details like application name, status, author, description, labels, license + URL, creation time, and more. ID: aws_serverlessapplicationrepository_application_3 -Title: "List all AWS Serverless Application Repository Applications" -Description: "Allows users to query AWS Serverless Application Repository Applications to fetch details like application name, status, author, description, labels, license URL, creation time, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - jsonb_pretty(statement -> 'Actions') as actions, - jsonb_pretty(statement -> 'PrincipalOrgIDs') as principal_org_ids, - jsonb_pretty(statement -> 'Principals') as principals, - statement ->> 'StatementId' as statement_id - from - aws_serverlessapplicationrepository_application, - jsonb_array_elements(statements) as statement; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n jsonb_pretty(statement -> 'Actions') as actions,\n\ + \ jsonb_pretty(statement -> 'PrincipalOrgIDs') as principal_org_ids,\n jsonb_pretty(statement\ + \ -> 'Principals') as principals,\n statement ->> 'StatementId' as statement_id\n\ + from\n aws_serverlessapplicationrepository_application,\n jsonb_array_elements(statements)\ + \ as statement;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Serverless Application Repository +Title: List all AWS Serverless Application Repository Applications diff --git a/queries/aws_service_discovery_instance_1.yaml b/queries/aws_service_discovery_instance_1.yaml index a0d9bf5e6..a6846dd2b 100755 --- a/queries/aws_service_discovery_instance_1.yaml +++ b/queries/aws_service_discovery_instance_1.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS Cloud Map Service Instances and retrieve detailed + information about each instance associated with a specified service. This information + includes the instance ID, instance attributes, and the health status of the instance. ID: aws_service_discovery_instance_1 -Title: "Find AWS Cloud Map Service Instances and Health Information" -Description: "Allows users to query AWS Cloud Map Service Instances and retrieve detailed information about each instance associated with a specified service. This information includes the instance ID, instance attributes, and the health status of the instance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - service_id, - ec2_instance_id, - attributes - from - aws_service_discovery_instance; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n service_id,\n ec2_instance_id,\n attributes\n\ + from\n aws_service_discovery_instance;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cloud Map +Title: Find AWS Cloud Map Service Instances and Health Information diff --git a/queries/aws_service_discovery_instance_2.yaml b/queries/aws_service_discovery_instance_2.yaml index d75822f62..0eeb76596 100755 --- a/queries/aws_service_discovery_instance_2.yaml +++ b/queries/aws_service_discovery_instance_2.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS Cloud Map Service Instances and retrieve detailed + information about each instance associated with a specified service. This information + includes the instance ID, instance attributes, and the health status of the instance. ID: aws_service_discovery_instance_2 -Title: "Find Unhealthy AWS Cloud Map Service Instances" -Description: "Allows users to query AWS Cloud Map Service Instances and retrieve detailed information about each instance associated with a specified service. This information includes the instance ID, instance attributes, and the health status of the instance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - service_id, - init_health_status - from - aws_service_discovery_instance - where - init_health_status = 'UNHEALTHY'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n service_id,\n init_health_status\nfrom\n aws_service_discovery_instance\n\ + where\n init_health_status = 'UNHEALTHY';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cloud Map Service +Title: Find Unhealthy AWS Cloud Map Service Instances diff --git a/queries/aws_service_discovery_instance_3.yaml b/queries/aws_service_discovery_instance_3.yaml index 21533b48c..5cc7e9dea 100755 --- a/queries/aws_service_discovery_instance_3.yaml +++ b/queries/aws_service_discovery_instance_3.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS Cloud Map Service Instances and retrieve detailed + information about each instance associated with a specified service. This information + includes the instance ID, instance attributes, and the health status of the instance. ID: aws_service_discovery_instance_3 -Title: "List all AWS Cloud Map Service Instances with Details" -Description: "Allows users to query AWS Cloud Map Service Instances and retrieve detailed information about each instance associated with a specified service. This information includes the instance ID, instance attributes, and the health status of the instance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service_id, - count(id) - from - aws_service_discovery_instance - group by - service_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service_id,\n count(id)\nfrom\n aws_service_discovery_instance\n\ + group by\n service_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Cloud Map +Title: List all AWS Cloud Map Service Instances with Details diff --git a/queries/aws_service_discovery_instance_4.yaml b/queries/aws_service_discovery_instance_4.yaml index 325091a61..34058c403 100755 --- a/queries/aws_service_discovery_instance_4.yaml +++ b/queries/aws_service_discovery_instance_4.yaml @@ -1,34 +1,27 @@ +Description: Allows users to query AWS Cloud Map Service Instances and retrieve detailed + information about each instance associated with a specified service. This information + includes the instance ID, instance attributes, and the health status of the instance. ID: aws_service_discovery_instance_4 -Title: "List all AWS Cloud Map Service Instances with Details" -Description: "Allows users to query AWS Cloud Map Service Instances and retrieve detailed information about each instance associated with a specified service. This information includes the instance ID, instance attributes, and the health status of the instance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - i.id, - i.service_id, - s.name as service_name, - s.create_date as service_create_date, - s.namespace_id, - s.type - from - aws_service_discovery_instance as i, - aws_service_discovery_service as s - where - s.id = i.service_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n i.id,\n i.service_id,\n s.name as service_name,\n \ + \ s.create_date as service_create_date,\n s.namespace_id,\n s.type\nfrom\n \ + \ aws_service_discovery_instance as i,\n aws_service_discovery_service as s\n\ + where\n s.id = i.service_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Cloud Map +Title: List all AWS Cloud Map Service Instances with Details diff --git a/queries/aws_service_discovery_instance_5.yaml b/queries/aws_service_discovery_instance_5.yaml index 6f8ea0c2c..b545674c0 100755 --- a/queries/aws_service_discovery_instance_5.yaml +++ b/queries/aws_service_discovery_instance_5.yaml @@ -1,34 +1,25 @@ +Description: Allows users to query AWS Cloud Map Service Instances and retrieve detailed + information about each instance associated with a specified service. This information + includes the instance ID, instance attributes, and the health status of the instance. ID: aws_service_discovery_instance_5 -Title: "List AWS Cloud Map Service Instances and Health Status" -Description: "Allows users to query AWS Cloud Map Service Instances and retrieve detailed information about each instance associated with a specified service. This information includes the instance ID, instance attributes, and the health status of the instance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - i.id, - i.service_id, - i.ec2_instance_id, - ei.instance_type, - ei.instance_state, - ei.launch_time - from - aws_service_discovery_instance as i, - aws_ec2_instance as ei - where - i.ec2_instance_id is not null - and - ei.instance_id = i.ec2_instance_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n i.id,\n i.service_id,\n i.ec2_instance_id,\n ei.instance_type,\n\ + \ ei.instance_state,\n ei.launch_time\nfrom\n aws_service_discovery_instance\ + \ as i,\n aws_ec2_instance as ei\nwhere\n i.ec2_instance_id is not null\nand\n\ + \ ei.instance_id = i.ec2_instance_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cloud Map +Title: List AWS Cloud Map Service Instances and Health Status diff --git a/queries/aws_service_discovery_instance_6.yaml b/queries/aws_service_discovery_instance_6.yaml index 22830ffa1..b31e242e2 100755 --- a/queries/aws_service_discovery_instance_6.yaml +++ b/queries/aws_service_discovery_instance_6.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Cloud Map Service Instances and retrieve detailed + information about each instance associated with a specified service. This information + includes the instance ID, instance attributes, and the health status of the instance. ID: aws_service_discovery_instance_6 -Title: "Find AWS Cloud Map Service Instances and Their Details" -Description: "Allows users to query AWS Cloud Map Service Instances and retrieve detailed information about each instance associated with a specified service. This information includes the instance ID, instance attributes, and the health status of the instance." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - service_id, - ec2_instance_id, - instance_ipv4, - instance_ipv6, - instance_port - from - aws_service_discovery_instance; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n service_id,\n ec2_instance_id,\n instance_ipv4,\n\ + \ instance_ipv6,\n instance_port\nfrom\n aws_service_discovery_instance;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cloud Map +Title: Find AWS Cloud Map Service Instances and Their Details diff --git a/queries/aws_service_discovery_namespace_1.yaml b/queries/aws_service_discovery_namespace_1.yaml index fab85a51b..c27b53b79 100755 --- a/queries/aws_service_discovery_namespace_1.yaml +++ b/queries/aws_service_discovery_namespace_1.yaml @@ -1,26 +1,19 @@ +Description: Allows users to query AWS Cloud Map Service Discovery Namespace to retrieve + details about the namespaces in AWS Cloud Map. ID: aws_service_discovery_namespace_1 -Title: "Find AWS Cloud Map Service Discovery Namespaces" -Description: "Allows users to query AWS Cloud Map Service Discovery Namespace to retrieve details about the namespaces in AWS Cloud Map." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - arn, - type, - region - from - aws_service_discovery_namespace; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n arn,\n type,\n region\nfrom\n aws_service_discovery_namespace;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cloud Map +Title: Find AWS Cloud Map Service Discovery Namespaces diff --git a/queries/aws_service_discovery_namespace_2.yaml b/queries/aws_service_discovery_namespace_2.yaml index b0be2a40d..575b9be3d 100755 --- a/queries/aws_service_discovery_namespace_2.yaml +++ b/queries/aws_service_discovery_namespace_2.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query AWS Cloud Map Service Discovery Namespace to retrieve + details about the namespaces in AWS Cloud Map. ID: aws_service_discovery_namespace_2 -Title: "Find AWS Cloud Map Service Discovery Namespace Details" -Description: "Allows users to query AWS Cloud Map Service Discovery Namespace to retrieve details about the namespaces in AWS Cloud Map." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - arn, - type, - service_count - from - aws_service_discovery_namespace - where - type ilike '%private%'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n arn,\n type,\n service_count\nfrom\n\ + \ aws_service_discovery_namespace\nwhere\n type ilike '%private%';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cloud Map +Title: Find AWS Cloud Map Service Discovery Namespace Details diff --git a/queries/aws_service_discovery_namespace_3.yaml b/queries/aws_service_discovery_namespace_3.yaml index 1d59f4b96..f14d64fe1 100755 --- a/queries/aws_service_discovery_namespace_3.yaml +++ b/queries/aws_service_discovery_namespace_3.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query AWS Cloud Map Service Discovery Namespace to retrieve + details about the namespaces in AWS Cloud Map. ID: aws_service_discovery_namespace_3 -Title: "List all AWS Cloud Map Service Discovery Namespaces" -Description: "Allows users to query AWS Cloud Map Service Discovery Namespace to retrieve details about the namespaces in AWS Cloud Map." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - arn, - type, - service_count - from - aws_service_discovery_namespace - where - type = 'HTTP'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n arn,\n type,\n service_count\nfrom\n\ + \ aws_service_discovery_namespace\nwhere\n type = 'HTTP';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cloud Map +Title: List all AWS Cloud Map Service Discovery Namespaces diff --git a/queries/aws_service_discovery_namespace_4.yaml b/queries/aws_service_discovery_namespace_4.yaml index db1f0f5b3..5b55d4959 100755 --- a/queries/aws_service_discovery_namespace_4.yaml +++ b/queries/aws_service_discovery_namespace_4.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS Cloud Map Service Discovery Namespace to retrieve + details about the namespaces in AWS Cloud Map. ID: aws_service_discovery_namespace_4 -Title: "List all AWS Cloud Map Service Discovery Namespaces" -Description: "Allows users to query AWS Cloud Map Service Discovery Namespace to retrieve details about the namespaces in AWS Cloud Map." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - description, - create_date - from - aws_service_discovery_namespace - where - create_date >= now() - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n description,\n create_date\nfrom\n \ + \ aws_service_discovery_namespace\nwhere\n create_date >= now() - interval '30'\ + \ day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cloud Map Service Discovery +Title: List all AWS Cloud Map Service Discovery Namespaces diff --git a/queries/aws_service_discovery_namespace_5.yaml b/queries/aws_service_discovery_namespace_5.yaml index db99cf83c..e201fc836 100755 --- a/queries/aws_service_discovery_namespace_5.yaml +++ b/queries/aws_service_discovery_namespace_5.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Cloud Map Service Discovery Namespace to retrieve + details about the namespaces in AWS Cloud Map. ID: aws_service_discovery_namespace_5 -Title: "List AWS Cloud Map Service Discovery Namespace Details" -Description: "Allows users to query AWS Cloud Map Service Discovery Namespace to retrieve details about the namespaces in AWS Cloud Map." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - http_properties ->> 'HttpName' as http_name - from - aws_service_discovery_namespace - where - type = 'HTTP'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n http_properties ->> 'HttpName' as http_name\n\ + from\n aws_service_discovery_namespace\nwhere\n type = 'HTTP';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cloud Map +Title: List AWS Cloud Map Service Discovery Namespace Details diff --git a/queries/aws_service_discovery_namespace_6.yaml b/queries/aws_service_discovery_namespace_6.yaml index cefa0d160..52d3362b4 100755 --- a/queries/aws_service_discovery_namespace_6.yaml +++ b/queries/aws_service_discovery_namespace_6.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Cloud Map Service Discovery Namespace to retrieve + details about the namespaces in AWS Cloud Map. ID: aws_service_discovery_namespace_6 -Title: "List AWS Cloud Map Service Discovery Namespaces" -Description: "Allows users to query AWS Cloud Map Service Discovery Namespace to retrieve details about the namespaces in AWS Cloud Map." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - dns_properties ->> 'HostedZoneId' as HostedZoneId, - dns_properties -> 'SOA' ->> 'TTL' as ttl - from - aws_service_discovery_namespace - where - type = 'DNS_PRIVATE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n dns_properties ->> 'HostedZoneId' as\ + \ HostedZoneId,\n dns_properties -> 'SOA' ->> 'TTL' as ttl\nfrom\n aws_service_discovery_namespace\n\ + where\n type = 'DNS_PRIVATE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cloud Map +Title: List AWS Cloud Map Service Discovery Namespaces diff --git a/queries/aws_service_discovery_namespace_7.yaml b/queries/aws_service_discovery_namespace_7.yaml index d4b0901de..6fee003ce 100755 --- a/queries/aws_service_discovery_namespace_7.yaml +++ b/queries/aws_service_discovery_namespace_7.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Cloud Map Service Discovery Namespace to retrieve + details about the namespaces in AWS Cloud Map. ID: aws_service_discovery_namespace_7 -Title: "List all AWS Cloud Map Service Discovery Namespaces" -Description: "Allows users to query AWS Cloud Map Service Discovery Namespace to retrieve details about the namespaces in AWS Cloud Map." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - type, - count(type) - from - aws_service_discovery_namespace - group by - type; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n type,\n count(type)\nfrom\n aws_service_discovery_namespace\n\ + group by\n type;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Cloud Map Service Discovery +Title: List all AWS Cloud Map Service Discovery Namespaces diff --git a/queries/aws_service_discovery_service_1.yaml b/queries/aws_service_discovery_service_1.yaml index d54f6dc18..6f0b3cdd9 100755 --- a/queries/aws_service_discovery_service_1.yaml +++ b/queries/aws_service_discovery_service_1.yaml @@ -1,26 +1,19 @@ +Description: Allows users to query AWS Service Discovery Service to retrieve detailed + information about AWS resources that are registered with AWS Cloud Map. ID: aws_service_discovery_service_1 -Title: "Find AWS Service Discovery Services and Details" -Description: "Allows users to query AWS Service Discovery Service to retrieve detailed information about AWS resources that are registered with AWS Cloud Map." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - arn, - type, - region - from - aws_service_discovery_service; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n arn,\n type,\n region\nfrom\n aws_service_discovery_service;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Service Discovery Service +Title: Find AWS Service Discovery Services and Details diff --git a/queries/aws_service_discovery_service_2.yaml b/queries/aws_service_discovery_service_2.yaml index 362117efb..c9ab0ae7a 100755 --- a/queries/aws_service_discovery_service_2.yaml +++ b/queries/aws_service_discovery_service_2.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query AWS Service Discovery Service to retrieve detailed + information about AWS resources that are registered with AWS Cloud Map. ID: aws_service_discovery_service_2 -Title: "Find AWS Service Discovery Services registered with Cloud Map" -Description: "Allows users to query AWS Service Discovery Service to retrieve detailed information about AWS resources that are registered with AWS Cloud Map." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - arn, - type, - create_date - from - aws_service_discovery_service - where - type ilike '%dns%'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n arn,\n type,\n create_date\nfrom\n\ + \ aws_service_discovery_service\nwhere\n type ilike '%dns%';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Service Discovery +Title: Find AWS Service Discovery Services registered with Cloud Map diff --git a/queries/aws_service_discovery_service_3.yaml b/queries/aws_service_discovery_service_3.yaml index 970393925..c8b7bc6f3 100755 --- a/queries/aws_service_discovery_service_3.yaml +++ b/queries/aws_service_discovery_service_3.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query AWS Service Discovery Service to retrieve detailed + information about AWS resources that are registered with AWS Cloud Map. ID: aws_service_discovery_service_3 -Title: "Find all AWS Cloud Map resources by type" -Description: "Allows users to query AWS Service Discovery Service to retrieve detailed information about AWS resources that are registered with AWS Cloud Map." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - arn, - type, - description - from - aws_service_discovery_service - where - type = 'HTTP'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n arn,\n type,\n description\nfrom\n\ + \ aws_service_discovery_service\nwhere\n type = 'HTTP';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Discovery +Title: Find all AWS Cloud Map resources by type diff --git a/queries/aws_service_discovery_service_4.yaml b/queries/aws_service_discovery_service_4.yaml index c59d1dce3..2d7f22840 100755 --- a/queries/aws_service_discovery_service_4.yaml +++ b/queries/aws_service_discovery_service_4.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS Service Discovery Service to retrieve detailed + information about AWS resources that are registered with AWS Cloud Map. ID: aws_service_discovery_service_4 -Title: "List all AWS Service Discovery Resources in Last 30 Days" -Description: "Allows users to query AWS Service Discovery Service to retrieve detailed information about AWS resources that are registered with AWS Cloud Map." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - description, - create_date - from - aws_service_discovery_service - where - create_date >= now() - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n description,\n create_date\nfrom\n \ + \ aws_service_discovery_service\nwhere\n create_date >= now() - interval '30'\ + \ day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Discovery +Title: List all AWS Service Discovery Resources in Last 30 Days diff --git a/queries/aws_service_discovery_service_5.yaml b/queries/aws_service_discovery_service_5.yaml index 8293b7a84..4b051ed1d 100755 --- a/queries/aws_service_discovery_service_5.yaml +++ b/queries/aws_service_discovery_service_5.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Service Discovery Service to retrieve detailed + information about AWS resources that are registered with AWS Cloud Map. ID: aws_service_discovery_service_5 -Title: "Find Details of Registered AWS resources Using SQL" -Description: "Allows users to query AWS Service Discovery Service to retrieve detailed information about AWS resources that are registered with AWS Cloud Map." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - type, - count(type) - from - aws_service_discovery_service - group by - type; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n type,\n count(type)\nfrom\n aws_service_discovery_service\n\ + group by\n type;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Discovery +Title: Find Details of Registered AWS resources Using SQL diff --git a/queries/aws_service_discovery_service_6.yaml b/queries/aws_service_discovery_service_6.yaml index a12be8df3..3482fcb27 100755 --- a/queries/aws_service_discovery_service_6.yaml +++ b/queries/aws_service_discovery_service_6.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS Service Discovery Service to retrieve detailed + information about AWS resources that are registered with AWS Cloud Map. ID: aws_service_discovery_service_6 -Title: "Find all AWS resources registered with Cloud Map" -Description: "Allows users to query AWS Service Discovery Service to retrieve detailed information about AWS resources that are registered with AWS Cloud Map." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - health_check_config ->> 'Type' as health_check_type, - health_check_config ->> 'FailureThreshold' as failure_threshold, - health_check_config ->> 'ResourcePath' as resource_path - from - aws_service_discovery_service; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n health_check_config ->> 'Type' as health_check_type,\n\ + \ health_check_config ->> 'FailureThreshold' as failure_threshold,\n health_check_config\ + \ ->> 'ResourcePath' as resource_path\nfrom\n aws_service_discovery_service;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Discovery +Title: Find all AWS resources registered with Cloud Map diff --git a/queries/aws_service_discovery_service_7.yaml b/queries/aws_service_discovery_service_7.yaml index 42954aa55..031ab7cd4 100755 --- a/queries/aws_service_discovery_service_7.yaml +++ b/queries/aws_service_discovery_service_7.yaml @@ -1,24 +1,20 @@ +Description: Allows users to query AWS Service Discovery Service to retrieve detailed + information about AWS resources that are registered with AWS Cloud Map. ID: aws_service_discovery_service_7 -Title: "Find AWS Service Discovery Service Resource Details" -Description: "Allows users to query AWS Service Discovery Service to retrieve detailed information about AWS resources that are registered with AWS Cloud Map." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - health_check_custom_config ->> 'FailureThreshold' as failure_threshold - from - aws_service_discovery_service; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n health_check_custom_config ->> 'FailureThreshold'\ + \ as failure_threshold\nfrom\n aws_service_discovery_service;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Discovery +Title: Find AWS Service Discovery Service Resource Details diff --git a/queries/aws_service_discovery_service_8.yaml b/queries/aws_service_discovery_service_8.yaml index 3fca40233..01a8f6826 100755 --- a/queries/aws_service_discovery_service_8.yaml +++ b/queries/aws_service_discovery_service_8.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS Service Discovery Service to retrieve detailed + information about AWS resources that are registered with AWS Cloud Map. ID: aws_service_discovery_service_8 -Title: "List all AWS Service Discovery resources using SQL" -Description: "Allows users to query AWS Service Discovery Service to retrieve detailed information about AWS resources that are registered with AWS Cloud Map." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - s.name, - s.id, - s.namespace_id, - n.service_count, - n.type as namespace_type, - n.dns_properties - from - aws_service_discovery_service as s, - aws_service_discovery_namespace as n; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n s.name,\n s.id,\n s.namespace_id,\n n.service_count,\n\ + \ n.type as namespace_type,\n n.dns_properties\nfrom\n aws_service_discovery_service\ + \ as s,\n aws_service_discovery_namespace as n;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Service Discovery +Title: List all AWS Service Discovery resources using SQL diff --git a/queries/aws_servicecatalog_portfolio_1.yaml b/queries/aws_servicecatalog_portfolio_1.yaml index 9a0b66a36..a4b81d3c1 100755 --- a/queries/aws_servicecatalog_portfolio_1.yaml +++ b/queries/aws_servicecatalog_portfolio_1.yaml @@ -1,28 +1,27 @@ +Description: Allows users to query AWS Service Catalog Portfolios. The aws_servicecatalog_portfolio + table in Steampipe provides information about portfolios within AWS Service Catalog. + This table allows DevOps engineers to query portfolio-specific details, including + owner, description, created time, and associated metadata. Users can utilize this + table to gather insights on portfolios, such as portfolio details, associated products, + and more. The schema outlines the various attributes of the portfolio, including + the portfolio ARN, creation date, and associated tags. ID: aws_servicecatalog_portfolio_1 -Title: "List Service Catalog Portfolios in AWS" -Description: "Allows users to query AWS Service Catalog Portfolios. The aws_servicecatalog_portfolio table in Steampipe provides information about portfolios within AWS Service Catalog. This table allows DevOps engineers to query portfolio-specific details, including owner, description, created time, and associated metadata. Users can utilize this table to gather insights on portfolios, such as portfolio details, associated products, and more. The schema outlines the various attributes of the portfolio, including the portfolio ARN, creation date, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - display_name, - id, - arn, - region, - akas - from - aws_servicecatalog_portfolio; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n display_name,\n id,\n arn,\n region,\n akas\nfrom\n\ + \ aws_servicecatalog_portfolio;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Service Catalog +Title: List Service Catalog Portfolios in AWS diff --git a/queries/aws_servicecatalog_portfolio_2.yaml b/queries/aws_servicecatalog_portfolio_2.yaml index 05625bf28..a217f0c9d 100755 --- a/queries/aws_servicecatalog_portfolio_2.yaml +++ b/queries/aws_servicecatalog_portfolio_2.yaml @@ -1,29 +1,27 @@ +Description: Allows users to query AWS Service Catalog Portfolios. The aws_servicecatalog_portfolio + table in Steampipe provides information about portfolios within AWS Service Catalog. + This table allows DevOps engineers to query portfolio-specific details, including + owner, description, created time, and associated metadata. Users can utilize this + table to gather insights on portfolios, such as portfolio details, associated products, + and more. The schema outlines the various attributes of the portfolio, including + the portfolio ARN, creation date, and associated tags. ID: aws_servicecatalog_portfolio_2 -Title: "Find AWS Service Catalog Portfolio Details" -Description: "Allows users to query AWS Service Catalog Portfolios. The aws_servicecatalog_portfolio table in Steampipe provides information about portfolios within AWS Service Catalog. This table allows DevOps engineers to query portfolio-specific details, including owner, description, created time, and associated metadata. Users can utilize this table to gather insights on portfolios, such as portfolio details, associated products, and more. The schema outlines the various attributes of the portfolio, including the portfolio ARN, creation date, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - display_name, - id, - description, - provider_name - from - aws_servicecatalog_portfolio - where - provider_name = 'my-portfolio'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n display_name,\n id,\n description,\n provider_name\n\ + from\n aws_servicecatalog_portfolio\nwhere\n provider_name = 'my-portfolio';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Catalog +Title: Find AWS Service Catalog Portfolio Details diff --git a/queries/aws_servicecatalog_portfolio_3.yaml b/queries/aws_servicecatalog_portfolio_3.yaml index a52bb7794..570257286 100755 --- a/queries/aws_servicecatalog_portfolio_3.yaml +++ b/queries/aws_servicecatalog_portfolio_3.yaml @@ -1,29 +1,28 @@ +Description: Allows users to query AWS Service Catalog Portfolios. The aws_servicecatalog_portfolio + table in Steampipe provides information about portfolios within AWS Service Catalog. + This table allows DevOps engineers to query portfolio-specific details, including + owner, description, created time, and associated metadata. Users can utilize this + table to gather insights on portfolios, such as portfolio details, associated products, + and more. The schema outlines the various attributes of the portfolio, including + the portfolio ARN, creation date, and associated tags. ID: aws_servicecatalog_portfolio_3 -Title: "Find AWS Service Catalog Portfolio Details in Last 30 Days" -Description: "Allows users to query AWS Service Catalog Portfolios. The aws_servicecatalog_portfolio table in Steampipe provides information about portfolios within AWS Service Catalog. This table allows DevOps engineers to query portfolio-specific details, including owner, description, created time, and associated metadata. Users can utilize this table to gather insights on portfolios, such as portfolio details, associated products, and more. The schema outlines the various attributes of the portfolio, including the portfolio ARN, creation date, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - display_name, - id, - description, - created_time - from - aws_servicecatalog_portfolio - where - created_time >= now() - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n display_name,\n id,\n description,\n created_time\n\ + from\n aws_servicecatalog_portfolio\nwhere\n created_time >= now() - interval\ + \ '30' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Catalog +Title: Find AWS Service Catalog Portfolio Details in Last 30 Days diff --git a/queries/aws_servicecatalog_portfolio_4.yaml b/queries/aws_servicecatalog_portfolio_4.yaml index 4c2cb9a23..4d46ada7b 100755 --- a/queries/aws_servicecatalog_portfolio_4.yaml +++ b/queries/aws_servicecatalog_portfolio_4.yaml @@ -1,27 +1,28 @@ +Description: Allows users to query AWS Service Catalog Portfolios. The aws_servicecatalog_portfolio + table in Steampipe provides information about portfolios within AWS Service Catalog. + This table allows DevOps engineers to query portfolio-specific details, including + owner, description, created time, and associated metadata. Users can utilize this + table to gather insights on portfolios, such as portfolio details, associated products, + and more. The schema outlines the various attributes of the portfolio, including + the portfolio ARN, creation date, and associated tags. ID: aws_servicecatalog_portfolio_4 -Title: "Find AWS Service Catalog Portfolio Details Using SQL" -Description: "Allows users to query AWS Service Catalog Portfolios. The aws_servicecatalog_portfolio table in Steampipe provides information about portfolios within AWS Service Catalog. This table allows DevOps engineers to query portfolio-specific details, including owner, description, created time, and associated metadata. Users can utilize this table to gather insights on portfolios, such as portfolio details, associated products, and more. The schema outlines the various attributes of the portfolio, including the portfolio ARN, creation date, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - sp.display_name, - sp.id, - b ->> 'BudgetName' as budget_name - from - aws_servicecatalog_portfolio as sp, - jsonb_array_elements(budgets) as b; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n sp.display_name,\n sp.id,\n b ->> 'BudgetName' as budget_name\n\ + from\n aws_servicecatalog_portfolio as sp,\n jsonb_array_elements(budgets) as\ + \ b;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Catalog +Title: Find AWS Service Catalog Portfolio Details Using SQL diff --git a/queries/aws_servicecatalog_product_1.yaml b/queries/aws_servicecatalog_product_1.yaml index 53afd3f0e..4b8b90d38 100755 --- a/queries/aws_servicecatalog_product_1.yaml +++ b/queries/aws_servicecatalog_product_1.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query AWS Service Catalog Product data including product + details, owner, type, and associated metadata. ID: aws_servicecatalog_product_1 -Title: "List all AWS Service Catalog Product Details and Metadata" -Description: "Allows users to query AWS Service Catalog Product data including product details, owner, type, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - product_id, - type, - akas, - support_url, - support_email - from - aws_servicecatalog_product; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n product_id,\n type,\n akas,\n support_url,\n\ + \ support_email\nfrom\n aws_servicecatalog_product;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Catalog +Title: List all AWS Service Catalog Product Details and Metadata diff --git a/queries/aws_servicecatalog_product_2.yaml b/queries/aws_servicecatalog_product_2.yaml index 899d8d71f..d07274293 100755 --- a/queries/aws_servicecatalog_product_2.yaml +++ b/queries/aws_servicecatalog_product_2.yaml @@ -1,30 +1,20 @@ +Description: Allows users to query AWS Service Catalog Product data including product + details, owner, type, and associated metadata. ID: aws_servicecatalog_product_2 -Title: "Find all AWS Service Catalog Product Details" -Description: "Allows users to query AWS Service Catalog Product data including product details, owner, type, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - product_id, - type, - distributor, - owner, - has_default_path - from - aws_servicecatalog_product - where - has_default_path; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n product_id,\n type,\n distributor,\n\ + \ owner,\n has_default_path\nfrom\n aws_servicecatalog_product\nwhere\n has_default_path;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Catalog +Title: Find all AWS Service Catalog Product Details diff --git a/queries/aws_servicecatalog_product_3.yaml b/queries/aws_servicecatalog_product_3.yaml index 455994e3a..4c1deb899 100755 --- a/queries/aws_servicecatalog_product_3.yaml +++ b/queries/aws_servicecatalog_product_3.yaml @@ -1,29 +1,20 @@ +Description: Allows users to query AWS Service Catalog Product data including product + details, owner, type, and associated metadata. ID: aws_servicecatalog_product_3 -Title: "Find all AWS Service Catalog Product Details with Metadata" -Description: "Allows users to query AWS Service Catalog Product data including product details, owner, type, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - product_id, - type, - support_url, - support_description - from - aws_servicecatalog_product - where - type = 'MARKETPLACE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n product_id,\n type,\n support_url,\n\ + \ support_description\nfrom\n aws_servicecatalog_product\nwhere\n type = 'MARKETPLACE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Catalog +Title: Find all AWS Service Catalog Product Details with Metadata diff --git a/queries/aws_servicecatalog_product_4.yaml b/queries/aws_servicecatalog_product_4.yaml index 43b883839..4604dae86 100755 --- a/queries/aws_servicecatalog_product_4.yaml +++ b/queries/aws_servicecatalog_product_4.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS Service Catalog Product data including product + details, owner, type, and associated metadata. ID: aws_servicecatalog_product_4 -Title: "List all AWS Service Catalog Product details" -Description: "Allows users to query AWS Service Catalog Product data including product details, owner, type, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - sp.name, - sp.id, - sp.owner, - sp.product_id, - sp.short_description, - b ->> 'BudgetName' as budget_name - from - aws_servicecatalog_product as sp, - jsonb_array_elements(budgets) as b; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n sp.name,\n sp.id,\n sp.owner,\n sp.product_id,\n \ + \ sp.short_description,\n b ->> 'BudgetName' as budget_name\nfrom\n aws_servicecatalog_product\ + \ as sp,\n jsonb_array_elements(budgets) as b;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Catalog +Title: List all AWS Service Catalog Product details diff --git a/queries/aws_servicecatalog_product_5.yaml b/queries/aws_servicecatalog_product_5.yaml index a4c64d093..4c585076f 100755 --- a/queries/aws_servicecatalog_product_5.yaml +++ b/queries/aws_servicecatalog_product_5.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS Service Catalog Product data including product + details, owner, type, and associated metadata. ID: aws_servicecatalog_product_5 -Title: "List all AWS Service Catalog Product Details" -Description: "Allows users to query AWS Service Catalog Product data including product details, owner, type, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - owner, - short_description, - l ->> 'Id' as launch_path_id, - l ->> 'Name' as launch_path_name - from - aws_servicecatalog_product, - jsonb_array_elements(launch_paths) as l; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n owner,\n short_description,\n l ->>\ + \ 'Id' as launch_path_id,\n l ->> 'Name' as launch_path_name\nfrom\n aws_servicecatalog_product,\n\ + \ jsonb_array_elements(launch_paths) as l;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Catalog +Title: List all AWS Service Catalog Product Details diff --git a/queries/aws_servicecatalog_product_6.yaml b/queries/aws_servicecatalog_product_6.yaml index 24cb69d7b..1f5641ebb 100755 --- a/queries/aws_servicecatalog_product_6.yaml +++ b/queries/aws_servicecatalog_product_6.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Service Catalog Product data including product + details, owner, type, and associated metadata. ID: aws_servicecatalog_product_6 -Title: "List AWS Service Catalog Product Data Including Details and Metadata" -Description: "Allows users to query AWS Service Catalog Product data including product details, owner, type, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - p ->> 'Id' as provisioning_artifact_id, - p ->> 'Name' as provisioning_artifact_name, - p ->> 'CreatedTime' as provisioning_artifact_created_time, - p ->> 'Description' as provisioning_artifact_description, - p ->> 'Guidance' as provisioning_artifact_guidance - from - aws_servicecatalog_product, - jsonb_array_elements(provisioning_artifacts) as p; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n p ->> 'Id' as provisioning_artifact_id,\n\ + \ p ->> 'Name' as provisioning_artifact_name,\n p ->> 'CreatedTime' as provisioning_artifact_created_time,\n\ + \ p ->> 'Description' as provisioning_artifact_description,\n p ->> 'Guidance'\ + \ as provisioning_artifact_guidance\nfrom\n aws_servicecatalog_product,\n jsonb_array_elements(provisioning_artifacts)\ + \ as p;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Catalog +Title: List AWS Service Catalog Product Data Including Details and Metadata diff --git a/queries/aws_servicecatalog_provisioned_product_1.yaml b/queries/aws_servicecatalog_provisioned_product_1.yaml index 8907c4a1e..2d24993a5 100755 --- a/queries/aws_servicecatalog_provisioned_product_1.yaml +++ b/queries/aws_servicecatalog_provisioned_product_1.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query AWS Service Catalog Provisioned Product data including + product details, owner, type, and associated metadata. ID: aws_servicecatalog_provisioned_product_1 -Title: "Find AWS Service Catalog Provisioned Product Details" -Description: "Allows users to query AWS Service Catalog Provisioned Product data including product details, owner, type, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - arn, - type, - product_id, - status, - created_time, - last_provisioning_record_id - from - aws_servicecatalog_provisioned_product; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n arn,\n type,\n product_id,\n status,\n\ + \ created_time,\n last_provisioning_record_id\nfrom\n aws_servicecatalog_provisioned_product;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Catalog +Title: Find AWS Service Catalog Provisioned Product Details diff --git a/queries/aws_servicecatalog_provisioned_product_2.yaml b/queries/aws_servicecatalog_provisioned_product_2.yaml index 1d14dd344..a9ed266cf 100755 --- a/queries/aws_servicecatalog_provisioned_product_2.yaml +++ b/queries/aws_servicecatalog_provisioned_product_2.yaml @@ -1,35 +1,23 @@ +Description: Allows users to query AWS Service Catalog Provisioned Product data including + product details, owner, type, and associated metadata. ID: aws_servicecatalog_provisioned_product_2 -Title: "Find all AWS Service Catalog Provisioned Product details" -Description: "Allows users to query AWS Service Catalog Provisioned Product data including product details, owner, type, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - arn, - type, - product_id, - status, - created_time, - last_provisioning_record_id - from - aws_servicecatalog_provisioned_product - where - created_time >= (current_date - interval '7' day) - order by - created_time; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n arn,\n type,\n product_id,\n status,\n\ + \ created_time,\n last_provisioning_record_id\nfrom\n aws_servicecatalog_provisioned_product\n\ + where\n created_time >= (current_date - interval '7' day)\norder by\n created_time;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Catalog +Title: Find all AWS Service Catalog Provisioned Product details diff --git a/queries/aws_servicecatalog_provisioned_product_3.yaml b/queries/aws_servicecatalog_provisioned_product_3.yaml index 52ba7b0dc..fe4724aab 100755 --- a/queries/aws_servicecatalog_provisioned_product_3.yaml +++ b/queries/aws_servicecatalog_provisioned_product_3.yaml @@ -1,33 +1,23 @@ +Description: Allows users to query AWS Service Catalog Provisioned Product data including + product details, owner, type, and associated metadata. ID: aws_servicecatalog_provisioned_product_3 -Title: "List AWS Service Catalog Provisioned Products with Details" -Description: "Allows users to query AWS Service Catalog Provisioned Product data including product details, owner, type, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - arn, - type, - product_id, - status, - created_time, - last_provisioning_record_id - from - aws_servicecatalog_provisioned_product - where - last_successful_provisioning_record_id is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n arn,\n type,\n product_id,\n status,\n\ + \ created_time,\n last_provisioning_record_id\nfrom\n aws_servicecatalog_provisioned_product\n\ + where\n last_successful_provisioning_record_id is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Catalog +Title: List AWS Service Catalog Provisioned Products with Details diff --git a/queries/aws_servicecatalog_provisioned_product_4.yaml b/queries/aws_servicecatalog_provisioned_product_4.yaml index 4c2aef01d..6dcfa44e1 100755 --- a/queries/aws_servicecatalog_provisioned_product_4.yaml +++ b/queries/aws_servicecatalog_provisioned_product_4.yaml @@ -1,34 +1,26 @@ +Description: Allows users to query AWS Service Catalog Provisioned Product data including + product details, owner, type, and associated metadata. ID: aws_servicecatalog_provisioned_product_4 -Title: "List all AWS Service Catalog Provisioned Product details" -Description: "Allows users to query AWS Service Catalog Provisioned Product data including product details, owner, type, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - pr.id as provisioning_id, - p.name as product_name, - p.id as product_view_id, - p.product_id, - p.type as product_type, - p.support_url as product_support_url, - p.support_email as product_support_email - from - aws_servicecatalog_provisioned_product as pr, - aws_servicecatalog_product as p - where - pr.product_id = p.product_id - and last_successful_provisioning_record_id is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n pr.id as provisioning_id,\n p.name as product_name,\n\ + \ p.id as product_view_id,\n p.product_id,\n p.type as product_type,\n p.support_url\ + \ as product_support_url,\n p.support_email as product_support_email\nfrom\n\ + \ aws_servicecatalog_provisioned_product as pr,\n aws_servicecatalog_product\ + \ as p\nwhere\n pr.product_id = p.product_id\n and last_successful_provisioning_record_id\ + \ is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Catalog +Title: List all AWS Service Catalog Provisioned Product details diff --git a/queries/aws_servicecatalog_provisioned_product_5.yaml b/queries/aws_servicecatalog_provisioned_product_5.yaml index 03b1d4c1a..77f3e483d 100755 --- a/queries/aws_servicecatalog_provisioned_product_5.yaml +++ b/queries/aws_servicecatalog_provisioned_product_5.yaml @@ -1,34 +1,24 @@ +Description: Allows users to query AWS Service Catalog Provisioned Product data including + product details, owner, type, and associated metadata. ID: aws_servicecatalog_provisioned_product_5 -Title: "List AWS Service Catalog Provisioned Product Details" -Description: "Allows users to query AWS Service Catalog Provisioned Product data including product details, owner, type, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - arn, - type, - product_id, - status, - created_time, - last_provisioning_record_id - from - aws_servicecatalog_provisioned_product - where - type = 'CFN_STACK' - and last_successful_provisioning_record_id is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n arn,\n type,\n product_id,\n status,\n\ + \ created_time,\n last_provisioning_record_id\nfrom\n aws_servicecatalog_provisioned_product\n\ + where\n type = 'CFN_STACK'\n and last_successful_provisioning_record_id is not\ + \ null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Catalog +Title: List AWS Service Catalog Provisioned Product Details diff --git a/queries/aws_servicequotas_default_service_quota_1.yaml b/queries/aws_servicequotas_default_service_quota_1.yaml index 613bfd43d..3229952c4 100755 --- a/queries/aws_servicequotas_default_service_quota_1.yaml +++ b/queries/aws_servicequotas_default_service_quota_1.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS Service Quotas Default Service Quota to retrieve + information about the default values of service quotas for AWS services. ID: aws_servicequotas_default_service_quota_1 -Title: "List all AWS Service Quotas Default Values" -Description: "Allows users to query AWS Service Quotas Default Service Quota to retrieve information about the default values of service quotas for AWS services." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - quota_name, - quota_code, - quota_arn, - service_name, - service_code, - value - from - aws_servicequotas_default_service_quota; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n quota_name,\n quota_code,\n quota_arn,\n service_name,\n\ + \ service_code,\n value\nfrom\n aws_servicequotas_default_service_quota;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Quotas +Title: List all AWS Service Quotas Default Values diff --git a/queries/aws_servicequotas_default_service_quota_2.yaml b/queries/aws_servicequotas_default_service_quota_2.yaml index fb8e2c33f..e94001042 100755 --- a/queries/aws_servicequotas_default_service_quota_2.yaml +++ b/queries/aws_servicequotas_default_service_quota_2.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query AWS Service Quotas Default Service Quota to retrieve + information about the default values of service quotas for AWS services. ID: aws_servicequotas_default_service_quota_2 -Title: "List all Default AWS Service Quotas using SQL" -Description: "Allows users to query AWS Service Quotas Default Service Quota to retrieve information about the default values of service quotas for AWS services." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - quota_name, - quota_code, - quota_arn, - service_name, - service_code, - value - from - aws_servicequotas_default_service_quota - where - global_quota; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n quota_name,\n quota_code,\n quota_arn,\n service_name,\n\ + \ service_code,\n value\nfrom\n aws_servicequotas_default_service_quota\nwhere\n\ + \ global_quota;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Quotas +Title: List all Default AWS Service Quotas using SQL diff --git a/queries/aws_servicequotas_default_service_quota_3.yaml b/queries/aws_servicequotas_default_service_quota_3.yaml index 8ce6a85d6..f46e6c397 100755 --- a/queries/aws_servicequotas_default_service_quota_3.yaml +++ b/queries/aws_servicequotas_default_service_quota_3.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query AWS Service Quotas Default Service Quota to retrieve + information about the default values of service quotas for AWS services. ID: aws_servicequotas_default_service_quota_3 -Title: "Find AWS Default Service Quotas for Services" -Description: "Allows users to query AWS Service Quotas Default Service Quota to retrieve information about the default values of service quotas for AWS services." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - quota_name, - quota_code, - quota_arn, - service_name, - service_code, - value - from - aws_servicequotas_default_service_quota - where - service_code = 'athena'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n quota_name,\n quota_code,\n quota_arn,\n service_name,\n\ + \ service_code,\n value\nfrom\n aws_servicequotas_default_service_quota\nwhere\n\ + \ service_code = 'athena';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Quotas +Title: Find AWS Default Service Quotas for Services diff --git a/queries/aws_servicequotas_service_1.yaml b/queries/aws_servicequotas_service_1.yaml index 10e60c5a3..192bc96de 100755 --- a/queries/aws_servicequotas_service_1.yaml +++ b/queries/aws_servicequotas_service_1.yaml @@ -1,23 +1,19 @@ +Description: Allows users to query AWS Service Quotas services, providing detailed + information about each service''s code and name. ID: aws_servicequotas_service_1 -Title: "List all AWS Service Quotas with detailed service info" -Description: "Allows users to query AWS Service Quotas services, providing detailed information about each service''s code and name." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select distinct - service_code, - service_name - from - aws_servicequotas_service; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select distinct\n service_code,\n service_name\nfrom\n aws_servicequotas_service;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Quotas +Title: List all AWS Service Quotas with detailed service info diff --git a/queries/aws_servicequotas_service_2.yaml b/queries/aws_servicequotas_service_2.yaml index 377d97c83..79552e17b 100755 --- a/queries/aws_servicequotas_service_2.yaml +++ b/queries/aws_servicequotas_service_2.yaml @@ -1,24 +1,20 @@ +Description: Allows users to query AWS Service Quotas services, providing detailed + information about each service''s code and name. ID: aws_servicequotas_service_2 -Title: "Find AWS Service Quota Service Codes for CloudTrail" -Description: "Allows users to query AWS Service Quotas services, providing detailed information about each service''s code and name." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select distinct - service_code - from - aws_servicequotas_service - where - service_name = 'AWS CloudTrail'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select distinct\n service_code\nfrom\n aws_servicequotas_service\n\ + where\n service_name = 'AWS CloudTrail';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Quotas +Title: Find AWS Service Quota Service Codes for CloudTrail diff --git a/queries/aws_servicequotas_service_quota_1.yaml b/queries/aws_servicequotas_service_quota_1.yaml index 67d600199..950597030 100755 --- a/queries/aws_servicequotas_service_quota_1.yaml +++ b/queries/aws_servicequotas_service_quota_1.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Service Quotas, providing detailed information + about each quota''s value, default value, and whether it''s adjustable. ID: aws_servicequotas_service_quota_1 -Title: "List all AWS Service Quotas with Values and Details" -Description: "Allows users to query AWS Service Quotas, providing detailed information about each quota''s value, default value, and whether it''s adjustable." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - quota_name, - quota_code, - quota_arn, - service_name, - service_code, - value - from - aws_servicequotas_service_quota; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n quota_name,\n quota_code,\n quota_arn,\n service_name,\n\ + \ service_code,\n value\nfrom\n aws_servicequotas_service_quota;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Quotas +Title: List all AWS Service Quotas with Values and Details diff --git a/queries/aws_servicequotas_service_quota_2.yaml b/queries/aws_servicequotas_service_quota_2.yaml index 5860dfa6b..b0f8ab47c 100755 --- a/queries/aws_servicequotas_service_quota_2.yaml +++ b/queries/aws_servicequotas_service_quota_2.yaml @@ -1,29 +1,20 @@ +Description: Allows users to query AWS Service Quotas, providing detailed information + about each quota''s value, default value, and whether it''s adjustable. ID: aws_servicequotas_service_quota_2 -Title: "Find AWS Service Quotas with Details on Values" -Description: "Allows users to query AWS Service Quotas, providing detailed information about each quota''s value, default value, and whether it''s adjustable." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - quota_name, - quota_code, - quota_arn, - service_name, - service_code, - value - from - aws_servicequotas_service_quota - where - global_quota; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n quota_name,\n quota_code,\n quota_arn,\n service_name,\n\ + \ service_code,\n value\nfrom\n aws_servicequotas_service_quota\nwhere\n global_quota;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Quotas +Title: Find AWS Service Quotas with Details on Values diff --git a/queries/aws_servicequotas_service_quota_3.yaml b/queries/aws_servicequotas_service_quota_3.yaml index 74db90541..47d455448 100755 --- a/queries/aws_servicequotas_service_quota_3.yaml +++ b/queries/aws_servicequotas_service_quota_3.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS Service Quotas, providing detailed information + about each quota''s value, default value, and whether it''s adjustable. ID: aws_servicequotas_service_quota_3 -Title: "Find AWS Service Quotas for Specific Services" -Description: "Allows users to query AWS Service Quotas, providing detailed information about each quota''s value, default value, and whether it''s adjustable." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - quota_name, - quota_code, - quota_arn, - service_name, - service_code, - value - from - aws_servicequotas_service_quota - where - service_code = 'athena'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n quota_name,\n quota_code,\n quota_arn,\n service_name,\n\ + \ service_code,\n value\nfrom\n aws_servicequotas_service_quota\nwhere\n service_code\ + \ = 'athena';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Quotas +Title: Find AWS Service Quotas for Specific Services diff --git a/queries/aws_servicequotas_service_quota_change_request_1.yaml b/queries/aws_servicequotas_service_quota_change_request_1.yaml index fae1d5268..c9b6a0f9f 100755 --- a/queries/aws_servicequotas_service_quota_change_request_1.yaml +++ b/queries/aws_servicequotas_service_quota_change_request_1.yaml @@ -1,27 +1,19 @@ +Description: Allows users to query AWS Service Quotas change requests. ID: aws_servicequotas_service_quota_change_request_1 -Title: "Find All AWS Service Quotas Change Requests" -Description: "Allows users to query AWS Service Quotas change requests." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - case_id, - status, - quota_name, - quota_code, - desired_value - from - aws_servicequotas_service_quota_change_request; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n case_id,\n status,\n quota_name,\n quota_code,\n\ + \ desired_value\nfrom\n aws_servicequotas_service_quota_change_request;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Quotas +Title: Find All AWS Service Quotas Change Requests diff --git a/queries/aws_servicequotas_service_quota_change_request_2.yaml b/queries/aws_servicequotas_service_quota_change_request_2.yaml index 5495d1f6e..f4c131963 100755 --- a/queries/aws_servicequotas_service_quota_change_request_2.yaml +++ b/queries/aws_servicequotas_service_quota_change_request_2.yaml @@ -1,29 +1,20 @@ +Description: Allows users to query AWS Service Quotas change requests. ID: aws_servicequotas_service_quota_change_request_2 -Title: "Find AWS Service Quota Change Requests Statuses" -Description: "Allows users to query AWS Service Quotas change requests." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - case_id, - status, - quota_name, - quota_code, - desired_value - from - aws_servicequotas_service_quota_change_request - where - status = 'DENIED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n case_id,\n status,\n quota_name,\n quota_code,\n\ + \ desired_value\nfrom\n aws_servicequotas_service_quota_change_request\nwhere\n\ + \ status = 'DENIED';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Quotas +Title: Find AWS Service Quota Change Requests Statuses diff --git a/queries/aws_servicequotas_service_quota_change_request_3.yaml b/queries/aws_servicequotas_service_quota_change_request_3.yaml index 32b9ed0a9..ab3bf3e5e 100755 --- a/queries/aws_servicequotas_service_quota_change_request_3.yaml +++ b/queries/aws_servicequotas_service_quota_change_request_3.yaml @@ -1,29 +1,20 @@ +Description: Allows users to query AWS Service Quotas change requests. ID: aws_servicequotas_service_quota_change_request_3 -Title: "Find all AWS Service Quotas change requests" -Description: "Allows users to query AWS Service Quotas change requests." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - case_id, - status, - quota_name, - quota_code, - desired_value - from - aws_servicequotas_service_quota_change_request - where - service_code = 'athena'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n case_id,\n status,\n quota_name,\n quota_code,\n\ + \ desired_value\nfrom\n aws_servicequotas_service_quota_change_request\nwhere\n\ + \ service_code = 'athena';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Service Quotas +Title: Find all AWS Service Quotas change requests diff --git a/queries/aws_ses_domain_identity_1.yaml b/queries/aws_ses_domain_identity_1.yaml index 4983158fb..2d57db61a 100755 --- a/queries/aws_ses_domain_identity_1.yaml +++ b/queries/aws_ses_domain_identity_1.yaml @@ -1,25 +1,25 @@ +Description: Allows users to query Amazon Simple Email Service Domain Identities. + The aws_ses_domain_identity table in Steampipe provides information about domain + identities within Amazon Simple Email Service (SES). This table allows DevOps engineers + to query domain-specific details, including verification status, DKIM attributes, + and associated metadata. Users can utilize this table to gather insights on domain + identities, such as verification status, DKIM tokens, and more. The schema outlines + the various attributes of the SES domain identity, including the identity name, + verification status, DKIM enabled status, and DKIM tokens. ID: aws_ses_domain_identity_1 -Title: "List all Amazon SES Domain Identities and Their Details" -Description: "Allows users to query Amazon Simple Email Service Domain Identities. The aws_ses_domain_identity table in Steampipe provides information about domain identities within Amazon Simple Email Service (SES). This table allows DevOps engineers to query domain-specific details, including verification status, DKIM attributes, and associated metadata. Users can utilize this table to gather insights on domain identities, such as verification status, DKIM tokens, and more. The schema outlines the various attributes of the SES domain identity, including the identity name, verification status, DKIM enabled status, and DKIM tokens." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - identity, - arn, - region, - akas - from - aws_ses_domain_identity; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n identity,\n arn,\n region,\n akas\nfrom\n aws_ses_domain_identity;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Simple Email Service +Title: List all Amazon SES Domain Identities and Their Details diff --git a/queries/aws_ses_domain_identity_2.yaml b/queries/aws_ses_domain_identity_2.yaml index 2914b7449..4ee8a254a 100755 --- a/queries/aws_ses_domain_identity_2.yaml +++ b/queries/aws_ses_domain_identity_2.yaml @@ -1,28 +1,28 @@ +Description: Allows users to query Amazon Simple Email Service Domain Identities. + The aws_ses_domain_identity table in Steampipe provides information about domain + identities within Amazon Simple Email Service (SES). This table allows DevOps engineers + to query domain-specific details, including verification status, DKIM attributes, + and associated metadata. Users can utilize this table to gather insights on domain + identities, such as verification status, DKIM tokens, and more. The schema outlines + the various attributes of the SES domain identity, including the identity name, + verification status, DKIM enabled status, and DKIM tokens. ID: aws_ses_domain_identity_2 -Title: "Find AWS SES Domain Identities with Verification Status Failed" -Description: "Allows users to query Amazon Simple Email Service Domain Identities. The aws_ses_domain_identity table in Steampipe provides information about domain identities within Amazon Simple Email Service (SES). This table allows DevOps engineers to query domain-specific details, including verification status, DKIM attributes, and associated metadata. Users can utilize this table to gather insights on domain identities, such as verification status, DKIM tokens, and more. The schema outlines the various attributes of the SES domain identity, including the identity name, verification status, DKIM enabled status, and DKIM tokens." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - identity, - region, - verification_status - from - aws_ses_domain_identity - where - verification_status = 'Failed'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n identity,\n region,\n verification_status\nfrom\n \ + \ aws_ses_domain_identity\nwhere\n verification_status = 'Failed';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Simple Email Service +Title: Find AWS SES Domain Identities with Verification Status Failed diff --git a/queries/aws_ses_email_identity_1.yaml b/queries/aws_ses_email_identity_1.yaml index 1998a39c6..33361126e 100755 --- a/queries/aws_ses_email_identity_1.yaml +++ b/queries/aws_ses_email_identity_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS SES Email Identity to retrieve information + about the email identities (domains and email addresses) that you have verified + with Amazon SES. ID: aws_ses_email_identity_1 -Title: "List All AWS SES Email Identities and Details" -Description: "Allows users to query AWS SES Email Identity to retrieve information about the email identities (domains and email addresses) that you have verified with Amazon SES." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - identity, - arn, - region, - akas - from - aws_ses_email_identity; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n identity,\n arn,\n region,\n akas\nfrom\n aws_ses_email_identity;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SES +Title: List All AWS SES Email Identities and Details diff --git a/queries/aws_ses_email_identity_2.yaml b/queries/aws_ses_email_identity_2.yaml index 031a47017..82fa9f1f1 100755 --- a/queries/aws_ses_email_identity_2.yaml +++ b/queries/aws_ses_email_identity_2.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS SES Email Identity to retrieve information + about the email identities (domains and email addresses) that you have verified + with Amazon SES. ID: aws_ses_email_identity_2 -Title: "List AWS SES Email Identities and Their Verification Status" -Description: "Allows users to query AWS SES Email Identity to retrieve information about the email identities (domains and email addresses) that you have verified with Amazon SES." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - identity, - region, - verification_status - from - aws_ses_email_identity - where - verification_status = 'Failed'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n identity,\n region,\n verification_status\nfrom\n \ + \ aws_ses_email_identity\nwhere\n verification_status = 'Failed';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SES +Title: List AWS SES Email Identities and Their Verification Status diff --git a/queries/aws_sfn_state_machine_1.yaml b/queries/aws_sfn_state_machine_1.yaml index 202ebc3b4..2a19a342a 100755 --- a/queries/aws_sfn_state_machine_1.yaml +++ b/queries/aws_sfn_state_machine_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Step Functions State Machines to retrieve detailed + information about each state machine. ID: aws_sfn_state_machine_1 -Title: "Find all AWS Step Functions State Machines in SQL" -Description: "Allows users to query AWS Step Functions State Machines to retrieve detailed information about each state machine." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - status, - type, - role_arn - from - aws_sfn_state_machine; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n status,\n type,\n role_arn\nfrom\n\ + \ aws_sfn_state_machine;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Step Functions +Title: Find all AWS Step Functions State Machines in SQL diff --git a/queries/aws_sfn_state_machine_2.yaml b/queries/aws_sfn_state_machine_2.yaml index 8b8fb4ad8..fd8fc4104 100755 --- a/queries/aws_sfn_state_machine_2.yaml +++ b/queries/aws_sfn_state_machine_2.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Step Functions State Machines to retrieve detailed + information about each state machine. ID: aws_sfn_state_machine_2 -Title: "Find AWS Step Functions State Machines Details" -Description: "Allows users to query AWS Step Functions State Machines to retrieve detailed information about each state machine." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - status - from - aws_sfn_state_machine - where - status = 'ACTIVE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n status\nfrom\n aws_sfn_state_machine\n\ + where\n status = 'ACTIVE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Step Functions +Title: Find AWS Step Functions State Machines Details diff --git a/queries/aws_sfn_state_machine_execution_1.yaml b/queries/aws_sfn_state_machine_execution_1.yaml index e3c75b9d4..c0db48263 100755 --- a/queries/aws_sfn_state_machine_execution_1.yaml +++ b/queries/aws_sfn_state_machine_execution_1.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Step Functions State Machine Execution data, + including execution status, start and end times, and associated state machine details. ID: aws_sfn_state_machine_execution_1 -Title: "List all AWS Step Functions Execution details" -Description: "Allows users to query AWS Step Functions State Machine Execution data, including execution status, start and end times, and associated state machine details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - execution_arn, - status, - state_machine_arn - from - aws_sfn_state_machine_execution; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n execution_arn,\n status,\n state_machine_arn\n\ + from\n aws_sfn_state_machine_execution;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Step Functions +Title: List all AWS Step Functions Execution details diff --git a/queries/aws_sfn_state_machine_execution_2.yaml b/queries/aws_sfn_state_machine_execution_2.yaml index c34e91e5a..a7ec96c46 100755 --- a/queries/aws_sfn_state_machine_execution_2.yaml +++ b/queries/aws_sfn_state_machine_execution_2.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Step Functions State Machine Execution data, + including execution status, start and end times, and associated state machine details. ID: aws_sfn_state_machine_execution_2 -Title: "Find AWS Step Functions Execution Status and Details" -Description: "Allows users to query AWS Step Functions State Machine Execution data, including execution status, start and end times, and associated state machine details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - execution_arn, - status, - state_machine_arn - from - aws_sfn_state_machine_execution - where - status = 'FAILED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n execution_arn,\n status,\n state_machine_arn\n\ + from\n aws_sfn_state_machine_execution\nwhere\n status = 'FAILED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Step Functions +Title: Find AWS Step Functions Execution Status and Details diff --git a/queries/aws_sfn_state_machine_execution_history_1.yaml b/queries/aws_sfn_state_machine_execution_history_1.yaml index 048bc7362..da1c1b2bb 100755 --- a/queries/aws_sfn_state_machine_execution_history_1.yaml +++ b/queries/aws_sfn_state_machine_execution_history_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Step Functions State Machine Execution History + to fetch information about the execution history of a state machine. ID: aws_sfn_state_machine_execution_history_1 -Title: "Find AWS Step Functions State Machine Execution History" -Description: "Allows users to query AWS Step Functions State Machine Execution History to fetch information about the execution history of a state machine." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - execution_arn, - previous_event_id, - timestamp, - type - from - aws_sfn_state_machine_execution_history; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n execution_arn,\n previous_event_id,\n timestamp,\n\ + \ type\nfrom\n aws_sfn_state_machine_execution_history;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Step Functions +Title: Find AWS Step Functions State Machine Execution History diff --git a/queries/aws_sfn_state_machine_execution_history_2.yaml b/queries/aws_sfn_state_machine_execution_history_2.yaml index 0cb353abc..d438e1372 100755 --- a/queries/aws_sfn_state_machine_execution_history_2.yaml +++ b/queries/aws_sfn_state_machine_execution_history_2.yaml @@ -1,30 +1,25 @@ +Description: Allows users to query AWS Step Functions State Machine Execution History + to fetch information about the execution history of a state machine. ID: aws_sfn_state_machine_execution_history_2 -Title: "Find AWS Step Functions State Machine Execution Details" -Description: "Allows users to query AWS Step Functions State Machine Execution History to fetch information about the execution history of a state machine." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - execution_arn, - execution_started_event_details -> 'Input' as event_input, - execution_started_event_details -> 'InputDetails' as event_input_details, - execution_started_event_details ->> 'RoleArn' as event_role_arn - from - aws_sfn_state_machine_execution_history - where - type = 'ExecutionStarted'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n execution_arn,\n execution_started_event_details\ + \ -> 'Input' as event_input,\n execution_started_event_details -> 'InputDetails'\ + \ as event_input_details,\n execution_started_event_details ->> 'RoleArn' as\ + \ event_role_arn\nfrom\n aws_sfn_state_machine_execution_history\nwhere\n type\ + \ = 'ExecutionStarted';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Step Functions +Title: Find AWS Step Functions State Machine Execution Details diff --git a/queries/aws_simspaceweaver_simulation_1.yaml b/queries/aws_simspaceweaver_simulation_1.yaml index f153c5075..6c015e56a 100755 --- a/queries/aws_simspaceweaver_simulation_1.yaml +++ b/queries/aws_simspaceweaver_simulation_1.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS SimSpace Simulation data. This table provides + information about simulations within AWS SimSpace. Engineers can use it to query + simulation-specific details, including simulation status, configuration, and associated + metadata. ID: aws_simspaceweaver_simulation_1 -Title: "List all AWS SimSpace Simulation with details" -Description: "Allows users to query AWS SimSpace Simulation data. This table provides information about simulations within AWS SimSpace. Engineers can use it to query simulation-specific details, including simulation status, configuration, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - creation_time, - status, - execution_id, - schema_error - from - aws_simspaceweaver_simulation; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n creation_time,\n status,\n execution_id,\n\ + \ schema_error\nfrom\n aws_simspaceweaver_simulation;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SimSpaceWeaver Simulation +Title: List all AWS SimSpace Simulation with details diff --git a/queries/aws_simspaceweaver_simulation_2.yaml b/queries/aws_simspaceweaver_simulation_2.yaml index 40ae78b94..c8f1553e9 100755 --- a/queries/aws_simspaceweaver_simulation_2.yaml +++ b/queries/aws_simspaceweaver_simulation_2.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS SimSpace Simulation data. This table provides + information about simulations within AWS SimSpace. Engineers can use it to query + simulation-specific details, including simulation status, configuration, and associated + metadata. ID: aws_simspaceweaver_simulation_2 -Title: "List all AWS SimSpace Simulations from the past 30 days" -Description: "Allows users to query AWS SimSpace Simulation data. This table provides information about simulations within AWS SimSpace. Engineers can use it to query simulation-specific details, including simulation status, configuration, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - creation_time, - status - from - aws_simspaceweaver_simulation - where - creation_time >= now() - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n creation_time,\n status\nfrom\n aws_simspaceweaver_simulation\n\ + where\n creation_time >= now() - interval '30' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SimSpace +Title: List all AWS SimSpace Simulations from the past 30 days diff --git a/queries/aws_simspaceweaver_simulation_3.yaml b/queries/aws_simspaceweaver_simulation_3.yaml index 37113f91b..ce042cec5 100755 --- a/queries/aws_simspaceweaver_simulation_3.yaml +++ b/queries/aws_simspaceweaver_simulation_3.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS SimSpace Simulation data. This table provides + information about simulations within AWS SimSpace. Engineers can use it to query + simulation-specific details, including simulation status, configuration, and associated + metadata. ID: aws_simspaceweaver_simulation_3 -Title: "List all AWS SimSpace Simulation details with SQL" -Description: "Allows users to query AWS SimSpace Simulation data. This table provides information about simulations within AWS SimSpace. Engineers can use it to query simulation-specific details, including simulation status, configuration, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - creation_time, - status - from - aws_simspaceweaver_simulation - where - status = 'FAILED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n creation_time,\n status\nfrom\n aws_simspaceweaver_simulation\n\ + where\n status = 'FAILED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SimSpace Simulation +Title: List all AWS SimSpace Simulation details with SQL diff --git a/queries/aws_simspaceweaver_simulation_4.yaml b/queries/aws_simspaceweaver_simulation_4.yaml index a27be2082..75cfc83d7 100755 --- a/queries/aws_simspaceweaver_simulation_4.yaml +++ b/queries/aws_simspaceweaver_simulation_4.yaml @@ -1,25 +1,22 @@ +Description: Allows users to query AWS SimSpace Simulation data. This table provides + information about simulations within AWS SimSpace. Engineers can use it to query + simulation-specific details, including simulation status, configuration, and associated + metadata. ID: aws_simspaceweaver_simulation_4 -Title: "List AWS SimSpace Simulations and Details" -Description: "Allows users to query AWS SimSpace Simulation data. This table provides information about simulations within AWS SimSpace. Engineers can use it to query simulation-specific details, including simulation status, configuration, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - jsonb_pretty(d) - from - aws_simspaceweaver_simulation, - jsonb_array_elements(logging_configuration -> 'Destinations') as d; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n jsonb_pretty(d)\nfrom\n aws_simspaceweaver_simulation,\n\ + \ jsonb_array_elements(logging_configuration -> 'Destinations') as d;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SimSpace Simulation +Title: List AWS SimSpace Simulations and Details diff --git a/queries/aws_simspaceweaver_simulation_5.yaml b/queries/aws_simspaceweaver_simulation_5.yaml index fcf356681..a64582476 100755 --- a/queries/aws_simspaceweaver_simulation_5.yaml +++ b/queries/aws_simspaceweaver_simulation_5.yaml @@ -1,33 +1,26 @@ +Description: Allows users to query AWS SimSpace Simulation data. This table provides + information about simulations within AWS SimSpace. Engineers can use it to query + simulation-specific details, including simulation status, configuration, and associated + metadata. ID: aws_simspaceweaver_simulation_5 -Title: "Find AWS SimSpace Simulation Specific Details" -Description: "Allows users to query AWS SimSpace Simulation data. This table provides information about simulations within AWS SimSpace. Engineers can use it to query simulation-specific details, including simulation status, configuration, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - s.name, - s.arn, - s.schema_s3_location ->> 'BucketName' as bucket_name, - s.schema_s3_location ->> 'ObjectKey' as object_key, - b.versioning_enabled, - b.block_public_acls, - b.acl - from - aws_simspaceweaver_simulation as s, - aws_s3_bucket as b - where - s.schema_s3_location ->> 'BucketName' = b.name; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n s.name,\n s.arn,\n s.schema_s3_location ->> 'BucketName'\ + \ as bucket_name,\n s.schema_s3_location ->> 'ObjectKey' as object_key,\n b.versioning_enabled,\n\ + \ b.block_public_acls,\n b.acl\nfrom\n aws_simspaceweaver_simulation as s,\n\ + \ aws_s3_bucket as b\nwhere\n s.schema_s3_location ->> 'BucketName' = b.name;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SimSpace Weaver +Title: Find AWS SimSpace Simulation Specific Details diff --git a/queries/aws_sns_subscription_1.yaml b/queries/aws_sns_subscription_1.yaml index 0666a84d4..b5adc6cbc 100755 --- a/queries/aws_sns_subscription_1.yaml +++ b/queries/aws_sns_subscription_1.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS SNS Topic Subscriptions to obtain detailed + information about each subscription, including subscription ARN, owner, protocol, + endpoint, and more. ID: aws_sns_subscription_1 -Title: "List all AWS SNS Topic Subscriptions Details" -Description: "Allows users to query AWS SNS Topic Subscriptions to obtain detailed information about each subscription, including subscription ARN, owner, protocol, endpoint, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - redrive_policy - from - aws_sns_subscription - where - redrive_policy is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n redrive_policy\nfrom\n aws_sns_subscription\n\ + where\n redrive_policy is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Simple Notification Service +Title: List all AWS SNS Topic Subscriptions Details diff --git a/queries/aws_sns_subscription_2.yaml b/queries/aws_sns_subscription_2.yaml index 4670418fe..93a192690 100755 --- a/queries/aws_sns_subscription_2.yaml +++ b/queries/aws_sns_subscription_2.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS SNS Topic Subscriptions to obtain detailed + information about each subscription, including subscription ARN, owner, protocol, + endpoint, and more. ID: aws_sns_subscription_2 -Title: "List all AWS SNS Topic Subscriptions Details" -Description: "Allows users to query AWS SNS Topic Subscriptions to obtain detailed information about each subscription, including subscription ARN, owner, protocol, endpoint, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - filter_policy - from - aws_sns_subscription - where - filter_policy is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n filter_policy\nfrom\n aws_sns_subscription\n\ + where\n filter_policy is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Simple Notification Service +Title: List all AWS SNS Topic Subscriptions Details diff --git a/queries/aws_sns_subscription_3.yaml b/queries/aws_sns_subscription_3.yaml index 42c6bfb82..777c20423 100755 --- a/queries/aws_sns_subscription_3.yaml +++ b/queries/aws_sns_subscription_3.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS SNS Topic Subscriptions to obtain detailed + information about each subscription, including subscription ARN, owner, protocol, + endpoint, and more. ID: aws_sns_subscription_3 -Title: "List AWS SNS Topic Subscription Details with SQL" -Description: "Allows users to query AWS SNS Topic Subscriptions to obtain detailed information about each subscription, including subscription ARN, owner, protocol, endpoint, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - count(subscription_arn) as subscription_count - from - aws_sns_subscription - group by - title; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n count(subscription_arn) as subscription_count\n\ + from\n aws_sns_subscription\ngroup by\n title;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Simple Notification Service +Title: List AWS SNS Topic Subscription Details with SQL diff --git a/queries/aws_sns_topic_1.yaml b/queries/aws_sns_topic_1.yaml index 3f6626879..89de70355 100755 --- a/queries/aws_sns_topic_1.yaml +++ b/queries/aws_sns_topic_1.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS SNS Topics to gather information about each + topic, including its name, owner, ARN, and other related data. ID: aws_sns_topic_1 -Title: "Find AWS SNS Topics and Their Information" -Description: "Allows users to query AWS SNS Topics to gather information about each topic, including its name, owner, ARN, and other related data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - kms_master_key_id - from - aws_sns_topic - where - kms_master_key_id is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n kms_master_key_id\nfrom\n aws_sns_topic\n\ + where\n kms_master_key_id is null;" Tags: cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SNS +Title: Find AWS SNS Topics and Their Information diff --git a/queries/aws_sns_topic_2.yaml b/queries/aws_sns_topic_2.yaml index e24413985..6e3698370 100755 --- a/queries/aws_sns_topic_2.yaml +++ b/queries/aws_sns_topic_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS SNS Topics to gather information about each + topic, including its name, owner, ARN, and other related data. ID: aws_sns_topic_2 -Title: "Find AWS SNS Topics with KMS Key Information" -Description: "Allows users to query AWS SNS Topics to gather information about each topic, including its name, owner, ARN, and other related data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - kms_master_key_id - from - aws_sns_topic - where - kms_master_key_id = 'alias/aws/sns'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n kms_master_key_id\nfrom\n aws_sns_topic\n\ + where\n kms_master_key_id = 'alias/aws/sns';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SNS +Title: Find AWS SNS Topics with KMS Key Information diff --git a/queries/aws_sns_topic_3.yaml b/queries/aws_sns_topic_3.yaml index 0092402f1..bdf8a4d34 100755 --- a/queries/aws_sns_topic_3.yaml +++ b/queries/aws_sns_topic_3.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS SNS Topics to gather information about each + topic, including its name, owner, ARN, and other related data. ID: aws_sns_topic_3 -Title: "List all AWS SNS Topics and their details" -Description: "Allows users to query AWS SNS Topics to gather information about each topic, including its name, owner, ARN, and other related data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - tags - from - aws_sns_topic - where - not tags :: JSONB ? 'owner'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n tags\nfrom\n aws_sns_topic\nwhere\n not tags\ + \ :: JSONB ? 'owner';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SNS +Title: List all AWS SNS Topics and their details diff --git a/queries/aws_sns_topic_4.yaml b/queries/aws_sns_topic_4.yaml index 08d52ba56..033c99482 100755 --- a/queries/aws_sns_topic_4.yaml +++ b/queries/aws_sns_topic_4.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS SNS Topics to gather information about each + topic, including its name, owner, ARN, and other related data. ID: aws_sns_topic_4 -Title: "Find AWS SNS Topics and Details" -Description: "Allows users to query AWS SNS Topics to gather information about each topic, including its name, owner, ARN, and other related data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - p as principal, - a as action, - s ->> 'Effect' as effect, - s -> 'Condition' as conditions - from - aws_sns_topic, - jsonb_array_elements(policy_std -> 'Statement') as s, - jsonb_array_elements_text(s -> 'Principal' -> 'AWS') as p, - jsonb_array_elements_text(s -> 'Action') as a - where - p = '*' - and s ->> 'Effect' = 'Allow'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n p as principal,\n a as action,\n s ->> 'Effect'\ + \ as effect,\n s -> 'Condition' as conditions\nfrom\n aws_sns_topic,\n jsonb_array_elements(policy_std\ + \ -> 'Statement') as s,\n jsonb_array_elements_text(s -> 'Principal' -> 'AWS')\ + \ as p,\n jsonb_array_elements_text(s -> 'Action') as a\nwhere\n p = '*'\n \ + \ and s ->> 'Effect' = 'Allow';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SNS Topics +Title: Find AWS SNS Topics and Details diff --git a/queries/aws_sns_topic_5.yaml b/queries/aws_sns_topic_5.yaml index fcd2a2e4e..8f01a82c6 100755 --- a/queries/aws_sns_topic_5.yaml +++ b/queries/aws_sns_topic_5.yaml @@ -1,34 +1,25 @@ +Description: Allows users to query AWS SNS Topics to gather information about each + topic, including its name, owner, ARN, and other related data. ID: aws_sns_topic_5 -Title: "List all AWS SNS Topics and their relevant details" -Description: "Allows users to query AWS SNS Topics to gather information about each topic, including its name, owner, ARN, and other related data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - p as principal, - a as action, - s ->> 'Effect' as effect, - s -> 'Condition' as conditions - from - aws_sns_topic, - jsonb_array_elements(policy_std -> 'Statement') as s, - jsonb_array_elements_text(s -> 'Principal' -> 'AWS') as p, - jsonb_array_elements_text(s -> 'Action') as a - where - s ->> 'Effect' = 'Allow' - and a in ('*', 'sns:*'); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n p as principal,\n a as action,\n s ->> 'Effect'\ + \ as effect,\n s -> 'Condition' as conditions\nfrom\n aws_sns_topic,\n jsonb_array_elements(policy_std\ + \ -> 'Statement') as s,\n jsonb_array_elements_text(s -> 'Principal' -> 'AWS')\ + \ as p,\n jsonb_array_elements_text(s -> 'Action') as a\nwhere\n s ->> 'Effect'\ + \ = 'Allow'\n and a in ('*', 'sns:*');" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SNS +Title: List all AWS SNS Topics and their relevant details diff --git a/queries/aws_sns_topic_6.yaml b/queries/aws_sns_topic_6.yaml index 1da6f7d93..510a7c8f6 100755 --- a/queries/aws_sns_topic_6.yaml +++ b/queries/aws_sns_topic_6.yaml @@ -1,39 +1,25 @@ +Description: Allows users to query AWS SNS Topics to gather information about each + topic, including its name, owner, ARN, and other related data. ID: aws_sns_topic_6 -Title: "List all details for AWS SNS Topics" -Description: "Allows users to query AWS SNS Topics to gather information about each topic, including its name, owner, ARN, and other related data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title - from - aws_sns_topic - where - title not in ( - select - title - from - aws_sns_topic, - jsonb_array_elements(policy_std -> 'Statement') as s, - jsonb_array_elements_text(s -> 'Principal' -> 'AWS') as p, - jsonb_array_elements_text(s -> 'Action') as a, - jsonb_array_elements_text( - s -> 'Condition' -> 'Bool' -> 'aws:securetransport' - ) as ssl - where - p = '*' - and s ->> 'Effect' = 'Deny' - and ssl :: bool = false - ); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title\nfrom\n aws_sns_topic\nwhere\n title not in (\n\ + \ select\n title\n from\n aws_sns_topic,\n jsonb_array_elements(policy_std\ + \ -> 'Statement') as s,\n jsonb_array_elements_text(s -> 'Principal' -> 'AWS')\ + \ as p,\n jsonb_array_elements_text(s -> 'Action') as a,\n jsonb_array_elements_text(\n\ + \ s -> 'Condition' -> 'Bool' -> 'aws:securetransport'\n ) as ssl\n\ + \ where\n p = '*'\n and s ->> 'Effect' = 'Deny'\n and ssl ::\ + \ bool = false\n );" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SNS +Title: List all details for AWS SNS Topics diff --git a/queries/aws_sns_topic_7.yaml b/queries/aws_sns_topic_7.yaml index bdc13e362..47a840c94 100755 --- a/queries/aws_sns_topic_7.yaml +++ b/queries/aws_sns_topic_7.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS SNS Topics to gather information about each + topic, including its name, owner, ARN, and other related data. ID: aws_sns_topic_7 -Title: "Find AWS SNS Topics Without Failure Feedback Roles" -Description: "Allows users to query AWS SNS Topics to gather information about each topic, including its name, owner, ARN, and other related data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - topic_arn, - region - from - aws_sns_topic - where - application_failure_feedback_role_arn is null and - firehose_failure_feedback_role_arn is null and - http_failure_feedback_role_arn is null and - lambda_failure_feedback_role_arn is null and - sqs_failure_feedback_role_arn is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n topic_arn,\n region\nfrom \n aws_sns_topic\n\ + where\n application_failure_feedback_role_arn is null and\n firehose_failure_feedback_role_arn\ + \ is null and\n http_failure_feedback_role_arn is null and\n lambda_failure_feedback_role_arn\ + \ is null and\n sqs_failure_feedback_role_arn is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SNS +Title: Find AWS SNS Topics Without Failure Feedback Roles diff --git a/queries/aws_sns_topic_subscription_1.yaml b/queries/aws_sns_topic_subscription_1.yaml index f9c4b74f3..0833e8d62 100755 --- a/queries/aws_sns_topic_subscription_1.yaml +++ b/queries/aws_sns_topic_subscription_1.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS SNS Topic Subscriptions to obtain detailed + information about each subscription, including subscription ARN, owner, protocol, + endpoint, and more. ID: aws_sns_topic_subscription_1 -Title: "Find AWS SNS Topic Subscriptions with No Redrive Policy" -Description: "Allows users to query AWS SNS Topic Subscriptions to obtain detailed information about each subscription, including subscription ARN, owner, protocol, endpoint, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - redrive_policy - from - aws_sns_topic_subscription - where - redrive_policy is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n redrive_policy\nfrom\n aws_sns_topic_subscription\n\ + where\n redrive_policy is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SNS +Title: Find AWS SNS Topic Subscriptions with No Redrive Policy diff --git a/queries/aws_sns_topic_subscription_2.yaml b/queries/aws_sns_topic_subscription_2.yaml index e165f6e33..3a4b5aefe 100755 --- a/queries/aws_sns_topic_subscription_2.yaml +++ b/queries/aws_sns_topic_subscription_2.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS SNS Topic Subscriptions to obtain detailed + information about each subscription, including subscription ARN, owner, protocol, + endpoint, and more. ID: aws_sns_topic_subscription_2 -Title: "List all AWS SNS Topic Subscriptions and Details" -Description: "Allows users to query AWS SNS Topic Subscriptions to obtain detailed information about each subscription, including subscription ARN, owner, protocol, endpoint, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - filter_policy - from - aws_sns_topic_subscription - where - filter_policy is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n filter_policy\nfrom\n aws_sns_topic_subscription\n\ + where\n filter_policy is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Simple Notification Service +Title: List all AWS SNS Topic Subscriptions and Details diff --git a/queries/aws_sns_topic_subscription_3.yaml b/queries/aws_sns_topic_subscription_3.yaml index e870585fc..c6a733e50 100755 --- a/queries/aws_sns_topic_subscription_3.yaml +++ b/queries/aws_sns_topic_subscription_3.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS SNS Topic Subscriptions to obtain detailed + information about each subscription, including subscription ARN, owner, protocol, + endpoint, and more. ID: aws_sns_topic_subscription_3 -Title: "Find AWS SNS Topic Subscriptions Detailed Information" -Description: "Allows users to query AWS SNS Topic Subscriptions to obtain detailed information about each subscription, including subscription ARN, owner, protocol, endpoint, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - count(subscription_arn) as subscription_count - from - aws_sns_topic_subscription - group by - title; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n count(subscription_arn) as subscription_count\n\ + from\n aws_sns_topic_subscription\ngroup by\n title;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Simple Notification Service +Title: Find AWS SNS Topic Subscriptions Detailed Information diff --git a/queries/aws_sqs_queue_1.yaml b/queries/aws_sqs_queue_1.yaml index f4fdd0128..7a90fcd4f 100755 --- a/queries/aws_sqs_queue_1.yaml +++ b/queries/aws_sqs_queue_1.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS Simple Queue Service (SQS) to retrieve detailed + information about each queue. ID: aws_sqs_queue_1 -Title: "List All AWS SQS Queues with Detailed Information" -Description: "Allows users to query AWS Simple Queue Service (SQS) to retrieve detailed information about each queue." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - delay_seconds, - max_message_size, - receive_wait_time_seconds, - message_retention_seconds, - visibility_timeout_seconds - from - aws_sqs_queue; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n delay_seconds,\n max_message_size,\n receive_wait_time_seconds,\n\ + \ message_retention_seconds,\n visibility_timeout_seconds\nfrom\n aws_sqs_queue;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Simple Queue Service +Title: List All AWS SQS Queues with Detailed Information diff --git a/queries/aws_sqs_queue_10.yaml b/queries/aws_sqs_queue_10.yaml index e33391994..7ec8e31ce 100755 --- a/queries/aws_sqs_queue_10.yaml +++ b/queries/aws_sqs_queue_10.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS Simple Queue Service (SQS) to retrieve detailed + information about each queue. ID: aws_sqs_queue_10 -Title: "List AWS SQS Queues with Detailed Information" -Description: "Allows users to query AWS Simple Queue Service (SQS) to retrieve detailed information about each queue." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - p as principal, - a as action, - s ->> 'Effect' as effect, - s -> 'Condition' as conditions - from - aws_sqs_queue, - jsonb_array_elements(policy_std -> 'Statement') as s, - jsonb_array_elements_text(s -> 'Principal' -> 'AWS') as p, - jsonb_array_elements_text(s -> 'Action') as a - where - s ->> 'Effect' = 'Allow' - and a in ('*', 'sqs:*'); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n p as principal,\n a as action,\n s ->> 'Effect'\ + \ as effect,\n s -> 'Condition' as conditions\nfrom\n aws_sqs_queue,\n jsonb_array_elements(policy_std\ + \ -> 'Statement') as s,\n jsonb_array_elements_text(s -> 'Principal' -> 'AWS')\ + \ as p,\n jsonb_array_elements_text(s -> 'Action') as a\nwhere\n s ->> 'Effect'\ + \ = 'Allow'\n and a in ('*', 'sqs:*');" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Simple Queue Service (SQS) +Title: List AWS SQS Queues with Detailed Information diff --git a/queries/aws_sqs_queue_2.yaml b/queries/aws_sqs_queue_2.yaml index 515603051..d3f50e409 100755 --- a/queries/aws_sqs_queue_2.yaml +++ b/queries/aws_sqs_queue_2.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Simple Queue Service (SQS) to retrieve detailed + information about each queue. ID: aws_sqs_queue_2 -Title: "Find AWS SQS Queue Details with SQL" -Description: "Allows users to query AWS Simple Queue Service (SQS) to retrieve detailed information about each queue." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - kms_master_key_id, - sqs_managed_sse_enabled - from - aws_sqs_queue - where - kms_master_key_id is null - and not sqs_managed_sse_enabled; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n kms_master_key_id,\n sqs_managed_sse_enabled\n\ + from\n aws_sqs_queue\nwhere\n kms_master_key_id is null\n and not sqs_managed_sse_enabled;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Simple Queue Service +Title: Find AWS SQS Queue Details with SQL diff --git a/queries/aws_sqs_queue_3.yaml b/queries/aws_sqs_queue_3.yaml index 6b9542fc9..987b87389 100755 --- a/queries/aws_sqs_queue_3.yaml +++ b/queries/aws_sqs_queue_3.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Simple Queue Service (SQS) to retrieve detailed + information about each queue. ID: aws_sqs_queue_3 -Title: "Find AWS SQS Queues with KMS Key Details" -Description: "Allows users to query AWS Simple Queue Service (SQS) to retrieve detailed information about each queue." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - kms_master_key_id, - sqs_managed_sse_enabled - from - aws_sqs_queue - where - kms_master_key_id is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n kms_master_key_id,\n sqs_managed_sse_enabled\n\ + from\n aws_sqs_queue\nwhere\n kms_master_key_id is not null;" Tags: cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Simple Queue Service +Title: Find AWS SQS Queues with KMS Key Details diff --git a/queries/aws_sqs_queue_4.yaml b/queries/aws_sqs_queue_4.yaml index 80c53267d..d47233346 100755 --- a/queries/aws_sqs_queue_4.yaml +++ b/queries/aws_sqs_queue_4.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Simple Queue Service (SQS) to retrieve detailed + information about each queue. ID: aws_sqs_queue_4 -Title: "Find SQS queues with server-side encryption enabled" -Description: "Allows users to query AWS Simple Queue Service (SQS) to retrieve detailed information about each queue." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - kms_master_key_id, - sqs_managed_sse_enabled - from - aws_sqs_queue - where - sqs_managed_sse_enabled; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n kms_master_key_id,\n sqs_managed_sse_enabled\n\ + from\n aws_sqs_queue\nwhere\n sqs_managed_sse_enabled;" Tags: cloud_data_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Simple Queue Service +Title: Find SQS queues with server-side encryption enabled diff --git a/queries/aws_sqs_queue_5.yaml b/queries/aws_sqs_queue_5.yaml index 87ca362ea..031cd0fc0 100755 --- a/queries/aws_sqs_queue_5.yaml +++ b/queries/aws_sqs_queue_5.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Simple Queue Service (SQS) to retrieve detailed + information about each queue. ID: aws_sqs_queue_5 -Title: "List all SQS queues with retention < 7 days in AWS" -Description: "Allows users to query AWS Simple Queue Service (SQS) to retrieve detailed information about each queue." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - message_retention_seconds - from - aws_sqs_queue - where - message_retention_seconds < '604800'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n message_retention_seconds\nfrom\n aws_sqs_queue\n\ + where\n message_retention_seconds < '604800';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Simple Queue Service +Title: List all SQS queues with retention < 7 days in AWS diff --git a/queries/aws_sqs_queue_6.yaml b/queries/aws_sqs_queue_6.yaml index f0da1f2ff..a71134158 100755 --- a/queries/aws_sqs_queue_6.yaml +++ b/queries/aws_sqs_queue_6.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Simple Queue Service (SQS) to retrieve detailed + information about each queue. ID: aws_sqs_queue_6 -Title: "List all AWS SQS queues without a redrive policy" -Description: "Allows users to query AWS Simple Queue Service (SQS) to retrieve detailed information about each queue." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - redrive_policy - from - aws_sqs_queue - where - redrive_policy is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n redrive_policy\nfrom\n aws_sqs_queue\nwhere\n\ + \ redrive_policy is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Simple Queue Service +Title: List all AWS SQS queues without a redrive policy diff --git a/queries/aws_sqs_queue_7.yaml b/queries/aws_sqs_queue_7.yaml index d6b7a17d8..38cd79060 100755 --- a/queries/aws_sqs_queue_7.yaml +++ b/queries/aws_sqs_queue_7.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS Simple Queue Service (SQS) to retrieve detailed + information about each queue. ID: aws_sqs_queue_7 -Title: "List all AWS SQS queues with details" -Description: "Allows users to query AWS Simple Queue Service (SQS) to retrieve detailed information about each queue." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - fifo_queue - from - aws_sqs_queue - where - fifo_queue; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n fifo_queue\nfrom\n aws_sqs_queue\nwhere\n\ + \ fifo_queue;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Simple Queue Service (SQS) +Title: List all AWS SQS queues with details diff --git a/queries/aws_sqs_queue_8.yaml b/queries/aws_sqs_queue_8.yaml index 266d492fd..f1ea8a67f 100755 --- a/queries/aws_sqs_queue_8.yaml +++ b/queries/aws_sqs_queue_8.yaml @@ -1,38 +1,26 @@ +Description: Allows users to query AWS Simple Queue Service (SQS) to retrieve detailed + information about each queue. ID: aws_sqs_queue_8 -Title: "Query AWS SQS for Detailed Queue Information" -Description: "Allows users to query AWS Simple Queue Service (SQS) to retrieve detailed information about each queue." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - p as principal, - a as action, - s ->> 'Effect' as effect, - s -> 'Condition' as conditions - from - aws_sqs_queue, - jsonb_array_elements(policy_std -> 'Statement') as s, - jsonb_array_elements_text(s -> 'Principal' -> 'AWS') as p, - string_to_array(p, ':') as pa, - jsonb_array_elements_text(s -> 'Action') as a - where - s ->> 'Effect' = 'Allow' - and ( - pa[5] != account_id - or p = '*' - ); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n p as principal,\n a as action,\n s ->> 'Effect'\ + \ as effect,\n s -> 'Condition' as conditions\nfrom\n aws_sqs_queue,\n jsonb_array_elements(policy_std\ + \ -> 'Statement') as s,\n jsonb_array_elements_text(s -> 'Principal' -> 'AWS')\ + \ as p,\n string_to_array(p, ':') as pa,\n jsonb_array_elements_text(s -> 'Action')\ + \ as a\nwhere\n s ->> 'Effect' = 'Allow'\n and (\n pa[5] != account_id\n\ + \ or p = '*'\n );" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Simple Queue Service +Title: Query AWS SQS for Detailed Queue Information diff --git a/queries/aws_sqs_queue_9.yaml b/queries/aws_sqs_queue_9.yaml index 2a504f761..c258a5cd7 100755 --- a/queries/aws_sqs_queue_9.yaml +++ b/queries/aws_sqs_queue_9.yaml @@ -1,34 +1,25 @@ +Description: Allows users to query AWS Simple Queue Service (SQS) to retrieve detailed + information about each queue. ID: aws_sqs_queue_9 -Title: "Find all AWS SQS Queues and Their Policies" -Description: "Allows users to query AWS Simple Queue Service (SQS) to retrieve detailed information about each queue." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - title, - p as principal, - a as action, - s ->> 'Effect' as effect, - s -> 'Condition' as conditions - from - aws_sqs_queue, - jsonb_array_elements(policy_std -> 'Statement') as s, - jsonb_array_elements_text(s -> 'Principal' -> 'AWS') as p, - jsonb_array_elements_text(s -> 'Action') as a - where - p = '*' - and s ->> 'Effect' = 'Allow'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n title,\n p as principal,\n a as action,\n s ->> 'Effect'\ + \ as effect,\n s -> 'Condition' as conditions\nfrom\n aws_sqs_queue,\n jsonb_array_elements(policy_std\ + \ -> 'Statement') as s,\n jsonb_array_elements_text(s -> 'Principal' -> 'AWS')\ + \ as p,\n jsonb_array_elements_text(s -> 'Action') as a\nwhere\n p = '*'\n \ + \ and s ->> 'Effect' = 'Allow';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Simple Queue Service +Title: Find all AWS SQS Queues and Their Policies diff --git a/queries/aws_ssm_association_1.yaml b/queries/aws_ssm_association_1.yaml index df7f7e58b..1c3c35f63 100755 --- a/queries/aws_ssm_association_1.yaml +++ b/queries/aws_ssm_association_1.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS SSM Associations for detailed information about + the AWS Systems Manager associations, including their status, targets, and parameters. ID: aws_ssm_association_1 -Title: "Find AWS SSM Association Details including Parameters" -Description: "Allows users to query AWS SSM Associations for detailed information about the AWS Systems Manager associations, including their status, targets, and parameters." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - association_id, - association_name, - arn, - association_version, - last_execution_date, - document_name, - compliance_severity, - region - from - aws_ssm_association; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n association_id,\n association_name,\n arn,\n association_version,\n\ + \ last_execution_date,\n document_name,\n compliance_severity,\n region\n\ + from\n aws_ssm_association;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Systems Manager +Title: Find AWS SSM Association Details including Parameters diff --git a/queries/aws_ssm_association_2.yaml b/queries/aws_ssm_association_2.yaml index e2b81f4e7..10577e779 100755 --- a/queries/aws_ssm_association_2.yaml +++ b/queries/aws_ssm_association_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS SSM Associations for detailed information about + the AWS Systems Manager associations, including their status, targets, and parameters. ID: aws_ssm_association_2 -Title: "List all AWS SSM Associations with Failed Status" -Description: "Allows users to query AWS SSM Associations for detailed information about the AWS Systems Manager associations, including their status, targets, and parameters." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - association_id, - overview ->> 'AssociationStatusAggregatedCount' as association_status_aggregated_count, - overview ->> 'DetailedStatus' as detailed_status, - overview ->> 'Status' as status - from - aws_ssm_association - where - overview ->> 'Status' = 'Failed'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n association_id,\n overview ->> 'AssociationStatusAggregatedCount'\ + \ as association_status_aggregated_count,\n overview ->> 'DetailedStatus' as\ + \ detailed_status,\n overview ->> 'Status' as status\nfrom\n aws_ssm_association\n\ + where\n overview ->> 'Status' = 'Failed';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Systems Manager +Title: List all AWS SSM Associations with Failed Status diff --git a/queries/aws_ssm_association_3.yaml b/queries/aws_ssm_association_3.yaml index fb2158fb3..33a9605f1 100755 --- a/queries/aws_ssm_association_3.yaml +++ b/queries/aws_ssm_association_3.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS SSM Associations for detailed information about + the AWS Systems Manager associations, including their status, targets, and parameters. ID: aws_ssm_association_3 -Title: "List AWS SSM Associations with Status and Targets" -Description: "Allows users to query AWS SSM Associations for detailed information about the AWS Systems Manager associations, including their status, targets, and parameters." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - association.association_id as association_id, - target ->> 'Key' as target_key, - target ->> 'Values' as target_value, - instances - from - aws_ssm_association as association, - jsonb_array_elements(targets) as target, - jsonb_array_elements_text(target -> 'Values') as instances - where - target ->> 'Key' = 'InstanceIds'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n association.association_id as association_id,\n target\ + \ ->> 'Key' as target_key,\n target ->> 'Values' as target_value,\n instances\n\ + from\n aws_ssm_association as association,\n jsonb_array_elements(targets) as\ + \ target,\n jsonb_array_elements_text(target -> 'Values') as instances\nwhere\n\ + \ target ->> 'Key' = 'InstanceIds';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Systems Manager +Title: List AWS SSM Associations with Status and Targets diff --git a/queries/aws_ssm_association_4.yaml b/queries/aws_ssm_association_4.yaml index e57d7fcbe..54771020e 100755 --- a/queries/aws_ssm_association_4.yaml +++ b/queries/aws_ssm_association_4.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS SSM Associations for detailed information about + the AWS Systems Manager associations, including their status, targets, and parameters. ID: aws_ssm_association_4 -Title: "Find AWS SSM Associations and Their Details" -Description: "Allows users to query AWS SSM Associations for detailed information about the AWS Systems Manager associations, including their status, targets, and parameters." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - association_id, - association_name, - targets, - document_name - from - aws_ssm_association - where - compliance_severity = 'CRITICAL'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n association_id,\n association_name,\n targets,\n document_name\n\ + from\n aws_ssm_association\nwhere\n compliance_severity = 'CRITICAL';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Systems Manager +Title: Find AWS SSM Associations and Their Details diff --git a/queries/aws_ssm_document_1.yaml b/queries/aws_ssm_document_1.yaml index aa8c777be..5b382d1f6 100755 --- a/queries/aws_ssm_document_1.yaml +++ b/queries/aws_ssm_document_1.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query AWS SSM Documents and retrieve detailed information + about each document, including its name, version, owner, status, and permissions, + among others. ID: aws_ssm_document_1 -Title: "List all AWS SSM Documents with detailed information" -Description: "Allows users to query AWS SSM Documents and retrieve detailed information about each document, including its name, version, owner, status, and permissions, among others." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - document_version, - status, - owner, - document_format, - document_type, - platform_types, - region - from - aws_ssm_document; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n document_version,\n status,\n owner,\n document_format,\n\ + \ document_type,\n platform_types,\n region\nfrom\n aws_ssm_document;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SSM Documents +Title: List all AWS SSM Documents with detailed information diff --git a/queries/aws_ssm_document_2.yaml b/queries/aws_ssm_document_2.yaml index a275bfe80..c86ff9b58 100755 --- a/queries/aws_ssm_document_2.yaml +++ b/queries/aws_ssm_document_2.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query AWS SSM Documents and retrieve detailed information + about each document, including its name, version, owner, status, and permissions, + among others. ID: aws_ssm_document_2 -Title: "List AWS SSM Documents with Details using SQL" -Description: "Allows users to query AWS SSM Documents and retrieve detailed information about each document, including its name, version, owner, status, and permissions, among others." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - owner, - document_version, - status, - document_format, - document_type - from - aws_ssm_document - where - owner_type = 'Self'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n owner,\n document_version,\n status,\n document_format,\n\ + \ document_type\nfrom\n aws_ssm_document\nwhere\n owner_type = 'Self';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SSM +Title: List AWS SSM Documents with Details using SQL diff --git a/queries/aws_ssm_document_3.yaml b/queries/aws_ssm_document_3.yaml index 149bd43c0..3592c6066 100755 --- a/queries/aws_ssm_document_3.yaml +++ b/queries/aws_ssm_document_3.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS SSM Documents and retrieve detailed information + about each document, including its name, version, owner, status, and permissions, + among others. ID: aws_ssm_document_3 -Title: "Find AWS SSM Documents with Various Attributes" -Description: "Allows users to query AWS SSM Documents and retrieve detailed information about each document, including its name, version, owner, status, and permissions, among others." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - owner, - document_version, - status, - document_format, - document_type - from - aws_ssm_document - where - owner_type != 'Amazon'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n owner,\n document_version,\n status,\n document_format,\n\ + \ document_type\nfrom\n aws_ssm_document\nwhere\n owner_type != 'Amazon';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SSM +Title: Find AWS SSM Documents with Various Attributes diff --git a/queries/aws_ssm_document_4.yaml b/queries/aws_ssm_document_4.yaml index ddd04d881..49785f58c 100755 --- a/queries/aws_ssm_document_4.yaml +++ b/queries/aws_ssm_document_4.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS SSM Documents and retrieve detailed information + about each document, including its name, version, owner, status, and permissions, + among others. ID: aws_ssm_document_4 -Title: "Find AWS SSM Documents and Retrieve Detailed Information" -Description: "Allows users to query AWS SSM Documents and retrieve detailed information about each document, including its name, version, owner, status, and permissions, among others." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - owner, - account_ids - from - aws_ssm_document - where - owner_type = 'Self' - and account_ids :: jsonb ? 'all'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n owner,\n account_ids\nfrom\n aws_ssm_document\n\ + where\n owner_type = 'Self'\n and account_ids :: jsonb ? 'all';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SSM Document +Title: Find AWS SSM Documents and Retrieve Detailed Information diff --git a/queries/aws_ssm_document_5.yaml b/queries/aws_ssm_document_5.yaml index c81a12f9f..f23393d1d 100755 --- a/queries/aws_ssm_document_5.yaml +++ b/queries/aws_ssm_document_5.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS SSM Documents and retrieve detailed information + about each document, including its name, version, owner, status, and permissions, + among others. ID: aws_ssm_document_5 -Title: "Find all AWS SSM Document Details with SQL" -Description: "Allows users to query AWS SSM Documents and retrieve detailed information about each document, including its name, version, owner, status, and permissions, among others." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - approved_version, - created_date, - document_type - from - aws_ssm_document - where - arn = 'arn:aws:ssm:ap-south-1:112233445566:document/AWS-ASGEnterStandby'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n approved_version,\n created_date,\n\ + \ document_type\nfrom\n aws_ssm_document\nwhere\n arn = 'arn:aws:ssm:ap-south-1:112233445566:document/AWS-ASGEnterStandby';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SSM +Title: Find all AWS SSM Document Details with SQL diff --git a/queries/aws_ssm_document_permission_1.yaml b/queries/aws_ssm_document_permission_1.yaml index 49572d9e9..083b648f2 100755 --- a/queries/aws_ssm_document_permission_1.yaml +++ b/queries/aws_ssm_document_permission_1.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS SSM Document Permissions, providing detailed + information about the permissions associated with Systems Manager (SSM) documents. ID: aws_ssm_document_permission_1 -Title: "Find AWS SSM Document Permissions with Details" -Description: "Allows users to query AWS SSM Document Permissions, providing detailed information about the permissions associated with Systems Manager (SSM) documents." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - document_name, - shared_account_id, - shared_document_version, - account_ids, - title - from - aws_ssm_document_permission - where - document_name = 'ConfigureS3BucketLogging'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n document_name,\n shared_account_id,\n shared_document_version,\n\ + \ account_ids,\n title\nfrom\n aws_ssm_document_permission\nwhere\n document_name\ + \ = 'ConfigureS3BucketLogging';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Systems Manager +Title: Find AWS SSM Document Permissions with Details diff --git a/queries/aws_ssm_document_permission_2.yaml b/queries/aws_ssm_document_permission_2.yaml index 9c884361c..014c1e5f3 100755 --- a/queries/aws_ssm_document_permission_2.yaml +++ b/queries/aws_ssm_document_permission_2.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query AWS SSM Document Permissions, providing detailed + information about the permissions associated with Systems Manager (SSM) documents. ID: aws_ssm_document_permission_2 -Title: "Find AWS SSM Document Permissions Information" -Description: "Allows users to query AWS SSM Document Permissions, providing detailed information about the permissions associated with Systems Manager (SSM) documents." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - p.document_name, - p.shared_account_id, - p.shared_document_version, - d.approved_version, - d.attachments_information, - d.created_date, - d.default_version - from - aws_ssm_document_permission as p, - aws_ssm_document as d - where - p.document_name = 'ConfigureS3BucketLogging'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n p.document_name,\n p.shared_account_id,\n p.shared_document_version,\n\ + \ d.approved_version,\n d.attachments_information,\n d.created_date,\n d.default_version\n\ + from\n aws_ssm_document_permission as p,\n aws_ssm_document as d\nwhere\n p.document_name\ + \ = 'ConfigureS3BucketLogging';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Systems Manager +Title: Find AWS SSM Document Permissions Information diff --git a/queries/aws_ssm_inventory_1.yaml b/queries/aws_ssm_inventory_1.yaml index ca356ae4f..ee5f3ebef 100755 --- a/queries/aws_ssm_inventory_1.yaml +++ b/queries/aws_ssm_inventory_1.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS Systems Manager Inventory, providing information + about managed instances in AWS Systems Manager. ID: aws_ssm_inventory_1 -Title: "List all Managed Instances in AWS Systems Manager Inventory" -Description: "Allows users to query AWS Systems Manager Inventory, providing information about managed instances in AWS Systems Manager." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - type_name, - capture_time, - schema_version, - content, - region - from - aws_ssm_inventory; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n type_name,\n capture_time,\n schema_version,\n\ + \ content,\n region\nfrom\n aws_ssm_inventory;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Systems Manager +Title: List all Managed Instances in AWS Systems Manager Inventory diff --git a/queries/aws_ssm_inventory_2.yaml b/queries/aws_ssm_inventory_2.yaml index fb04029e2..74e7ce7d3 100755 --- a/queries/aws_ssm_inventory_2.yaml +++ b/queries/aws_ssm_inventory_2.yaml @@ -1,34 +1,25 @@ +Description: Allows users to query AWS Systems Manager Inventory, providing information + about managed instances in AWS Systems Manager. ID: aws_ssm_inventory_2 -Title: "List all AWS Systems Manager Inventory details" -Description: "Allows users to query AWS Systems Manager Inventory, providing information about managed instances in AWS Systems Manager." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - si.id, - c ->> 'AgentType' as agent_type, - c ->> 'IpAddress' as ip_address, - c ->> 'AgentVersion' as agent_version, - c ->> 'ComputerName' as computer_name, - c ->> 'PlatformName' as platform_name, - c ->> 'PlatformType' as platform_type, - c ->> 'ResourceType' as resource_type, - c ->> 'InstanceStatus' as instance_status, - c ->> 'PlatformVersion' as platform_version - from - aws_ssm_inventory as si, - jsonb_array_elements(content) as c - where - id = 'i-0665a65b1a1c2b47g'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n si.id,\n c ->> 'AgentType' as agent_type,\n c ->> 'IpAddress'\ + \ as ip_address,\n c ->> 'AgentVersion' as agent_version,\n c ->> 'ComputerName'\ + \ as computer_name,\n c ->> 'PlatformName' as platform_name,\n c ->> 'PlatformType'\ + \ as platform_type,\n c ->> 'ResourceType' as resource_type,\n c ->> 'InstanceStatus'\ + \ as instance_status,\n c ->> 'PlatformVersion' as platform_version\nfrom\n \ + \ aws_ssm_inventory as si,\n jsonb_array_elements(content) as c\nwhere\n id\ + \ = 'i-0665a65b1a1c2b47g';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Systems Manager +Title: List all AWS Systems Manager Inventory details diff --git a/queries/aws_ssm_inventory_3.yaml b/queries/aws_ssm_inventory_3.yaml index 4d6dcb4d8..3ea7b43ac 100755 --- a/queries/aws_ssm_inventory_3.yaml +++ b/queries/aws_ssm_inventory_3.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Systems Manager Inventory, providing information + about managed instances in AWS Systems Manager. ID: aws_ssm_inventory_3 -Title: "List all AWS Systems Manager Inventory Details" -Description: "Allows users to query AWS Systems Manager Inventory, providing information about managed instances in AWS Systems Manager." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - s ->> 'Version' as schema_version, - s ->> 'TypeName' as type_name, - s ->> 'DisplayName' as display_name, - jsonb_pretty(s -> 'Attributes') as attributes - from - aws_ssm_inventory, - jsonb_array_elements(schema) as s - order by - id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n s ->> 'Version' as schema_version,\n s ->> 'TypeName'\ + \ as type_name,\n s ->> 'DisplayName' as display_name,\n jsonb_pretty(s -> 'Attributes')\ + \ as attributes\nfrom\n aws_ssm_inventory,\n jsonb_array_elements(schema) as\ + \ s\norder by \n id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Systems Manager +Title: List all AWS Systems Manager Inventory Details diff --git a/queries/aws_ssm_inventory_4.yaml b/queries/aws_ssm_inventory_4.yaml index e602cc589..e24aea40c 100755 --- a/queries/aws_ssm_inventory_4.yaml +++ b/queries/aws_ssm_inventory_4.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS Systems Manager Inventory, providing information + about managed instances in AWS Systems Manager. ID: aws_ssm_inventory_4 -Title: "Find all AWS Systems Manager managed instances inventory" -Description: "Allows users to query AWS Systems Manager Inventory, providing information about managed instances in AWS Systems Manager." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - type_name, - capture_time, - schema_version, - content - from - aws_ssm_inventory - where - capture_time >= now() - interval '10' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n type_name,\n capture_time,\n schema_version,\n\ + \ content\nfrom\n aws_ssm_inventory\nwhere\n capture_time >= now() - interval\ + \ '10' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Systems Manager +Title: Find all AWS Systems Manager managed instances inventory diff --git a/queries/aws_ssm_inventory_5.yaml b/queries/aws_ssm_inventory_5.yaml index 97d6c0615..04abff3d5 100755 --- a/queries/aws_ssm_inventory_5.yaml +++ b/queries/aws_ssm_inventory_5.yaml @@ -1,39 +1,26 @@ +Description: Allows users to query AWS Systems Manager Inventory, providing information + about managed instances in AWS Systems Manager. ID: aws_ssm_inventory_5 -Title: "List AWS Systems Manager Inventory Managed Instances" -Description: "Allows users to query AWS Systems Manager Inventory, providing information about managed instances in AWS Systems Manager." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - v.id, - i.instance_state, - i.instance_type, - c ->> 'AgentType' as agent_type, - c ->> 'IpAddress' as ip_address, - c ->> 'AgentVersion' as agent_version, - c ->> 'ComputerName' as computer_name, - c ->> 'PlatformName' as platform_name, - c ->> 'PlatformType' as platform_type, - c ->> 'ResourceType' as resource_type, - c ->> 'InstanceStatus' as instance_status, - c ->> 'PlatformVersion' as platform_version - from - aws_ssm_inventory as v, - aws_ec2_instance as i, - jsonb_array_elements(content) as c - where - v.id = i.instance_id - and - i.instance_state = 'running'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n v.id,\n i.instance_state,\n i.instance_type,\n c ->>\ + \ 'AgentType' as agent_type,\n c ->> 'IpAddress' as ip_address,\n c ->> 'AgentVersion'\ + \ as agent_version,\n c ->> 'ComputerName' as computer_name,\n c ->> 'PlatformName'\ + \ as platform_name,\n c ->> 'PlatformType' as platform_type,\n c ->> 'ResourceType'\ + \ as resource_type,\n c ->> 'InstanceStatus' as instance_status,\n c ->> 'PlatformVersion'\ + \ as platform_version\nfrom\n aws_ssm_inventory as v,\n aws_ec2_instance as\ + \ i,\n jsonb_array_elements(content) as c\nwhere\n v.id = i.instance_id\nand\n\ + \ i.instance_state = 'running';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Systems Manager +Title: List AWS Systems Manager Inventory Managed Instances diff --git a/queries/aws_ssm_inventory_entry_1.yaml b/queries/aws_ssm_inventory_entry_1.yaml index 4d77fcbea..7e8efe857 100755 --- a/queries/aws_ssm_inventory_entry_1.yaml +++ b/queries/aws_ssm_inventory_entry_1.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS Systems Manager Inventory Entry to fetch information + about the inventory entries of managed instances. The table provides details such + as instance ID, type name, schema version, capture time, and inventory data. ID: aws_ssm_inventory_entry_1 -Title: "List all AWS Systems Manager Inventory Entries" -Description: "Allows users to query AWS Systems Manager Inventory Entry to fetch information about the inventory entries of managed instances. The table provides details such as instance ID, type name, schema version, capture time, and inventory data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - type_name, - capture_time, - schema_version, - entries - from - aws_ssm_inventory_entry; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n type_name,\n capture_time,\n schema_version,\n\ + \ entries\nfrom\n aws_ssm_inventory_entry;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Systems Manager +Title: List all AWS Systems Manager Inventory Entries diff --git a/queries/aws_ssm_inventory_entry_2.yaml b/queries/aws_ssm_inventory_entry_2.yaml index 94fbfc9fa..1c23690af 100755 --- a/queries/aws_ssm_inventory_entry_2.yaml +++ b/queries/aws_ssm_inventory_entry_2.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS Systems Manager Inventory Entry to fetch information + about the inventory entries of managed instances. The table provides details such + as instance ID, type name, schema version, capture time, and inventory data. ID: aws_ssm_inventory_entry_2 -Title: "List all AWS Systems Manager Inventory Entries" -Description: "Allows users to query AWS Systems Manager Inventory Entry to fetch information about the inventory entries of managed instances. The table provides details such as instance ID, type name, schema version, capture time, and inventory data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - type_name, - capture_time, - schema_version, - entries - from - aws_ssm_inventory_entry - where - capture_time >= time() - interval '30 day'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n type_name,\n capture_time,\n schema_version,\n\ + \ entries\nfrom\n aws_ssm_inventory_entry\nwhere\n capture_time >= time() -\ + \ interval '30 day';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Systems Manager +Title: List all AWS Systems Manager Inventory Entries diff --git a/queries/aws_ssm_inventory_entry_3.yaml b/queries/aws_ssm_inventory_entry_3.yaml index 69b17e8d0..bf6df9148 100755 --- a/queries/aws_ssm_inventory_entry_3.yaml +++ b/queries/aws_ssm_inventory_entry_3.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS Systems Manager Inventory Entry to fetch information + about the inventory entries of managed instances. The table provides details such + as instance ID, type name, schema version, capture time, and inventory data. ID: aws_ssm_inventory_entry_3 -Title: "List AWS SSM Inventory Entry Details by Instance" -Description: "Allows users to query AWS Systems Manager Inventory Entry to fetch information about the inventory entries of managed instances. The table provides details such as instance ID, type name, schema version, capture time, and inventory data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - e.instance_id, - e.type_name, - i.schema_version, - i.schema - from - aws_ssm_inventory_entry as e, - aws_ssm_inventory as i - where - i.id = e.instance_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n e.instance_id,\n e.type_name,\n i.schema_version,\n\ + \ i.schema\nfrom\n aws_ssm_inventory_entry as e,\n aws_ssm_inventory as i\n\ + where\n i.id = e.instance_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Systems Manager +Title: List AWS SSM Inventory Entry Details by Instance diff --git a/queries/aws_ssm_inventory_entry_4.yaml b/queries/aws_ssm_inventory_entry_4.yaml index 2cbb08155..c5cd1f1bd 100755 --- a/queries/aws_ssm_inventory_entry_4.yaml +++ b/queries/aws_ssm_inventory_entry_4.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS Systems Manager Inventory Entry to fetch information + about the inventory entries of managed instances. The table provides details such + as instance ID, type name, schema version, capture time, and inventory data. ID: aws_ssm_inventory_entry_4 -Title: "Find AWS Systems Manager Inventory Entries" -Description: "Allows users to query AWS Systems Manager Inventory Entry to fetch information about the inventory entries of managed instances. The table provides details such as instance ID, type name, schema version, capture time, and inventory data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - e.instance_id, - e.type_name, - i.resource_type, - i.association_status, - i.computer_name, - i.ip_address, - i.is_latest_version - from - aws_ssm_inventory_entry as e, - aws_ssm_managed_instance as i - where - i.instance_id = e.instance_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n e.instance_id,\n e.type_name,\n i.resource_type,\n\ + \ i.association_status,\n i.computer_name,\n i.ip_address,\n i.is_latest_version\n\ + from\n aws_ssm_inventory_entry as e,\n aws_ssm_managed_instance as i\nwhere\n\ + \ i.instance_id = e.instance_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Systems Manager +Title: Find AWS Systems Manager Inventory Entries diff --git a/queries/aws_ssm_inventory_entry_5.yaml b/queries/aws_ssm_inventory_entry_5.yaml index 2ff962941..fa5e2aaeb 100755 --- a/queries/aws_ssm_inventory_entry_5.yaml +++ b/queries/aws_ssm_inventory_entry_5.yaml @@ -1,32 +1,24 @@ +Description: Allows users to query AWS Systems Manager Inventory Entry to fetch information + about the inventory entries of managed instances. The table provides details such + as instance ID, type name, schema version, capture time, and inventory data. ID: aws_ssm_inventory_entry_5 -Title: "List all AWS Systems Manager Inventory Entries" -Description: "Allows users to query AWS Systems Manager Inventory Entry to fetch information about the inventory entries of managed instances. The table provides details such as instance ID, type name, schema version, capture time, and inventory data." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - type_name, - capture_time, - schema_version, - entries - from - aws_ssm_inventory_entry - where - instance_id = 'i-1234567890abcwd4f' - and - type_name like 'Custom%'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n type_name,\n capture_time,\n schema_version,\n\ + \ entries\nfrom\n aws_ssm_inventory_entry\nwhere\n instance_id = 'i-1234567890abcwd4f'\n\ + and\n type_name like 'Custom%';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Systems Manager +Title: List all AWS Systems Manager Inventory Entries diff --git a/queries/aws_ssm_maintenance_window_1.yaml b/queries/aws_ssm_maintenance_window_1.yaml index ef2cb3682..6fcf7e62e 100755 --- a/queries/aws_ssm_maintenance_window_1.yaml +++ b/queries/aws_ssm_maintenance_window_1.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Systems Manager Maintenance Windows to retrieve + details about scheduled maintenance tasks for AWS resources. ID: aws_ssm_maintenance_window_1 -Title: "List AWS Systems Manager Maintenance Windows Details" -Description: "Allows users to query AWS Systems Manager Maintenance Windows to retrieve details about scheduled maintenance tasks for AWS resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - window_id, - enabled, - schedule, - tags_src, - region - from - aws_ssm_maintenance_window; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n window_id,\n enabled,\n schedule,\n tags_src,\n\ + \ region\nfrom\n aws_ssm_maintenance_window;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Systems Manager +Title: List AWS Systems Manager Maintenance Windows Details diff --git a/queries/aws_ssm_maintenance_window_2.yaml b/queries/aws_ssm_maintenance_window_2.yaml index 76aedc486..8cef88300 100755 --- a/queries/aws_ssm_maintenance_window_2.yaml +++ b/queries/aws_ssm_maintenance_window_2.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS Systems Manager Maintenance Windows to retrieve + details about scheduled maintenance tasks for AWS resources. ID: aws_ssm_maintenance_window_2 -Title: "Find AWS Systems Manager Maintenance Windows Details" -Description: "Allows users to query AWS Systems Manager Maintenance Windows to retrieve details about scheduled maintenance tasks for AWS resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - p ->> 'WindowTargetId' as window_target_id, - p ->> 'ResourceType' as resource_type, - p ->> 'Name' as target_name - from - aws_ssm_maintenance_window, - jsonb_array_elements(targets) as p; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n p ->> 'WindowTargetId' as window_target_id,\n\ + \ p ->> 'ResourceType' as resource_type,\n p ->> 'Name' as target_name\nfrom\n\ + \ aws_ssm_maintenance_window,\n jsonb_array_elements(targets) as p;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Systems Manager +Title: Find AWS Systems Manager Maintenance Windows Details diff --git a/queries/aws_ssm_maintenance_window_3.yaml b/queries/aws_ssm_maintenance_window_3.yaml index b80b4a855..b90e2060f 100755 --- a/queries/aws_ssm_maintenance_window_3.yaml +++ b/queries/aws_ssm_maintenance_window_3.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS Systems Manager Maintenance Windows to retrieve + details about scheduled maintenance tasks for AWS resources. ID: aws_ssm_maintenance_window_3 -Title: "List All Maintenance Windows in AWS Systems Manager" -Description: "Allows users to query AWS Systems Manager Maintenance Windows to retrieve details about scheduled maintenance tasks for AWS resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - p ->> 'WindowTaskId' as window_task_id, - p ->> 'ServiceRoleArn' as service_role_arn, - p ->> 'Name' as task_name - from - aws_ssm_maintenance_window, - jsonb_array_elements(tasks) as p; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n p ->> 'WindowTaskId' as window_task_id,\n p\ + \ ->> 'ServiceRoleArn' as service_role_arn,\n p ->> 'Name' as task_name\nfrom\n\ + \ aws_ssm_maintenance_window,\n jsonb_array_elements(tasks) as p;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Systems Manager +Title: List All Maintenance Windows in AWS Systems Manager diff --git a/queries/aws_ssm_maintenance_window_4.yaml b/queries/aws_ssm_maintenance_window_4.yaml index a94fb9142..f0b8cb2a4 100755 --- a/queries/aws_ssm_maintenance_window_4.yaml +++ b/queries/aws_ssm_maintenance_window_4.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Systems Manager Maintenance Windows to retrieve + details about scheduled maintenance tasks for AWS resources. ID: aws_ssm_maintenance_window_4 -Title: "List all AWS Systems Manager Maintenance Windows" -Description: "Allows users to query AWS Systems Manager Maintenance Windows to retrieve details about scheduled maintenance tasks for AWS resources." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - window_id, - enabled - from - aws_ssm_maintenance_window - where - enabled; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n window_id,\n enabled\nfrom\n aws_ssm_maintenance_window\n\ + where\n enabled;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Systems Manager +Title: List all AWS Systems Manager Maintenance Windows diff --git a/queries/aws_ssm_managed_instance_1.yaml b/queries/aws_ssm_managed_instance_1.yaml index 18ef6f441..32bb6f268 100755 --- a/queries/aws_ssm_managed_instance_1.yaml +++ b/queries/aws_ssm_managed_instance_1.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS SSM Managed Instances to retrieve their configuration + and status information. ID: aws_ssm_managed_instance_1 -Title: "List all AWS SSM Managed Instances Configuration and Status" -Description: "Allows users to query AWS SSM Managed Instances to retrieve their configuration and status information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - arn, - resource_type, - association_status, - agent_version, - platform_type - from - aws_ssm_managed_instance; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n arn,\n resource_type,\n association_status,\n\ + \ agent_version,\n platform_type\nfrom\n aws_ssm_managed_instance;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SSM Managed Instances +Title: List all AWS SSM Managed Instances Configuration and Status diff --git a/queries/aws_ssm_managed_instance_2.yaml b/queries/aws_ssm_managed_instance_2.yaml index d2f07410c..d35415814 100755 --- a/queries/aws_ssm_managed_instance_2.yaml +++ b/queries/aws_ssm_managed_instance_2.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS SSM Managed Instances to retrieve their configuration + and status information. ID: aws_ssm_managed_instance_2 -Title: "Find AWS SSM Managed Instances with Config and Status" -Description: "Allows users to query AWS SSM Managed Instances to retrieve their configuration and status information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - arn, - resource_type, - association_status - from - aws_ssm_managed_instance - where - association_status is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n arn,\n resource_type,\n association_status\n\ + from\n aws_ssm_managed_instance\nwhere\n association_status is null;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SSM Managed Instances +Title: Find AWS SSM Managed Instances with Config and Status diff --git a/queries/aws_ssm_managed_instance_3.yaml b/queries/aws_ssm_managed_instance_3.yaml index d00f4e19b..b233f1c38 100755 --- a/queries/aws_ssm_managed_instance_3.yaml +++ b/queries/aws_ssm_managed_instance_3.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS SSM Managed Instances to retrieve their configuration + and status information. ID: aws_ssm_managed_instance_3 -Title: "List all AWS SSM Managed Instances with Configurations" -Description: "Allows users to query AWS SSM Managed Instances to retrieve their configuration and status information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - i.instance_id, - i.arn, - m.instance_id is not null as ssm_managed - from - aws_ec2_instance i - left join aws_ssm_managed_instance m on m.instance_id = i.instance_id - where - m.instance_id is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n i.instance_id,\n i.arn,\n m.instance_id is not null\ + \ as ssm_managed\nfrom\n aws_ec2_instance i\nleft join aws_ssm_managed_instance\ + \ m on m.instance_id = i.instance_id\nwhere \n m.instance_id is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SSM Managed Instance +Title: List all AWS SSM Managed Instances with Configurations diff --git a/queries/aws_ssm_managed_instance_compliance_1.yaml b/queries/aws_ssm_managed_instance_compliance_1.yaml index c26c17a47..524e78c33 100755 --- a/queries/aws_ssm_managed_instance_compliance_1.yaml +++ b/queries/aws_ssm_managed_instance_compliance_1.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS SSM Managed Instance Compliance data, providing + details on compliance status, compliance type, and related metadata. ID: aws_ssm_managed_instance_compliance_1 -Title: "List AWS SSM Managed Instance Compliance Details" -Description: "Allows users to query AWS SSM Managed Instance Compliance data, providing details on compliance status, compliance type, and related metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - name, - resource_id, - status, - compliance_type, - severity - from - aws_ssm_managed_instance_compliance - where - resource_id = 'i-2a3dc8b11ed9d37a'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n name,\n resource_id,\n status,\n compliance_type,\n\ + \ severity\nfrom\n aws_ssm_managed_instance_compliance\nwhere\n resource_id\ + \ = 'i-2a3dc8b11ed9d37a';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SSM Managed Instance Compliance +Title: List AWS SSM Managed Instance Compliance Details diff --git a/queries/aws_ssm_managed_instance_compliance_2.yaml b/queries/aws_ssm_managed_instance_compliance_2.yaml index 1925bbc96..119cc4e8a 100755 --- a/queries/aws_ssm_managed_instance_compliance_2.yaml +++ b/queries/aws_ssm_managed_instance_compliance_2.yaml @@ -1,33 +1,24 @@ +Description: Allows users to query AWS SSM Managed Instance Compliance data, providing + details on compliance status, compliance type, and related metadata. ID: aws_ssm_managed_instance_compliance_2 -Title: "Find AWS SSM Managed Instance Compliance Details" -Description: "Allows users to query AWS SSM Managed Instance Compliance data, providing details on compliance status, compliance type, and related metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - name, - resource_id as instance_id, - status, - compliance_type, - severity - from - aws_ssm_managed_instance_compliance - where - resource_id = 'i-2a3dc8b11ed9d37a' - and compliance_type = 'Association' - and status <> 'COMPLIANT'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n name,\n resource_id as instance_id,\n status,\n\ + \ compliance_type,\n severity\nfrom\n aws_ssm_managed_instance_compliance\n\ + where\n resource_id = 'i-2a3dc8b11ed9d37a'\n and compliance_type = 'Association'\n\ + \ and status <> 'COMPLIANT';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SSM +Title: Find AWS SSM Managed Instance Compliance Details diff --git a/queries/aws_ssm_managed_instance_compliance_3.yaml b/queries/aws_ssm_managed_instance_compliance_3.yaml index 3cb697951..9d7a9b462 100755 --- a/queries/aws_ssm_managed_instance_compliance_3.yaml +++ b/queries/aws_ssm_managed_instance_compliance_3.yaml @@ -1,33 +1,24 @@ +Description: Allows users to query AWS SSM Managed Instance Compliance data, providing + details on compliance status, compliance type, and related metadata. ID: aws_ssm_managed_instance_compliance_3 -Title: "Find AWS SSM Managed Instance Compliance Data" -Description: "Allows users to query AWS SSM Managed Instance Compliance data, providing details on compliance status, compliance type, and related metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - name, - resource_id as instance_id, - status, - compliance_type, - severity - from - aws_ssm_managed_instance_compliance - where - resource_id = 'i-2a3dc8b11ed9d37a' - and compliance_type = 'Patch' - and status <> 'COMPLIANT'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n name,\n resource_id as instance_id,\n status,\n\ + \ compliance_type,\n severity\nfrom\n aws_ssm_managed_instance_compliance\n\ + where\n resource_id = 'i-2a3dc8b11ed9d37a'\n and compliance_type = 'Patch'\n\ + \ and status <> 'COMPLIANT';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS SSM +Title: Find AWS SSM Managed Instance Compliance Data diff --git a/queries/aws_ssm_managed_instance_compliance_4.yaml b/queries/aws_ssm_managed_instance_compliance_4.yaml index 2bb7342b0..2b0a0acb2 100755 --- a/queries/aws_ssm_managed_instance_compliance_4.yaml +++ b/queries/aws_ssm_managed_instance_compliance_4.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS SSM Managed Instance Compliance data, providing + details on compliance status, compliance type, and related metadata. ID: aws_ssm_managed_instance_compliance_4 -Title: "List all AWS SSM Managed Instance Compliance Details" -Description: "Allows users to query AWS SSM Managed Instance Compliance data, providing details on compliance status, compliance type, and related metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - c.resource_id as instance_id, - id, - status - from - aws_ssm_managed_instance i, - aws_ssm_managed_instance_compliance c - where - i.instance_id = c.resource_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n c.resource_id as instance_id,\n id,\n status\nfrom\n\ + \ aws_ssm_managed_instance i,\n aws_ssm_managed_instance_compliance c\nwhere\n\ + \ i.instance_id = c.resource_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SSM +Title: List all AWS SSM Managed Instance Compliance Details diff --git a/queries/aws_ssm_managed_instance_patch_state_1.yaml b/queries/aws_ssm_managed_instance_patch_state_1.yaml index 93755c331..65e382db4 100755 --- a/queries/aws_ssm_managed_instance_patch_state_1.yaml +++ b/queries/aws_ssm_managed_instance_patch_state_1.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS Systems Manager Managed Instance Patch State + to gather information about the patch state of managed instances. This includes + the instance ID, patch group, owner information, installed patches, and more. ID: aws_ssm_managed_instance_patch_state_1 -Title: "Find AWS Managed Instance Patch States in SSM" -Description: "Allows users to query AWS Systems Manager Managed Instance Patch State to gather information about the patch state of managed instances. This includes the instance ID, patch group, owner information, installed patches, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - baseline_id, - operation, - patch_group, - failed_count, - installed_count, - installed_other_count - from - aws_ssm_managed_instance_patch_state; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n baseline_id,\n operation,\n patch_group,\n\ + \ failed_count,\n installed_count,\n installed_other_count\nfrom\n aws_ssm_managed_instance_patch_state;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Systems Manager Managed Instance +Title: Find AWS Managed Instance Patch States in SSM diff --git a/queries/aws_ssm_managed_instance_patch_state_2.yaml b/queries/aws_ssm_managed_instance_patch_state_2.yaml index 4e7a9d7b4..063b1017d 100755 --- a/queries/aws_ssm_managed_instance_patch_state_2.yaml +++ b/queries/aws_ssm_managed_instance_patch_state_2.yaml @@ -1,24 +1,21 @@ +Description: Allows users to query AWS Systems Manager Managed Instance Patch State + to gather information about the patch state of managed instances. This includes + the instance ID, patch group, owner information, installed patches, and more. ID: aws_ssm_managed_instance_patch_state_2 -Title: "Find AWS Systems Manager Managed Instance Patch State Details" -Description: "Allows users to query AWS Systems Manager Managed Instance Patch State to gather information about the patch state of managed instances. This includes the instance ID, patch group, owner information, installed patches, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - baseline_id, - installed_count - from - aws_ssm_managed_instance_patch_state; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n baseline_id,\n installed_count\nfrom\n\ + \ aws_ssm_managed_instance_patch_state;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Systems Manager +Title: Find AWS Systems Manager Managed Instance Patch State Details diff --git a/queries/aws_ssm_managed_instance_patch_state_3.yaml b/queries/aws_ssm_managed_instance_patch_state_3.yaml index 1bd1f36fb..823dc6bda 100755 --- a/queries/aws_ssm_managed_instance_patch_state_3.yaml +++ b/queries/aws_ssm_managed_instance_patch_state_3.yaml @@ -1,26 +1,23 @@ +Description: Allows users to query AWS Systems Manager Managed Instance Patch State + to gather information about the patch state of managed instances. This includes + the instance ID, patch group, owner information, installed patches, and more. ID: aws_ssm_managed_instance_patch_state_3 -Title: "List all AWS SSM Managed Instance Patch State" -Description: "Allows users to query AWS Systems Manager Managed Instance Patch State to gather information about the patch state of managed instances. This includes the instance ID, patch group, owner information, installed patches, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - baseline_id, - installed_other_count - from - aws_ssm_managed_instance_patch_state; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n baseline_id,\n installed_other_count\n\ + from\n aws_ssm_managed_instance_patch_state;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Systems Manager +Title: List all AWS SSM Managed Instance Patch State diff --git a/queries/aws_ssm_managed_instance_patch_state_4.yaml b/queries/aws_ssm_managed_instance_patch_state_4.yaml index 52f75f126..9c2697cc2 100755 --- a/queries/aws_ssm_managed_instance_patch_state_4.yaml +++ b/queries/aws_ssm_managed_instance_patch_state_4.yaml @@ -1,26 +1,23 @@ +Description: Allows users to query AWS Systems Manager Managed Instance Patch State + to gather information about the patch state of managed instances. This includes + the instance ID, patch group, owner information, installed patches, and more. ID: aws_ssm_managed_instance_patch_state_4 -Title: "Find AWS Systems Manager Managed Instance Patch State" -Description: "Allows users to query AWS Systems Manager Managed Instance Patch State to gather information about the patch state of managed instances. This includes the instance ID, patch group, owner information, installed patches, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - baseline_id, - security_non_compliant_count - from - aws_ssm_managed_instance_patch_state; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n baseline_id,\n security_non_compliant_count\n\ + from\n aws_ssm_managed_instance_patch_state;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Systems Manager +Title: Find AWS Systems Manager Managed Instance Patch State diff --git a/queries/aws_ssm_managed_instance_patch_state_5.yaml b/queries/aws_ssm_managed_instance_patch_state_5.yaml index 04a4ba10a..6cd54c8ba 100755 --- a/queries/aws_ssm_managed_instance_patch_state_5.yaml +++ b/queries/aws_ssm_managed_instance_patch_state_5.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS Systems Manager Managed Instance Patch State + to gather information about the patch state of managed instances. This includes + the instance ID, patch group, owner information, installed patches, and more. ID: aws_ssm_managed_instance_patch_state_5 -Title: "List AWS SSM Managed Instance Patch States" -Description: "Allows users to query AWS Systems Manager Managed Instance Patch State to gather information about the patch state of managed instances. This includes the instance ID, patch group, owner information, installed patches, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - baseline_id, - operation, - operation_end_time, - operation_start_time - from - aws_ssm_managed_instance_patch_state - where - operation_end_time >= now() - interval '10' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n baseline_id,\n operation,\n operation_end_time,\n\ + \ operation_start_time\nfrom\n aws_ssm_managed_instance_patch_state\nwhere\n\ + \ operation_end_time >= now() - interval '10' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Systems Manager +Title: List AWS SSM Managed Instance Patch States diff --git a/queries/aws_ssm_managed_instance_patch_state_6.yaml b/queries/aws_ssm_managed_instance_patch_state_6.yaml index 2c4349283..4e8d21a2e 100755 --- a/queries/aws_ssm_managed_instance_patch_state_6.yaml +++ b/queries/aws_ssm_managed_instance_patch_state_6.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS Systems Manager Managed Instance Patch State + to gather information about the patch state of managed instances. This includes + the instance ID, patch group, owner information, installed patches, and more. ID: aws_ssm_managed_instance_patch_state_6 -Title: "Find AWS Systems Manager Managed Instance Patch State" -Description: "Allows users to query AWS Systems Manager Managed Instance Patch State to gather information about the patch state of managed instances. This includes the instance ID, patch group, owner information, installed patches, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - instance_id, - baseline_id, - operation - from - aws_ssm_managed_instance_patch_state - where - operation = 'Scan'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n instance_id,\n baseline_id,\n operation\nfrom\n aws_ssm_managed_instance_patch_state\n\ + where\n operation = 'Scan';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Systems Manager +Title: Find AWS Systems Manager Managed Instance Patch State diff --git a/queries/aws_ssm_parameter_1.yaml b/queries/aws_ssm_parameter_1.yaml index f8dae9f94..7007f64be 100755 --- a/queries/aws_ssm_parameter_1.yaml +++ b/queries/aws_ssm_parameter_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Systems Manager Parameter Store to retrieve + information about parameters, their types, values, and associated metadata. ID: aws_ssm_parameter_1 -Title: "Find AWS Systems Manager Parameters and Metadata" -Description: "Allows users to query AWS Systems Manager Parameter Store to retrieve information about parameters, their types, values, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - type, - data_type, - tier, - region - from - aws_ssm_parameter; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n type,\n data_type,\n tier,\n region\nfrom\n\ + \ aws_ssm_parameter;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Systems Manager Parameter Store +Title: Find AWS Systems Manager Parameters and Metadata diff --git a/queries/aws_ssm_parameter_2.yaml b/queries/aws_ssm_parameter_2.yaml index 8f48623c4..dffa0da67 100755 --- a/queries/aws_ssm_parameter_2.yaml +++ b/queries/aws_ssm_parameter_2.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS Systems Manager Parameter Store to retrieve + information about parameters, their types, values, and associated metadata. ID: aws_ssm_parameter_2 -Title: "List AWS SSM Parameters with Details" -Description: "Allows users to query AWS Systems Manager Parameter Store to retrieve information about parameters, their types, values, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - tier, - p ->> 'PolicyType' as policy_type, - p ->> 'PolicyStatus' as Policy_status, - p ->> 'PolicyText' as policy_text - from - aws_ssm_parameter, - jsonb_array_elements(policies) as p; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n tier,\n p ->> 'PolicyType' as policy_type,\n\ + \ p ->> 'PolicyStatus' as Policy_status,\n p ->> 'PolicyText' as policy_text\n\ + from\n aws_ssm_parameter,\n jsonb_array_elements(policies) as p;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Systems Manager Parameter Store +Title: List AWS SSM Parameters with Details diff --git a/queries/aws_ssm_parameter_3.yaml b/queries/aws_ssm_parameter_3.yaml index de84a5d8a..3b13aa80d 100755 --- a/queries/aws_ssm_parameter_3.yaml +++ b/queries/aws_ssm_parameter_3.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Systems Manager Parameter Store to retrieve + information about parameters, their types, values, and associated metadata. ID: aws_ssm_parameter_3 -Title: "List all AWS SSM Parameters missing owner or app_id" -Description: "Allows users to query AWS Systems Manager Parameter Store to retrieve information about parameters, their types, values, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name - from - aws_ssm_parameter - where - tags -> 'owner' is null - or tags -> 'app_id' is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name\nfrom\n aws_ssm_parameter\nwhere\n tags -> 'owner'\ + \ is null\n or tags -> 'app_id' is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Systems Manager Parameter Store +Title: List all AWS SSM Parameters missing owner or app_id diff --git a/queries/aws_ssm_patch_baseline_1.yaml b/queries/aws_ssm_patch_baseline_1.yaml index 0d0891041..b665a2aa8 100755 --- a/queries/aws_ssm_patch_baseline_1.yaml +++ b/queries/aws_ssm_patch_baseline_1.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS SSM Patch Baseline data to retrieve information + about each patch baseline in your AWS account. ID: aws_ssm_patch_baseline_1 -Title: "List all AWS SSM Patch Baselines with Details" -Description: "Allows users to query AWS SSM Patch Baseline data to retrieve information about each patch baseline in your AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - baseline_id, - name, - description, - operating_system, - created_date, - region - from - aws_ssm_patch_baseline; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n baseline_id,\n name,\n description,\n operating_system,\n\ + \ created_date,\n region\nfrom\n aws_ssm_patch_baseline;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SSM Patch +Title: List all AWS SSM Patch Baselines with Details diff --git a/queries/aws_ssm_patch_baseline_2.yaml b/queries/aws_ssm_patch_baseline_2.yaml index 97d5953e0..adad498ae 100755 --- a/queries/aws_ssm_patch_baseline_2.yaml +++ b/queries/aws_ssm_patch_baseline_2.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS SSM Patch Baseline data to retrieve information + about each patch baseline in your AWS account. ID: aws_ssm_patch_baseline_2 -Title: "Find AWS SSM Patch Baseline details including creation dates" -Description: "Allows users to query AWS SSM Patch Baseline data to retrieve information about each patch baseline in your AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - baseline_id, - name, - description, - created_date, - region - from - aws_ssm_patch_baseline - where - operating_system = 'UBUNTU'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n baseline_id,\n name,\n description,\n created_date,\n\ + \ region\nfrom\n aws_ssm_patch_baseline\nwhere\n operating_system = 'UBUNTU';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SSM Patch Baseline +Title: Find AWS SSM Patch Baseline details including creation dates diff --git a/queries/aws_ssm_patch_baseline_3.yaml b/queries/aws_ssm_patch_baseline_3.yaml index 3f21463fc..1fb7558a6 100755 --- a/queries/aws_ssm_patch_baseline_3.yaml +++ b/queries/aws_ssm_patch_baseline_3.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS SSM Patch Baseline data to retrieve information + about each patch baseline in your AWS account. ID: aws_ssm_patch_baseline_3 -Title: "List all AWS SSM Patch Baseline Details" -Description: "Allows users to query AWS SSM Patch Baseline data to retrieve information about each patch baseline in your AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - baseline_id, - name, - description, - operating_system, - created_date, - rejected_patches, - region - from - aws_ssm_patch_baseline - where - rejected_patches != '[]'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n baseline_id,\n name,\n description,\n operating_system,\n\ + \ created_date,\n rejected_patches,\n region\nfrom\n aws_ssm_patch_baseline\n\ + where\n rejected_patches != '[]';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SSM Patch Baseline +Title: List all AWS SSM Patch Baseline Details diff --git a/queries/aws_ssm_patch_baseline_4.yaml b/queries/aws_ssm_patch_baseline_4.yaml index 091c40157..e30ea456b 100755 --- a/queries/aws_ssm_patch_baseline_4.yaml +++ b/queries/aws_ssm_patch_baseline_4.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS SSM Patch Baseline data to retrieve information + about each patch baseline in your AWS account. ID: aws_ssm_patch_baseline_4 -Title: "Find all AWS SSM Patch Baselines and Approval Rules" -Description: "Allows users to query AWS SSM Patch Baseline data to retrieve information about each patch baseline in your AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - baseline_id, - p ->> 'ApproveAfterDays' as approve_after_days, - p ->> 'ApproveUntilDate' as approve_until_date, - p ->> 'ComplianceLevel' as compliance_level, - p -> 'PatchFilterGroup' ->> 'PatchFilters' as patch_filters - from - aws_ssm_patch_baseline, - jsonb_array_elements(approval_rules -> 'PatchRules') as p; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n baseline_id,\n p ->> 'ApproveAfterDays' as approve_after_days,\n\ + \ p ->> 'ApproveUntilDate' as approve_until_date,\n p ->> 'ComplianceLevel'\ + \ as compliance_level,\n p -> 'PatchFilterGroup' ->> 'PatchFilters' as patch_filters\n\ + from\n aws_ssm_patch_baseline,\n jsonb_array_elements(approval_rules -> 'PatchRules')\ + \ as p;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SSM Patch Baseline +Title: Find all AWS SSM Patch Baselines and Approval Rules diff --git a/queries/aws_ssmincidents_response_plan_1.yaml b/queries/aws_ssmincidents_response_plan_1.yaml index 3d034819b..351c5ae36 100755 --- a/queries/aws_ssmincidents_response_plan_1.yaml +++ b/queries/aws_ssmincidents_response_plan_1.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query AWS SSM Incidents Response Plan data to retrieve + information about each resource plan in your AWS account. ID: aws_ssmincidents_response_plan_1 -Title: "List AWS SSM Incidents Response Plan Data" -Description: "Allows users to query AWS SSM Incidents Response Plan data to retrieve information about each resource plan in your AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - display_name, - chat_channel, - incident_template, - integrations, - title - from - aws_ssmincidents_response_plan; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n display_name,\n chat_channel,\n incident_template,\n\ + \ integrations,\n title\nfrom\n aws_ssmincidents_response_plan;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SSM Incidents +Title: List AWS SSM Incidents Response Plan Data diff --git a/queries/aws_ssmincidents_response_plan_2.yaml b/queries/aws_ssmincidents_response_plan_2.yaml index 2272e7baf..38e9e164b 100755 --- a/queries/aws_ssmincidents_response_plan_2.yaml +++ b/queries/aws_ssmincidents_response_plan_2.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS SSM Incidents Response Plan data to retrieve + information about each resource plan in your AWS account. ID: aws_ssmincidents_response_plan_2 -Title: "List all AWS SSM Incident Response Plan Data" -Description: "Allows users to query AWS SSM Incidents Response Plan data to retrieve information about each resource plan in your AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - display_name, - chat_channel, - incident_template, - integrations, - title - from - aws_ssmincidents_response_plan - where - chat_channel is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n display_name,\n chat_channel,\n incident_template,\n\ + \ integrations,\n title\nfrom\n aws_ssmincidents_response_plan\nwhere\n chat_channel\ + \ is not null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SSM Incidents +Title: List all AWS SSM Incident Response Plan Data diff --git a/queries/aws_ssmincidents_response_plan_3.yaml b/queries/aws_ssmincidents_response_plan_3.yaml index 30fbb463d..3a67c7d46 100755 --- a/queries/aws_ssmincidents_response_plan_3.yaml +++ b/queries/aws_ssmincidents_response_plan_3.yaml @@ -1,34 +1,25 @@ +Description: Allows users to query AWS SSM Incidents Response Plan data to retrieve + information about each resource plan in your AWS account. ID: aws_ssmincidents_response_plan_3 -Title: "Find all Information on AWS SSM Incidents Response Plans" -Description: "Allows users to query AWS SSM Incidents Response Plan data to retrieve information about each resource plan in your AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - display_name, - incident_template -> 'Impact' as incident_template_impact, - incident_template -> 'Title' as incident_template_title, - incident_template -> 'DedupeString', - incident_template -> 'IncidentTags' as incident_template_tags, - incident_template -> 'NotificationTargets' as incident_notification_targets, - incident_template -> 'Summary' as incident_template_summary, - title - from - aws_ssmincidents_response_plan - where - incident_template is not null - and arn = 'arn:aws:ssm-incidents::111111111111:response-plan/response-plan-test'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n display_name,\n incident_template ->\ + \ 'Impact' as incident_template_impact,\n incident_template -> 'Title' as incident_template_title,\n\ + \ incident_template -> 'DedupeString',\n incident_template -> 'IncidentTags'\ + \ as incident_template_tags,\n incident_template -> 'NotificationTargets' as\ + \ incident_notification_targets,\n incident_template -> 'Summary' as incident_template_summary,\n\ + \ title\nfrom\n aws_ssmincidents_response_plan\nwhere\n incident_template is\ + \ not null\n and arn = 'arn:aws:ssm-incidents::111111111111:response-plan/response-plan-test';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SSM Incidents +Title: Find all Information on AWS SSM Incidents Response Plans diff --git a/queries/aws_ssmincidents_response_plan_4.yaml b/queries/aws_ssmincidents_response_plan_4.yaml index 196693f74..8383afcc2 100755 --- a/queries/aws_ssmincidents_response_plan_4.yaml +++ b/queries/aws_ssmincidents_response_plan_4.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS SSM Incidents Response Plan data to retrieve + information about each resource plan in your AWS account. ID: aws_ssmincidents_response_plan_4 -Title: "Find AWS SSM Incident Response Plans with Integrations" -Description: "Allows users to query AWS SSM Incidents Response Plan data to retrieve information about each resource plan in your AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - display_name, - jsonb_pretty(integrations), - title - from - aws_ssmincidents_response_plan - where - integrations is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n display_name,\n jsonb_pretty(integrations),\n\ + \ title\nfrom\n aws_ssmincidents_response_plan\nwhere\n integrations is not\ + \ null;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SSM Incidents +Title: Find AWS SSM Incident Response Plans with Integrations diff --git a/queries/aws_ssmincidents_response_plan_5.yaml b/queries/aws_ssmincidents_response_plan_5.yaml index 6de9377a3..c96aa3e56 100755 --- a/queries/aws_ssmincidents_response_plan_5.yaml +++ b/queries/aws_ssmincidents_response_plan_5.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS SSM Incidents Response Plan data to retrieve + information about each resource plan in your AWS account. ID: aws_ssmincidents_response_plan_5 -Title: "Find AWS SSM Incidents Response Plan Information" -Description: "Allows users to query AWS SSM Incidents Response Plan data to retrieve information about each resource plan in your AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - display_name, - jsonb_pretty(engagements), - title - from - aws_ssmincidents_response_plan - where - engagements is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n display_name,\n jsonb_pretty(engagements),\n\ + \ title\nfrom\n aws_ssmincidents_response_plan\nwhere\n engagements is not\ + \ null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SSM Incidents +Title: Find AWS SSM Incidents Response Plan Information diff --git a/queries/aws_ssoadmin_account_assignment_1.yaml b/queries/aws_ssoadmin_account_assignment_1.yaml index a4f5fd37e..59c506721 100755 --- a/queries/aws_ssoadmin_account_assignment_1.yaml +++ b/queries/aws_ssoadmin_account_assignment_1.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS SSO Admin Account Assignments. This table provides + information about each AWS SSO admin account assignment within an AWS account. ID: aws_ssoadmin_account_assignment_1 -Title: "Find AWS SSO Admin Account Assignments" -Description: "Allows users to query AWS SSO Admin Account Assignments. This table provides information about each AWS SSO admin account assignment within an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - permission_set_arn, - target_account_id, - principal_type, - principal_id - from - aws_ssoadmin_account_assignment - where - permission_set_arn = 'arn:aws:sso:::permissionSet/ssoins-0123456789abcdef/ps-0123456789abcdef' - and target_account_id = '012347678910'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n permission_set_arn,\n target_account_id,\n principal_type,\n\ + \ principal_id\nfrom\n aws_ssoadmin_account_assignment\nwhere\n permission_set_arn\ + \ = 'arn:aws:sso:::permissionSet/ssoins-0123456789abcdef/ps-0123456789abcdef'\n\ + \ and target_account_id = '012347678910';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS SSO Admin +Title: Find AWS SSO Admin Account Assignments diff --git a/queries/aws_ssoadmin_account_assignment_2.yaml b/queries/aws_ssoadmin_account_assignment_2.yaml index 67ea5dac1..f93fea7be 100755 --- a/queries/aws_ssoadmin_account_assignment_2.yaml +++ b/queries/aws_ssoadmin_account_assignment_2.yaml @@ -1,55 +1,29 @@ +Description: Allows users to query AWS SSO Admin Account Assignments. This table provides + information about each AWS SSO admin account assignment within an AWS account. ID: aws_ssoadmin_account_assignment_2 -Title: "Find All AWS SSO Admin Account Assignments with SQL" -Description: "Allows users to query AWS SSO Admin Account Assignments. This table provides information about each AWS SSO admin account assignment within an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - with aws_ssoadmin_principal as - ( - select - i.arn as instance_arn, - 'GROUP' as "type", - g.id, - g.title - from - aws_ssoadmin_instance i - left join - aws_identitystore_group g - on i.identity_store_id = g.identity_store_id - union - select - i.arn as instance_arn, - 'USER' as "type", - u.id, - u.title - from - aws_ssoadmin_instance i - left join - aws_identitystore_user u - on i.identity_store_id = u.identity_store_id - ) - select - a.target_account_id, - a.principal_type, - p.title as principal_title - from - aws_ssoadmin_account_assignment a - left join - aws_ssoadmin_principal p - on a.principal_type = p.type - and a.principal_id = p.id - and a.instance_arn = p.instance_arn - where - a.target_account_id = '012345678901' and a.permission_set_arn = 'arn:aws:sso:::permissionSet/ssoins-0123456789abcdef/ps-0123456789abcdef'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "with aws_ssoadmin_principal as\n(\n select\n i.arn as instance_arn,\n\ + \ 'GROUP' as \"type\",\n g.id,\n g.title\n from\n aws_ssoadmin_instance\ + \ i\n left join\n aws_identitystore_group g\n on i.identity_store_id\ + \ = g.identity_store_id\n union\n select\n i.arn as instance_arn,\n\ + \ 'USER' as \"type\",\n u.id,\n u.title\n from\n aws_ssoadmin_instance\ + \ i\n left join\n aws_identitystore_user u\n on i.identity_store_id\ + \ = u.identity_store_id\n)\nselect\n a.target_account_id,\n a.principal_type,\n\ + \ p.title as principal_title\nfrom\n aws_ssoadmin_account_assignment a\n left\ + \ join\n aws_ssoadmin_principal p\n on a.principal_type = p.type\n and\ + \ a.principal_id = p.id\n and a.instance_arn = p.instance_arn\nwhere\n a.target_account_id\ + \ = '012345678901' and a.permission_set_arn = 'arn:aws:sso:::permissionSet/ssoins-0123456789abcdef/ps-0123456789abcdef';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SSO Admin +Title: Find All AWS SSO Admin Account Assignments with SQL diff --git a/queries/aws_ssoadmin_instance_1.yaml b/queries/aws_ssoadmin_instance_1.yaml index 108f25b92..f45d8d0b6 100755 --- a/queries/aws_ssoadmin_instance_1.yaml +++ b/queries/aws_ssoadmin_instance_1.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS SSO Admin Instance, providing information about + each AWS SSO instance in your AWS account. ID: aws_ssoadmin_instance_1 -Title: "Find All AWS SSO Admin Instances and Identity Stores" -Description: "Allows users to query AWS SSO Admin Instance, providing information about each AWS SSO instance in your AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - identity_store_id - from - aws_ssoadmin_instance - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n identity_store_id\nfrom\n aws_ssoadmin_instance" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS SSO Admin +Title: Find All AWS SSO Admin Instances and Identity Stores diff --git a/queries/aws_ssoadmin_managed_policy_attachment_1.yaml b/queries/aws_ssoadmin_managed_policy_attachment_1.yaml index 04f1f984f..0d8ba2b00 100755 --- a/queries/aws_ssoadmin_managed_policy_attachment_1.yaml +++ b/queries/aws_ssoadmin_managed_policy_attachment_1.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS SSO Managed Policy Attachments, providing information + about the managed policy attachments of AWS SSO permission sets. ID: aws_ssoadmin_managed_policy_attachment_1 -Title: "List All AWS SSO Managed Policy Attachments" -Description: "Allows users to query AWS SSO Managed Policy Attachments, providing information about the managed policy attachments of AWS SSO permission sets." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - mpa.managed_policy_arn, - mpa.name - from - aws_ssoadmin_managed_policy_attachment as mpa - join - aws_ssoadmin_permission_set as ps on mpa.permission_set_arn = ps.arn; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n mpa.managed_policy_arn,\n mpa.name\nfrom\n aws_ssoadmin_managed_policy_attachment\ + \ as mpa\njoin\n aws_ssoadmin_permission_set as ps on mpa.permission_set_arn\ + \ = ps.arn;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS SSO +Title: List All AWS SSO Managed Policy Attachments diff --git a/queries/aws_ssoadmin_permission_set_1.yaml b/queries/aws_ssoadmin_permission_set_1.yaml index 74508889d..c04a49ab5 100755 --- a/queries/aws_ssoadmin_permission_set_1.yaml +++ b/queries/aws_ssoadmin_permission_set_1.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS SSO Admin Permission Set to retrieve data related + to the permissions sets of AWS Single Sign-On (SSO) service. ID: aws_ssoadmin_permission_set_1 -Title: "List all AWS SSO Permission Sets and their Details" -Description: "Allows users to query AWS SSO Admin Permission Set to retrieve data related to the permissions sets of AWS Single Sign-On (SSO) service." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - created_date, - description, - relay_state, - session_duration, - tags - from - aws_ssoadmin_permission_set; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n created_date,\n description,\n relay_state,\n\ + \ session_duration,\n tags\nfrom\n aws_ssoadmin_permission_set;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - SSO Admin +Title: List all AWS SSO Permission Sets and their Details diff --git a/queries/aws_sts_caller_identity_1.yaml b/queries/aws_sts_caller_identity_1.yaml index 94903673c..f61aa016b 100755 --- a/queries/aws_sts_caller_identity_1.yaml +++ b/queries/aws_sts_caller_identity_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Security Token Service Caller Identity to retrieve + details about the IAM user or role whose credentials are used to call the operation. ID: aws_sts_caller_identity_1 -Title: "Find IAM User or Role Details in AWS STS Caller Identity" -Description: "Allows users to query AWS Security Token Service Caller Identity to retrieve details about the IAM user or role whose credentials are used to call the operation." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - user_id, - title, - account_id, - akas - from - aws_sts_caller_identity; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n user_id,\n title,\n account_id,\n akas\nfrom\n\ + \ aws_sts_caller_identity;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Token Service +Title: Find IAM User or Role Details in AWS STS Caller Identity diff --git a/queries/aws_sts_caller_identity_2.yaml b/queries/aws_sts_caller_identity_2.yaml index 4fb53a1d3..e968cff88 100755 --- a/queries/aws_sts_caller_identity_2.yaml +++ b/queries/aws_sts_caller_identity_2.yaml @@ -1,34 +1,24 @@ +Description: Allows users to query AWS Security Token Service Caller Identity to retrieve + details about the IAM user or role whose credentials are used to call the operation. ID: aws_sts_caller_identity_2 -Title: "Find AWS STS Caller Identity Details Using SQL" -Description: "Allows users to query AWS Security Token Service Caller Identity to retrieve details about the IAM user or role whose credentials are used to call the operation." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - caller_identity.arn, - caller_identity.user_id, - caller_identity.title, - caller_identity.account_id, - u.name, - u.create_date, - u.password_last_used - from - aws_sts_caller_identity as caller_identity, - aws_iam_user as u - where - caller_identity.user_id = u.user_id - and caller_identity.arn like '%assumed%'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n caller_identity.arn,\n caller_identity.user_id,\n caller_identity.title,\n\ + \ caller_identity.account_id,\n u.name,\n u.create_date,\n u.password_last_used\n\ + from\n aws_sts_caller_identity as caller_identity,\n aws_iam_user as u\nwhere\n\ + \ caller_identity.user_id = u.user_id\n and caller_identity.arn like '%assumed%';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Security Token Service +Title: Find AWS STS Caller Identity Details Using SQL diff --git a/queries/aws_sts_caller_identity_3.yaml b/queries/aws_sts_caller_identity_3.yaml index df9ed2d0d..b00999337 100755 --- a/queries/aws_sts_caller_identity_3.yaml +++ b/queries/aws_sts_caller_identity_3.yaml @@ -1,34 +1,24 @@ +Description: Allows users to query AWS Security Token Service Caller Identity to retrieve + details about the IAM user or role whose credentials are used to call the operation. ID: aws_sts_caller_identity_3 -Title: "Find AWS Security Token Service Caller Identity Details" -Description: "Allows users to query AWS Security Token Service Caller Identity to retrieve details about the IAM user or role whose credentials are used to call the operation." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - caller_identity.arn, - caller_identity.user_id, - caller_identity.title, - caller_identity.account_id, - u.name, - u.create_date, - u.password_last_used - from - aws_sts_caller_identity as caller_identity, - aws_iam_user as u - where - caller_identity.user_id = u.user_id - and caller_identity.arn like '%federated%'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n caller_identity.arn,\n caller_identity.user_id,\n caller_identity.title,\n\ + \ caller_identity.account_id,\n u.name,\n u.create_date,\n u.password_last_used\n\ + from\n aws_sts_caller_identity as caller_identity,\n aws_iam_user as u\nwhere\n\ + \ caller_identity.user_id = u.user_id\n and caller_identity.arn like '%federated%';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Security Token Service +Title: Find AWS Security Token Service Caller Identity Details diff --git a/queries/aws_tagging_resource_1.yaml b/queries/aws_tagging_resource_1.yaml index 3a6addde3..25d9e5f7f 100755 --- a/queries/aws_tagging_resource_1.yaml +++ b/queries/aws_tagging_resource_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Resource Tagging API to get details about resources + and their associated tags. ID: aws_tagging_resource_1 -Title: "List AWS Resource Tagging API Details with SQL" -Description: "Allows users to query AWS Resource Tagging API to get details about resources and their associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - compliance_status, - tags, - region - from - aws_tagging_resource; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n compliance_status,\n tags,\n region\n\ + from\n aws_tagging_resource;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Resource Tagging API +Title: List AWS Resource Tagging API Details with SQL diff --git a/queries/aws_tagging_resource_2.yaml b/queries/aws_tagging_resource_2.yaml index 76f340e85..cda1056db 100755 --- a/queries/aws_tagging_resource_2.yaml +++ b/queries/aws_tagging_resource_2.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS Resource Tagging API to get details about resources + and their associated tags. ID: aws_tagging_resource_2 -Title: "List all AWS Resource Tagging API details with SQL" -Description: "Allows users to query AWS Resource Tagging API to get details about resources and their associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - tags, - compliance_status - from - aws_tagging_resource - where - compliance_status; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n tags,\n compliance_status\nfrom\n \ + \ aws_tagging_resource\nwhere\n compliance_status;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Resource Tagging API +Title: List all AWS Resource Tagging API details with SQL diff --git a/queries/aws_timestreamwrite_database_1.yaml b/queries/aws_timestreamwrite_database_1.yaml index e5de61183..350cf2264 100755 --- a/queries/aws_timestreamwrite_database_1.yaml +++ b/queries/aws_timestreamwrite_database_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Timestream databases, providing detailed information + on database configurations, statuses, and associated tables. ID: aws_timestreamwrite_database_1 -Title: "List all AWS Timestream database configurations and statuses" -Description: "Allows users to query AWS Timestream databases, providing detailed information on database configurations, statuses, and associated tables." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - database_name, - arn, - creation_time, - region, - kms_key_id - from - aws_timestreamwrite_database; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n database_name,\n arn,\n creation_time,\n region,\n\ + \ kms_key_id\nfrom\n aws_timestreamwrite_database;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Timestream +Title: List all AWS Timestream database configurations and statuses diff --git a/queries/aws_timestreamwrite_database_2.yaml b/queries/aws_timestreamwrite_database_2.yaml index f5e338ae7..21cac987f 100755 --- a/queries/aws_timestreamwrite_database_2.yaml +++ b/queries/aws_timestreamwrite_database_2.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Timestream databases, providing detailed information + on database configurations, statuses, and associated tables. ID: aws_timestreamwrite_database_2 -Title: "Find all AWS Timestream Databases with Configurations" -Description: "Allows users to query AWS Timestream databases, providing detailed information on database configurations, statuses, and associated tables." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - database_name, - arn, - kms_key_id - from - aws_timestreamwrite_database - where - kms_key_id = 'your-kms-key-id'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n database_name,\n arn,\n kms_key_id\nfrom\n aws_timestreamwrite_database\n\ + where\n kms_key_id = 'your-kms-key-id';" Tags: cloud_data_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Timestream +Title: Find all AWS Timestream Databases with Configurations diff --git a/queries/aws_timestreamwrite_database_3.yaml b/queries/aws_timestreamwrite_database_3.yaml index 2ae4bd56c..6af4776cd 100755 --- a/queries/aws_timestreamwrite_database_3.yaml +++ b/queries/aws_timestreamwrite_database_3.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Timestream databases, providing detailed information + on database configurations, statuses, and associated tables. ID: aws_timestreamwrite_database_3 -Title: "List all AWS Timestream Database Configurations, Statuses" -Description: "Allows users to query AWS Timestream databases, providing detailed information on database configurations, statuses, and associated tables." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - database_name, - arn, - creation_time - from - aws_timestreamwrite_database - order by - creation_time desc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n database_name,\n arn,\n creation_time\nfrom\n aws_timestreamwrite_database\n\ + order by\n creation_time desc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Timestream +Title: List all AWS Timestream Database Configurations, Statuses diff --git a/queries/aws_timestreamwrite_database_4.yaml b/queries/aws_timestreamwrite_database_4.yaml index 1988f4eb9..fe8df9eb6 100755 --- a/queries/aws_timestreamwrite_database_4.yaml +++ b/queries/aws_timestreamwrite_database_4.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Timestream databases, providing detailed information + on database configurations, statuses, and associated tables. ID: aws_timestreamwrite_database_4 -Title: "List all AWS Timestream Databases and Table Counts" -Description: "Allows users to query AWS Timestream databases, providing detailed information on database configurations, statuses, and associated tables." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - database_name, - arn, - table_count - from - aws_timestreamwrite_database - order by - table_count desc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n database_name,\n arn,\n table_count\nfrom\n aws_timestreamwrite_database\n\ + order by\n table_count desc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Timestream +Title: List all AWS Timestream Databases and Table Counts diff --git a/queries/aws_timestreamwrite_database_5.yaml b/queries/aws_timestreamwrite_database_5.yaml index 1e47921f3..17254b883 100755 --- a/queries/aws_timestreamwrite_database_5.yaml +++ b/queries/aws_timestreamwrite_database_5.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Timestream databases, providing detailed information + on database configurations, statuses, and associated tables. ID: aws_timestreamwrite_database_5 -Title: "List all AWS Timestream Databases with Details" -Description: "Allows users to query AWS Timestream databases, providing detailed information on database configurations, statuses, and associated tables." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - database_name, - arn, - last_updated_time, - region - from - aws_timestreamwrite_database; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n database_name,\n arn,\n last_updated_time,\n region\n\ + from\n aws_timestreamwrite_database;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Timestream +Title: List all AWS Timestream Databases with Details diff --git a/queries/aws_timestreamwrite_table_1.yaml b/queries/aws_timestreamwrite_table_1.yaml index de2a48cb5..f79283e54 100755 --- a/queries/aws_timestreamwrite_table_1.yaml +++ b/queries/aws_timestreamwrite_table_1.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS Timestream tables, providing detailed information + on table configurations, statuses, and retention properties. ID: aws_timestreamwrite_table_1 -Title: "List all AWS Timestream Tables with Configurations and Statuses" -Description: "Allows users to query AWS Timestream tables, providing detailed information on table configurations, statuses, and retention properties." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - table_name, - arn, - table_status, - creation_time, - last_updated_time, - region - from - aws_timestreamwrite_table; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n table_name,\n arn,\n table_status,\n creation_time,\n\ + \ last_updated_time,\n region\nfrom\n aws_timestreamwrite_table;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Timestream +Title: List all AWS Timestream Tables with Configurations and Statuses diff --git a/queries/aws_timestreamwrite_table_2.yaml b/queries/aws_timestreamwrite_table_2.yaml index ca096ea17..dba109648 100755 --- a/queries/aws_timestreamwrite_table_2.yaml +++ b/queries/aws_timestreamwrite_table_2.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Timestream tables, providing detailed information + on table configurations, statuses, and retention properties. ID: aws_timestreamwrite_table_2 -Title: "List AWS Timestream Table Configurations and Statuses" -Description: "Allows users to query AWS Timestream tables, providing detailed information on table configurations, statuses, and retention properties." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - table_name, - arn, - table_status - from - aws_timestreamwrite_table - where - table_status = 'ACTIVE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n table_name,\n arn,\n table_status\nfrom\n aws_timestreamwrite_table\n\ + where\n table_status = 'ACTIVE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Timestream +Title: List AWS Timestream Table Configurations and Statuses diff --git a/queries/aws_timestreamwrite_table_3.yaml b/queries/aws_timestreamwrite_table_3.yaml index fe6577032..e022ea129 100755 --- a/queries/aws_timestreamwrite_table_3.yaml +++ b/queries/aws_timestreamwrite_table_3.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query AWS Timestream tables, providing detailed information + on table configurations, statuses, and retention properties. ID: aws_timestreamwrite_table_3 -Title: "Find AWS Timestream Table Configurations and Statuses" -Description: "Allows users to query AWS Timestream tables, providing detailed information on table configurations, statuses, and retention properties." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - table_name, - arn, - retention_properties - from - aws_timestreamwrite_table - where - retention_properties ->> 'MemoryStoreRetentionPeriodInHours' = '24' - and retention_properties ->> 'MagneticStoreRetentionPeriodInDays' = '7'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n table_name,\n arn,\n retention_properties\nfrom\n \ + \ aws_timestreamwrite_table\nwhere\n retention_properties ->> 'MemoryStoreRetentionPeriodInHours'\ + \ = '24'\n and retention_properties ->> 'MagneticStoreRetentionPeriodInDays'\ + \ = '7';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Timestream +Title: Find AWS Timestream Table Configurations and Statuses diff --git a/queries/aws_timestreamwrite_table_4.yaml b/queries/aws_timestreamwrite_table_4.yaml index 53f694b0e..fd85f39f2 100755 --- a/queries/aws_timestreamwrite_table_4.yaml +++ b/queries/aws_timestreamwrite_table_4.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS Timestream tables, providing detailed information + on table configurations, statuses, and retention properties. ID: aws_timestreamwrite_table_4 -Title: "List AWS Timestream Tables with Specific Write Properties" -Description: "Allows users to query AWS Timestream tables, providing detailed information on table configurations, statuses, and retention properties." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - table_name, - arn, - magnetic_store_write_properties - from - aws_timestreamwrite_table - where - magnetic_store_write_properties ->> 'EnableMagneticStoreWrites' = 'true'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n table_name,\n arn,\n magnetic_store_write_properties\n\ + from\n aws_timestreamwrite_table\nwhere\n magnetic_store_write_properties ->>\ + \ 'EnableMagneticStoreWrites' = 'true';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Timestream +Title: List AWS Timestream Tables with Specific Write Properties diff --git a/queries/aws_timestreamwrite_table_5.yaml b/queries/aws_timestreamwrite_table_5.yaml index 3ffa3c7b8..29179abeb 100755 --- a/queries/aws_timestreamwrite_table_5.yaml +++ b/queries/aws_timestreamwrite_table_5.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Timestream tables, providing detailed information + on table configurations, statuses, and retention properties. ID: aws_timestreamwrite_table_5 -Title: "List all AWS Timestream Tables and Configurations" -Description: "Allows users to query AWS Timestream tables, providing detailed information on table configurations, statuses, and retention properties." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - table_name, - arn, - creation_time - from - aws_timestreamwrite_table - order by - creation_time desc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n table_name,\n arn,\n creation_time\nfrom\n aws_timestreamwrite_table\n\ + order by\n creation_time desc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Timestream +Title: List all AWS Timestream Tables and Configurations diff --git a/queries/aws_timestreamwrite_table_6.yaml b/queries/aws_timestreamwrite_table_6.yaml index d1a50640e..c701ccdb4 100755 --- a/queries/aws_timestreamwrite_table_6.yaml +++ b/queries/aws_timestreamwrite_table_6.yaml @@ -1,24 +1,19 @@ +Description: Allows users to query AWS Timestream tables, providing detailed information + on table configurations, statuses, and retention properties. ID: aws_timestreamwrite_table_6 -Title: "List All AWS Timestream Table Configurations and Statuses" -Description: "Allows users to query AWS Timestream tables, providing detailed information on table configurations, statuses, and retention properties." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - table_name, - arn, - schema - from - aws_timestreamwrite_table; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n table_name,\n arn,\n schema\nfrom\n aws_timestreamwrite_table;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Timestream +Title: List All AWS Timestream Table Configurations and Statuses diff --git a/queries/aws_transfer_server_1.yaml b/queries/aws_transfer_server_1.yaml index 236cd9b8a..6c625015c 100755 --- a/queries/aws_transfer_server_1.yaml +++ b/queries/aws_transfer_server_1.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Transfer for SFTP Servers and retrieve detailed + information about SFTP servers in their AWS account. ID: aws_transfer_server_1 -Title: "Find all AWS SFTP Servers and their Details" -Description: "Allows users to query AWS Transfer for SFTP Servers and retrieve detailed information about SFTP servers in their AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - server_id, - domain, - identity_provider_type, - endpoint_type - from - aws_transfer_server; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n server_id,\n domain,\n identity_provider_type,\n endpoint_type\n\ + from\n aws_transfer_server;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Transfer +Title: Find all AWS SFTP Servers and their Details diff --git a/queries/aws_transfer_server_2.yaml b/queries/aws_transfer_server_2.yaml index e825520d2..2d2645738 100755 --- a/queries/aws_transfer_server_2.yaml +++ b/queries/aws_transfer_server_2.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS Transfer for SFTP Servers and retrieve detailed + information about SFTP servers in their AWS account. ID: aws_transfer_server_2 -Title: "List all Offline SFTP Servers in AWS Transfer" -Description: "Allows users to query AWS Transfer for SFTP Servers and retrieve detailed information about SFTP servers in their AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - server_id, - domain, - identity_provider_type, - endpoint_type, - state - from - aws_transfer_server - where - state = 'OFFLINE'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n server_id,\n domain,\n identity_provider_type,\n endpoint_type,\n\ + \ state\nfrom\n aws_transfer_server\nwhere\n state = 'OFFLINE';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Transfer +Title: List all Offline SFTP Servers in AWS Transfer diff --git a/queries/aws_transfer_server_3.yaml b/queries/aws_transfer_server_3.yaml index 751eab3a3..d234244e2 100755 --- a/queries/aws_transfer_server_3.yaml +++ b/queries/aws_transfer_server_3.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS Transfer for SFTP Servers and retrieve detailed + information about SFTP servers in their AWS account. ID: aws_transfer_server_3 -Title: "Find all SFTP Servers and User Count in AWS Transfer" -Description: "Allows users to query AWS Transfer for SFTP Servers and retrieve detailed information about SFTP servers in their AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - server_id, - user_count - from - aws_transfer_server - order by - user_count desc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n server_id,\n user_count\nfrom\n aws_transfer_server\n\ + order by\n user_count desc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Transfer +Title: Find all SFTP Servers and User Count in AWS Transfer diff --git a/queries/aws_transfer_server_4.yaml b/queries/aws_transfer_server_4.yaml index 4a3b6b23b..609094258 100755 --- a/queries/aws_transfer_server_4.yaml +++ b/queries/aws_transfer_server_4.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Transfer for SFTP Servers and retrieve detailed + information about SFTP servers in their AWS account. ID: aws_transfer_server_4 -Title: "List all AWS SFTP Servers and Details" -Description: "Allows users to query AWS Transfer for SFTP Servers and retrieve detailed information about SFTP servers in their AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - server_id, - domain, - identity_provider_type, - endpoint_type, - workflow_details ->> 'OnUpload' as on_upload_workflow - from - aws_transfer_server; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n server_id,\n domain,\n identity_provider_type,\n endpoint_type,\n\ + \ workflow_details ->> 'OnUpload' as on_upload_workflow\nfrom\n aws_transfer_server;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Transfer +Title: List all AWS SFTP Servers and Details diff --git a/queries/aws_transfer_server_5.yaml b/queries/aws_transfer_server_5.yaml index 0609aa863..39d239f83 100755 --- a/queries/aws_transfer_server_5.yaml +++ b/queries/aws_transfer_server_5.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Transfer for SFTP Servers and retrieve detailed + information about SFTP servers in their AWS account. ID: aws_transfer_server_5 -Title: "Find all AWS Transfer SFTP Servers and Details" -Description: "Allows users to query AWS Transfer for SFTP Servers and retrieve detailed information about SFTP servers in their AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - server_id, - domain, - identity_provider_type, - endpoint_type, - structured_log_destinations - from - aws_transfer_server; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n server_id,\n domain,\n identity_provider_type,\n endpoint_type,\n\ + \ structured_log_destinations\nfrom\n aws_transfer_server;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Transfer for SFTP +Title: Find all AWS Transfer SFTP Servers and Details diff --git a/queries/aws_transfer_server_6.yaml b/queries/aws_transfer_server_6.yaml index bf961a6dd..28648b6f4 100755 --- a/queries/aws_transfer_server_6.yaml +++ b/queries/aws_transfer_server_6.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS Transfer for SFTP Servers and retrieve detailed + information about SFTP servers in their AWS account. ID: aws_transfer_server_6 -Title: "Find all SFTP Servers in AWS Transfer" -Description: "Allows users to query AWS Transfer for SFTP Servers and retrieve detailed information about SFTP servers in their AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - s.server_id, - c.certificate_arn, - c.status as certificate_status, - c.key_algorithm - from - aws_transfer_server as s, - aws_acm_certificate as c - where - s.certificate = c.certificate_arn; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n s.server_id,\n c.certificate_arn,\n c.status as certificate_status,\n\ + \ c.key_algorithm\nfrom\n aws_transfer_server as s,\n aws_acm_certificate as\ + \ c\nwhere\n s.certificate = c.certificate_arn;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Transfer for SFTP +Title: Find all SFTP Servers in AWS Transfer diff --git a/queries/aws_transfer_user_1.yaml b/queries/aws_transfer_user_1.yaml index e5a42f258..741fd19df 100755 --- a/queries/aws_transfer_user_1.yaml +++ b/queries/aws_transfer_user_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Transfer for users in a server, equivalent + to list/describe user functions. ID: aws_transfer_user_1 -Title: "List all Users in AWS Transfer Server" -Description: "Allows users to query AWS Transfer for users in a server, equivalent to list/describe user functions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - server_id, - user_name - from - aws_transfer_user; - where - server_id = "s-xxxxxxxxxxxxxxxxx"; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n server_id,\n user_name\nfrom\n aws_transfer_user;\n\ + where\n server_id = \"s-xxxxxxxxxxxxxxxxx\";" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Transfer +Title: List all Users in AWS Transfer Server diff --git a/queries/aws_transfer_user_2.yaml b/queries/aws_transfer_user_2.yaml index 61225016f..211b296f7 100755 --- a/queries/aws_transfer_user_2.yaml +++ b/queries/aws_transfer_user_2.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query AWS Transfer for users in a server, equivalent + to list/describe user functions. ID: aws_transfer_user_2 -Title: "List all AWS Transfer users in a server" -Description: "Allows users to query AWS Transfer for users in a server, equivalent to list/describe user functions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - arn, - server_id, - user_name, - ssh_public_key_count - from - aws_transfer_user; - where - server_id = "s-xxxxxxxxxxxxxxxxx" - order by - ssh_public_key_count desc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n arn,\n server_id,\n user_name,\n ssh_public_key_count\n\ + from\n aws_transfer_user;\nwhere\n server_id = \"s-xxxxxxxxxxxxxxxxx\"\norder\ + \ by\n ssh_public_key_count desc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Transfer +Title: List all AWS Transfer users in a server diff --git a/queries/aws_transfer_user_3.yaml b/queries/aws_transfer_user_3.yaml index 8943aa790..1d4af049f 100755 --- a/queries/aws_transfer_user_3.yaml +++ b/queries/aws_transfer_user_3.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS Transfer for users in a server, equivalent + to list/describe user functions. ID: aws_transfer_user_3 -Title: "Find all AWS Transfer users within a server using SQL" -Description: "Allows users to query AWS Transfer for users in a server, equivalent to list/describe user functions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - server_id, - user_name, - arn - from - aws_transfer_user - where - server_id in (select server_id from aws_transfer_server) - and - user_name = 'my_user_to_search'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n server_id,\n user_name,\n arn\nfrom\n aws_transfer_user\n\ + where\n server_id in (select server_id from aws_transfer_server)\nand\n user_name\ + \ = 'my_user_to_search';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Transfer +Title: Find all AWS Transfer users within a server using SQL diff --git a/queries/aws_transfer_user_4.yaml b/queries/aws_transfer_user_4.yaml index b84c8dec6..670064a82 100755 --- a/queries/aws_transfer_user_4.yaml +++ b/queries/aws_transfer_user_4.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Transfer for users in a server, equivalent + to list/describe user functions. ID: aws_transfer_user_4 -Title: "List all AWS Transfer users in a server" -Description: "Allows users to query AWS Transfer for users in a server, equivalent to list/describe user functions." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - count(*) as total_users, - server_id - from - aws_transfer_user - group by - server_id - order by - total_users desc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n count(*) as total_users,\n server_id\nfrom\n aws_transfer_user\n\ + group by\n server_id\norder by\n total_users desc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Transfer +Title: List all AWS Transfer users in a server diff --git a/queries/aws_trusted_advisor_check_summary_1.yaml b/queries/aws_trusted_advisor_check_summary_1.yaml index f7b4ca454..a6a13fb70 100755 --- a/queries/aws_trusted_advisor_check_summary_1.yaml +++ b/queries/aws_trusted_advisor_check_summary_1.yaml @@ -1,36 +1,29 @@ +Description: A Trusted Advisor check is a specific evaluation or assessment performed + by Trusted Advisor in different categories. These checks cover various areas, including + cost optimization, security, performance, and fault tolerance. Each check examines + a specific aspect of your AWS resources and provides recommendations for improvement. ID: aws_trusted_advisor_check_summary_1 -Title: "List Trusted Advisor Check Summaries in AWS" -Description: "A Trusted Advisor check is a specific evaluation or assessment performed by Trusted Advisor in different categories. These checks cover various areas, including cost optimization, security, performance, and fault tolerance. Each check examines a specific aspect of your AWS resources and provides recommendations for improvement." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - check_id, - category, - description, - status, - timestamp, - resources_flagged - from - aws_trusted_advisor_check_summary - where - language = 'en'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n check_id,\n category,\n description,\n status,\n\ + \ timestamp,\n resources_flagged\nfrom\n aws_trusted_advisor_check_summary\n\ + where\n language = 'en';" Tags: cloud_data_security: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Trusted Advisor +Title: List Trusted Advisor Check Summaries in AWS diff --git a/queries/aws_trusted_advisor_check_summary_2.yaml b/queries/aws_trusted_advisor_check_summary_2.yaml index 9768886d8..c81c36198 100755 --- a/queries/aws_trusted_advisor_check_summary_2.yaml +++ b/queries/aws_trusted_advisor_check_summary_2.yaml @@ -1,33 +1,26 @@ +Description: A Trusted Advisor check is a specific evaluation or assessment performed + by Trusted Advisor in different categories. These checks cover various areas, including + cost optimization, security, performance, and fault tolerance. Each check examines + a specific aspect of your AWS resources and provides recommendations for improvement. ID: aws_trusted_advisor_check_summary_2 -Title: "List Trusted Advisor Check Summaries with Errors in AWS" -Description: "A Trusted Advisor check is a specific evaluation or assessment performed by Trusted Advisor in different categories. These checks cover various areas, including cost optimization, security, performance, and fault tolerance. Each check examines a specific aspect of your AWS resources and provides recommendations for improvement." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - check_id, - category, - status - from - aws_trusted_advisor_check_summary - where - language = 'en' - and - status = 'error'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n check_id,\n category,\n status\nfrom\n aws_trusted_advisor_check_summary\n\ + where\n language = 'en'\nand\n status = 'error';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Trusted Advisor +Title: List Trusted Advisor Check Summaries with Errors in AWS diff --git a/queries/aws_trusted_advisor_check_summary_3.yaml b/queries/aws_trusted_advisor_check_summary_3.yaml index d1213543a..ed3373941 100755 --- a/queries/aws_trusted_advisor_check_summary_3.yaml +++ b/queries/aws_trusted_advisor_check_summary_3.yaml @@ -1,30 +1,23 @@ +Description: A Trusted Advisor check is a specific evaluation or assessment performed + by Trusted Advisor in different categories. These checks cover various areas, including + cost optimization, security, performance, and fault tolerance. Each check examines + a specific aspect of your AWS resources and provides recommendations for improvement. ID: aws_trusted_advisor_check_summary_3 -Title: "List Trusted Advisor Check Summaries for AWS" -Description: "A Trusted Advisor check is a specific evaluation or assessment performed by Trusted Advisor in different categories. These checks cover various areas, including cost optimization, security, performance, and fault tolerance. Each check examines a specific aspect of your AWS resources and provides recommendations for improvement." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - check_id, - description, - status, - timestamp - from - aws_trusted_advisor_check_summary - where - language = 'en' - and - timestamp >= now() - interval '5 day'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n check_id,\n description,\n status,\n timestamp\n\ + from\n aws_trusted_advisor_check_summary\nwhere\n language = 'en'\nand\n timestamp\ + \ >= now() - interval '5 day';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Trusted Advisor +Title: List Trusted Advisor Check Summaries for AWS diff --git a/queries/aws_trusted_advisor_check_summary_4.yaml b/queries/aws_trusted_advisor_check_summary_4.yaml index 3ac9de4c5..3b88949e7 100755 --- a/queries/aws_trusted_advisor_check_summary_4.yaml +++ b/queries/aws_trusted_advisor_check_summary_4.yaml @@ -1,33 +1,27 @@ +Description: A Trusted Advisor check is a specific evaluation or assessment performed + by Trusted Advisor in different categories. These checks cover various areas, including + cost optimization, security, performance, and fault tolerance. Each check examines + a specific aspect of your AWS resources and provides recommendations for improvement. ID: aws_trusted_advisor_check_summary_4 -Title: "List all AWS Trusted Advisor Check Summaries" -Description: "A Trusted Advisor check is a specific evaluation or assessment performed by Trusted Advisor in different categories. These checks cover various areas, including cost optimization, security, performance, and fault tolerance. Each check examines a specific aspect of your AWS resources and provides recommendations for improvement." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - check_id, - resources_flagged, - resources_ignored, - resources_processed, - resources_suppressed - from - aws_trusted_advisor_check_summary - where - language = 'en'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n check_id,\n resources_flagged,\n resources_ignored,\n\ + \ resources_processed,\n resources_suppressed\nfrom\n aws_trusted_advisor_check_summary\n\ + where\n language = 'en';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_finops: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Trusted Advisor +Title: List all AWS Trusted Advisor Check Summaries diff --git a/queries/aws_vpc_1.yaml b/queries/aws_vpc_1.yaml index 8495368bf..daa958dd0 100755 --- a/queries/aws_vpc_1.yaml +++ b/queries/aws_vpc_1.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query VPCs within AWS. It provides information about + each VPC''s configuration, including its ID, state, CIDR block, and whether it is + the default VPC. ID: aws_vpc_1 -Title: "List all AWS VPCs and their configurations" -Description: "Allows users to query VPCs within AWS. It provides information about each VPC''s configuration, including its ID, state, CIDR block, and whether it is the default VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - vpc_id, - is_default, - cidr_block, - state, - account_id, - region - from - aws_vpc - where - is_default; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n vpc_id,\n is_default,\n cidr_block,\n state,\n account_id,\n\ + \ region\nfrom\n aws_vpc\nwhere\n is_default;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: List all AWS VPCs and their configurations diff --git a/queries/aws_vpc_2.yaml b/queries/aws_vpc_2.yaml index de39e64fc..f2a0f57b8 100755 --- a/queries/aws_vpc_2.yaml +++ b/queries/aws_vpc_2.yaml @@ -1,31 +1,25 @@ +Description: Allows users to query VPCs within AWS. It provides information about + each VPC''s configuration, including its ID, state, CIDR block, and whether it is + the default VPC. ID: aws_vpc_2 -Title: "List all AWS VPCs and their configurations" -Description: "Allows users to query VPCs within AWS. It provides information about each VPC''s configuration, including its ID, state, CIDR block, and whether it is the default VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - vpc_id, - cidr_block, - host(cidr_block), - broadcast(cidr_block), - netmask(cidr_block), - network(cidr_block) - from - aws_vpc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n vpc_id,\n cidr_block,\n host(cidr_block),\n broadcast(cidr_block),\n\ + \ netmask(cidr_block),\n network(cidr_block)\nfrom\n aws_vpc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: List all AWS VPCs and their configurations diff --git a/queries/aws_vpc_3.yaml b/queries/aws_vpc_3.yaml index 0711262b5..f534f8afb 100755 --- a/queries/aws_vpc_3.yaml +++ b/queries/aws_vpc_3.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query VPCs within AWS. It provides information about + each VPC''s configuration, including its ID, state, CIDR block, and whether it is + the default VPC. ID: aws_vpc_3 -Title: "Find all AWS VPCs and Their Configurations" -Description: "Allows users to query VPCs within AWS. It provides information about each VPC''s configuration, including its ID, state, CIDR block, and whether it is the default VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - vpc_id, - cidr_block, - state, - region - from - aws_vpc - where - not cidr_block <<= '10.0.0.0/8' - and not cidr_block <<= '192.168.0.0/16' - and not cidr_block <<= '172.16.0.0/12'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n vpc_id,\n cidr_block,\n state,\n region\nfrom\n aws_vpc\n\ + where\n not cidr_block <<= '10.0.0.0/8'\n and not cidr_block <<= '192.168.0.0/16'\n\ + \ and not cidr_block <<= '172.16.0.0/12';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: Find all AWS VPCs and Their Configurations diff --git a/queries/aws_vpc_customer_gateway_1.yaml b/queries/aws_vpc_customer_gateway_1.yaml index d7f602c94..e58e6affc 100755 --- a/queries/aws_vpc_customer_gateway_1.yaml +++ b/queries/aws_vpc_customer_gateway_1.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS VPC Customer Gateway, providing detailed information + about each Customer Gateway in a Virtual Private Cloud (VPC). ID: aws_vpc_customer_gateway_1 -Title: "Find all Customer Gateways in AWS VPC" -Description: "Allows users to query AWS VPC Customer Gateway, providing detailed information about each Customer Gateway in a Virtual Private Cloud (VPC)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - customer_gateway_id, - type, - state, - bgp_asn, - certificate_arn, - device_name, - ip_address - from - aws_vpc_customer_gateway; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n customer_gateway_id,\n type,\n state,\n bgp_asn,\n\ + \ certificate_arn,\n device_name,\n ip_address\nfrom\n aws_vpc_customer_gateway;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: Find all Customer Gateways in AWS VPC diff --git a/queries/aws_vpc_customer_gateway_2.yaml b/queries/aws_vpc_customer_gateway_2.yaml index 2a3a5243f..deb98d5ba 100755 --- a/queries/aws_vpc_customer_gateway_2.yaml +++ b/queries/aws_vpc_customer_gateway_2.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS VPC Customer Gateway, providing detailed information + about each Customer Gateway in a Virtual Private Cloud (VPC). ID: aws_vpc_customer_gateway_2 -Title: "List all AWS VPC Customer Gateway details in VPC" -Description: "Allows users to query AWS VPC Customer Gateway, providing detailed information about each Customer Gateway in a Virtual Private Cloud (VPC)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - type, - count(customer_gateway_id) as customer_gateway_id_count - from - aws_vpc_customer_gateway - group by - type; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n type,\n count(customer_gateway_id) as customer_gateway_id_count\n\ + from\n aws_vpc_customer_gateway\ngroup by\n type;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Virtual Private Cloud +Title: List all AWS VPC Customer Gateway details in VPC diff --git a/queries/aws_vpc_dhcp_options_1.yaml b/queries/aws_vpc_dhcp_options_1.yaml index 057d66595..491fa43ca 100755 --- a/queries/aws_vpc_dhcp_options_1.yaml +++ b/queries/aws_vpc_dhcp_options_1.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query DHCP Options associated with Virtual Private Cloud + (VPC) in AWS. ID: aws_vpc_dhcp_options_1 -Title: "List all DHCP Options associated with AWS VPC" -Description: "Allows users to query DHCP Options associated with Virtual Private Cloud (VPC) in AWS." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - dhcp_options_id, - domain_name, - domain_name_servers, - netbios_name_servers, - netbios_node_type, - ntp_servers - from - aws_vpc_dhcp_options; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n dhcp_options_id,\n domain_name,\n domain_name_servers,\n\ + \ netbios_name_servers,\n netbios_node_type,\n ntp_servers\nfrom\n aws_vpc_dhcp_options;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Virtual Private Cloud +Title: List all DHCP Options associated with AWS VPC diff --git a/queries/aws_vpc_dhcp_options_2.yaml b/queries/aws_vpc_dhcp_options_2.yaml index e26b71e86..21caaefaa 100755 --- a/queries/aws_vpc_dhcp_options_2.yaml +++ b/queries/aws_vpc_dhcp_options_2.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query DHCP Options associated with Virtual Private Cloud + (VPC) in AWS. ID: aws_vpc_dhcp_options_2 -Title: "List AWS VPC DHCP Options with Domain Name Servers" -Description: "Allows users to query DHCP Options associated with Virtual Private Cloud (VPC) in AWS." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - dhcp_options_id, - domain_name, - domain_name_servers - from - aws_vpc_dhcp_options - where - domain_name_servers ? 'AmazonProvidedDNS'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n dhcp_options_id,\n domain_name,\n domain_name_servers\n\ + from\n aws_vpc_dhcp_options\nwhere\n domain_name_servers ? 'AmazonProvidedDNS';" Tags: cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: List AWS VPC DHCP Options with Domain Name Servers diff --git a/queries/aws_vpc_dhcp_options_3.yaml b/queries/aws_vpc_dhcp_options_3.yaml index 746c02990..97b244266 100755 --- a/queries/aws_vpc_dhcp_options_3.yaml +++ b/queries/aws_vpc_dhcp_options_3.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query DHCP Options associated with Virtual Private Cloud + (VPC) in AWS. ID: aws_vpc_dhcp_options_3 -Title: "Find AWS VPC DHCP Options with Specific NetBIOS Types" -Description: "Allows users to query DHCP Options associated with Virtual Private Cloud (VPC) in AWS." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - dhcp_options_id, - netbios_node_type - from - aws_vpc_dhcp_options - cross join jsonb_array_elements_text(netbios_node_type) as i - where - not i.value :: int in (2); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n dhcp_options_id,\n netbios_node_type\nfrom\n aws_vpc_dhcp_options\n\ + \ cross join jsonb_array_elements_text(netbios_node_type) as i\nwhere\n not\ + \ i.value :: int in (2);" Tags: cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC DHCP Options +Title: Find AWS VPC DHCP Options with Specific NetBIOS Types diff --git a/queries/aws_vpc_egress_only_internet_gateway_1.yaml b/queries/aws_vpc_egress_only_internet_gateway_1.yaml index f7220fb7a..fe0d47edb 100755 --- a/queries/aws_vpc_egress_only_internet_gateway_1.yaml +++ b/queries/aws_vpc_egress_only_internet_gateway_1.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS VPC Egress Only Internet Gateways, which provide + egress only access for IPv6 traffic from the VPC to the internet. ID: aws_vpc_egress_only_internet_gateway_1 -Title: "Find all AWS VPC Egress Only Internet Gateways" -Description: "Allows users to query AWS VPC Egress Only Internet Gateways, which provide egress only access for IPv6 traffic from the VPC to the internet." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - att ->> 'State' as state, - att ->> 'VpcId' as vpc_id, - tags, - region - from - aws_vpc_egress_only_internet_gateway - cross join jsonb_array_elements(attachments) as att; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n att ->> 'State' as state,\n att ->> 'VpcId' as\ + \ vpc_id,\n tags,\n region\nfrom\n aws_vpc_egress_only_internet_gateway\n \ + \ cross join jsonb_array_elements(attachments) as att;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: Find all AWS VPC Egress Only Internet Gateways diff --git a/queries/aws_vpc_egress_only_internet_gateway_2.yaml b/queries/aws_vpc_egress_only_internet_gateway_2.yaml index a5c0257ca..23f00b6f7 100755 --- a/queries/aws_vpc_egress_only_internet_gateway_2.yaml +++ b/queries/aws_vpc_egress_only_internet_gateway_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS VPC Egress Only Internet Gateways, which provide + egress only access for IPv6 traffic from the VPC to the internet. ID: aws_vpc_egress_only_internet_gateway_2 -Title: "Find AWS VPC Egress Only Internet Gateways" -Description: "Allows users to query AWS VPC Egress Only Internet Gateways, which provide egress only access for IPv6 traffic from the VPC to the internet." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - attachments - from - aws_vpc_egress_only_internet_gateway - where - attachments is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n attachments\nfrom\n aws_vpc_egress_only_internet_gateway\n\ + where\n attachments is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: Find AWS VPC Egress Only Internet Gateways diff --git a/queries/aws_vpc_egress_only_internet_gateway_3.yaml b/queries/aws_vpc_egress_only_internet_gateway_3.yaml index 53a40f662..9aecb4092 100755 --- a/queries/aws_vpc_egress_only_internet_gateway_3.yaml +++ b/queries/aws_vpc_egress_only_internet_gateway_3.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS VPC Egress Only Internet Gateways, which provide + egress only access for IPv6 traffic from the VPC to the internet. ID: aws_vpc_egress_only_internet_gateway_3 -Title: "Find AWS VPC Egress Only Internet Gateways" -Description: "Allows users to query AWS VPC Egress Only Internet Gateways, which provide egress only access for IPv6 traffic from the VPC to the internet." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - vig.id, - vpc.is_default - from - aws_vpc_egress_only_internet_gateway as vig - cross join jsonb_array_elements(attachments) as i - join aws_vpc vpc on i ->> 'VpcId' = vpc.vpc_id - where - vpc.is_default = true; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n vig.id,\n vpc.is_default\nfrom\n aws_vpc_egress_only_internet_gateway\ + \ as vig\n cross join jsonb_array_elements(attachments) as i\n join aws_vpc\ + \ vpc on i ->> 'VpcId' = vpc.vpc_id\nwhere\n vpc.is_default = true;" Tags: cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: Find AWS VPC Egress Only Internet Gateways diff --git a/queries/aws_vpc_eip_1.yaml b/queries/aws_vpc_eip_1.yaml index de42ac6a8..92820d173 100755 --- a/queries/aws_vpc_eip_1.yaml +++ b/queries/aws_vpc_eip_1.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS VPC Elastic IP Addresses ID: aws_vpc_eip_1 -Title: "Find all AWS VPC Elastic IP Addresses" -Description: "Allows users to query AWS VPC Elastic IP Addresses" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - public_ip, - domain association_id - from - aws_vpc_eip - where - association_id is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n public_ip,\n domain association_id\nfrom\n aws_vpc_eip\n\ + where\n association_id is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon VPC +Title: Find all AWS VPC Elastic IP Addresses diff --git a/queries/aws_vpc_eip_2.yaml b/queries/aws_vpc_eip_2.yaml index 6536bae67..b51630231 100755 --- a/queries/aws_vpc_eip_2.yaml +++ b/queries/aws_vpc_eip_2.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS VPC Elastic IP Addresses ID: aws_vpc_eip_2 -Title: "Find AWS VPC Elastic IP Addresses" -Description: "Allows users to query AWS VPC Elastic IP Addresses" -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - public_ipv4_pool, - count(public_ip) as elastic_ips - from - aws_vpc_eip - group by - public_ipv4_pool; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n public_ipv4_pool,\n count(public_ip) as elastic_ips\n\ + from\n aws_vpc_eip\ngroup by\n public_ipv4_pool;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: Find AWS VPC Elastic IP Addresses diff --git a/queries/aws_vpc_eip_address_transfer_1.yaml b/queries/aws_vpc_eip_address_transfer_1.yaml index d495f3b95..d363d60ef 100755 --- a/queries/aws_vpc_eip_address_transfer_1.yaml +++ b/queries/aws_vpc_eip_address_transfer_1.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query Elastic IP Address Transfers in AWS VPC. ID: aws_vpc_eip_address_transfer_1 -Title: "List all AWS VPC Elastic IP Address Transfers" -Description: "Allows users to query Elastic IP Address Transfers in AWS VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - allocation_id, - address_transfer_status, - public_ip, - transfer_account_id, - transfer_offer_accepted_timestamp - from - aws_vpc_eip_address_transfer; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n allocation_id,\n address_transfer_status,\n public_ip,\n\ + \ transfer_account_id,\n transfer_offer_accepted_timestamp\nfrom\n aws_vpc_eip_address_transfer;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: List all AWS VPC Elastic IP Address Transfers diff --git a/queries/aws_vpc_eip_address_transfer_2.yaml b/queries/aws_vpc_eip_address_transfer_2.yaml index 51e9c028d..53138dff7 100755 --- a/queries/aws_vpc_eip_address_transfer_2.yaml +++ b/queries/aws_vpc_eip_address_transfer_2.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query Elastic IP Address Transfers in AWS VPC. ID: aws_vpc_eip_address_transfer_2 -Title: "List all Elastic IP Address Transfers in AWS VPC" -Description: "Allows users to query Elastic IP Address Transfers in AWS VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - allocation_id, - address_transfer_status, - public_ip, - transfer_account_id, - transfer_offer_accepted_timestamp - from - aws_vpc_eip_address_transfer - where - transfer_offer_accepted_timestamp >= now() - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n allocation_id,\n address_transfer_status,\n public_ip,\n\ + \ transfer_account_id,\n transfer_offer_accepted_timestamp\nfrom\n aws_vpc_eip_address_transfer\n\ + where\n transfer_offer_accepted_timestamp >= now() - interval '30' day;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: List all Elastic IP Address Transfers in AWS VPC diff --git a/queries/aws_vpc_eip_address_transfer_3.yaml b/queries/aws_vpc_eip_address_transfer_3.yaml index 382ae1599..38c267f21 100755 --- a/queries/aws_vpc_eip_address_transfer_3.yaml +++ b/queries/aws_vpc_eip_address_transfer_3.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query Elastic IP Address Transfers in AWS VPC. ID: aws_vpc_eip_address_transfer_3 -Title: "Find AWS Elastic IP Address Transfers in VPC using SQL" -Description: "Allows users to query Elastic IP Address Transfers in AWS VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - allocation_id, - address_transfer_status, - public_ip, - transfer_account_id, - transfer_offer_expiration_timestamp - from - aws_vpc_eip_address_transfer - where - transfer_offer_expiration_timestamp >= now() - interval '10' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n allocation_id,\n address_transfer_status,\n public_ip,\n\ + \ transfer_account_id,\n transfer_offer_expiration_timestamp\nfrom\n aws_vpc_eip_address_transfer\n\ + where\n transfer_offer_expiration_timestamp >= now() - interval '10' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: Find AWS Elastic IP Address Transfers in VPC using SQL diff --git a/queries/aws_vpc_eip_address_transfer_4.yaml b/queries/aws_vpc_eip_address_transfer_4.yaml index c745cbc80..165966e12 100755 --- a/queries/aws_vpc_eip_address_transfer_4.yaml +++ b/queries/aws_vpc_eip_address_transfer_4.yaml @@ -1,39 +1,26 @@ +Description: Allows users to query Elastic IP Address Transfers in AWS VPC. ID: aws_vpc_eip_address_transfer_4 -Title: "Find AWS VPC Elastic IP Address Transfers" -Description: "Allows users to query Elastic IP Address Transfers in AWS VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - t.allocation_id, - t.address_transfer_status, - t.transfer_account_id, - i.vpc_id, - v.cidr_block, - v.state, - v.is_default - from - aws_vpc_eip eip, - aws_ec2_instance i, - aws_vpc_eip_address_transfer t, - aws_vpc v - where - eip.instance_id = i.instance_id - and t.allocation_id = eip.allocation_id - and v.vpc_id = i.vpc_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n t.allocation_id,\n t.address_transfer_status,\n t.transfer_account_id,\n\ + \ i.vpc_id,\n v.cidr_block,\n v.state,\n v.is_default\nfrom\n aws_vpc_eip\ + \ eip,\n aws_ec2_instance i,\n aws_vpc_eip_address_transfer t,\n aws_vpc v\n\ + where\n eip.instance_id = i.instance_id\n and t.allocation_id = eip.allocation_id\n\ + \ and v.vpc_id = i.vpc_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: Find AWS VPC Elastic IP Address Transfers diff --git a/queries/aws_vpc_endpoint_1.yaml b/queries/aws_vpc_endpoint_1.yaml index 45e102aa1..a06a75aaa 100755 --- a/queries/aws_vpc_endpoint_1.yaml +++ b/queries/aws_vpc_endpoint_1.yaml @@ -1,26 +1,23 @@ +Description: Allows users to query AWS VPC Endpoints and retrieve information about + each endpoint''s configuration, type, status, and related resources such as network + interfaces, DNS entries, and security groups. ID: aws_vpc_endpoint_1 -Title: "List AWS VPC Endpoints with Configuration and Status" -Description: "Allows users to query AWS VPC Endpoints and retrieve information about each endpoint''s configuration, type, status, and related resources such as network interfaces, DNS entries, and security groups." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - vpc_endpoint_id, - vpc_id, - service_name - from - aws_vpc_endpoint; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n vpc_endpoint_id,\n vpc_id,\n service_name\nfrom\n \ + \ aws_vpc_endpoint;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Endpoint +Title: List AWS VPC Endpoints with Configuration and Status diff --git a/queries/aws_vpc_endpoint_2.yaml b/queries/aws_vpc_endpoint_2.yaml index 2dfd3ed71..6c9b17d28 100755 --- a/queries/aws_vpc_endpoint_2.yaml +++ b/queries/aws_vpc_endpoint_2.yaml @@ -1,25 +1,23 @@ +Description: Allows users to query AWS VPC Endpoints and retrieve information about + each endpoint''s configuration, type, status, and related resources such as network + interfaces, DNS entries, and security groups. ID: aws_vpc_endpoint_2 -Title: "List all AWS VPC Endpoints and retrieve configuration details" -Description: "Allows users to query AWS VPC Endpoints and retrieve information about each endpoint''s configuration, type, status, and related resources such as network interfaces, DNS entries, and security groups." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - vpc_endpoint_id, - jsonb_array_length(subnet_ids) as subnet_id_count - from - aws_vpc_endpoint; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n vpc_endpoint_id,\n jsonb_array_length(subnet_ids) as\ + \ subnet_id_count\nfrom\n aws_vpc_endpoint;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Endpoint +Title: List all AWS VPC Endpoints and retrieve configuration details diff --git a/queries/aws_vpc_endpoint_3.yaml b/queries/aws_vpc_endpoint_3.yaml index 2afc5789b..a6289a63e 100755 --- a/queries/aws_vpc_endpoint_3.yaml +++ b/queries/aws_vpc_endpoint_3.yaml @@ -1,30 +1,26 @@ +Description: Allows users to query AWS VPC Endpoints and retrieve information about + each endpoint''s configuration, type, status, and related resources such as network + interfaces, DNS entries, and security groups. ID: aws_vpc_endpoint_3 -Title: "List all AWS VPC Endpoints and Related Information" -Description: "Allows users to query AWS VPC Endpoints and retrieve information about each endpoint''s configuration, type, status, and related resources such as network interfaces, DNS entries, and security groups." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - vpc_endpoint_id, - vpc_id, - jsonb_array_elements(subnet_ids) as subnet_ids, - jsonb_array_elements(network_interface_ids) as network_interface_ids, - jsonb_array_elements(route_table_ids) as route_table_ids, - sg ->> 'GroupName' as sg_name - from - aws_vpc_endpoint - cross join jsonb_array_elements(groups) as sg; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n vpc_endpoint_id,\n vpc_id,\n jsonb_array_elements(subnet_ids)\ + \ as subnet_ids,\n jsonb_array_elements(network_interface_ids) as network_interface_ids,\n\ + \ jsonb_array_elements(route_table_ids) as route_table_ids,\n sg ->> 'GroupName'\ + \ as sg_name\nfrom\n aws_vpc_endpoint\n cross join jsonb_array_elements(groups)\ + \ as sg;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: List all AWS VPC Endpoints and Related Information diff --git a/queries/aws_vpc_endpoint_4.yaml b/queries/aws_vpc_endpoint_4.yaml index 3b1e39be7..109ebfb7b 100755 --- a/queries/aws_vpc_endpoint_4.yaml +++ b/queries/aws_vpc_endpoint_4.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query AWS VPC Endpoints and retrieve information about + each endpoint''s configuration, type, status, and related resources such as network + interfaces, DNS entries, and security groups. ID: aws_vpc_endpoint_4 -Title: "Find AWS VPC Endpoints with Configurations and Status" -Description: "Allows users to query AWS VPC Endpoints and retrieve information about each endpoint''s configuration, type, status, and related resources such as network interfaces, DNS entries, and security groups." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - vpc_endpoint_id, - private_dns_enabled, - dns ->> 'DnsName' as dns_name, - dns ->> 'HostedZoneId' as hosted_zone_id - from - aws_vpc_endpoint - cross join jsonb_array_elements(dns_entries) as dns; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n vpc_endpoint_id,\n private_dns_enabled,\n dns ->> 'DnsName'\ + \ as dns_name,\n dns ->> 'HostedZoneId' as hosted_zone_id\nfrom\n aws_vpc_endpoint\n\ + \ cross join jsonb_array_elements(dns_entries) as dns;" Tags: cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Endpoint +Title: Find AWS VPC Endpoints with Configurations and Status diff --git a/queries/aws_vpc_endpoint_5.yaml b/queries/aws_vpc_endpoint_5.yaml index 63cecf492..18c712d2f 100755 --- a/queries/aws_vpc_endpoint_5.yaml +++ b/queries/aws_vpc_endpoint_5.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS VPC Endpoints and retrieve information about + each endpoint''s configuration, type, status, and related resources such as network + interfaces, DNS entries, and security groups. ID: aws_vpc_endpoint_5 -Title: "List all AWS VPC Endpoints and their configurations" -Description: "Allows users to query AWS VPC Endpoints and retrieve information about each endpoint''s configuration, type, status, and related resources such as network interfaces, DNS entries, and security groups." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - vpc_id, - count(vpc_endpoint_id) as vpc_endpoint_count - from - aws_vpc_endpoint - group by - vpc_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n vpc_id,\n count(vpc_endpoint_id) as vpc_endpoint_count\n\ + from\n aws_vpc_endpoint\ngroup by\n vpc_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: List all AWS VPC Endpoints and their configurations diff --git a/queries/aws_vpc_endpoint_service_1.yaml b/queries/aws_vpc_endpoint_service_1.yaml index 92272574a..0e5345aa7 100755 --- a/queries/aws_vpc_endpoint_service_1.yaml +++ b/queries/aws_vpc_endpoint_service_1.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS VPC Endpoint Services to retrieve detailed + information about each service, including service name, service type, and whether + or not the service is private. ID: aws_vpc_endpoint_service_1 -Title: "List All AWS VPC Endpoint Services and Details" -Description: "Allows users to query AWS VPC Endpoint Services to retrieve detailed information about each service, including service name, service type, and whether or not the service is private." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service_name, - service_id, - base_endpoint_dns_names, - private_dns_name - from - aws_vpc_endpoint_service; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service_name,\n service_id,\n base_endpoint_dns_names,\n\ + \ private_dns_name\nfrom\n aws_vpc_endpoint_service;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Endpoint Services +Title: List All AWS VPC Endpoint Services and Details diff --git a/queries/aws_vpc_endpoint_service_2.yaml b/queries/aws_vpc_endpoint_service_2.yaml index 96b4d50ca..98c45de3f 100755 --- a/queries/aws_vpc_endpoint_service_2.yaml +++ b/queries/aws_vpc_endpoint_service_2.yaml @@ -1,25 +1,23 @@ +Description: Allows users to query AWS VPC Endpoint Services to retrieve detailed + information about each service, including service name, service type, and whether + or not the service is private. ID: aws_vpc_endpoint_service_2 -Title: "List all AWS VPC Endpoint Services with Details" -Description: "Allows users to query AWS VPC Endpoint Services to retrieve detailed information about each service, including service name, service type, and whether or not the service is private." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service_name, - jsonb_array_length(availability_zones) as availability_zone_count - from - aws_vpc_endpoint_service; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service_name,\n jsonb_array_length(availability_zones)\ + \ as availability_zone_count\nfrom\n aws_vpc_endpoint_service;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Endpoint Service +Title: List all AWS VPC Endpoint Services with Details diff --git a/queries/aws_vpc_endpoint_service_3.yaml b/queries/aws_vpc_endpoint_service_3.yaml index 58e79aa8a..b837c1d6c 100755 --- a/queries/aws_vpc_endpoint_service_3.yaml +++ b/queries/aws_vpc_endpoint_service_3.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS VPC Endpoint Services to retrieve detailed + information about each service, including service name, service type, and whether + or not the service is private. ID: aws_vpc_endpoint_service_3 -Title: "Find AWS VPC Endpoint Service Details" -Description: "Allows users to query AWS VPC Endpoint Services to retrieve detailed information about each service, including service name, service type, and whether or not the service is private." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service_name, - service_id, - base_endpoint_dns_names, - private_dns_name - from - aws_vpc_endpoint_service; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service_name,\n service_id,\n base_endpoint_dns_names,\n\ + \ private_dns_name\nfrom\n aws_vpc_endpoint_service;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Endpoint Service +Title: Find AWS VPC Endpoint Service Details diff --git a/queries/aws_vpc_endpoint_service_4.yaml b/queries/aws_vpc_endpoint_service_4.yaml index 970b9933e..44c9be6bf 100755 --- a/queries/aws_vpc_endpoint_service_4.yaml +++ b/queries/aws_vpc_endpoint_service_4.yaml @@ -1,25 +1,22 @@ +Description: Allows users to query AWS VPC Endpoint Services to retrieve detailed + information about each service, including service name, service type, and whether + or not the service is private. ID: aws_vpc_endpoint_service_4 -Title: "List AWS VPC Endpoint Services with Details" -Description: "Allows users to query AWS VPC Endpoint Services to retrieve detailed information about each service, including service name, service type, and whether or not the service is private." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service_name, - service_id, - type ->> 'ServiceType' as service_type - from - aws_vpc_endpoint_service - cross join jsonb_array_elements(service_type) as type; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service_name,\n service_id,\n type ->> 'ServiceType'\ + \ as service_type\nfrom\n aws_vpc_endpoint_service\n cross join jsonb_array_elements(service_type)\ + \ as type;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS VPC Endpoint Services +Title: List AWS VPC Endpoint Services with Details diff --git a/queries/aws_vpc_endpoint_service_5.yaml b/queries/aws_vpc_endpoint_service_5.yaml index 266836a80..a7e1c3fe9 100755 --- a/queries/aws_vpc_endpoint_service_5.yaml +++ b/queries/aws_vpc_endpoint_service_5.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS VPC Endpoint Services to retrieve detailed + information about each service, including service name, service type, and whether + or not the service is private. ID: aws_vpc_endpoint_service_5 -Title: "List all Non-Policy Supported AWS VPC Endpoint Services" -Description: "Allows users to query AWS VPC Endpoint Services to retrieve detailed information about each service, including service name, service type, and whether or not the service is private." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service_name, - service_id, - vpc_endpoint_policy_supported - from - aws_vpc_endpoint_service - where - not vpc_endpoint_policy_supported; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service_name,\n service_id,\n vpc_endpoint_policy_supported\n\ + from\n aws_vpc_endpoint_service\nwhere\n not vpc_endpoint_policy_supported;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Endpoint Service +Title: List all Non-Policy Supported AWS VPC Endpoint Services diff --git a/queries/aws_vpc_endpoint_service_6.yaml b/queries/aws_vpc_endpoint_service_6.yaml index 6de1e2feb..c7550e5c3 100755 --- a/queries/aws_vpc_endpoint_service_6.yaml +++ b/queries/aws_vpc_endpoint_service_6.yaml @@ -1,26 +1,23 @@ +Description: Allows users to query AWS VPC Endpoint Services to retrieve detailed + information about each service, including service name, service type, and whether + or not the service is private. ID: aws_vpc_endpoint_service_6 -Title: "List all AWS VPC Endpoint Services" -Description: "Allows users to query AWS VPC Endpoint Services to retrieve detailed information about each service, including service name, service type, and whether or not the service is private." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service_name, - service_id, - jsonb_pretty(vpc_endpoint_service_permissions) as allowed_principals - from - aws_vpc_endpoint_service; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service_name,\n service_id,\n jsonb_pretty(vpc_endpoint_service_permissions)\ + \ as allowed_principals\nfrom\n aws_vpc_endpoint_service;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Endpoint Services +Title: List all AWS VPC Endpoint Services diff --git a/queries/aws_vpc_endpoint_service_7.yaml b/queries/aws_vpc_endpoint_service_7.yaml index def44933b..d9c8e5871 100755 --- a/queries/aws_vpc_endpoint_service_7.yaml +++ b/queries/aws_vpc_endpoint_service_7.yaml @@ -1,30 +1,26 @@ +Description: Allows users to query AWS VPC Endpoint Services to retrieve detailed + information about each service, including service name, service type, and whether + or not the service is private. ID: aws_vpc_endpoint_service_7 -Title: "List all AWS VPC Endpoint Services Information" -Description: "Allows users to query AWS VPC Endpoint Services to retrieve detailed information about each service, including service name, service type, and whether or not the service is private." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - service_name, - service_id, - c ->> 'VpcEndpointId' as vpc_endpoint_id, - c ->> 'VpcEndpointOwner' as vpc_endpoint_owner, - c ->> 'VpcEndpointState' as vpc_endpoint_state, - jsonb_array_elements_text(c -> 'NetworkLoadBalancerArns') as network_loadBalancer_arns - from - aws_vpc_endpoint_service, - jsonb_array_elements(vpc_endpoint_connections) as c - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n service_name,\n service_id,\n c ->> 'VpcEndpointId'\ + \ as vpc_endpoint_id,\n c ->> 'VpcEndpointOwner' as vpc_endpoint_owner,\n c\ + \ ->> 'VpcEndpointState' as vpc_endpoint_state,\n jsonb_array_elements_text(c\ + \ -> 'NetworkLoadBalancerArns') as network_loadBalancer_arns\nfrom\n aws_vpc_endpoint_service,\n\ + \ jsonb_array_elements(vpc_endpoint_connections) as c" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Endpoint Service +Title: List all AWS VPC Endpoint Services Information diff --git a/queries/aws_vpc_flow_log_1.yaml b/queries/aws_vpc_flow_log_1.yaml index 0e4fe3811..810a3f409 100755 --- a/queries/aws_vpc_flow_log_1.yaml +++ b/queries/aws_vpc_flow_log_1.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS VPC Flow Logs, providing detailed information + about IP traffic going to and from network interfaces in a VPC. ID: aws_vpc_flow_log_1 -Title: "Find AWS VPC Flow Logs Information with SQL Query" -Description: "Allows users to query AWS VPC Flow Logs, providing detailed information about IP traffic going to and from network interfaces in a VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - flow_log_id, - resource_id - from - aws_vpc_flow_log; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n flow_log_id,\n resource_id\nfrom\n aws_vpc_flow_log;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Flow Logs +Title: Find AWS VPC Flow Logs Information with SQL Query diff --git a/queries/aws_vpc_flow_log_2.yaml b/queries/aws_vpc_flow_log_2.yaml index 88f60746a..edcba17e5 100755 --- a/queries/aws_vpc_flow_log_2.yaml +++ b/queries/aws_vpc_flow_log_2.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS VPC Flow Logs, providing detailed information + about IP traffic going to and from network interfaces in a VPC. ID: aws_vpc_flow_log_2 -Title: "Find Failed Logs in AWS VPC Flow" -Description: "Allows users to query AWS VPC Flow Logs, providing detailed information about IP traffic going to and from network interfaces in a VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - flow_log_id, - resource_id, - deliver_logs_error_message, - deliver_logs_status - from - aws_vpc_flow_log - where - deliver_logs_status = 'FAILED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n flow_log_id,\n resource_id,\n deliver_logs_error_message,\n\ + \ deliver_logs_status\nfrom\n aws_vpc_flow_log\nwhere\n deliver_logs_status\ + \ = 'FAILED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Flow Logs +Title: Find Failed Logs in AWS VPC Flow diff --git a/queries/aws_vpc_flow_log_3.yaml b/queries/aws_vpc_flow_log_3.yaml index 6c78cf744..c546ea0ac 100755 --- a/queries/aws_vpc_flow_log_3.yaml +++ b/queries/aws_vpc_flow_log_3.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS VPC Flow Logs, providing detailed information + about IP traffic going to and from network interfaces in a VPC. ID: aws_vpc_flow_log_3 -Title: "Find AWS VPC Flow Logs and IP Traffic Details" -Description: "Allows users to query AWS VPC Flow Logs, providing detailed information about IP traffic going to and from network interfaces in a VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - flow_log_id, - log_destination_type, - log_destination, - log_group_name, - bucket_name - from - aws_vpc_flow_log; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n flow_log_id,\n log_destination_type,\n log_destination,\n\ + \ log_group_name,\n bucket_name\nfrom\n aws_vpc_flow_log;" Tags: cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Flow Log +Title: Find AWS VPC Flow Logs and IP Traffic Details diff --git a/queries/aws_vpc_flow_log_4.yaml b/queries/aws_vpc_flow_log_4.yaml index 81d032ab6..642607bee 100755 --- a/queries/aws_vpc_flow_log_4.yaml +++ b/queries/aws_vpc_flow_log_4.yaml @@ -1,23 +1,19 @@ +Description: Allows users to query AWS VPC Flow Logs, providing detailed information + about IP traffic going to and from network interfaces in a VPC. ID: aws_vpc_flow_log_4 -Title: "Find AWS VPC Flow Log Details with SQL Queries" -Description: "Allows users to query AWS VPC Flow Logs, providing detailed information about IP traffic going to and from network interfaces in a VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - flow_log_id, - traffic_type - from - aws_vpc_flow_log; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n flow_log_id,\n traffic_type\nfrom\n aws_vpc_flow_log;" Tags: cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Flow Logs +Title: Find AWS VPC Flow Log Details with SQL Queries diff --git a/queries/aws_vpc_flow_log_event_1.yaml b/queries/aws_vpc_flow_log_event_1.yaml index 3dec0aa76..4aa2628c5 100755 --- a/queries/aws_vpc_flow_log_event_1.yaml +++ b/queries/aws_vpc_flow_log_event_1.yaml @@ -1,36 +1,24 @@ +Description: Allows users to query AWS VPC Flow Logs and retrieve information about + the IP traffic going to and from network interfaces in their VPC. ID: aws_vpc_flow_log_event_1 -Title: "Find AWS VPC Flow Log Event Details in Last 5 Minutes" -Description: "Allows users to query AWS VPC Flow Logs and retrieve information about the IP traffic going to and from network interfaces in their VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - log_group_name, - log_stream_name, - log_status, - action, - ingestion_time, - timestamp, - interface_id, - interface_account_id, - src_addr, - region - from - aws_vpc_flow_log_event - where - log_group_name = 'vpc-log-group-name' - and timestamp >= now() - interval '5 minutes'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n log_group_name,\n log_stream_name,\n log_status,\n\ + \ action,\n ingestion_time,\n timestamp,\n interface_id,\n interface_account_id,\n\ + \ src_addr,\n region\nfrom\n aws_vpc_flow_log_event\nwhere\n log_group_name\ + \ = 'vpc-log-group-name'\n and timestamp >= now() - interval '5 minutes';" Tags: cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Flow Logs +Title: Find AWS VPC Flow Log Event Details in Last 5 Minutes diff --git a/queries/aws_vpc_flow_log_event_2.yaml b/queries/aws_vpc_flow_log_event_2.yaml index ff8d8a1f6..09f2bfac9 100755 --- a/queries/aws_vpc_flow_log_event_2.yaml +++ b/queries/aws_vpc_flow_log_event_2.yaml @@ -1,40 +1,27 @@ +Description: Allows users to query AWS VPC Flow Logs and retrieve information about + the IP traffic going to and from network interfaces in their VPC. ID: aws_vpc_flow_log_event_2 -Title: "List all AWS VPC Flow Log Events and IP Traffic Details" -Description: "Allows users to query AWS VPC Flow Logs and retrieve information about the IP traffic going to and from network interfaces in their VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - log_group_name, - log_stream_name, - log_status, - action, - ingestion_time, - timestamp, - interface_id, - interface_account_id, - src_addr, - region - from - aws_vpc_flow_log_event - where - log_group_name = 'vpc-log-group-name' - and timestamp between (now() - interval '10 minutes') and (now() - interval '5 minutes') - order by - timestamp asc; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n log_group_name,\n log_stream_name,\n log_status,\n\ + \ action,\n ingestion_time,\n timestamp,\n interface_id,\n interface_account_id,\n\ + \ src_addr,\n region\nfrom\n aws_vpc_flow_log_event\nwhere\n log_group_name\ + \ = 'vpc-log-group-name'\n and timestamp between (now() - interval '10 minutes')\ + \ and (now() - interval '5 minutes')\norder by\n timestamp asc;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Flow Logs +Title: List all AWS VPC Flow Log Events and IP Traffic Details diff --git a/queries/aws_vpc_flow_log_event_3.yaml b/queries/aws_vpc_flow_log_event_3.yaml index 23ae398c2..6a01d20a7 100755 --- a/queries/aws_vpc_flow_log_event_3.yaml +++ b/queries/aws_vpc_flow_log_event_3.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS VPC Flow Logs and retrieve information about + the IP traffic going to and from network interfaces in their VPC. ID: aws_vpc_flow_log_event_3 -Title: "List all IP traffic from AWS VPC Flow Logs" -Description: "Allows users to query AWS VPC Flow Logs and retrieve information about the IP traffic going to and from network interfaces in their VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - distinct(interface_id) - from - aws_vpc_flow_log_event - where - log_group_name = 'vpc-log-group-name' - and timestamp >= now() - interval '1 hour'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n distinct(interface_id)\nfrom\n aws_vpc_flow_log_event\n\ + where\n log_group_name = 'vpc-log-group-name'\n and timestamp >= now() - interval\ + \ '1 hour';" Tags: cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Flow Logs +Title: List all IP traffic from AWS VPC Flow Logs diff --git a/queries/aws_vpc_flow_log_event_4.yaml b/queries/aws_vpc_flow_log_event_4.yaml index 36977ff5e..81c2dcdee 100755 --- a/queries/aws_vpc_flow_log_event_4.yaml +++ b/queries/aws_vpc_flow_log_event_4.yaml @@ -1,35 +1,24 @@ +Description: Allows users to query AWS VPC Flow Logs and retrieve information about + the IP traffic going to and from network interfaces in their VPC. ID: aws_vpc_flow_log_event_4 -Title: "Find all AWS VPC Flow Log Events Using SQL" -Description: "Allows users to query AWS VPC Flow Logs and retrieve information about the IP traffic going to and from network interfaces in their VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - log_stream_name, - timestamp, - interface_id, - interface_account_id, - src_addr, - src_port, - dst_addr, - dst_port - from - aws_vpc_flow_log_event - where - log_group_name = 'vpc-log-group-name' - and action = 'REJECT' - and timestamp >= now() - interval '1 hour'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n log_stream_name,\n timestamp,\n interface_id,\n interface_account_id,\n\ + \ src_addr,\n src_port,\n dst_addr,\n dst_port\nfrom\n aws_vpc_flow_log_event\n\ + where\n log_group_name = 'vpc-log-group-name'\n and action = 'REJECT'\n and\ + \ timestamp >= now() - interval '1 hour';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Flow Logs +Title: Find all AWS VPC Flow Log Events Using SQL diff --git a/queries/aws_vpc_flow_log_event_5.yaml b/queries/aws_vpc_flow_log_event_5.yaml index 87f636273..013803ad3 100755 --- a/queries/aws_vpc_flow_log_event_5.yaml +++ b/queries/aws_vpc_flow_log_event_5.yaml @@ -1,40 +1,26 @@ +Description: Allows users to query AWS VPC Flow Logs and retrieve information about + the IP traffic going to and from network interfaces in their VPC. ID: aws_vpc_flow_log_event_5 -Title: "Find AWS VPC Flow Log Events and IP Traffic Details" -Description: "Allows users to query AWS VPC Flow Logs and retrieve information about the IP traffic going to and from network interfaces in their VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - log_group_name, - log_stream_name, - log_status, - action, - ingestion_time, - timestamp, - interface_id, - interface_account_id, - src_addr, - region - from - aws_vpc_flow_log_event - where - log_group_name = 'vpc-log-group-name' - and log_stream_name = 'eni-1d47d21d-all' - and (src_addr = '10.85.14.210' or dst_addr = '10.85.14.213') - and timestamp >= now() - interval '1 hour' - order by - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n log_group_name,\n log_stream_name,\n log_status,\n\ + \ action,\n ingestion_time,\n timestamp,\n interface_id,\n interface_account_id,\n\ + \ src_addr,\n region\nfrom\n aws_vpc_flow_log_event\nwhere\n log_group_name\ + \ = 'vpc-log-group-name'\n and log_stream_name = 'eni-1d47d21d-all'\n and (src_addr\ + \ = '10.85.14.210' or dst_addr = '10.85.14.213')\n and timestamp >= now() - interval\ + \ '1 hour'\norder by\n timestamp;" Tags: cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Flow Logs +Title: Find AWS VPC Flow Log Events and IP Traffic Details diff --git a/queries/aws_vpc_flow_log_event_6.yaml b/queries/aws_vpc_flow_log_event_6.yaml index 220daa402..bea74d957 100755 --- a/queries/aws_vpc_flow_log_event_6.yaml +++ b/queries/aws_vpc_flow_log_event_6.yaml @@ -1,38 +1,24 @@ +Description: Allows users to query AWS VPC Flow Logs and retrieve information about + the IP traffic going to and from network interfaces in their VPC. ID: aws_vpc_flow_log_event_6 -Title: "Find all AWS VPC Flow Logs and IP Traffic Information" -Description: "Allows users to query AWS VPC Flow Logs and retrieve information about the IP traffic going to and from network interfaces in their VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - log_group_name, - log_stream_name, - log_status, - action, - ingestion_time, - timestamp, - interface_id, - interface_account_id, - src_addr, - region - from - aws_vpc_flow_log_event - where - log_group_name = 'vpc-log-group-name' - and log_stream_name = 'eni-1d47d21d-all' - and src_addr << '10.0.0.0/8'::inet - and timestamp >= now() - interval '1 hour' - order by - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n log_group_name,\n log_stream_name,\n log_status,\n\ + \ action,\n ingestion_time,\n timestamp,\n interface_id,\n interface_account_id,\n\ + \ src_addr,\n region\nfrom\n aws_vpc_flow_log_event\nwhere\n log_group_name\ + \ = 'vpc-log-group-name'\n and log_stream_name = 'eni-1d47d21d-all'\n and src_addr\ + \ << '10.0.0.0/8'::inet\n and timestamp >= now() - interval '1 hour'\norder by\n\ + \ timestamp;" Tags: cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Flow Logs +Title: Find all AWS VPC Flow Logs and IP Traffic Information diff --git a/queries/aws_vpc_internet_gateway_1.yaml b/queries/aws_vpc_internet_gateway_1.yaml index febd02487..c187525b4 100755 --- a/queries/aws_vpc_internet_gateway_1.yaml +++ b/queries/aws_vpc_internet_gateway_1.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS VPC Internet Gateway data. This table can be + used to gain insights into the Internet Gateways attached to your VPCs, including + their state, attached VPCs, and associated tags. ID: aws_vpc_internet_gateway_1 -Title: "List all AWS VPC Internet Gateway data insights" -Description: "Allows users to query AWS VPC Internet Gateway data. This table can be used to gain insights into the Internet Gateways attached to your VPCs, including their state, attached VPCs, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - internet_gateway_id, - attachments - from - aws_vpc_internet_gateway - where - attachments is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n internet_gateway_id,\n attachments\nfrom\n aws_vpc_internet_gateway\n\ + where\n attachments is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Internet Gateway +Title: List all AWS VPC Internet Gateway data insights diff --git a/queries/aws_vpc_internet_gateway_2.yaml b/queries/aws_vpc_internet_gateway_2.yaml index 24b6d2bb6..100fdafab 100755 --- a/queries/aws_vpc_internet_gateway_2.yaml +++ b/queries/aws_vpc_internet_gateway_2.yaml @@ -1,26 +1,24 @@ +Description: Allows users to query AWS VPC Internet Gateway data. This table can be + used to gain insights into the Internet Gateways attached to your VPCs, including + their state, attached VPCs, and associated tags. ID: aws_vpc_internet_gateway_2 -Title: "Find AWS VPC Internet Gateway Details and States" -Description: "Allows users to query AWS VPC Internet Gateway data. This table can be used to gain insights into the Internet Gateways attached to your VPCs, including their state, attached VPCs, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - internet_gateway_id, - att ->> 'VpcId' as vpc_id - from - aws_vpc_internet_gateway - cross join jsonb_array_elements(attachments) as att; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n internet_gateway_id,\n att ->> 'VpcId' as vpc_id\nfrom\n\ + \ aws_vpc_internet_gateway\n cross join jsonb_array_elements(attachments) as\ + \ att;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Internet Gateway +Title: Find AWS VPC Internet Gateway Details and States diff --git a/queries/aws_vpc_nat_gateway_1.yaml b/queries/aws_vpc_nat_gateway_1.yaml index 31a921ad6..c209eda38 100755 --- a/queries/aws_vpc_nat_gateway_1.yaml +++ b/queries/aws_vpc_nat_gateway_1.yaml @@ -1,29 +1,26 @@ +Description: Allows users to query NAT Gateways within Amazon Virtual Private Cloud + (VPC). The `aws_vpc_nat_gateway` table in Steampipe provides information about each + NAT Gateway within a VPC. This table can be used to gather insights on NAT Gateways, + such as their state, subnet association, and associated Elastic IP addresses. ID: aws_vpc_nat_gateway_1 -Title: "List all details of AWS VPC NAT Gateways with SQL" -Description: "Allows users to query NAT Gateways within Amazon Virtual Private Cloud (VPC). The `aws_vpc_nat_gateway` table in Steampipe provides information about each NAT Gateway within a VPC. This table can be used to gather insights on NAT Gateways, such as their state, subnet association, and associated Elastic IP addresses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - nat_gateway_id, - address ->> 'PrivateIp' as private_ip, - address ->> 'PublicIp' as public_ip, - address ->> 'NetworkInterfaceId' as nic_id, - address ->> 'AllocationId' as allocation_id - from - aws_vpc_nat_gateway - cross join jsonb_array_elements(nat_gateway_addresses) as address; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n nat_gateway_id,\n address ->> 'PrivateIp' as private_ip,\n\ + \ address ->> 'PublicIp' as public_ip,\n address ->> 'NetworkInterfaceId' as\ + \ nic_id,\n address ->> 'AllocationId' as allocation_id\nfrom\n aws_vpc_nat_gateway\n\ + \ cross join jsonb_array_elements(nat_gateway_addresses) as address;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Virtual Private Cloud +Title: List all details of AWS VPC NAT Gateways with SQL diff --git a/queries/aws_vpc_nat_gateway_2.yaml b/queries/aws_vpc_nat_gateway_2.yaml index 62e69553c..7fc056951 100755 --- a/queries/aws_vpc_nat_gateway_2.yaml +++ b/queries/aws_vpc_nat_gateway_2.yaml @@ -1,26 +1,23 @@ +Description: Allows users to query NAT Gateways within Amazon Virtual Private Cloud + (VPC). The `aws_vpc_nat_gateway` table in Steampipe provides information about each + NAT Gateway within a VPC. This table can be used to gather insights on NAT Gateways, + such as their state, subnet association, and associated Elastic IP addresses. ID: aws_vpc_nat_gateway_2 -Title: "Find AWS VPC NAT Gateways and Subnet Details" -Description: "Allows users to query NAT Gateways within Amazon Virtual Private Cloud (VPC). The `aws_vpc_nat_gateway` table in Steampipe provides information about each NAT Gateway within a VPC. This table can be used to gather insights on NAT Gateways, such as their state, subnet association, and associated Elastic IP addresses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - nat_gateway_id, - vpc_id, - subnet_id - from - aws_vpc_nat_gateway; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n nat_gateway_id,\n vpc_id,\n subnet_id\nfrom\n aws_vpc_nat_gateway;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Virtual Private Cloud (VPC) +Title: Find AWS VPC NAT Gateways and Subnet Details diff --git a/queries/aws_vpc_nat_gateway_3.yaml b/queries/aws_vpc_nat_gateway_3.yaml index f93117c61..c303d8110 100755 --- a/queries/aws_vpc_nat_gateway_3.yaml +++ b/queries/aws_vpc_nat_gateway_3.yaml @@ -1,27 +1,24 @@ +Description: Allows users to query NAT Gateways within Amazon Virtual Private Cloud + (VPC). The `aws_vpc_nat_gateway` table in Steampipe provides information about each + NAT Gateway within a VPC. This table can be used to gather insights on NAT Gateways, + such as their state, subnet association, and associated Elastic IP addresses. ID: aws_vpc_nat_gateway_3 -Title: "Find AWS VPC NAT Gateways and Their Details" -Description: "Allows users to query NAT Gateways within Amazon Virtual Private Cloud (VPC). The `aws_vpc_nat_gateway` table in Steampipe provides information about each NAT Gateway within a VPC. This table can be used to gather insights on NAT Gateways, such as their state, subnet association, and associated Elastic IP addresses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - nat_gateway_id, - tags - from - aws_vpc_nat_gateway - where - not tags :: JSONB ? 'application'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n nat_gateway_id,\n tags\nfrom\n aws_vpc_nat_gateway\n\ + where\n not tags :: JSONB ? 'application';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Virtual Private Cloud (VPC) +Title: Find AWS VPC NAT Gateways and Their Details diff --git a/queries/aws_vpc_nat_gateway_4.yaml b/queries/aws_vpc_nat_gateway_4.yaml index 715192f46..a33b17c0a 100755 --- a/queries/aws_vpc_nat_gateway_4.yaml +++ b/queries/aws_vpc_nat_gateway_4.yaml @@ -1,27 +1,24 @@ +Description: Allows users to query NAT Gateways within Amazon Virtual Private Cloud + (VPC). The `aws_vpc_nat_gateway` table in Steampipe provides information about each + NAT Gateway within a VPC. This table can be used to gather insights on NAT Gateways, + such as their state, subnet association, and associated Elastic IP addresses. ID: aws_vpc_nat_gateway_4 -Title: "List All AWS VPC NAT Gateways and Their Subnet Associations" -Description: "Allows users to query NAT Gateways within Amazon Virtual Private Cloud (VPC). The `aws_vpc_nat_gateway` table in Steampipe provides information about each NAT Gateway within a VPC. This table can be used to gather insights on NAT Gateways, such as their state, subnet association, and associated Elastic IP addresses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - vpc_id, - count(nat_gateway_id) as nat_gateway_id - from - aws_vpc_nat_gateway - group by - vpc_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n vpc_id,\n count(nat_gateway_id) as nat_gateway_id\n\ + from\n aws_vpc_nat_gateway\ngroup by\n vpc_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon VPC +Title: List All AWS VPC NAT Gateways and Their Subnet Associations diff --git a/queries/aws_vpc_nat_gateway_metric_bytes_out_to_destination_1.yaml b/queries/aws_vpc_nat_gateway_metric_bytes_out_to_destination_1.yaml index 8c64e1061..7cdaec672 100755 --- a/queries/aws_vpc_nat_gateway_metric_bytes_out_to_destination_1.yaml +++ b/queries/aws_vpc_nat_gateway_metric_bytes_out_to_destination_1.yaml @@ -1,32 +1,24 @@ +Description: Allows users to query AWS NAT Gateway metrics for bytes sent to the destination + from the NAT gateway. The table provides information about the number of bytes sent + out to the destination per NAT gateway in a VPC. ID: aws_vpc_nat_gateway_metric_bytes_out_to_destination_1 -Title: "List all AWS NAT Gateway Metrics for Bytes Sent Out" -Description: "Allows users to query AWS NAT Gateway metrics for bytes sent to the destination from the NAT gateway. The table provides information about the number of bytes sent out to the destination per NAT gateway in a VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - nat_gateway_id, - timestamp, - minimum, - maximum, - average, - sample_count - from - aws_vpc_nat_gateway_metric_bytes_out_to_destination - order by - nat_gateway_id, - timestamp; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n nat_gateway_id,\n timestamp,\n minimum,\n maximum,\n\ + \ average,\n sample_count\nfrom\n aws_vpc_nat_gateway_metric_bytes_out_to_destination\n\ + order by\n nat_gateway_id,\n timestamp;" Tags: cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - NAT Gateway +Title: List all AWS NAT Gateway Metrics for Bytes Sent Out diff --git a/queries/aws_vpc_nat_gateway_metric_bytes_out_to_destination_2.yaml b/queries/aws_vpc_nat_gateway_metric_bytes_out_to_destination_2.yaml index 36e0e9c8c..e7e070804 100755 --- a/queries/aws_vpc_nat_gateway_metric_bytes_out_to_destination_2.yaml +++ b/queries/aws_vpc_nat_gateway_metric_bytes_out_to_destination_2.yaml @@ -1,34 +1,25 @@ +Description: Allows users to query AWS NAT Gateway metrics for bytes sent to the destination + from the NAT gateway. The table provides information about the number of bytes sent + out to the destination per NAT gateway in a VPC. ID: aws_vpc_nat_gateway_metric_bytes_out_to_destination_2 -Title: "Find AWS NAT Gateway Metrics for Bytes Sent to Destination" -Description: "Allows users to query AWS NAT Gateway metrics for bytes sent to the destination from the NAT gateway. The table provides information about the number of bytes sent out to the destination per NAT gateway in a VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - g.nat_gateway_id, - vpc_id, - subnet_id - from - aws_vpc_nat_gateway as g - left join aws_vpc_nat_gateway_metric_bytes_out_to_destination as d - on g.nat_gateway_id = d.nat_gateway_id - group by - g.nat_gateway_id, - vpc_id, - subnet_id - having - sum(average) = 0; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n g.nat_gateway_id,\n vpc_id,\n subnet_id\nfrom\n aws_vpc_nat_gateway\ + \ as g\n left join aws_vpc_nat_gateway_metric_bytes_out_to_destination as d\n\ + \ on g.nat_gateway_id = d.nat_gateway_id\ngroup by\n g.nat_gateway_id,\n vpc_id,\n\ + \ subnet_id\nhaving\n sum(average) = 0;" Tags: cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - CloudWatch +Title: Find AWS NAT Gateway Metrics for Bytes Sent to Destination diff --git a/queries/aws_vpc_network_acl_1.yaml b/queries/aws_vpc_network_acl_1.yaml index 61d22ddb3..894ac6149 100755 --- a/queries/aws_vpc_network_acl_1.yaml +++ b/queries/aws_vpc_network_acl_1.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS VPC Network ACLs to retrieve detailed information + about network access control lists in a specific AWS VPC. ID: aws_vpc_network_acl_1 -Title: "Find AWS VPC Network ACLs Information" -Description: "Allows users to query AWS VPC Network ACLs to retrieve detailed information about network access control lists in a specific AWS VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - network_acl_id, - arn, - vpc_id - from - aws_vpc_network_acl; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n network_acl_id,\n arn,\n vpc_id\nfrom\n aws_vpc_network_acl;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Network ACL +Title: Find AWS VPC Network ACLs Information diff --git a/queries/aws_vpc_network_acl_2.yaml b/queries/aws_vpc_network_acl_2.yaml index 71c8bb2f0..8d7d19570 100755 --- a/queries/aws_vpc_network_acl_2.yaml +++ b/queries/aws_vpc_network_acl_2.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS VPC Network ACLs to retrieve detailed information + about network access control lists in a specific AWS VPC. ID: aws_vpc_network_acl_2 -Title: "Find AWS VPC Network ACLs in a Specific VPC" -Description: "Allows users to query AWS VPC Network ACLs to retrieve detailed information about network access control lists in a specific AWS VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - network_acl_id, - vpc_id, - is_default - from - aws_vpc_network_acl - where - is_default = true; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n network_acl_id,\n vpc_id,\n is_default\nfrom\n aws_vpc_network_acl\n\ + where\n is_default = true;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Network ACL +Title: Find AWS VPC Network ACLs in a Specific VPC diff --git a/queries/aws_vpc_network_acl_3.yaml b/queries/aws_vpc_network_acl_3.yaml index a159c2d8a..f13544622 100755 --- a/queries/aws_vpc_network_acl_3.yaml +++ b/queries/aws_vpc_network_acl_3.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query AWS VPC Network ACLs to retrieve detailed information + about network access control lists in a specific AWS VPC. ID: aws_vpc_network_acl_3 -Title: "Find AWS VPC Network ACL Details" -Description: "Allows users to query AWS VPC Network ACLs to retrieve detailed information about network access control lists in a specific AWS VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - network_acl_id, - vpc_id, - association ->> 'SubnetId' as subnet_id, - association ->> 'NetworkAclAssociationId' as network_acl_association_id - from - aws_vpc_network_acl - cross join jsonb_array_elements(associations) as association; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n network_acl_id,\n vpc_id,\n association ->> 'SubnetId'\ + \ as subnet_id,\n association ->> 'NetworkAclAssociationId' as network_acl_association_id\n\ + from\n aws_vpc_network_acl\n cross join jsonb_array_elements(associations) as\ + \ association;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Network ACL +Title: Find AWS VPC Network ACL Details diff --git a/queries/aws_vpc_peering_connection_1.yaml b/queries/aws_vpc_peering_connection_1.yaml index 3135f61b9..8b938fbf3 100755 --- a/queries/aws_vpc_peering_connection_1.yaml +++ b/queries/aws_vpc_peering_connection_1.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query VPC Peering Connections in Amazon Virtual Private + Cloud (VPC). ID: aws_vpc_peering_connection_1 -Title: "List AWS VPC Peering Connections using SQL" -Description: "Allows users to query VPC Peering Connections in Amazon Virtual Private Cloud (VPC)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - accepter_owner_id, - accepter_region, - accepter_vpc_id, - expiration_time, - requester_owner_id, - requester_region, - requester_vpc_id - from - aws_vpc_peering_connection; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n accepter_owner_id,\n accepter_region,\n accepter_vpc_id,\n\ + \ expiration_time,\n requester_owner_id,\n requester_region,\n requester_vpc_id\n\ + from\n aws_vpc_peering_connection;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Virtual Private Cloud +Title: List AWS VPC Peering Connections using SQL diff --git a/queries/aws_vpc_peering_connection_2.yaml b/queries/aws_vpc_peering_connection_2.yaml index cb0ccb2ff..e8467e110 100755 --- a/queries/aws_vpc_peering_connection_2.yaml +++ b/queries/aws_vpc_peering_connection_2.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query VPC Peering Connections in Amazon Virtual Private + Cloud (VPC). ID: aws_vpc_peering_connection_2 -Title: "Find Pending AWS VPC Peering Connections" -Description: "Allows users to query VPC Peering Connections in Amazon Virtual Private Cloud (VPC)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - accepter_vpc_id, - requester_vpc_id, - status_code, - status_message - from - aws_vpc_peering_connection - where - status_code = 'pending-acceptance'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n accepter_vpc_id,\n requester_vpc_id,\n status_code,\n\ + \ status_message\nfrom\n aws_vpc_peering_connection\nwhere\n status_code =\ + \ 'pending-acceptance';" Tags: cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon VPC +Title: Find Pending AWS VPC Peering Connections diff --git a/queries/aws_vpc_peering_connection_3.yaml b/queries/aws_vpc_peering_connection_3.yaml index acd99d15e..6d952328b 100755 --- a/queries/aws_vpc_peering_connection_3.yaml +++ b/queries/aws_vpc_peering_connection_3.yaml @@ -1,31 +1,25 @@ +Description: Allows users to query VPC Peering Connections in Amazon Virtual Private + Cloud (VPC). ID: aws_vpc_peering_connection_3 -Title: "Query All AWS VPC Peering Connections" -Description: "Allows users to query VPC Peering Connections in Amazon Virtual Private Cloud (VPC)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - requester_cidr_block, - requester_owner_id, - requester_region, - requester_vpc_id, - jsonb_pretty(requester_cidr_block_set) as requester_cidr_block_set, - jsonb_pretty(requester_ipv6_cidr_block_set) as requester_ipv6_cidr_block_set, - jsonb_pretty(requester_peering_options) as requester_peering_options - from - aws_vpc_peering_connection; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n requester_cidr_block,\n requester_owner_id,\n\ + \ requester_region,\n requester_vpc_id,\n jsonb_pretty(requester_cidr_block_set)\ + \ as requester_cidr_block_set,\n jsonb_pretty(requester_ipv6_cidr_block_set)\ + \ as requester_ipv6_cidr_block_set,\n jsonb_pretty(requester_peering_options)\ + \ as requester_peering_options\nfrom\n aws_vpc_peering_connection;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon VPC +Title: Query All AWS VPC Peering Connections diff --git a/queries/aws_vpc_peering_connection_4.yaml b/queries/aws_vpc_peering_connection_4.yaml index f1456868d..54e483388 100755 --- a/queries/aws_vpc_peering_connection_4.yaml +++ b/queries/aws_vpc_peering_connection_4.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query VPC Peering Connections in Amazon Virtual Private + Cloud (VPC). ID: aws_vpc_peering_connection_4 -Title: "List all AWS VPC Peering Connections" -Description: "Allows users to query VPC Peering Connections in Amazon Virtual Private Cloud (VPC)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - accepter_cidr_block, - accepter_owner_id, - accepter_region, - accepter_vpc_id, - jsonb_pretty(accepter_cidr_block_set) as accepter_cidr_block_set, - jsonb_pretty(accepter_ipv6_cidr_block_set) as accepter_ipv6_cidr_block_set, - jsonb_pretty(accepter_peering_options) as accepter_peering_options - from - aws_vpc_peering_connection; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n accepter_cidr_block,\n accepter_owner_id,\n \ + \ accepter_region,\n accepter_vpc_id,\n jsonb_pretty(accepter_cidr_block_set)\ + \ as accepter_cidr_block_set,\n jsonb_pretty(accepter_ipv6_cidr_block_set) as\ + \ accepter_ipv6_cidr_block_set,\n jsonb_pretty(accepter_peering_options) as accepter_peering_options\n\ + from\n aws_vpc_peering_connection;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Virtual Private Cloud (VPC) +Title: List all AWS VPC Peering Connections diff --git a/queries/aws_vpc_peering_connection_5.yaml b/queries/aws_vpc_peering_connection_5.yaml index 1d0f7b923..393a894b9 100755 --- a/queries/aws_vpc_peering_connection_5.yaml +++ b/queries/aws_vpc_peering_connection_5.yaml @@ -1,33 +1,23 @@ +Description: Allows users to query VPC Peering Connections in Amazon Virtual Private + Cloud (VPC). ID: aws_vpc_peering_connection_5 -Title: "List all VPC Peering Connections in AWS" -Description: "Allows users to query VPC Peering Connections in Amazon Virtual Private Cloud (VPC)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - accepter_owner_id, - accepter_region, - accepter_vpc_id, - expiration_time, - requester_owner_id, - requester_region, - requester_vpc_id - from - aws_vpc_peering_connection - where - id in ('pcx-0a0403619dd2f3b24', 'pcx-048825e2c43ffd99e'); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n accepter_owner_id,\n accepter_region,\n accepter_vpc_id,\n\ + \ expiration_time,\n requester_owner_id,\n requester_region,\n requester_vpc_id\n\ + from\n aws_vpc_peering_connection\nwhere\n id in ('pcx-0a0403619dd2f3b24', 'pcx-048825e2c43ffd99e');" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon VPC +Title: List all VPC Peering Connections in AWS diff --git a/queries/aws_vpc_peering_connection_6.yaml b/queries/aws_vpc_peering_connection_6.yaml index f19b7abd9..49753964b 100755 --- a/queries/aws_vpc_peering_connection_6.yaml +++ b/queries/aws_vpc_peering_connection_6.yaml @@ -1,24 +1,20 @@ +Description: Allows users to query VPC Peering Connections in Amazon Virtual Private + Cloud (VPC). ID: aws_vpc_peering_connection_6 -Title: "Find all VPC Peering Connections in AWS VPC" -Description: "Allows users to query VPC Peering Connections in Amazon Virtual Private Cloud (VPC)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - jsonb_pretty(tags) as tags, - jsonb_pretty(tags_src) as tags_src - from - aws_vpc_peering_connection; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n jsonb_pretty(tags) as tags,\n jsonb_pretty(tags_src)\ + \ as tags_src\nfrom\n aws_vpc_peering_connection;" Tags: cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Virtual Private Cloud +Title: Find all VPC Peering Connections in AWS VPC diff --git a/queries/aws_vpc_peering_connection_7.yaml b/queries/aws_vpc_peering_connection_7.yaml index c2649773a..6dc19fdba 100755 --- a/queries/aws_vpc_peering_connection_7.yaml +++ b/queries/aws_vpc_peering_connection_7.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query VPC Peering Connections in Amazon Virtual Private + Cloud (VPC). ID: aws_vpc_peering_connection_7 -Title: "Find AWS VPC Peering Connections in Amazon VPC" -Description: "Allows users to query VPC Peering Connections in Amazon Virtual Private Cloud (VPC)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - tags ->> 'Name' as name - from - aws_vpc_peering_connection; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n tags ->> 'Name' as name\nfrom\n aws_vpc_peering_connection;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Virtual Private Cloud (VPC) +Title: Find AWS VPC Peering Connections in Amazon VPC diff --git a/queries/aws_vpc_peering_connection_8.yaml b/queries/aws_vpc_peering_connection_8.yaml index 5d5f954ba..b27677ad1 100755 --- a/queries/aws_vpc_peering_connection_8.yaml +++ b/queries/aws_vpc_peering_connection_8.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query VPC Peering Connections in Amazon Virtual Private + Cloud (VPC). ID: aws_vpc_peering_connection_8 -Title: "List all VPC Peering Connections in AWS VPC" -Description: "Allows users to query VPC Peering Connections in Amazon Virtual Private Cloud (VPC)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - v.id, - jsonb_pretty(tags) as tags - from - aws_vpc_peering_connection as v, - jsonb_each(tags) - where - key = 'turbot:TurbotCreatedPeeringConnection'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n v.id,\n jsonb_pretty(tags) as tags\nfrom\n aws_vpc_peering_connection\ + \ as v,\n jsonb_each(tags)\nwhere\n key = 'turbot:TurbotCreatedPeeringConnection';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Virtual Private Cloud (VPC) +Title: List all VPC Peering Connections in AWS VPC diff --git a/queries/aws_vpc_peering_connection_9.yaml b/queries/aws_vpc_peering_connection_9.yaml index 496160759..558afe1f1 100755 --- a/queries/aws_vpc_peering_connection_9.yaml +++ b/queries/aws_vpc_peering_connection_9.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query VPC Peering Connections in Amazon Virtual Private + Cloud (VPC). ID: aws_vpc_peering_connection_9 -Title: "Find AWS VPC Peering Connections in Amazon VPC" -Description: "Allows users to query VPC Peering Connections in Amazon Virtual Private Cloud (VPC)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - jsonb_pretty(tags) as tags - from - aws_vpc_peering_connection - where - tags @> '{"Name": "vpc-0639e12347e5b6bfb <=> vpc-8e1234f5"}'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n jsonb_pretty(tags) as tags\nfrom\n aws_vpc_peering_connection\n\ + where\n tags @> '{\"Name\": \"vpc-0639e12347e5b6bfb <=> vpc-8e1234f5\"}';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Virtual Private Cloud +Title: Find AWS VPC Peering Connections in Amazon VPC diff --git a/queries/aws_vpc_route_1.yaml b/queries/aws_vpc_route_1.yaml index 53995d1b3..c5de3b9ef 100755 --- a/queries/aws_vpc_route_1.yaml +++ b/queries/aws_vpc_route_1.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS VPC Routes to retrieve detailed information + about each route in a route table within a VPC. ID: aws_vpc_route_1 -Title: "List all AWS VPC Routes Information using SQL" -Description: "Allows users to query AWS VPC Routes to retrieve detailed information about each route in a route table within a VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - route_table_id, - gateway_id - from - aws_vpc_route - where - gateway_id ilike 'igw%' - and destination_cidr_block = '0.0.0.0/0'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n route_table_id,\n gateway_id\nfrom\n aws_vpc_route\n\ + where\n gateway_id ilike 'igw%'\n and destination_cidr_block = '0.0.0.0/0';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: List all AWS VPC Routes Information using SQL diff --git a/queries/aws_vpc_route_2.yaml b/queries/aws_vpc_route_2.yaml index da8dd22a8..b60398317 100755 --- a/queries/aws_vpc_route_2.yaml +++ b/queries/aws_vpc_route_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS VPC Routes to retrieve detailed information + about each route in a route table within a VPC. ID: aws_vpc_route_2 -Title: "Find AWS VPC Routes for Specific Route Table States" -Description: "Allows users to query AWS VPC Routes to retrieve detailed information about each route in a route table within a VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - route_table_id, - state - from - aws_vpc_route - where - state = 'blackhole'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n route_table_id,\n state\nfrom\n aws_vpc_route\nwhere\n\ + \ state = 'blackhole';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: Find AWS VPC Routes for Specific Route Table States diff --git a/queries/aws_vpc_route_3.yaml b/queries/aws_vpc_route_3.yaml index f86fdab9e..1aa3421f6 100755 --- a/queries/aws_vpc_route_3.yaml +++ b/queries/aws_vpc_route_3.yaml @@ -1,36 +1,25 @@ +Description: Allows users to query AWS VPC Routes to retrieve detailed information + about each route in a route table within a VPC. ID: aws_vpc_route_3 -Title: "Find AWS VPC Routes and Retrieve Route Information" -Description: "Allows users to query AWS VPC Routes to retrieve detailed information about each route in a route table within a VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - route_table_id, - state, - destination_cidr_block, - destination_ipv6_cidr_block, - carrier_gateway_id, - destination_prefix_list_id, - egress_only_internet_gateway_id, - gateway_id, - instance_id, - nat_gateway_id, - network_interface_id, - transit_gateway_id, - vpc_peering_connection_id - from - aws_vpc_route; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n route_table_id,\n state,\n destination_cidr_block,\n\ + \ destination_ipv6_cidr_block,\n carrier_gateway_id,\n destination_prefix_list_id,\n\ + \ egress_only_internet_gateway_id,\n gateway_id,\n instance_id,\n nat_gateway_id,\n\ + \ network_interface_id,\n transit_gateway_id,\n vpc_peering_connection_id\n\ + from\n aws_vpc_route;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: Find AWS VPC Routes and Retrieve Route Information diff --git a/queries/aws_vpc_route_table_1.yaml b/queries/aws_vpc_route_table_1.yaml index c6483a39d..22c1ce80a 100755 --- a/queries/aws_vpc_route_table_1.yaml +++ b/queries/aws_vpc_route_table_1.yaml @@ -1,25 +1,20 @@ +Description: Allows users to query AWS VPC Route Tables and obtain detailed information + about each route table, including its associations, routes, and tags. ID: aws_vpc_route_table_1 -Title: "Find all AWS VPC Route Tables and their Details" -Description: "Allows users to query AWS VPC Route Tables and obtain detailed information about each route table, including its associations, routes, and tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - vpc_id, - count(route_table_id) as route_table_count - from - aws_vpc_route_table - group by - vpc_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n vpc_id,\n count(route_table_id) as route_table_count\n\ + from\n aws_vpc_route_table\ngroup by\n vpc_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Route Tables +Title: Find all AWS VPC Route Tables and their Details diff --git a/queries/aws_vpc_route_table_2.yaml b/queries/aws_vpc_route_table_2.yaml index f7871f665..76a785497 100755 --- a/queries/aws_vpc_route_table_2.yaml +++ b/queries/aws_vpc_route_table_2.yaml @@ -1,30 +1,26 @@ +Description: Allows users to query AWS VPC Route Tables and obtain detailed information + about each route table, including its associations, routes, and tags. ID: aws_vpc_route_table_2 -Title: "List all AWS VPC Route Tables and Their Associations" -Description: "Allows users to query AWS VPC Route Tables and obtain detailed information about each route table, including its associations, routes, and tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - route_table_id, - associations_detail -> 'AssociationState' ->> 'State' as state, - associations_detail -> 'GatewayId' as gateway_id, - associations_detail -> 'SubnetId' as subnet_id, - associations_detail -> 'RouteTableAssociationId' as route_table_association_id, - associations_detail -> 'Main' as main_route_table - from - aws_vpc_route_table - cross join jsonb_array_elements(associations) as associations_detail; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n route_table_id,\n associations_detail -> 'AssociationState'\ + \ ->> 'State' as state,\n associations_detail -> 'GatewayId' as gateway_id,\n\ + \ associations_detail -> 'SubnetId' as subnet_id,\n associations_detail -> 'RouteTableAssociationId'\ + \ as route_table_association_id,\n associations_detail -> 'Main' as main_route_table\n\ + from\n aws_vpc_route_table\n cross join jsonb_array_elements(associations) as\ + \ associations_detail;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: List all AWS VPC Route Tables and Their Associations diff --git a/queries/aws_vpc_route_table_3.yaml b/queries/aws_vpc_route_table_3.yaml index 17df76fc0..490fbda66 100755 --- a/queries/aws_vpc_route_table_3.yaml +++ b/queries/aws_vpc_route_table_3.yaml @@ -1,37 +1,31 @@ +Description: Allows users to query AWS VPC Route Tables and obtain detailed information + about each route table, including its associations, routes, and tags. ID: aws_vpc_route_table_3 -Title: "List all AWS VPC Route Tables with Detailed Info" -Description: "Allows users to query AWS VPC Route Tables and obtain detailed information about each route table, including its associations, routes, and tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - route_table_id, - route_detail -> 'CarrierGatewayId' ->> 'State' as carrier_gateway_id, - route_detail -> 'DestinationCidrBlock' as destination_CIDR_block, - route_detail -> 'DestinationIpv6CidrBlock' as destination_ipv6_CIDR_block, - route_detail -> 'EgressOnlyInternetGatewayId' as egress_only_internet_gateway, - route_detail -> 'GatewayId' as gateway_id, - route_detail -> 'InstanceId' as instance_id, - route_detail -> 'InstanceOwnerId' as instance_owner_id, - route_detail -> 'LocalGatewayId' as local_gateway_id, - route_detail -> 'NatGatewayId' as nat_gateway_id, - route_detail -> 'NetworkInterfaceId' as network_interface_id, - route_detail -> 'TransitGatewayId' as transit_gateway_id, - route_detail -> 'VpcPeeringConnectionId' as vpc_peering_connection_id - from - aws_vpc_route_table - cross join jsonb_array_elements(routes) as route_detail; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n route_table_id,\n route_detail -> 'CarrierGatewayId'\ + \ ->> 'State' as carrier_gateway_id,\n route_detail -> 'DestinationCidrBlock'\ + \ as destination_CIDR_block,\n route_detail -> 'DestinationIpv6CidrBlock' as\ + \ destination_ipv6_CIDR_block,\n route_detail -> 'EgressOnlyInternetGatewayId'\ + \ as egress_only_internet_gateway,\n route_detail -> 'GatewayId' as gateway_id,\n\ + \ route_detail -> 'InstanceId' as instance_id,\n route_detail -> 'InstanceOwnerId'\ + \ as instance_owner_id,\n route_detail -> 'LocalGatewayId' as local_gateway_id,\n\ + \ route_detail -> 'NatGatewayId' as nat_gateway_id,\n route_detail -> 'NetworkInterfaceId'\ + \ as network_interface_id,\n route_detail -> 'TransitGatewayId' as transit_gateway_id,\n\ + \ route_detail -> 'VpcPeeringConnectionId' as vpc_peering_connection_id\nfrom\n\ + \ aws_vpc_route_table\n cross join jsonb_array_elements(routes) as route_detail;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: List all AWS VPC Route Tables with Detailed Info diff --git a/queries/aws_vpc_security_group_1.yaml b/queries/aws_vpc_security_group_1.yaml index f4d9cfe53..b25e02df6 100755 --- a/queries/aws_vpc_security_group_1.yaml +++ b/queries/aws_vpc_security_group_1.yaml @@ -1,33 +1,28 @@ +Description: Allows users to query AWS VPC Security Groups and retrieve data such + as group ID, name, description, owner ID, and associated VPC ID. This table can + be used to gain insights on security group configurations, policies, and related + metadata. ID: aws_vpc_security_group_1 -Title: "List all AWS VPC Security Groups with SQL Queries" -Description: "Allows users to query AWS VPC Security Groups and retrieve data such as group ID, name, description, owner ID, and associated VPC ID. This table can be used to gain insights on security group configurations, policies, and related metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - group_name, - vpc_id, - perm ->> 'FromPort' as from_port, - perm ->> 'ToPort' as to_port, - perm ->> 'IpProtocol' as ip_protocol, - perm ->> 'IpRanges' as ip_ranges, - perm ->> 'Ipv6Ranges' as ipv6_ranges, - perm ->> 'UserIdGroupPairs' as user_id_group_pairs, - perm ->> 'PrefixListIds' as prefix_list_ids - from - aws_vpc_security_group as sg - cross join jsonb_array_elements(ip_permissions) as perm; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n group_name,\n vpc_id,\n perm ->> 'FromPort' as from_port,\n\ + \ perm ->> 'ToPort' as to_port,\n perm ->> 'IpProtocol' as ip_protocol,\n perm\ + \ ->> 'IpRanges' as ip_ranges,\n perm ->> 'Ipv6Ranges' as ipv6_ranges,\n perm\ + \ ->> 'UserIdGroupPairs' as user_id_group_pairs,\n perm ->> 'PrefixListIds' as\ + \ prefix_list_ids\nfrom\n aws_vpc_security_group as sg\n cross join jsonb_array_elements(ip_permissions)\ + \ as perm;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: List all AWS VPC Security Groups with SQL Queries diff --git a/queries/aws_vpc_security_group_2.yaml b/queries/aws_vpc_security_group_2.yaml index a35baf507..aa41bceb4 100755 --- a/queries/aws_vpc_security_group_2.yaml +++ b/queries/aws_vpc_security_group_2.yaml @@ -1,48 +1,30 @@ +Description: Allows users to query AWS VPC Security Groups and retrieve data such + as group ID, name, description, owner ID, and associated VPC ID. This table can + be used to gain insights on security group configurations, policies, and related + metadata. ID: aws_vpc_security_group_2 -Title: "Find AWS VPC Security Groups and Their Configurations" -Description: "Allows users to query AWS VPC Security Groups and retrieve data such as group ID, name, description, owner ID, and associated VPC ID. This table can be used to gain insights on security group configurations, policies, and related metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - sg.group_name, - sg.group_id, - sgr.type, - sgr.ip_protocol, - sgr.from_port, - sgr.to_port, - cidr_ip - from - aws_vpc_security_group as sg - join aws_vpc_security_group_rule as sgr on sg.group_name = sgr.group_name - where - sgr.type = 'ingress' - and sgr.cidr_ip = '0.0.0.0/0' - and ( - ( - sgr.ip_protocol = '-1' -- all traffic - and sgr.from_port is null - ) - or ( - sgr.from_port <= 22 - and sgr.to_port >= 22 - ) - or ( - sgr.from_port <= 3389 - and sgr.to_port >= 3389 - ) - ); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n sg.group_name,\n sg.group_id,\n sgr.type,\n sgr.ip_protocol,\n\ + \ sgr.from_port,\n sgr.to_port,\n cidr_ip\nfrom\n aws_vpc_security_group as\ + \ sg\n join aws_vpc_security_group_rule as sgr on sg.group_name = sgr.group_name\n\ + where\n sgr.type = 'ingress'\n and sgr.cidr_ip = '0.0.0.0/0'\n and (\n (\n\ + \ sgr.ip_protocol = '-1' -- all traffic\n and sgr.from_port is null\n\ + \ )\n or (\n sgr.from_port <= 22\n and sgr.to_port >= 22\n \ + \ )\n or (\n sgr.from_port <= 3389\n and sgr.to_port >= 3389\n \ + \ )\n );" Tags: cloud_identity_security: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: Find AWS VPC Security Groups and Their Configurations diff --git a/queries/aws_vpc_security_group_3.yaml b/queries/aws_vpc_security_group_3.yaml index 50e010d49..5cf91e639 100755 --- a/queries/aws_vpc_security_group_3.yaml +++ b/queries/aws_vpc_security_group_3.yaml @@ -1,27 +1,24 @@ +Description: Allows users to query AWS VPC Security Groups and retrieve data such + as group ID, name, description, owner ID, and associated VPC ID. This table can + be used to gain insights on security group configurations, policies, and related + metadata. ID: aws_vpc_security_group_3 -Title: "List all AWS VPC Security Groups with Configurations" -Description: "Allows users to query AWS VPC Security Groups and retrieve data such as group ID, name, description, owner ID, and associated VPC ID. This table can be used to gain insights on security group configurations, policies, and related metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - vpc_id, - count(vpc_id) as count - from - aws_vpc_security_group - group by - vpc_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n vpc_id,\n count(vpc_id) as count\nfrom\n aws_vpc_security_group\n\ + group by\n vpc_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Security Group +Title: List all AWS VPC Security Groups with Configurations diff --git a/queries/aws_vpc_security_group_4.yaml b/queries/aws_vpc_security_group_4.yaml index a10669c02..12dabb476 100755 --- a/queries/aws_vpc_security_group_4.yaml +++ b/queries/aws_vpc_security_group_4.yaml @@ -1,27 +1,24 @@ +Description: Allows users to query AWS VPC Security Groups and retrieve data such + as group ID, name, description, owner ID, and associated VPC ID. This table can + be used to gain insights on security group configurations, policies, and related + metadata. ID: aws_vpc_security_group_4 -Title: "List all AWS VPC Security Groups and Metadata" -Description: "Allows users to query AWS VPC Security Groups and retrieve data such as group ID, name, description, owner ID, and associated VPC ID. This table can be used to gain insights on security group configurations, policies, and related metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - group_name, - group_id - from - aws_vpc_security_group - where - group_name like '%launch-wizard%'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n group_name,\n group_id\nfrom\n aws_vpc_security_group\n\ + where\n group_name like '%launch-wizard%';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: List all AWS VPC Security Groups and Metadata diff --git a/queries/aws_vpc_security_group_rule_1.yaml b/queries/aws_vpc_security_group_rule_1.yaml index c82b27f40..580848df2 100755 --- a/queries/aws_vpc_security_group_rule_1.yaml +++ b/queries/aws_vpc_security_group_rule_1.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS VPC Security Group Rule, providing detailed + information about security group rules within Amazon Virtual Private Cloud (VPC). ID: aws_vpc_security_group_rule_1 -Title: "List AWS VPC Security Group Rules using SQL" -Description: "Allows users to query AWS VPC Security Group Rule, providing detailed information about security group rules within Amazon Virtual Private Cloud (VPC)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - security_group_rule_id, - group_id, - ip_protocol, - from_port, - to_port - from - aws_vpc_security_group_rule - where - cidr_ipv4 = '0.0.0.0/0' - and not is_egress; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n security_group_rule_id,\n group_id,\n ip_protocol,\n\ + \ from_port,\n to_port\nfrom\n aws_vpc_security_group_rule\nwhere\n cidr_ipv4\ + \ = '0.0.0.0/0'\n and not is_egress;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon VPC +Title: List AWS VPC Security Group Rules using SQL diff --git a/queries/aws_vpc_security_group_rule_2.yaml b/queries/aws_vpc_security_group_rule_2.yaml index b859af26e..ca2e4df30 100755 --- a/queries/aws_vpc_security_group_rule_2.yaml +++ b/queries/aws_vpc_security_group_rule_2.yaml @@ -1,46 +1,26 @@ +Description: Allows users to query AWS VPC Security Group Rule, providing detailed + information about security group rules within Amazon Virtual Private Cloud (VPC). ID: aws_vpc_security_group_rule_2 -Title: "Find AWS VPC Security Group Rule - Query with Details" -Description: "Allows users to query AWS VPC Security Group Rule, providing detailed information about security group rules within Amazon Virtual Private Cloud (VPC)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - security_group_rule_id, - group_id, - ip_protocol, - from_port, - to_port, - cidr_ipv4 - from - aws_vpc_security_group_rule - where - not is_egress - and cidr_ipv4 = '0.0.0.0/0' - and ( - ( - ip_protocol = '-1' -- all traffic - and from_port is null - ) - or ( - from_port <= 22 - and to_port >= 22 - ) - or ( - from_port <= 3389 - and to_port >= 3389 - ) - ); - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n security_group_rule_id,\n group_id,\n ip_protocol,\n\ + \ from_port,\n to_port,\n cidr_ipv4\nfrom\n aws_vpc_security_group_rule\n\ + where\n not is_egress\n and cidr_ipv4 = '0.0.0.0/0'\n and (\n (\n ip_protocol\ + \ = '-1' -- all traffic\n and from_port is null\n )\n or (\n from_port\ + \ <= 22\n and to_port >= 22\n )\n or (\n from_port <= 3389\n \ + \ and to_port >= 3389\n )\n );" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Virtual Private Cloud (VPC) +Title: Find AWS VPC Security Group Rule - Query with Details diff --git a/queries/aws_vpc_security_group_rule_3.yaml b/queries/aws_vpc_security_group_rule_3.yaml index 57d77f126..e948cd1f4 100755 --- a/queries/aws_vpc_security_group_rule_3.yaml +++ b/queries/aws_vpc_security_group_rule_3.yaml @@ -1,34 +1,24 @@ +Description: Allows users to query AWS VPC Security Group Rule, providing detailed + information about security group rules within Amazon Virtual Private Cloud (VPC). ID: aws_vpc_security_group_rule_3 -Title: "List all AWS VPC Security Group Rules" -Description: "Allows users to query AWS VPC Security Group Rule, providing detailed information about security group rules within Amazon Virtual Private Cloud (VPC)." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.security_group_rule_id, - r.ip_protocol, - r.from_port, - r.to_port, - r.cidr_ipv4, - r.group_id, - sg.group_name, - sg.vpc_id - from - aws_vpc_security_group_rule as r, - aws_vpc_security_group as sg - where - r.group_id = sg.group_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n r.security_group_rule_id,\n r.ip_protocol,\n r.from_port,\n\ + \ r.to_port,\n r.cidr_ipv4,\n r.group_id,\n sg.group_name,\n sg.vpc_id \n\ + from\n aws_vpc_security_group_rule as r,\n aws_vpc_security_group as sg \nwhere\n\ + \ r.group_id = sg.group_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon Virtual Private Cloud +Title: List all AWS VPC Security Group Rules diff --git a/queries/aws_vpc_subnet_1.yaml b/queries/aws_vpc_subnet_1.yaml index 8061a033e..e2257a8a5 100755 --- a/queries/aws_vpc_subnet_1.yaml +++ b/queries/aws_vpc_subnet_1.yaml @@ -1,30 +1,24 @@ +Description: Allows users to query AWS VPC Subnets and obtain detailed information + about each subnet, including its configuration, associated VPC, availability zone, + and CIDR block. ID: aws_vpc_subnet_1 -Title: "List all AWS VPC Subnets with Detailed Information" -Description: "Allows users to query AWS VPC Subnets and obtain detailed information about each subnet, including its configuration, associated VPC, availability zone, and CIDR block." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - vpc_id, - subnet_id, - cidr_block, - assign_ipv6_address_on_creation, - map_customer_owned_ip_on_launch, - map_public_ip_on_launch, - ipv6_cidr_block_association_set - from - aws_vpc_subnet; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n vpc_id,\n subnet_id,\n cidr_block,\n assign_ipv6_address_on_creation,\n\ + \ map_customer_owned_ip_on_launch,\n map_public_ip_on_launch,\n ipv6_cidr_block_association_set\n\ + from\n aws_vpc_subnet;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: List all AWS VPC Subnets with Detailed Information diff --git a/queries/aws_vpc_subnet_2.yaml b/queries/aws_vpc_subnet_2.yaml index c8557ace1..080c1fd86 100755 --- a/queries/aws_vpc_subnet_2.yaml +++ b/queries/aws_vpc_subnet_2.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS VPC Subnets and obtain detailed information + about each subnet, including its configuration, associated VPC, availability zone, + and CIDR block. ID: aws_vpc_subnet_2 -Title: "List all AWS VPC Subnets with Details" -Description: "Allows users to query AWS VPC Subnets and obtain detailed information about each subnet, including its configuration, associated VPC, availability zone, and CIDR block." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - vpc_id, - subnet_id, - availability_zone, - availability_zone_id - from - aws_vpc_subnet - order by - vpc_id, - availability_zone; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n vpc_id,\n subnet_id,\n availability_zone,\n availability_zone_id\n\ + from\n aws_vpc_subnet\norder by\n vpc_id,\n availability_zone;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: List all AWS VPC Subnets with Details diff --git a/queries/aws_vpc_subnet_3.yaml b/queries/aws_vpc_subnet_3.yaml index aaaeb7707..6f2d30609 100755 --- a/queries/aws_vpc_subnet_3.yaml +++ b/queries/aws_vpc_subnet_3.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS VPC Subnets and obtain detailed information + about each subnet, including its configuration, associated VPC, availability zone, + and CIDR block. ID: aws_vpc_subnet_3 -Title: "Find AWS VPC Subnets Information including CIDR Blocks" -Description: "Allows users to query AWS VPC Subnets and obtain detailed information about each subnet, including its configuration, associated VPC, availability zone, and CIDR block." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - subnet_id, - cidr_block, - available_ip_address_count, - power(2, 32 - masklen(cidr_block :: cidr)) -1 as raw_size - from - aws_vpc_subnet; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n subnet_id,\n cidr_block,\n available_ip_address_count,\n\ + \ power(2, 32 - masklen(cidr_block :: cidr)) -1 as raw_size\nfrom\n aws_vpc_subnet;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: Find AWS VPC Subnets Information including CIDR Blocks diff --git a/queries/aws_vpc_subnet_4.yaml b/queries/aws_vpc_subnet_4.yaml index 13acb2979..619375143 100755 --- a/queries/aws_vpc_subnet_4.yaml +++ b/queries/aws_vpc_subnet_4.yaml @@ -1,27 +1,25 @@ +Description: Allows users to query AWS VPC Subnets and obtain detailed information + about each subnet, including its configuration, associated VPC, availability zone, + and CIDR block. ID: aws_vpc_subnet_4 -Title: "Find AWS VPC Subnets with Configuration Details" -Description: "Allows users to query AWS VPC Subnets and obtain detailed information about each subnet, including its configuration, associated VPC, availability zone, and CIDR block." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - associations_detail ->> 'SubnetId' as subnet_id, - route_table_id - from - aws_vpc_route_table as rt - cross join jsonb_array_elements(associations) as associations_detail - join aws_vpc_subnet as sub on sub.subnet_id = associations_detail ->> 'SubnetId'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n associations_detail ->> 'SubnetId' as subnet_id,\n route_table_id\n\ + from\n aws_vpc_route_table as rt\n cross join jsonb_array_elements(associations)\ + \ as associations_detail\n join aws_vpc_subnet as sub on sub.subnet_id = associations_detail\ + \ ->> 'SubnetId';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: Find AWS VPC Subnets with Configuration Details diff --git a/queries/aws_vpc_subnet_5.yaml b/queries/aws_vpc_subnet_5.yaml index 09fb0622c..a0b0b39a4 100755 --- a/queries/aws_vpc_subnet_5.yaml +++ b/queries/aws_vpc_subnet_5.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS VPC Subnets and obtain detailed information + about each subnet, including its configuration, associated VPC, availability zone, + and CIDR block. ID: aws_vpc_subnet_5 -Title: "List all AWS VPC Subnets and Obtain Detailed Information" -Description: "Allows users to query AWS VPC Subnets and obtain detailed information about each subnet, including its configuration, associated VPC, availability zone, and CIDR block." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - vpc_id, - count(subnet_id) as subnet_count - from - aws_vpc_subnet - group by - vpc_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n vpc_id,\n count(subnet_id) as subnet_count\nfrom\n \ + \ aws_vpc_subnet\ngroup by\n vpc_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: List all AWS VPC Subnets and Obtain Detailed Information diff --git a/queries/aws_vpc_verified_access_endpoint_1.yaml b/queries/aws_vpc_verified_access_endpoint_1.yaml index f7ca68f0c..eecb16a3b 100755 --- a/queries/aws_vpc_verified_access_endpoint_1.yaml +++ b/queries/aws_vpc_verified_access_endpoint_1.yaml @@ -1,31 +1,26 @@ +Description: Allows users to query AWS VPC Verified Access Endpoint data, including + details about the endpoint configuration, service name, and VPC ID. This information + can be used to manage and secure network access to services within an AWS Virtual + Private Cloud. ID: aws_vpc_verified_access_endpoint_1 -Title: "List all AWS VPC Verified Access Endpoint Details" -Description: "Allows users to query AWS VPC Verified Access Endpoint data, including details about the endpoint configuration, service name, and VPC ID. This information can be used to manage and secure network access to services within an AWS Virtual Private Cloud." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - verified_access_endpoint_id, - verified_access_instance_id, - verified_access_group_id, - creation_time, - verified_access_instance_id, - domain_certificate_arn, - device_validation_domain, - status_code - from - aws_vpc_verified_access_endpoint; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n verified_access_endpoint_id,\n verified_access_instance_id,\n\ + \ verified_access_group_id,\n creation_time,\n verified_access_instance_id,\n\ + \ domain_certificate_arn,\n device_validation_domain,\n status_code\nfrom\n\ + \ aws_vpc_verified_access_endpoint;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Verified Access Endpoint +Title: List all AWS VPC Verified Access Endpoint Details diff --git a/queries/aws_vpc_verified_access_endpoint_2.yaml b/queries/aws_vpc_verified_access_endpoint_2.yaml index 43e0a91e1..4c2affd9c 100755 --- a/queries/aws_vpc_verified_access_endpoint_2.yaml +++ b/queries/aws_vpc_verified_access_endpoint_2.yaml @@ -1,31 +1,27 @@ +Description: Allows users to query AWS VPC Verified Access Endpoint data, including + details about the endpoint configuration, service name, and VPC ID. This information + can be used to manage and secure network access to services within an AWS Virtual + Private Cloud. ID: aws_vpc_verified_access_endpoint_2 -Title: "List All AWS VPC Verified Access Endpoint Data" -Description: "Allows users to query AWS VPC Verified Access Endpoint data, including details about the endpoint configuration, service name, and VPC ID. This information can be used to manage and secure network access to services within an AWS Virtual Private Cloud." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - verified_access_endpoint_id, - creation_time, - description, - status_code - from - aws_vpc_verified_access_endpoint - where - creation_time <= now() - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n verified_access_endpoint_id,\n creation_time,\n description,\n\ + \ status_code\nfrom\n aws_vpc_verified_access_endpoint\nwhere\n creation_time\ + \ <= now() - interval '30' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Verified Access Endpoint +Title: List All AWS VPC Verified Access Endpoint Data diff --git a/queries/aws_vpc_verified_access_endpoint_3.yaml b/queries/aws_vpc_verified_access_endpoint_3.yaml index d972579b4..61dde99d2 100755 --- a/queries/aws_vpc_verified_access_endpoint_3.yaml +++ b/queries/aws_vpc_verified_access_endpoint_3.yaml @@ -1,31 +1,25 @@ +Description: Allows users to query AWS VPC Verified Access Endpoint data, including + details about the endpoint configuration, service name, and VPC ID. This information + can be used to manage and secure network access to services within an AWS Virtual + Private Cloud. ID: aws_vpc_verified_access_endpoint_3 -Title: "List all AWS VPC Verified Access Endpoint data with SQL" -Description: "Allows users to query AWS VPC Verified Access Endpoint data, including details about the endpoint configuration, service name, and VPC ID. This information can be used to manage and secure network access to services within an AWS Virtual Private Cloud." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - verified_access_endpoint_id, - status_code, - creation_time, - deletion_time, - description, - device_validation_domain - from - aws_vpc_verified_access_endpoint - where - status_code <> 'active'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n verified_access_endpoint_id,\n status_code,\n creation_time,\n\ + \ deletion_time,\n description,\n device_validation_domain\nfrom\n aws_vpc_verified_access_endpoint\n\ + where\n status_code <> 'active';" Tags: cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: List all AWS VPC Verified Access Endpoint data with SQL diff --git a/queries/aws_vpc_verified_access_endpoint_4.yaml b/queries/aws_vpc_verified_access_endpoint_4.yaml index ff0797205..30f17d363 100755 --- a/queries/aws_vpc_verified_access_endpoint_4.yaml +++ b/queries/aws_vpc_verified_access_endpoint_4.yaml @@ -1,32 +1,28 @@ +Description: Allows users to query AWS VPC Verified Access Endpoint data, including + details about the endpoint configuration, service name, and VPC ID. This information + can be used to manage and secure network access to services within an AWS Virtual + Private Cloud. ID: aws_vpc_verified_access_endpoint_4 -Title: "List all AWS VPC Verified Access Endpoint Configs" -Description: "Allows users to query AWS VPC Verified Access Endpoint data, including details about the endpoint configuration, service name, and VPC ID. This information can be used to manage and secure network access to services within an AWS Virtual Private Cloud." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - e.verified_access_endpoint_id, - e.creation_time, - g.verified_access_group_id, - g.creation_time as group_create_time - from - aws_vpc_verified_access_endpoint as e, - aws_vpc_verified_access_group as g - where - e.verified_access_group_id = g.verified_access_group_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n e.verified_access_endpoint_id,\n e.creation_time,\n\ + \ g.verified_access_group_id,\n g.creation_time as group_create_time\nfrom\n\ + \ aws_vpc_verified_access_endpoint as e,\n aws_vpc_verified_access_group as\ + \ g\nwhere\n e.verified_access_group_id = g.verified_access_group_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS VPC +Title: List all AWS VPC Verified Access Endpoint Configs diff --git a/queries/aws_vpc_verified_access_endpoint_5.yaml b/queries/aws_vpc_verified_access_endpoint_5.yaml index cde17a987..265822505 100755 --- a/queries/aws_vpc_verified_access_endpoint_5.yaml +++ b/queries/aws_vpc_verified_access_endpoint_5.yaml @@ -1,31 +1,27 @@ +Description: Allows users to query AWS VPC Verified Access Endpoint data, including + details about the endpoint configuration, service name, and VPC ID. This information + can be used to manage and secure network access to services within an AWS Virtual + Private Cloud. ID: aws_vpc_verified_access_endpoint_5 -Title: "List Verified Access Endpoints in AWS VPC" -Description: "Allows users to query AWS VPC Verified Access Endpoint data, including details about the endpoint configuration, service name, and VPC ID. This information can be used to manage and secure network access to services within an AWS Virtual Private Cloud." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - e.verified_access_group_id, - e.creation_time, - i.creation_time as instance_create_time, - i.verified_access_instance_id, - jsonb_pretty(i.verified_access_trust_providers) as verified_access_trust_providers - from - aws_vpc_verified_access_endpoint as e, - aws_vpc_verified_access_instance as i - where - e.verified_access_instance_id = i.verified_access_instance_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n e.verified_access_group_id,\n e.creation_time,\n i.creation_time\ + \ as instance_create_time,\n i.verified_access_instance_id,\n jsonb_pretty(i.verified_access_trust_providers)\ + \ as verified_access_trust_providers\nfrom\n aws_vpc_verified_access_endpoint\ + \ as e,\n aws_vpc_verified_access_instance as i\nwhere\n e.verified_access_instance_id\ + \ = i.verified_access_instance_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Verified Access Endpoint +Title: List Verified Access Endpoints in AWS VPC diff --git a/queries/aws_vpc_verified_access_endpoint_6.yaml b/queries/aws_vpc_verified_access_endpoint_6.yaml index 0713c0d20..618badee3 100755 --- a/queries/aws_vpc_verified_access_endpoint_6.yaml +++ b/queries/aws_vpc_verified_access_endpoint_6.yaml @@ -1,27 +1,24 @@ +Description: Allows users to query AWS VPC Verified Access Endpoint data, including + details about the endpoint configuration, service name, and VPC ID. This information + can be used to manage and secure network access to services within an AWS Virtual + Private Cloud. ID: aws_vpc_verified_access_endpoint_6 -Title: "List all AWS VPC Verified Access Endpoints configuration" -Description: "Allows users to query AWS VPC Verified Access Endpoint data, including details about the endpoint configuration, service name, and VPC ID. This information can be used to manage and secure network access to services within an AWS Virtual Private Cloud." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - verified_access_instance_id, - count(verified_access_endpoint_id) as instance_count - from - aws_vpc_verified_access_endpoint - group by - verified_access_instance_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n verified_access_instance_id,\n count(verified_access_endpoint_id)\ + \ as instance_count\nfrom\n aws_vpc_verified_access_endpoint\ngroup by\n verified_access_instance_id;" Tags: cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Verified Access Endpoint +Title: List all AWS VPC Verified Access Endpoints configuration diff --git a/queries/aws_vpc_verified_access_endpoint_7.yaml b/queries/aws_vpc_verified_access_endpoint_7.yaml index ad9b8af84..eac884021 100755 --- a/queries/aws_vpc_verified_access_endpoint_7.yaml +++ b/queries/aws_vpc_verified_access_endpoint_7.yaml @@ -1,32 +1,26 @@ +Description: Allows users to query AWS VPC Verified Access Endpoint data, including + details about the endpoint configuration, service name, and VPC ID. This information + can be used to manage and secure network access to services within an AWS Virtual + Private Cloud. ID: aws_vpc_verified_access_endpoint_7 -Title: "List AWS VPC Verified Access Endpoints and Network Interface" -Description: "Allows users to query AWS VPC Verified Access Endpoint data, including details about the endpoint configuration, service name, and VPC ID. This information can be used to manage and secure network access to services within an AWS Virtual Private Cloud." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - e.verified_access_endpoint_id, - i.network_interface_id, - i.interface_type, - i.private_ip_address, - i.association_public_ip, - jsonb_pretty(i.groups) as security_groups - from - aws_vpc_verified_access_endpoint as e, - aws_ec2_network_interface as i - where - e.network_interface_options ->> 'NetworkInterfaceId' = i.network_interface_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n e.verified_access_endpoint_id,\n i.network_interface_id,\n\ + \ i.interface_type,\n i.private_ip_address,\n i.association_public_ip,\n jsonb_pretty(i.groups)\ + \ as security_groups\nfrom\n aws_vpc_verified_access_endpoint as e,\n aws_ec2_network_interface\ + \ as i\nwhere\n e.network_interface_options ->> 'NetworkInterfaceId' = i.network_interface_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS VPC +Title: List AWS VPC Verified Access Endpoints and Network Interface diff --git a/queries/aws_vpc_verified_access_group_1.yaml b/queries/aws_vpc_verified_access_group_1.yaml index d65eaf0be..97b5db816 100755 --- a/queries/aws_vpc_verified_access_group_1.yaml +++ b/queries/aws_vpc_verified_access_group_1.yaml @@ -1,29 +1,24 @@ +Description: Allows users to query VPC Verified Access Groups within AWS Virtual Private + Cloud (VPC). This table provides information about each verified access group within + a VPC, including details such as group ID, group name, and the VPC ID it is associated + with. ID: aws_vpc_verified_access_group_1 -Title: "List all AWS VPC Verified Access Groups with Details" -Description: "Allows users to query VPC Verified Access Groups within AWS Virtual Private Cloud (VPC). This table provides information about each verified access group within a VPC, including details such as group ID, group name, and the VPC ID it is associated with." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - verified_access_group_id, - arn, - verified_access_instance_id, - creation_time, - description, - last_updated_time - from - aws_vpc_verified_access_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n verified_access_group_id,\n arn,\n verified_access_instance_id,\n\ + \ creation_time,\n description,\n last_updated_time\nfrom\n aws_vpc_verified_access_group;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Virtual Private Cloud +Title: List all AWS VPC Verified Access Groups with Details diff --git a/queries/aws_vpc_verified_access_group_2.yaml b/queries/aws_vpc_verified_access_group_2.yaml index 53e53a419..993c2ab89 100755 --- a/queries/aws_vpc_verified_access_group_2.yaml +++ b/queries/aws_vpc_verified_access_group_2.yaml @@ -1,29 +1,25 @@ +Description: Allows users to query VPC Verified Access Groups within AWS Virtual Private + Cloud (VPC). This table provides information about each verified access group within + a VPC, including details such as group ID, group name, and the VPC ID it is associated + with. ID: aws_vpc_verified_access_group_2 -Title: "List all VPC Verified Access Groups in AWS" -Description: "Allows users to query VPC Verified Access Groups within AWS Virtual Private Cloud (VPC). This table provides information about each verified access group within a VPC, including details such as group ID, group name, and the VPC ID it is associated with." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - verified_access_group_id, - creation_time, - description, - last_updated_time - from - aws_vpc_verified_access_group - where - creation_time <= now() - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n verified_access_group_id,\n creation_time,\n description,\n\ + \ last_updated_time\nfrom\n aws_vpc_verified_access_group\nwhere\n creation_time\ + \ <= now() - interval '30' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: List all VPC Verified Access Groups in AWS diff --git a/queries/aws_vpc_verified_access_group_3.yaml b/queries/aws_vpc_verified_access_group_3.yaml index 52fd85eb2..671eb9326 100755 --- a/queries/aws_vpc_verified_access_group_3.yaml +++ b/queries/aws_vpc_verified_access_group_3.yaml @@ -1,30 +1,25 @@ +Description: Allows users to query VPC Verified Access Groups within AWS Virtual Private + Cloud (VPC). This table provides information about each verified access group within + a VPC, including details such as group ID, group name, and the VPC ID it is associated + with. ID: aws_vpc_verified_access_group_3 -Title: "List all AWS VPC Verified Access Groups Information" -Description: "Allows users to query VPC Verified Access Groups within AWS Virtual Private Cloud (VPC). This table provides information about each verified access group within a VPC, including details such as group ID, group name, and the VPC ID it is associated with." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - verified_access_group_id, - creation_time, - deletion_time, - description, - last_updated_time - from - aws_vpc_verified_access_group - where - deletion_time is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n verified_access_group_id,\n creation_time,\n deletion_time,\n\ + \ description,\n last_updated_time\nfrom\n aws_vpc_verified_access_group\n\ + where\n deletion_time is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Virtual Private Cloud +Title: List all AWS VPC Verified Access Groups Information diff --git a/queries/aws_vpc_verified_access_group_4.yaml b/queries/aws_vpc_verified_access_group_4.yaml index 9c36a3aab..04818d615 100755 --- a/queries/aws_vpc_verified_access_group_4.yaml +++ b/queries/aws_vpc_verified_access_group_4.yaml @@ -1,31 +1,27 @@ +Description: Allows users to query VPC Verified Access Groups within AWS Virtual Private + Cloud (VPC). This table provides information about each verified access group within + a VPC, including details such as group ID, group name, and the VPC ID it is associated + with. ID: aws_vpc_verified_access_group_4 -Title: "List AWS VPC Verified Access Groups within AWS VPC" -Description: "Allows users to query VPC Verified Access Groups within AWS Virtual Private Cloud (VPC). This table provides information about each verified access group within a VPC, including details such as group ID, group name, and the VPC ID it is associated with." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - g.verified_access_group_id, - g.creation_time, - i.creation_time as instance_create_time, - i.verified_access_instance_id, - jsonb_pretty(i.verified_access_trust_providers) as verified_access_trust_providers - from - aws_vpc_verified_access_group as g, - aws_vpc_verified_access_instance as i - where - g.verified_access_instance_id = i.verified_access_instance_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n g.verified_access_group_id,\n g.creation_time,\n i.creation_time\ + \ as instance_create_time,\n i.verified_access_instance_id,\n jsonb_pretty(i.verified_access_trust_providers)\ + \ as verified_access_trust_providers\nfrom\n aws_vpc_verified_access_group as\ + \ g,\n aws_vpc_verified_access_instance as i\nwhere\n g.verified_access_instance_id\ + \ = i.verified_access_instance_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Virtual Private Cloud +Title: List AWS VPC Verified Access Groups within AWS VPC diff --git a/queries/aws_vpc_verified_access_instance_1.yaml b/queries/aws_vpc_verified_access_instance_1.yaml index 03cd1ce13..fa0a24114 100755 --- a/queries/aws_vpc_verified_access_instance_1.yaml +++ b/queries/aws_vpc_verified_access_instance_1.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query AWS VPC Verified Access Instances and provides + information about the Amazon VPC verified access instances. This table can be used + to gather details such as the instance ID, instance state, instance type, and associated + tags. ID: aws_vpc_verified_access_instance_1 -Title: "List AWS VPC Verified Access Instance Information" -Description: "Allows users to query AWS VPC Verified Access Instances and provides information about the Amazon VPC verified access instances. This table can be used to gather details such as the instance ID, instance state, instance type, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - verified_access_instance_id, - creation_time, - description, - last_updated_time, - verified_access_trust_providers - from - aws_vpc_verified_access_instance; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n verified_access_instance_id,\n creation_time,\n description,\n\ + \ last_updated_time,\n verified_access_trust_providers\nfrom\n aws_vpc_verified_access_instance;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon VPC +Title: List AWS VPC Verified Access Instance Information diff --git a/queries/aws_vpc_verified_access_instance_2.yaml b/queries/aws_vpc_verified_access_instance_2.yaml index 2ea80989d..6ee2f78a6 100755 --- a/queries/aws_vpc_verified_access_instance_2.yaml +++ b/queries/aws_vpc_verified_access_instance_2.yaml @@ -1,29 +1,25 @@ +Description: Allows users to query AWS VPC Verified Access Instances and provides + information about the Amazon VPC verified access instances. This table can be used + to gather details such as the instance ID, instance state, instance type, and associated + tags. ID: aws_vpc_verified_access_instance_2 -Title: "Find AWS VPC Verified Access Instances with Details" -Description: "Allows users to query AWS VPC Verified Access Instances and provides information about the Amazon VPC verified access instances. This table can be used to gather details such as the instance ID, instance state, instance type, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - verified_access_instance_id, - creation_time, - description, - last_updated_time - from - aws_vpc_verified_access_instance - where - creation_time <= now() - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n verified_access_instance_id,\n creation_time,\n description,\n\ + \ last_updated_time\nfrom\n aws_vpc_verified_access_instance\nwhere\n creation_time\ + \ <= now() - interval '30' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Verified Access +Title: Find AWS VPC Verified Access Instances with Details diff --git a/queries/aws_vpc_verified_access_instance_3.yaml b/queries/aws_vpc_verified_access_instance_3.yaml index d444744ac..15e269699 100755 --- a/queries/aws_vpc_verified_access_instance_3.yaml +++ b/queries/aws_vpc_verified_access_instance_3.yaml @@ -1,35 +1,30 @@ +Description: Allows users to query AWS VPC Verified Access Instances and provides + information about the Amazon VPC verified access instances. This table can be used + to gather details such as the instance ID, instance state, instance type, and associated + tags. ID: aws_vpc_verified_access_instance_3 -Title: "List all AWS VPC Verified Access Instances and Details" -Description: "Allows users to query AWS VPC Verified Access Instances and provides information about the Amazon VPC verified access instances. This table can be used to gather details such as the instance ID, instance state, instance type, and associated tags." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - i.verified_access_instance_id, - i.creation_time, - p ->> 'Description' as trust_provider_description, - p ->> 'TrustProviderType' as trust_provider_type, - p ->> 'UserTrustProviderType' as user_trust_provider_type, - p ->> 'DeviceTrustProviderType' as device_trust_provider_type, - p ->> 'VerifiedAccessTrustProviderId' as verified_access_trust_provider_id, - t.policy_reference_name as trust_access_policy_reference_name - from - aws_vpc_verified_access_instance as i, - aws_vpc_verified_access_trust_provider as t, - jsonb_array_elements(verified_access_trust_providers) as p - where - p ->> 'VerifiedAccessTrustProviderId' = t.verified_access_trust_provider_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n i.verified_access_instance_id,\n i.creation_time,\n\ + \ p ->> 'Description' as trust_provider_description,\n p ->> 'TrustProviderType'\ + \ as trust_provider_type,\n p ->> 'UserTrustProviderType' as user_trust_provider_type,\n\ + \ p ->> 'DeviceTrustProviderType' as device_trust_provider_type,\n p ->> 'VerifiedAccessTrustProviderId'\ + \ as verified_access_trust_provider_id,\n t.policy_reference_name as trust_access_policy_reference_name\n\ + from\n aws_vpc_verified_access_instance as i,\n aws_vpc_verified_access_trust_provider\ + \ as t,\n jsonb_array_elements(verified_access_trust_providers) as p\nwhere\n\ + \ p ->> 'VerifiedAccessTrustProviderId' = t.verified_access_trust_provider_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: List all AWS VPC Verified Access Instances and Details diff --git a/queries/aws_vpc_verified_access_trust_provider_1.yaml b/queries/aws_vpc_verified_access_trust_provider_1.yaml index b5889ebf3..464ecbfd4 100755 --- a/queries/aws_vpc_verified_access_trust_provider_1.yaml +++ b/queries/aws_vpc_verified_access_trust_provider_1.yaml @@ -1,27 +1,23 @@ +Description: Allows users to query AWS VPC Verified Access Trust Providers, providing + information about the trust providers for VPC endpoints in AWS. This table can be + used to gain insights into the trust relationships between VPC endpoints and the + services they access. ID: aws_vpc_verified_access_trust_provider_1 -Title: "List AWS VPC Verified Access Trust Providers" -Description: "Allows users to query AWS VPC Verified Access Trust Providers, providing information about the trust providers for VPC endpoints in AWS. This table can be used to gain insights into the trust relationships between VPC endpoints and the services they access." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - verified_access_trust_provider_id, - creation_time, - device_trust_provider_type, - last_updated_time, - policy_reference_name, - trust_provider_type - from - aws_vpc_verified_access_trust_provider; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n verified_access_trust_provider_id,\n creation_time,\n\ + \ device_trust_provider_type,\n last_updated_time,\n policy_reference_name,\n\ + \ trust_provider_type\nfrom\n aws_vpc_verified_access_trust_provider;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Verified Access +Title: List AWS VPC Verified Access Trust Providers diff --git a/queries/aws_vpc_verified_access_trust_provider_2.yaml b/queries/aws_vpc_verified_access_trust_provider_2.yaml index 8fd47253e..e0696f593 100755 --- a/queries/aws_vpc_verified_access_trust_provider_2.yaml +++ b/queries/aws_vpc_verified_access_trust_provider_2.yaml @@ -1,31 +1,26 @@ +Description: Allows users to query AWS VPC Verified Access Trust Providers, providing + information about the trust providers for VPC endpoints in AWS. This table can be + used to gain insights into the trust relationships between VPC endpoints and the + services they access. ID: aws_vpc_verified_access_trust_provider_2 -Title: "List AWS VPC Verified Access Trust Providers' Details" -Description: "Allows users to query AWS VPC Verified Access Trust Providers, providing information about the trust providers for VPC endpoints in AWS. This table can be used to gain insights into the trust relationships between VPC endpoints and the services they access." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - verified_access_trust_provider_id, - creation_time, - device_trust_provider_type, - last_updated_time, - policy_reference_name, - trust_provider_type - from - aws_vpc_verified_access_trust_provider - where - trust_provider_type = 'user'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n verified_access_trust_provider_id,\n creation_time,\n\ + \ device_trust_provider_type,\n last_updated_time,\n policy_reference_name,\n\ + \ trust_provider_type\nfrom\n aws_vpc_verified_access_trust_provider\nwhere\n\ + \ trust_provider_type = 'user';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC Verified Access +Title: List AWS VPC Verified Access Trust Providers' Details diff --git a/queries/aws_vpc_verified_access_trust_provider_3.yaml b/queries/aws_vpc_verified_access_trust_provider_3.yaml index ec04dbc81..4f15ae666 100755 --- a/queries/aws_vpc_verified_access_trust_provider_3.yaml +++ b/queries/aws_vpc_verified_access_trust_provider_3.yaml @@ -1,30 +1,26 @@ +Description: Allows users to query AWS VPC Verified Access Trust Providers, providing + information about the trust providers for VPC endpoints in AWS. This table can be + used to gain insights into the trust relationships between VPC endpoints and the + services they access. ID: aws_vpc_verified_access_trust_provider_3 -Title: "List VPC Verified Access Trust Providers in AWS" -Description: "Allows users to query AWS VPC Verified Access Trust Providers, providing information about the trust providers for VPC endpoints in AWS. This table can be used to gain insights into the trust relationships between VPC endpoints and the services they access." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - verified_access_trust_provider_id, - creation_time, - last_updated_time, - policy_reference_name, - trust_provider_type - from - aws_vpc_verified_access_trust_provider - where - creation_time >= now() - interval '90' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n verified_access_trust_provider_id,\n creation_time,\n\ + \ last_updated_time,\n policy_reference_name,\n trust_provider_type\nfrom\n\ + \ aws_vpc_verified_access_trust_provider\nwhere\n creation_time >= now() - interval\ + \ '90' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: List VPC Verified Access Trust Providers in AWS diff --git a/queries/aws_vpc_vpn_connection_1.yaml b/queries/aws_vpc_vpn_connection_1.yaml index 2619597b4..d0aac8d12 100755 --- a/queries/aws_vpc_vpn_connection_1.yaml +++ b/queries/aws_vpc_vpn_connection_1.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query VPN connections in an AWS VPC. ID: aws_vpc_vpn_connection_1 -Title: "List all VPN Connections in an AWS VPC" -Description: "Allows users to query VPN connections in an AWS VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - vpn_connection_id, - state, - type, - vpn_gateway_id, - customer_gateway_id, - region - from - aws_vpc_vpn_connection; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n vpn_connection_id,\n state,\n type,\n vpn_gateway_id,\n\ + \ customer_gateway_id,\n region\nfrom\n aws_vpc_vpn_connection;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC VPN +Title: List all VPN Connections in an AWS VPC diff --git a/queries/aws_vpc_vpn_connection_2.yaml b/queries/aws_vpc_vpn_connection_2.yaml index 1b1e4e17d..cc0342377 100755 --- a/queries/aws_vpc_vpn_connection_2.yaml +++ b/queries/aws_vpc_vpn_connection_2.yaml @@ -1,32 +1,26 @@ +Description: Allows users to query VPN connections in an AWS VPC. ID: aws_vpc_vpn_connection_2 -Title: "Find VPN Connections in AWS VPC" -Description: "Allows users to query VPN connections in an AWS VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - vpn_connection_id, - options -> 'EnableAcceleration' as enable_acceleration, - options ->> 'LocalIpv4NetworkCidr' as local_ipv4_network_cidr, - options ->> 'LocalIpv6NetworkCidr' as local_ipv6_network_cidr, - options ->> 'RemoteIpv4NetworkCidr' as remote_ipv4_network_cidr, - options ->> 'RemoteIpv6NetworkCidr' as remote_ipv6_network_cidr, - options -> 'StaticRoutesOnly' as static_routes_only, - options ->> 'TunnelInsideIpVersion' as tunnel_inside_ip_version, - options ->> 'TunnelOptions' as tunnel_options - from - aws_vpc_vpn_connection; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n vpn_connection_id,\n options -> 'EnableAcceleration'\ + \ as enable_acceleration,\n options ->> 'LocalIpv4NetworkCidr' as local_ipv4_network_cidr,\n\ + \ options ->> 'LocalIpv6NetworkCidr' as local_ipv6_network_cidr,\n options ->>\ + \ 'RemoteIpv4NetworkCidr' as remote_ipv4_network_cidr,\n options ->> 'RemoteIpv6NetworkCidr'\ + \ as remote_ipv6_network_cidr,\n options -> 'StaticRoutesOnly' as static_routes_only,\n\ + \ options ->> 'TunnelInsideIpVersion' as tunnel_inside_ip_version,\n options\ + \ ->> 'TunnelOptions' as tunnel_options\nfrom\n aws_vpc_vpn_connection;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC VPN +Title: Find VPN Connections in AWS VPC diff --git a/queries/aws_vpc_vpn_connection_3.yaml b/queries/aws_vpc_vpn_connection_3.yaml index e8e09bc64..90a8f91e5 100755 --- a/queries/aws_vpc_vpn_connection_3.yaml +++ b/queries/aws_vpc_vpn_connection_3.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query VPN connections in an AWS VPC. ID: aws_vpc_vpn_connection_3 -Title: "Find AWS VPC VPN Connection Using SQL" -Description: "Allows users to query VPN connections in an AWS VPC." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - vpn_connection_id, - arn, - t ->> 'Status' as status - from - aws_vpc_vpn_connection, - jsonb_array_elements(vgw_telemetry) as t - where t ->> 'Status' = 'UP'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n vpn_connection_id,\n arn,\n t ->> 'Status' as status\n\ + from\n aws_vpc_vpn_connection,\n jsonb_array_elements(vgw_telemetry) as t\n\ + where t ->> 'Status' = 'UP';" Tags: cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC +Title: Find AWS VPC VPN Connection Using SQL diff --git a/queries/aws_vpc_vpn_gateway_1.yaml b/queries/aws_vpc_vpn_gateway_1.yaml index c4bd150d3..66a5e1e14 100755 --- a/queries/aws_vpc_vpn_gateway_1.yaml +++ b/queries/aws_vpc_vpn_gateway_1.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS VPC VPN Gateway data, providing details about + Virtual Private Cloud (VPC) VPN gateways in an AWS account. ID: aws_vpc_vpn_gateway_1 -Title: "Find AWS VPC VPN Gateway Details with SQL" -Description: "Allows users to query AWS VPC VPN Gateway data, providing details about Virtual Private Cloud (VPC) VPN gateways in an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - vpn_gateway_id, - state, - type, - amazon_side_asn, - availability_zone, - vpc_attachments - from - aws_vpc_vpn_gateway; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n vpn_gateway_id,\n state,\n type,\n amazon_side_asn,\n\ + \ availability_zone,\n vpc_attachments\nfrom\n aws_vpc_vpn_gateway;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC VPN Gateway +Title: Find AWS VPC VPN Gateway Details with SQL diff --git a/queries/aws_vpc_vpn_gateway_2.yaml b/queries/aws_vpc_vpn_gateway_2.yaml index 7eb4f399c..9aa06f7ac 100755 --- a/queries/aws_vpc_vpn_gateway_2.yaml +++ b/queries/aws_vpc_vpn_gateway_2.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query AWS VPC VPN Gateway data, providing details about + Virtual Private Cloud (VPC) VPN gateways in an AWS account. ID: aws_vpc_vpn_gateway_2 -Title: "List all AWS VPC VPN Gateways without VPC Attachments" -Description: "Allows users to query AWS VPC VPN Gateway data, providing details about Virtual Private Cloud (VPC) VPN gateways in an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - vpn_gateway_id - from - aws_vpc_vpn_gateway - where - vpc_attachments is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n vpn_gateway_id\nfrom\n aws_vpc_vpn_gateway\nwhere\n\ + \ vpc_attachments is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Virtual Private Cloud (VPC) VPN Gateway +Title: List all AWS VPC VPN Gateways without VPC Attachments diff --git a/queries/aws_vpc_vpn_gateway_3.yaml b/queries/aws_vpc_vpn_gateway_3.yaml index 2020c0721..261708387 100755 --- a/queries/aws_vpc_vpn_gateway_3.yaml +++ b/queries/aws_vpc_vpn_gateway_3.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS VPC VPN Gateway data, providing details about + Virtual Private Cloud (VPC) VPN gateways in an AWS account. ID: aws_vpc_vpn_gateway_3 -Title: "List all AWS VPC VPN Gateway Details for Default VPCs" -Description: "Allows users to query AWS VPC VPN Gateway data, providing details about Virtual Private Cloud (VPC) VPN gateways in an AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - vpn_gateway_id, - vpc.is_default - from - aws_vpc_vpn_gateway - cross join jsonb_array_elements(vpc_attachments) as i - join aws_vpc vpc on i ->> 'VpcId' = vpc.vpc_id - where - vpc.is_default = true; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n vpn_gateway_id,\n vpc.is_default\nfrom\n aws_vpc_vpn_gateway\n\ + \ cross join jsonb_array_elements(vpc_attachments) as i\n join aws_vpc vpc on\ + \ i ->> 'VpcId' = vpc.vpc_id\nwhere\n vpc.is_default = true;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - VPC VPN Gateway +Title: List all AWS VPC VPN Gateway Details for Default VPCs diff --git a/queries/aws_waf_rate_based_rule_1.yaml b/queries/aws_waf_rate_based_rule_1.yaml index 0b017f8a3..480f719d5 100755 --- a/queries/aws_waf_rate_based_rule_1.yaml +++ b/queries/aws_waf_rate_based_rule_1.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS WAF RateBasedRule to retrieve information about + rate-based security rules that AWS Web Application Firewall (WAF) uses. ID: aws_waf_rate_based_rule_1 -Title: "Find AWS WAF RateBasedRule info using SQL query" -Description: "Allows users to query AWS WAF RateBasedRule to retrieve information about rate-based security rules that AWS Web Application Firewall (WAF) uses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - rule_id, - metric_name - from - aws_waf_rate_based_rule; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n rule_id,\n metric_name\nfrom\n aws_waf_rate_based_rule;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Web Application Firewall +Title: Find AWS WAF RateBasedRule info using SQL query diff --git a/queries/aws_waf_rate_based_rule_2.yaml b/queries/aws_waf_rate_based_rule_2.yaml index 09530e046..22ab4fe44 100755 --- a/queries/aws_waf_rate_based_rule_2.yaml +++ b/queries/aws_waf_rate_based_rule_2.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS WAF RateBasedRule to retrieve information about + rate-based security rules that AWS Web Application Firewall (WAF) uses. ID: aws_waf_rate_based_rule_2 -Title: "Find rate-based security rules in AWS WAF" -Description: "Allows users to query AWS WAF RateBasedRule to retrieve information about rate-based security rules that AWS Web Application Firewall (WAF) uses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - rule_id, - p ->> 'DataId' as data_id, - p ->> 'Negated' as negated, - p ->> 'Type' as type - from - aws_waf_rate_based_rule, - jsonb_array_elements(predicates) as p - where - p ->> 'Negated' = 'True'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n rule_id,\n p ->> 'DataId' as data_id,\n p\ + \ ->> 'Negated' as negated,\n p ->> 'Type' as type\nfrom\n aws_waf_rate_based_rule,\n\ + \ jsonb_array_elements(predicates) as p\nwhere\n p ->> 'Negated' = 'True';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Web Application Firewall (WAF) +Title: Find rate-based security rules in AWS WAF diff --git a/queries/aws_waf_rule_1.yaml b/queries/aws_waf_rule_1.yaml index 7e1d80c77..28b98fe3d 100755 --- a/queries/aws_waf_rule_1.yaml +++ b/queries/aws_waf_rule_1.yaml @@ -1,24 +1,18 @@ +Description: Allows users to query AWS Web Application Firewall (WAF) rules. ID: aws_waf_rule_1 -Title: "List AWS WAF Rules" -Description: "Allows users to query AWS Web Application Firewall (WAF) rules." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - rule_id, - metric_name - from - aws_waf_rule; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n rule_id,\n metric_name\nfrom\n aws_waf_rule;" Tags: cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Web Application Firewall +Title: List AWS WAF Rules diff --git a/queries/aws_waf_rule_2.yaml b/queries/aws_waf_rule_2.yaml index 4d7137e28..c9b2c2390 100755 --- a/queries/aws_waf_rule_2.yaml +++ b/queries/aws_waf_rule_2.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS Web Application Firewall (WAF) rules. ID: aws_waf_rule_2 -Title: "Find all AWS WAF rules with specific details" -Description: "Allows users to query AWS Web Application Firewall (WAF) rules." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - rule_id, - p ->> 'DataId' as data_id, - p ->> 'Negated' as negated, - p ->> 'Type' as type - from - aws_waf_rule, - jsonb_array_elements(predicates) as p; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n rule_id,\n p ->> 'DataId' as data_id,\n p\ + \ ->> 'Negated' as negated,\n p ->> 'Type' as type\nfrom\n aws_waf_rule,\n \ + \ jsonb_array_elements(predicates) as p;" Tags: cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Web Application Firewall +Title: Find all AWS WAF rules with specific details diff --git a/queries/aws_waf_rule_group_1.yaml b/queries/aws_waf_rule_group_1.yaml index 0206076bc..1454ccf13 100755 --- a/queries/aws_waf_rule_group_1.yaml +++ b/queries/aws_waf_rule_group_1.yaml @@ -1,28 +1,24 @@ +Description: Allows users to query AWS WAF Rule Groups to provide information about + Web Application Firewall (WAF) rule groups within AWS WAF. This table enables security + and DevOps engineers to query rule group-specific details, including rules, actions, + and associated metadata. ID: aws_waf_rule_group_1 -Title: "Find AWS WAF Rule Group Details with Rules and Metadata" -Description: "Allows users to query AWS WAF Rule Groups to provide information about Web Application Firewall (WAF) rule groups within AWS WAF. This table enables security and DevOps engineers to query rule group-specific details, including rules, actions, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - rule_group_id, - metric_name, - activated_rules - from - aws_waf_rule_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n rule_group_id,\n metric_name,\n activated_rules\n\ + from\n aws_waf_rule_group;" Tags: cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS WAF +Title: Find AWS WAF Rule Group Details with Rules and Metadata diff --git a/queries/aws_waf_rule_group_2.yaml b/queries/aws_waf_rule_group_2.yaml index b38036fed..3048b590f 100755 --- a/queries/aws_waf_rule_group_2.yaml +++ b/queries/aws_waf_rule_group_2.yaml @@ -1,30 +1,25 @@ +Description: Allows users to query AWS WAF Rule Groups to provide information about + Web Application Firewall (WAF) rule groups within AWS WAF. This table enables security + and DevOps engineers to query rule group-specific details, including rules, actions, + and associated metadata. ID: aws_waf_rule_group_2 -Title: "Find AWS WAF Rule Groups with No Activated Rules" -Description: "Allows users to query AWS WAF Rule Groups to provide information about Web Application Firewall (WAF) rule groups within AWS WAF. This table enables security and DevOps engineers to query rule group-specific details, including rules, actions, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - rule_group_id, - metric_name, - activated_rules - from - aws_waf_rule_group - where - activated_rules is null or jsonb_array_length(activated_rules) = 0; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n rule_group_id,\n metric_name,\n activated_rules\n\ + from\n aws_waf_rule_group\nwhere\n activated_rules is null or jsonb_array_length(activated_rules)\ + \ = 0;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WAF +Title: Find AWS WAF Rule Groups with No Activated Rules diff --git a/queries/aws_waf_rule_group_3.yaml b/queries/aws_waf_rule_group_3.yaml index 922af1b3a..85740798a 100755 --- a/queries/aws_waf_rule_group_3.yaml +++ b/queries/aws_waf_rule_group_3.yaml @@ -1,29 +1,26 @@ +Description: Allows users to query AWS WAF Rule Groups to provide information about + Web Application Firewall (WAF) rule groups within AWS WAF. This table enables security + and DevOps engineers to query rule group-specific details, including rules, actions, + and associated metadata. ID: aws_waf_rule_group_3 -Title: "Query AWS WAF Rule Groups for Security Details" -Description: "Allows users to query AWS WAF Rule Groups to provide information about Web Application Firewall (WAF) rule groups within AWS WAF. This table enables security and DevOps engineers to query rule group-specific details, including rules, actions, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name as rule_group_name, - rule_group_id, - a ->> 'RuleId' as rule_id, - a -> 'Action' ->> 'Type' as rule_action_type, - a ->> 'Type' as rule_type - from - aws_waf_rule_group, - jsonb_array_elements(activated_rules) as a; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name as rule_group_name,\n rule_group_id,\n a ->> 'RuleId'\ + \ as rule_id,\n a -> 'Action' ->> 'Type' as rule_action_type,\n a ->> 'Type'\ + \ as rule_type\nfrom\n aws_waf_rule_group,\n jsonb_array_elements(activated_rules)\ + \ as a;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WAF +Title: Query AWS WAF Rule Groups for Security Details diff --git a/queries/aws_waf_web_acl_1.yaml b/queries/aws_waf_web_acl_1.yaml index a157af0ec..db88d40ad 100755 --- a/queries/aws_waf_web_acl_1.yaml +++ b/queries/aws_waf_web_acl_1.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS WAF WebACLs to retrieve information about their + configuration, rules, and associated metadata. ID: aws_waf_web_acl_1 -Title: "List all AWS WAF WebACLs and their configurations" -Description: "Allows users to query AWS WAF WebACLs to retrieve information about their configuration, rules, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - web_acl_id, - arn, - region, - default_action, - tags - from - aws_waf_web_acl; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n web_acl_id,\n arn,\n region,\n default_action,\n\ + \ tags\nfrom\n aws_waf_web_acl;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WAF +Title: List all AWS WAF WebACLs and their configurations diff --git a/queries/aws_waf_web_acl_2.yaml b/queries/aws_waf_web_acl_2.yaml index 51a6b4ff1..b6525c895 100755 --- a/queries/aws_waf_web_acl_2.yaml +++ b/queries/aws_waf_web_acl_2.yaml @@ -1,33 +1,26 @@ +Description: Allows users to query AWS WAF WebACLs to retrieve information about their + configuration, rules, and associated metadata. ID: aws_waf_web_acl_2 -Title: "List all AWS WAF WebACLs configuration and rules" -Description: "Allows users to query AWS WAF WebACLs to retrieve information about their configuration, rules, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - web_acl_id, - r ->> 'RuleId' as rule_id, - r ->> 'Type' as rule_type, - r ->> 'ExcludedRules' as excluded_rules, - r ->> 'OverrideAction' as override_action, - r -> 'Action' ->> 'Type' as action_type - from - aws_waf_web_acl, - jsonb_array_elements(rules) as r; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n web_acl_id,\n r ->> 'RuleId' as rule_id,\n\ + \ r ->> 'Type' as rule_type,\n r ->> 'ExcludedRules' as excluded_rules,\n r\ + \ ->> 'OverrideAction' as override_action,\n r -> 'Action' ->> 'Type' as action_type\n\ + from\n aws_waf_web_acl,\n jsonb_array_elements(rules) as r;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WAF +Title: List all AWS WAF WebACLs configuration and rules diff --git a/queries/aws_waf_web_acl_3.yaml b/queries/aws_waf_web_acl_3.yaml index ca838dceb..b8bd42950 100755 --- a/queries/aws_waf_web_acl_3.yaml +++ b/queries/aws_waf_web_acl_3.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query AWS WAF WebACLs to retrieve information about their + configuration, rules, and associated metadata. ID: aws_waf_web_acl_3 -Title: "List all AWS WAF WebACLs and their configurations" -Description: "Allows users to query AWS WAF WebACLs to retrieve information about their configuration, rules, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - web_acl_id, - arn, - region, - default_action, - tags - from - aws_waf_web_acl - where - rules is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n web_acl_id,\n arn,\n region,\n default_action,\n\ + \ tags\nfrom\n aws_waf_web_acl\nwhere\n rules is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS WAF +Title: List all AWS WAF WebACLs and their configurations diff --git a/queries/aws_waf_web_acl_4.yaml b/queries/aws_waf_web_acl_4.yaml index a910b51e5..c8e2fae2e 100755 --- a/queries/aws_waf_web_acl_4.yaml +++ b/queries/aws_waf_web_acl_4.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS WAF WebACLs to retrieve information about their + configuration, rules, and associated metadata. ID: aws_waf_web_acl_4 -Title: "Find AWS WAF WebACLs and Retrieve Configurations" -Description: "Allows users to query AWS WAF WebACLs to retrieve information about their configuration, rules, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - web_acl_id, - arn, - region, - default_action - from - aws_waf_web_acl - where - default_action = 'ALLOW'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n web_acl_id,\n arn,\n region,\n default_action\n\ + from\n aws_waf_web_acl\nwhere\n default_action = 'ALLOW';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS WAF +Title: Find AWS WAF WebACLs and Retrieve Configurations diff --git a/queries/aws_waf_web_acl_5.yaml b/queries/aws_waf_web_acl_5.yaml index b6e1a5b23..d2a78aa20 100755 --- a/queries/aws_waf_web_acl_5.yaml +++ b/queries/aws_waf_web_acl_5.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS WAF WebACLs to retrieve information about their + configuration, rules, and associated metadata. ID: aws_waf_web_acl_5 -Title: "Find AWS WAF WebACL Configuration and Metadata" -Description: "Allows users to query AWS WAF WebACLs to retrieve information about their configuration, rules, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - web_acl_id, - arn, - region - from - aws_waf_web_acl - where - logging_configuration is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n web_acl_id,\n arn,\n region\nfrom\n aws_waf_web_acl\n\ + where\n logging_configuration is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS WAF +Title: Find AWS WAF WebACL Configuration and Metadata diff --git a/queries/aws_wafregional_rule_1.yaml b/queries/aws_wafregional_rule_1.yaml index b8d01539e..cb063e858 100755 --- a/queries/aws_wafregional_rule_1.yaml +++ b/queries/aws_wafregional_rule_1.yaml @@ -1,26 +1,22 @@ +Description: Allows users to query AWS WAF Regional Rules for detailed information + about each rule, including its ID, metric name, name, and the predicates associated + with it. ID: aws_wafregional_rule_1 -Title: "List AWS WAF Regional Rules and Details" -Description: "Allows users to query AWS WAF Regional Rules for detailed information about each rule, including its ID, metric name, name, and the predicates associated with it." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - rule_id, - metric_name - from - aws_wafregional_rule; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n rule_id,\n metric_name\nfrom\n aws_wafregional_rule;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WAF +Title: List AWS WAF Regional Rules and Details diff --git a/queries/aws_wafregional_rule_2.yaml b/queries/aws_wafregional_rule_2.yaml index 9bd812141..11ebccd18 100755 --- a/queries/aws_wafregional_rule_2.yaml +++ b/queries/aws_wafregional_rule_2.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS WAF Regional Rules for detailed information + about each rule, including its ID, metric name, name, and the predicates associated + with it. ID: aws_wafregional_rule_2 -Title: "List all AWS WAF Regional Rules with Details" -Description: "Allows users to query AWS WAF Regional Rules for detailed information about each rule, including its ID, metric name, name, and the predicates associated with it." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - rule_id, - p ->> 'DataId' as data_id, - p ->> 'Negated' as negated, - p ->> 'Type' as type - from - aws_wafregional_rule, - jsonb_array_elements(predicates) as p; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n rule_id,\n p ->> 'DataId' as data_id,\n p\ + \ ->> 'Negated' as negated,\n p ->> 'Type' as type\nfrom\n aws_wafregional_rule,\n\ + \ jsonb_array_elements(predicates) as p;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WAF +Title: List all AWS WAF Regional Rules with Details diff --git a/queries/aws_wafregional_rule_group_1.yaml b/queries/aws_wafregional_rule_group_1.yaml index d46dfb3df..0e4c68d79 100755 --- a/queries/aws_wafregional_rule_group_1.yaml +++ b/queries/aws_wafregional_rule_group_1.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS WAF Regional Rule Groups to gather information + about each rule group''s metadata, associated rules, and other relevant details. ID: aws_wafregional_rule_group_1 -Title: "Find AWS WAF Regional Rule Groups Metadata and Details" -Description: "Allows users to query AWS WAF Regional Rule Groups to gather information about each rule group''s metadata, associated rules, and other relevant details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - rule_group_id, - metric_name, - activated_rules, - region - from - aws_wafregional_rule_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n rule_group_id,\n metric_name,\n activated_rules,\n\ + \ region\nfrom\n aws_wafregional_rule_group;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WAF Regional +Title: Find AWS WAF Regional Rule Groups Metadata and Details diff --git a/queries/aws_wafregional_rule_group_2.yaml b/queries/aws_wafregional_rule_group_2.yaml index 9f7f5db23..64c4e6a92 100755 --- a/queries/aws_wafregional_rule_group_2.yaml +++ b/queries/aws_wafregional_rule_group_2.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS WAF Regional Rule Groups to gather information + about each rule group''s metadata, associated rules, and other relevant details. ID: aws_wafregional_rule_group_2 -Title: "List all AWS WAF Regional Rule Groups" -Description: "Allows users to query AWS WAF Regional Rule Groups to gather information about each rule group''s metadata, associated rules, and other relevant details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - arn, - rule_group_id, - metric_name, - activated_rules - from - aws_wafregional_rule_group - where - activated_rules is null or jsonb_array_length(activated_rules) = 0; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n arn,\n rule_group_id,\n metric_name,\n activated_rules\n\ + from\n aws_wafregional_rule_group\nwhere\n activated_rules is null or jsonb_array_length(activated_rules)\ + \ = 0;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WAF Regional +Title: List all AWS WAF Regional Rule Groups diff --git a/queries/aws_wafregional_rule_group_3.yaml b/queries/aws_wafregional_rule_group_3.yaml index 2c75223ec..13629e4d5 100755 --- a/queries/aws_wafregional_rule_group_3.yaml +++ b/queries/aws_wafregional_rule_group_3.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query AWS WAF Regional Rule Groups to gather information + about each rule group''s metadata, associated rules, and other relevant details. ID: aws_wafregional_rule_group_3 -Title: "List all AWS WAF Regional Rule Groups and Details" -Description: "Allows users to query AWS WAF Regional Rule Groups to gather information about each rule group''s metadata, associated rules, and other relevant details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name as rule_group_name, - rule_group_id, - a ->> 'RuleId' as rule_id, - a -> 'Action' ->> 'Type' as rule_action_type, - a ->> 'Type' as rule_type - from - aws_wafregional_rule_group, - jsonb_array_elements(activated_rules) as a; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name as rule_group_name,\n rule_group_id,\n a ->> 'RuleId'\ + \ as rule_id,\n a -> 'Action' ->> 'Type' as rule_action_type,\n a ->> 'Type'\ + \ as rule_type\nfrom\n aws_wafregional_rule_group,\n jsonb_array_elements(activated_rules)\ + \ as a;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WAF Regional +Title: List all AWS WAF Regional Rule Groups and Details diff --git a/queries/aws_wafregional_web_acl_1.yaml b/queries/aws_wafregional_web_acl_1.yaml index 42074a5a9..fd0563df5 100755 --- a/queries/aws_wafregional_web_acl_1.yaml +++ b/queries/aws_wafregional_web_acl_1.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS WAF Regional WebACL to get information about + AWS WAF Regional WebACLs. ID: aws_wafregional_web_acl_1 -Title: "List all AWS WAF Regional WebACL Information" -Description: "Allows users to query AWS WAF Regional WebACL to get information about AWS WAF Regional WebACLs." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - web_acl_id, - arn, - region, - default_action, - tags - from - aws_wafregional_web_acl; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n web_acl_id,\n arn,\n region,\n default_action,\n\ + \ tags\nfrom\n aws_wafregional_web_acl;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WAF Regional +Title: List all AWS WAF Regional WebACL Information diff --git a/queries/aws_wafregional_web_acl_2.yaml b/queries/aws_wafregional_web_acl_2.yaml index 1b5c5c7ad..d67d975d1 100755 --- a/queries/aws_wafregional_web_acl_2.yaml +++ b/queries/aws_wafregional_web_acl_2.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS WAF Regional WebACL to get information about + AWS WAF Regional WebACLs. ID: aws_wafregional_web_acl_2 -Title: "List all AWS WAF Regional WebACLs information" -Description: "Allows users to query AWS WAF Regional WebACL to get information about AWS WAF Regional WebACLs." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - web_acl_id, - r ->> 'RuleId' as rule_id, - r ->> 'Type' as rule_type, - r ->> 'ExcludedRules' as excluded_rules, - r ->> 'OverrideAction' as override_action, - r -> 'Action' ->> 'Type' as action_type - from - aws_wafregional_web_acl, - jsonb_array_elements(rules) as r; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n web_acl_id,\n r ->> 'RuleId' as rule_id,\n\ + \ r ->> 'Type' as rule_type,\n r ->> 'ExcludedRules' as excluded_rules,\n r\ + \ ->> 'OverrideAction' as override_action,\n r -> 'Action' ->> 'Type' as action_type\n\ + from\n aws_wafregional_web_acl,\n jsonb_array_elements(rules) as r;" Tags: cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WAF Regional +Title: List all AWS WAF Regional WebACLs information diff --git a/queries/aws_wafregional_web_acl_3.yaml b/queries/aws_wafregional_web_acl_3.yaml index 299c952bb..30abf38f7 100755 --- a/queries/aws_wafregional_web_acl_3.yaml +++ b/queries/aws_wafregional_web_acl_3.yaml @@ -1,29 +1,20 @@ +Description: Allows users to query AWS WAF Regional WebACL to get information about + AWS WAF Regional WebACLs. ID: aws_wafregional_web_acl_3 -Title: "Find AWS WAF Regional WebACL Information" -Description: "Allows users to query AWS WAF Regional WebACL to get information about AWS WAF Regional WebACLs." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - web_acl_id, - arn, - region, - default_action, - tags - from - aws_wafregional_web_acl - where - rules is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n web_acl_id,\n arn,\n region,\n default_action,\n\ + \ tags\nfrom\n aws_wafregional_web_acl\nwhere\n rules is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WAF Regional WebACL +Title: Find AWS WAF Regional WebACL Information diff --git a/queries/aws_wafregional_web_acl_4.yaml b/queries/aws_wafregional_web_acl_4.yaml index df6f34799..492e3eb09 100755 --- a/queries/aws_wafregional_web_acl_4.yaml +++ b/queries/aws_wafregional_web_acl_4.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query AWS WAF Regional WebACL to get information about + AWS WAF Regional WebACLs. ID: aws_wafregional_web_acl_4 -Title: "Find AWS WAF Regional WebACL Details" -Description: "Allows users to query AWS WAF Regional WebACL to get information about AWS WAF Regional WebACLs." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - web_acl_id, - arn, - region, - default_action - from - aws_wafregional_web_acl - where - default_action = 'ALLOW'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n web_acl_id,\n arn,\n region,\n default_action\n\ + from\n aws_wafregional_web_acl\nwhere\n default_action = 'ALLOW';" Tags: cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS WAF Regional +Title: Find AWS WAF Regional WebACL Details diff --git a/queries/aws_wafregional_web_acl_5.yaml b/queries/aws_wafregional_web_acl_5.yaml index d314a8774..7fe6aff05 100755 --- a/queries/aws_wafregional_web_acl_5.yaml +++ b/queries/aws_wafregional_web_acl_5.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS WAF Regional WebACL to get information about + AWS WAF Regional WebACLs. ID: aws_wafregional_web_acl_5 -Title: "Find all AWS WAF Regional WebACL Details" -Description: "Allows users to query AWS WAF Regional WebACL to get information about AWS WAF Regional WebACLs." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - web_acl_id, - arn, - region - from - aws_wafregional_web_acl - where - logging_configuration is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n web_acl_id,\n arn,\n region\nfrom\n aws_wafregional_web_acl\n\ + where\n logging_configuration is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WAF Regional +Title: Find all AWS WAF Regional WebACL Details diff --git a/queries/aws_wafv2_ip_set_1.yaml b/queries/aws_wafv2_ip_set_1.yaml index 6933d1335..0ae53187b 100755 --- a/queries/aws_wafv2_ip_set_1.yaml +++ b/queries/aws_wafv2_ip_set_1.yaml @@ -1,31 +1,22 @@ +Description: Allows users to query AWS WAFv2 IPSet information, including IP addresses, + IP address version, and associated metadata. ID: aws_wafv2_ip_set_1 -Title: "List all AWS WAFv2 IPSets with Detailed Information" -Description: "Allows users to query AWS WAFv2 IPSet information, including IP addresses, IP address version, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - description, - arn, - id, - scope, - addresses, - ip_address_version, - region - from - aws_wafv2_ip_set; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n description,\n arn,\n id,\n scope,\n addresses,\n\ + \ ip_address_version,\n region\nfrom\n aws_wafv2_ip_set;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS WAFv2 +Title: List all AWS WAFv2 IPSets with Detailed Information diff --git a/queries/aws_wafv2_ip_set_2.yaml b/queries/aws_wafv2_ip_set_2.yaml index 9845f05ca..d24c6d34c 100755 --- a/queries/aws_wafv2_ip_set_2.yaml +++ b/queries/aws_wafv2_ip_set_2.yaml @@ -1,31 +1,20 @@ +Description: Allows users to query AWS WAFv2 IPSet information, including IP addresses, + IP address version, and associated metadata. ID: aws_wafv2_ip_set_2 -Title: "List all AWS WAFv2 IPSet Information with Metadata" -Description: "Allows users to query AWS WAFv2 IPSet information, including IP addresses, IP address version, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - description, - arn, - id, - scope, - addresses, - ip_address_version, - region - from - aws_wafv2_ip_set - where - scope = 'CLOUDFRONT'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n description,\n arn,\n id,\n scope,\n addresses,\n\ + \ ip_address_version,\n region\nfrom\n aws_wafv2_ip_set\nwhere\n scope = 'CLOUDFRONT';" Tags: cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WAFv2 +Title: List all AWS WAFv2 IPSet Information with Metadata diff --git a/queries/aws_wafv2_ip_set_3.yaml b/queries/aws_wafv2_ip_set_3.yaml index fbcdbf73f..84de6415f 100755 --- a/queries/aws_wafv2_ip_set_3.yaml +++ b/queries/aws_wafv2_ip_set_3.yaml @@ -1,33 +1,23 @@ +Description: Allows users to query AWS WAFv2 IPSet information, including IP addresses, + IP address version, and associated metadata. ID: aws_wafv2_ip_set_3 -Title: "Find AWS WAFv2 IPSet Information including IP Addresses" -Description: "Allows users to query AWS WAFv2 IPSet information, including IP addresses, IP address version, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - description, - arn, - id, - scope, - addresses, - ip_address_version, - region - from - aws_wafv2_ip_set - where - ip_address_version = 'IPV4'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n description,\n arn,\n id,\n scope,\n addresses,\n\ + \ ip_address_version,\n region\nfrom\n aws_wafv2_ip_set\nwhere\n ip_address_version\ + \ = 'IPV4';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WAFv2 +Title: Find AWS WAFv2 IPSet Information including IP Addresses diff --git a/queries/aws_wafv2_ip_set_4.yaml b/queries/aws_wafv2_ip_set_4.yaml index 55719a903..ef859b38e 100755 --- a/queries/aws_wafv2_ip_set_4.yaml +++ b/queries/aws_wafv2_ip_set_4.yaml @@ -1,30 +1,21 @@ +Description: Allows users to query AWS WAFv2 IPSet information, including IP addresses, + IP address version, and associated metadata. ID: aws_wafv2_ip_set_4 -Title: "Find AWS WAFv2 IPSet Information including IP Addresses" -Description: "Allows users to query AWS WAFv2 IPSet information, including IP addresses, IP address version, and associated metadata." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - description, - arn, - ip_address_version, - region, - address - from - aws_wafv2_ip_set, - jsonb_array_elements_text(addresses) as address - where - address = '1.2.3.4/32'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n description,\n arn,\n ip_address_version,\n\ + \ region,\n address\nfrom\n aws_wafv2_ip_set,\n jsonb_array_elements_text(addresses)\ + \ as address\nwhere\n address = '1.2.3.4/32';" Tags: cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WAFv2 +Title: Find AWS WAFv2 IPSet Information including IP Addresses diff --git a/queries/aws_wafv2_regex_pattern_set_1.yaml b/queries/aws_wafv2_regex_pattern_set_1.yaml index 86061270d..bf9d8ad9c 100755 --- a/queries/aws_wafv2_regex_pattern_set_1.yaml +++ b/queries/aws_wafv2_regex_pattern_set_1.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query AWS WAFv2 Regex Pattern Set data, providing details + about the regex pattern sets used in AWS WAFv2 to filter web requests. ID: aws_wafv2_regex_pattern_set_1 -Title: "List all AWS WAFv2 Regex Pattern Sets in Steampipe" -Description: "Allows users to query AWS WAFv2 Regex Pattern Set data, providing details about the regex pattern sets used in AWS WAFv2 to filter web requests." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - description, - arn, - id, - scope, - regular_expressions, - region - from - aws_wafv2_regex_pattern_set; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n description,\n arn,\n id,\n scope,\n regular_expressions,\n\ + \ region\nfrom\n aws_wafv2_regex_pattern_set;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WAFv2 +Title: List all AWS WAFv2 Regex Pattern Sets in Steampipe diff --git a/queries/aws_wafv2_regex_pattern_set_2.yaml b/queries/aws_wafv2_regex_pattern_set_2.yaml index 2c888abfa..bd84d7f5e 100755 --- a/queries/aws_wafv2_regex_pattern_set_2.yaml +++ b/queries/aws_wafv2_regex_pattern_set_2.yaml @@ -1,32 +1,22 @@ +Description: Allows users to query AWS WAFv2 Regex Pattern Set data, providing details + about the regex pattern sets used in AWS WAFv2 to filter web requests. ID: aws_wafv2_regex_pattern_set_2 -Title: "Find AWS WAFv2 Regex Pattern Sets in CloudFront" -Description: "Allows users to query AWS WAFv2 Regex Pattern Set data, providing details about the regex pattern sets used in AWS WAFv2 to filter web requests." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - description, - arn, - id, - scope, - regular_expressions, - region - from - aws_wafv2_regex_pattern_set - where - scope = 'CLOUDFRONT'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n description,\n arn,\n id,\n scope,\n regular_expressions,\n\ + \ region\nfrom\n aws_wafv2_regex_pattern_set\nwhere\n scope = 'CLOUDFRONT';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS WAFv2 +Title: Find AWS WAFv2 Regex Pattern Sets in CloudFront diff --git a/queries/aws_wafv2_regex_pattern_set_3.yaml b/queries/aws_wafv2_regex_pattern_set_3.yaml index 570ff312a..a36550899 100755 --- a/queries/aws_wafv2_regex_pattern_set_3.yaml +++ b/queries/aws_wafv2_regex_pattern_set_3.yaml @@ -1,33 +1,23 @@ +Description: Allows users to query AWS WAFv2 Regex Pattern Set data, providing details + about the regex pattern sets used in AWS WAFv2 to filter web requests. ID: aws_wafv2_regex_pattern_set_3 -Title: "Find all AWS WAFv2 Regex Pattern Set data details" -Description: "Allows users to query AWS WAFv2 Regex Pattern Set data, providing details about the regex pattern sets used in AWS WAFv2 to filter web requests." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - description, - arn, - wrps.id, - scope, - regular_expressions, - region - from - aws_wafv2_regex_pattern_set as wrps, - jsonb_array_elements_text(regular_expressions) as regex - where - regex = '^steampipe'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n description,\n arn,\n wrps.id,\n scope,\n\ + \ regular_expressions,\n region\nfrom\n aws_wafv2_regex_pattern_set as wrps,\n\ + \ jsonb_array_elements_text(regular_expressions) as regex\nwhere\n regex = '^steampipe';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS WAFv2 +Title: Find all AWS WAFv2 Regex Pattern Set data details diff --git a/queries/aws_wafv2_rule_group_1.yaml b/queries/aws_wafv2_rule_group_1.yaml index 2f83ae95f..c6bcbf319 100755 --- a/queries/aws_wafv2_rule_group_1.yaml +++ b/queries/aws_wafv2_rule_group_1.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS WAFv2 Rule Groups and gather information such + as the group''s ARN, capacity, description, rules, visibility configuration, and + more. ID: aws_wafv2_rule_group_1 -Title: "List all AWS WAFv2 Rule Groups and their details" -Description: "Allows users to query AWS WAFv2 Rule Groups and gather information such as the group''s ARN, capacity, description, rules, visibility configuration, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - description, - arn, - id, - scope, - capacity, - rules, - region - from - aws_wafv2_rule_group; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n description,\n arn,\n id,\n scope,\n capacity,\n\ + \ rules,\n region\nfrom\n aws_wafv2_rule_group;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS WAFv2 +Title: List all AWS WAFv2 Rule Groups and their details diff --git a/queries/aws_wafv2_rule_group_2.yaml b/queries/aws_wafv2_rule_group_2.yaml index a026a9c55..537a3c771 100755 --- a/queries/aws_wafv2_rule_group_2.yaml +++ b/queries/aws_wafv2_rule_group_2.yaml @@ -1,34 +1,25 @@ +Description: Allows users to query AWS WAFv2 Rule Groups and gather information such + as the group''s ARN, capacity, description, rules, visibility configuration, and + more. ID: aws_wafv2_rule_group_2 -Title: "List all AWS WAFv2 Rule Groups with Capacity and Details" -Description: "Allows users to query AWS WAFv2 Rule Groups and gather information such as the group''s ARN, capacity, description, rules, visibility configuration, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - description, - arn, - id, - scope, - capacity, - region - from - aws_wafv2_rule_group - where - scope = 'CLOUDFRONT'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n description,\n arn,\n id,\n scope,\n capacity,\n\ + \ region\nfrom\n aws_wafv2_rule_group\nwhere\n scope = 'CLOUDFRONT';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WAFv2 +Title: List all AWS WAFv2 Rule Groups with Capacity and Details diff --git a/queries/aws_wafv2_rule_group_3.yaml b/queries/aws_wafv2_rule_group_3.yaml index ccfb07a56..d0bd07421 100755 --- a/queries/aws_wafv2_rule_group_3.yaml +++ b/queries/aws_wafv2_rule_group_3.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS WAFv2 Rule Groups and gather information such + as the group''s ARN, capacity, description, rules, visibility configuration, and + more. ID: aws_wafv2_rule_group_3 -Title: "List AWS WAFv2 Rule Groups with Capacity Info" -Description: "Allows users to query AWS WAFv2 Rule Groups and gather information such as the group''s ARN, capacity, description, rules, visibility configuration, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - description, - arn, - id, - scope, - capacity, - region - from - aws_wafv2_rule_group - where - capacity < 5; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n description,\n arn,\n id,\n scope,\n capacity,\n\ + \ region\nfrom\n aws_wafv2_rule_group\nwhere\n capacity < 5;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WAFv2 +Title: List AWS WAFv2 Rule Groups with Capacity Info diff --git a/queries/aws_wafv2_web_acl_1.yaml b/queries/aws_wafv2_web_acl_1.yaml index 0a15bfcb0..bac75da24 100755 --- a/queries/aws_wafv2_web_acl_1.yaml +++ b/queries/aws_wafv2_web_acl_1.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS WAFv2 WebACLs to retrieve and manage information + about WebACL resources within AWS WAFv2. ID: aws_wafv2_web_acl_1 -Title: "Find AWS WAFv2 WebACL Resources Information" -Description: "Allows users to query AWS WAFv2 WebACLs to retrieve and manage information about WebACL resources within AWS WAFv2." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - scope, - description, - capacity, - managed_by_firewall_manager - from - aws_wafv2_web_acl; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n scope,\n description,\n capacity,\n\ + \ managed_by_firewall_manager\nfrom\n aws_wafv2_web_acl;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WAFv2 +Title: Find AWS WAFv2 WebACL Resources Information diff --git a/queries/aws_wafv2_web_acl_2.yaml b/queries/aws_wafv2_web_acl_2.yaml index b1016970d..9c43b2e3c 100755 --- a/queries/aws_wafv2_web_acl_2.yaml +++ b/queries/aws_wafv2_web_acl_2.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS WAFv2 WebACLs to retrieve and manage information + about WebACL resources within AWS WAFv2. ID: aws_wafv2_web_acl_2 -Title: "List all AWS WAFv2 WebACLs and their Metric Names" -Description: "Allows users to query AWS WAFv2 WebACLs to retrieve and manage information about WebACL resources within AWS WAFv2." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - visibility_config ->> 'CloudWatchMetricsEnabled' as cloud_watch_metrics_enabled, - visibility_config ->> 'MetricName' as metric_name - from - aws_wafv2_web_acl; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n visibility_config ->> 'CloudWatchMetricsEnabled'\ + \ as cloud_watch_metrics_enabled,\n visibility_config ->> 'MetricName' as metric_name\n\ + from\n aws_wafv2_web_acl;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS WAFv2 +Title: List all AWS WAFv2 WebACLs and their Metric Names diff --git a/queries/aws_wafv2_web_acl_3.yaml b/queries/aws_wafv2_web_acl_3.yaml index 59bb79e66..31704c9ff 100755 --- a/queries/aws_wafv2_web_acl_3.yaml +++ b/queries/aws_wafv2_web_acl_3.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS WAFv2 WebACLs to retrieve and manage information + about WebACL resources within AWS WAFv2. ID: aws_wafv2_web_acl_3 -Title: "Find all AWS WAFv2 WebACLs with Disabled Sampled Requests" -Description: "Allows users to query AWS WAFv2 WebACLs to retrieve and manage information about WebACL resources within AWS WAFv2." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - visibility_config ->> 'SampledRequestsEnabled' as sampled_requests_enabled - from - aws_wafv2_web_acl - where - visibility_config ->> 'SampledRequestsEnabled' = 'false'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n visibility_config ->> 'SampledRequestsEnabled'\ + \ as sampled_requests_enabled\nfrom\n aws_wafv2_web_acl\nwhere\n visibility_config\ + \ ->> 'SampledRequestsEnabled' = 'false';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WAFv2 +Title: Find all AWS WAFv2 WebACLs with Disabled Sampled Requests diff --git a/queries/aws_wafv2_web_acl_4.yaml b/queries/aws_wafv2_web_acl_4.yaml index d889323ec..55cb3ccaf 100755 --- a/queries/aws_wafv2_web_acl_4.yaml +++ b/queries/aws_wafv2_web_acl_4.yaml @@ -1,41 +1,34 @@ +Description: Allows users to query AWS WAFv2 WebACLs to retrieve and manage information + about WebACL resources within AWS WAFv2. ID: aws_wafv2_web_acl_4 -Title: "List AWS WAFv2 WebACLs and Manage Information" -Description: "Allows users to query AWS WAFv2 WebACLs to retrieve and manage information about WebACL resources within AWS WAFv2." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - r ->> 'Name' as name, - r -> 'Statement' ->> 'AndStatement' as and_statement, - r -> 'Statement' ->> 'ByteMatchStatement' as byte_match_statement, - r -> 'Statement' ->> 'GeoMatchStatement' as geo_match_statement, - r -> 'Statement' ->> 'IPSetReferenceStatement' as ip_set_reference_statement, - r -> 'Statement' ->> 'NotStatement' as not_statement, - r -> 'Statement' ->> 'OrStatement' as or_statement, - r -> 'Statement' ->> 'RateBasedStatement' as rate_based_statement, - r -> 'Statement' ->> 'RegexPatternSetReferenceStatement' as regex_pattern_set_reference_statement, - r -> 'Statement' ->> 'RuleGroupReferenceStatement' as rule_group_reference_statement, - r -> 'Statement' ->> 'SizeConstraintStatement' as size_constraint_statement, - r -> 'Statement' ->> 'SqliMatchStatement' as sql_match_statement, - r -> 'Statement' ->> 'XssMatchStatement' as xss_match_statement - from - aws_wafv2_web_acl, - jsonb_array_elements(rules) as r; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n r ->> 'Name' as name,\n r -> 'Statement'\ + \ ->> 'AndStatement' as and_statement,\n r -> 'Statement' ->> 'ByteMatchStatement'\ + \ as byte_match_statement,\n r -> 'Statement' ->> 'GeoMatchStatement' as geo_match_statement,\n\ + \ r -> 'Statement' ->> 'IPSetReferenceStatement' as ip_set_reference_statement,\n\ + \ r -> 'Statement' ->> 'NotStatement' as not_statement,\n r -> 'Statement' ->>\ + \ 'OrStatement' as or_statement,\n r -> 'Statement' ->> 'RateBasedStatement'\ + \ as rate_based_statement,\n r -> 'Statement' ->> 'RegexPatternSetReferenceStatement'\ + \ as regex_pattern_set_reference_statement,\n r -> 'Statement' ->> 'RuleGroupReferenceStatement'\ + \ as rule_group_reference_statement,\n r -> 'Statement' ->> 'SizeConstraintStatement'\ + \ as size_constraint_statement,\n r -> 'Statement' ->> 'SqliMatchStatement' as\ + \ sql_match_statement,\n r -> 'Statement' ->> 'XssMatchStatement' as xss_match_statement\n\ + from\n aws_wafv2_web_acl,\n jsonb_array_elements(rules) as r;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS WAFv2 +Title: List AWS WAFv2 WebACLs and Manage Information diff --git a/queries/aws_wafv2_web_acl_5.yaml b/queries/aws_wafv2_web_acl_5.yaml index 3a2771030..924aa85df 100755 --- a/queries/aws_wafv2_web_acl_5.yaml +++ b/queries/aws_wafv2_web_acl_5.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS WAFv2 WebACLs to retrieve and manage information + about WebACL resources within AWS WAFv2. ID: aws_wafv2_web_acl_5 -Title: "Find AWS WAFv2 WebACLs and Manage WebACL Resources" -Description: "Allows users to query AWS WAFv2 WebACLs to retrieve and manage information about WebACL resources within AWS WAFv2." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - scope, - region - from - aws_wafv2_web_acl - where - scope = 'REGIONAL'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n scope,\n region\nfrom\n aws_wafv2_web_acl\n\ + where\n scope = 'REGIONAL';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WAFv2 +Title: Find AWS WAFv2 WebACLs and Manage WebACL Resources diff --git a/queries/aws_wafv2_web_acl_6.yaml b/queries/aws_wafv2_web_acl_6.yaml index acda79491..2600f6123 100755 --- a/queries/aws_wafv2_web_acl_6.yaml +++ b/queries/aws_wafv2_web_acl_6.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS WAFv2 WebACLs to retrieve and manage information + about WebACL resources within AWS WAFv2. ID: aws_wafv2_web_acl_6 -Title: "Find WebACL Resources in AWS WAFv2 Without Logging" -Description: "Allows users to query AWS WAFv2 WebACLs to retrieve and manage information about WebACL resources within AWS WAFv2." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - id, - scope, - region - from - aws_wafv2_web_acl - where - logging_configuration is null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n id,\n scope,\n region\nfrom\n aws_wafv2_web_acl\n\ + where\n logging_configuration is null;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_network_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS WAFv2 +Title: Find WebACL Resources in AWS WAFv2 Without Logging diff --git a/queries/aws_wafv2_web_acl_7.yaml b/queries/aws_wafv2_web_acl_7.yaml index ce1631fdc..adc4494ff 100755 --- a/queries/aws_wafv2_web_acl_7.yaml +++ b/queries/aws_wafv2_web_acl_7.yaml @@ -1,32 +1,25 @@ +Description: Allows users to query AWS WAFv2 WebACLs to retrieve and manage information + about WebACL resources within AWS WAFv2. ID: aws_wafv2_web_acl_7 -Title: "Find AWS WAFv2 WebACLs and Associated Load Balancers" -Description: "Allows users to query AWS WAFv2 WebACLs to retrieve and manage information about WebACL resources within AWS WAFv2." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - lb.name as application_load_balancer_name, - w.name as web_acl_name, - w.id as web_acl_id, - w.scope as web_acl_scope, - lb.type as application_load_balancer_type - from - aws_ec2_application_load_balancer as lb, - aws_wafv2_web_acl as w, - jsonb_array_elements_text(associated_resources) as arns - where - lb.arn = arns; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n lb.name as application_load_balancer_name,\n w.name\ + \ as web_acl_name,\n w.id as web_acl_id,\n w.scope as web_acl_scope,\n lb.type\ + \ as application_load_balancer_type\nfrom\n aws_ec2_application_load_balancer\ + \ as lb,\n aws_wafv2_web_acl as w,\n jsonb_array_elements_text(associated_resources)\ + \ as arns\nwhere\n lb.arn = arns;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WAFv2 +Title: Find AWS WAFv2 WebACLs and Associated Load Balancers diff --git a/queries/aws_wellarchitected_answer_1.yaml b/queries/aws_wellarchitected_answer_1.yaml index 201474fcb..61d74923c 100755 --- a/queries/aws_wellarchitected_answer_1.yaml +++ b/queries/aws_wellarchitected_answer_1.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS Well-Architected Tool Answer data, including + information about the workloads, lens, and questions associated with each answer. ID: aws_wellarchitected_answer_1 -Title: "List All AWS Well-Architected Tool Answer Data" -Description: "Allows users to query AWS Well-Architected Tool Answer data, including information about the workloads, lens, and questions associated with each answer." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - a.question_id, - a.lens_alias, - a.workload_id, - a.is_applicable, - a.pillar_id, - a.question_title, - a.risk, - a.reason, - a.region - from - aws_wellarchitected_answer a; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n a.question_id,\n a.lens_alias,\n a.workload_id,\n \ + \ a.is_applicable,\n a.pillar_id,\n a.question_title,\n a.risk,\n a.reason,\n\ + \ a.region\nfrom\n aws_wellarchitected_answer a;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List All AWS Well-Architected Tool Answer Data diff --git a/queries/aws_wellarchitected_answer_2.yaml b/queries/aws_wellarchitected_answer_2.yaml index 7417617ec..4ed3e3548 100755 --- a/queries/aws_wellarchitected_answer_2.yaml +++ b/queries/aws_wellarchitected_answer_2.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query AWS Well-Architected Tool Answer data, including + information about the workloads, lens, and questions associated with each answer. ID: aws_wellarchitected_answer_2 -Title: "List all AWS Well-Architected Tool Answers by Workload and Pillar" -Description: "Allows users to query AWS Well-Architected Tool Answer data, including information about the workloads, lens, and questions associated with each answer." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - a.workload_id, - a.pillar_id, - count(a.question_id) as total_questions - from - aws_wellarchitected_answer a - group by - a.workload_id, - a.pillar_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n a.workload_id,\n a.pillar_id,\n count(a.question_id)\ + \ as total_questions\nfrom\n aws_wellarchitected_answer a\ngroup by\n a.workload_id,\n\ + \ a.pillar_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List all AWS Well-Architected Tool Answers by Workload and Pillar diff --git a/queries/aws_wellarchitected_answer_3.yaml b/queries/aws_wellarchitected_answer_3.yaml index 4a5b60a7c..d16392c52 100755 --- a/queries/aws_wellarchitected_answer_3.yaml +++ b/queries/aws_wellarchitected_answer_3.yaml @@ -1,34 +1,26 @@ +Description: Allows users to query AWS Well-Architected Tool Answer data, including + information about the workloads, lens, and questions associated with each answer. ID: aws_wellarchitected_answer_3 -Title: "Find AWS Well-Architected Tool Answer Data" -Description: "Allows users to query AWS Well-Architected Tool Answer data, including information about the workloads, lens, and questions associated with each answer." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - a.question_id, - a.lens_alias, - a.workload_id, - a.question_title, - a.question_description, - c ->> 'Title' as choice_title, - c ->> 'ChoiceId' as choice_id, - c ->> 'Description' as choice_description, - c ->> 'HelpfulResource' as choice_helpful_resource, - c ->> 'ImprovementPlan' as choice_improvement_plan - from - aws_wellarchitected_answer a, - jsonb_array_elements(choices) c; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n a.question_id,\n a.lens_alias,\n a.workload_id,\n \ + \ a.question_title,\n a.question_description,\n c ->> 'Title' as choice_title,\n\ + \ c ->> 'ChoiceId' as choice_id,\n c ->> 'Description' as choice_description,\n\ + \ c ->> 'HelpfulResource' as choice_helpful_resource,\n c ->> 'ImprovementPlan'\ + \ as choice_improvement_plan\nfrom\n aws_wellarchitected_answer a,\n jsonb_array_elements(choices)\ + \ c;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: Find AWS Well-Architected Tool Answer Data diff --git a/queries/aws_wellarchitected_answer_4.yaml b/queries/aws_wellarchitected_answer_4.yaml index f25ac0cef..e20d88e9d 100755 --- a/queries/aws_wellarchitected_answer_4.yaml +++ b/queries/aws_wellarchitected_answer_4.yaml @@ -1,33 +1,25 @@ +Description: Allows users to query AWS Well-Architected Tool Answer data, including + information about the workloads, lens, and questions associated with each answer. ID: aws_wellarchitected_answer_4 -Title: "List AWS Well-Architected Tool Answer Data" -Description: "Allows users to query AWS Well-Architected Tool Answer data, including information about the workloads, lens, and questions associated with each answer." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - a.question_id, - a.lens_alias, - a.workload_id, - a.question_title, - a.question_description, - c ->> 'Notes' as choice_notes, - c ->> 'Reason' as choice_reason, - c ->> 'Status' as choice_status, - c ->> 'ChoiceId' as choice_id - from - aws_wellarchitected_answer a, - jsonb_array_elements(choice_answers) c; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n a.question_id,\n a.lens_alias,\n a.workload_id,\n \ + \ a.question_title,\n a.question_description,\n c ->> 'Notes' as choice_notes,\n\ + \ c ->> 'Reason' as choice_reason,\n c ->> 'Status' as choice_status,\n c ->>\ + \ 'ChoiceId' as choice_id\nfrom\n aws_wellarchitected_answer a,\n jsonb_array_elements(choice_answers)\ + \ c;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List AWS Well-Architected Tool Answer Data diff --git a/queries/aws_wellarchitected_answer_5.yaml b/queries/aws_wellarchitected_answer_5.yaml index ab0cbb9e8..30be3f08f 100755 --- a/queries/aws_wellarchitected_answer_5.yaml +++ b/queries/aws_wellarchitected_answer_5.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query AWS Well-Architected Tool Answer data, including + information about the workloads, lens, and questions associated with each answer. ID: aws_wellarchitected_answer_5 -Title: "List all AWS Well-Architected Tools Answers and Details" -Description: "Allows users to query AWS Well-Architected Tool Answer data, including information about the workloads, lens, and questions associated with each answer." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - a.question_id, - a.lens_alias, - a.workload_id, - a.question_title, - a.question_description, - reason - from - aws_wellarchitected_answer a - where - not is_applicable; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n a.question_id,\n a.lens_alias,\n a.workload_id,\n \ + \ a.question_title,\n a.question_description,\n reason\nfrom\n aws_wellarchitected_answer\ + \ a\nwhere\n not is_applicable;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List all AWS Well-Architected Tools Answers and Details diff --git a/queries/aws_wellarchitected_answer_6.yaml b/queries/aws_wellarchitected_answer_6.yaml index 1425975f6..79d22832a 100755 --- a/queries/aws_wellarchitected_answer_6.yaml +++ b/queries/aws_wellarchitected_answer_6.yaml @@ -1,36 +1,25 @@ +Description: Allows users to query AWS Well-Architected Tool Answer data, including + information about the workloads, lens, and questions associated with each answer. ID: aws_wellarchitected_answer_6 -Title: "List All AWS Well-Architected Tool Answer Data" -Description: "Allows users to query AWS Well-Architected Tool Answer data, including information about the workloads, lens, and questions associated with each answer." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - a.question_id, - a.lens_alias, - a.workload_id, - a.question_title, - a.risk, - c ->> 'ChoiceId' as choice_id, - c ->> 'Status' as choice_status, - c ->> 'Reason' as choice_reason, - c ->> 'Notes' as choice_notes - from - aws_wellarchitected_answer a, - jsonb_array_elements(choice_answers) c - where - risk = 'HIGH' - or risk = 'MEDIUM'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n a.question_id,\n a.lens_alias,\n a.workload_id,\n \ + \ a.question_title,\n a.risk,\n c ->> 'ChoiceId' as choice_id,\n c ->> 'Status'\ + \ as choice_status,\n c ->> 'Reason' as choice_reason,\n c ->> 'Notes' as choice_notes\n\ + from\n aws_wellarchitected_answer a,\n jsonb_array_elements(choice_answers)\ + \ c\nwhere\n risk = 'HIGH'\n or risk = 'MEDIUM';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List All AWS Well-Architected Tool Answer Data diff --git a/queries/aws_wellarchitected_answer_7.yaml b/queries/aws_wellarchitected_answer_7.yaml index fdbde3236..9a4f8cc3a 100755 --- a/queries/aws_wellarchitected_answer_7.yaml +++ b/queries/aws_wellarchitected_answer_7.yaml @@ -1,32 +1,23 @@ +Description: Allows users to query AWS Well-Architected Tool Answer data, including + information about the workloads, lens, and questions associated with each answer. ID: aws_wellarchitected_answer_7 -Title: "List all AWS Well-Architected Tool Answers by Risk" -Description: "Allows users to query AWS Well-Architected Tool Answer data, including information about the workloads, lens, and questions associated with each answer." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workload_id, - risk, - count(question_id) as total_questions - from - aws_wellarchitected_answer - where - risk = 'HIGH' - or risk = 'MEDIUM' - group by - workload_id, - risk; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workload_id,\n risk,\n count(question_id) as total_questions\n\ + from\n aws_wellarchitected_answer\nwhere\n risk = 'HIGH'\n or risk = 'MEDIUM'\n\ + group by\n workload_id,\n risk;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List all AWS Well-Architected Tool Answers by Risk diff --git a/queries/aws_wellarchitected_check_detail_1.yaml b/queries/aws_wellarchitected_check_detail_1.yaml index f1fc40d2c..f0dfd861b 100755 --- a/queries/aws_wellarchitected_check_detail_1.yaml +++ b/queries/aws_wellarchitected_check_detail_1.yaml @@ -1,30 +1,21 @@ +Description: Allows users to query AWS Well-Architected Tool Check Details for information + on individual checks within a workload. The table provides data on the check status, + risk, reason for risk, improvement plan, and other related details. ID: aws_wellarchitected_check_detail_1 -Title: "Find Details on AWS Well-Architected Tool Checks" -Description: "Allows users to query AWS Well-Architected Tool Check Details for information on individual checks within a workload. The table provides data on the check status, risk, reason for risk, improvement plan, and other related details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workload_id, - lens_arn, - pillar_id, - question_id, - choice_id, - id, - name, - description, - status - from - aws_wellarchitected_check_detail; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workload_id,\n lens_arn,\n pillar_id,\n question_id,\n\ + \ choice_id,\n id,\n name,\n description,\n status\nfrom\n aws_wellarchitected_check_detail;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: Find Details on AWS Well-Architected Tool Checks diff --git a/queries/aws_wellarchitected_check_detail_2.yaml b/queries/aws_wellarchitected_check_detail_2.yaml index 13aaefcaa..02500c763 100755 --- a/queries/aws_wellarchitected_check_detail_2.yaml +++ b/queries/aws_wellarchitected_check_detail_2.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS Well-Architected Tool Check Details for information + on individual checks within a workload. The table provides data on the check status, + risk, reason for risk, improvement plan, and other related details. ID: aws_wellarchitected_check_detail_2 -Title: "List AWS Well-Architected Tool Check Details" -Description: "Allows users to query AWS Well-Architected Tool Check Details for information on individual checks within a workload. The table provides data on the check status, risk, reason for risk, improvement plan, and other related details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workload_id, - status, - count(id) as checks - from - aws_wellarchitected_check_detail - group by - workload_id, - status; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workload_id,\n status,\n count(id) as checks\nfrom\n\ + \ aws_wellarchitected_check_detail\ngroup by\n workload_id,\n status;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List AWS Well-Architected Tool Check Details diff --git a/queries/aws_wellarchitected_check_detail_3.yaml b/queries/aws_wellarchitected_check_detail_3.yaml index 657cea399..81e620853 100755 --- a/queries/aws_wellarchitected_check_detail_3.yaml +++ b/queries/aws_wellarchitected_check_detail_3.yaml @@ -1,32 +1,22 @@ +Description: Allows users to query AWS Well-Architected Tool Check Details for information + on individual checks within a workload. The table provides data on the check status, + risk, reason for risk, improvement plan, and other related details. ID: aws_wellarchitected_check_detail_3 -Title: "Find AWS Well-Architected Tool Check Details for Security" -Description: "Allows users to query AWS Well-Architected Tool Check Details for information on individual checks within a workload. The table provides data on the check status, risk, reason for risk, improvement plan, and other related details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workload_id, - lens_arn, - pillar_id, - question_id, - choice_id, - id, - name, - description, - status - from - aws_wellarchitected_check_detail - where - pillar_id = 'security'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workload_id,\n lens_arn,\n pillar_id,\n question_id,\n\ + \ choice_id,\n id,\n name,\n description,\n status\nfrom\n aws_wellarchitected_check_detail\n\ + where \n pillar_id = 'security';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: Find AWS Well-Architected Tool Check Details for Security diff --git a/queries/aws_wellarchitected_check_detail_4.yaml b/queries/aws_wellarchitected_check_detail_4.yaml index 24421745d..7ee1b40aa 100755 --- a/queries/aws_wellarchitected_check_detail_4.yaml +++ b/queries/aws_wellarchitected_check_detail_4.yaml @@ -1,32 +1,24 @@ +Description: Allows users to query AWS Well-Architected Tool Check Details for information + on individual checks within a workload. The table provides data on the check status, + risk, reason for risk, improvement plan, and other related details. ID: aws_wellarchitected_check_detail_4 -Title: "Find AWS Well-Architected Tool Check Details Status" -Description: "Allows users to query AWS Well-Architected Tool Check Details for information on individual checks within a workload. The table provides data on the check status, risk, reason for risk, improvement plan, and other related details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - choice_id, - name, - pillar_id, - question_id, - flagged_resources, - updated_at - from - aws_wellarchitected_check_detail - where - status = 'ERROR'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n choice_id,\n name,\n pillar_id,\n question_id,\n\ + \ flagged_resources,\n updated_at\nfrom\n aws_wellarchitected_check_detail\n\ + where \n status = 'ERROR';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: Find AWS Well-Architected Tool Check Details Status diff --git a/queries/aws_wellarchitected_check_detail_5.yaml b/queries/aws_wellarchitected_check_detail_5.yaml index 7f48fd819..c6f71c104 100755 --- a/queries/aws_wellarchitected_check_detail_5.yaml +++ b/queries/aws_wellarchitected_check_detail_5.yaml @@ -1,35 +1,25 @@ +Description: Allows users to query AWS Well-Architected Tool Check Details for information + on individual checks within a workload. The table provides data on the check status, + risk, reason for risk, improvement plan, and other related details. ID: aws_wellarchitected_check_detail_5 -Title: "List all AWS Well-Architected Tool Check Details" -Description: "Allows users to query AWS Well-Architected Tool Check Details for information on individual checks within a workload. The table provides data on the check status, risk, reason for risk, improvement plan, and other related details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - w.workload_name, - w.workload_id, - w.environment, - w.industry, - w.owner, - d.name as check_name, - d.flagged_resources, - d.pillar_id - from - aws_wellarchitected_check_detail d, - aws_wellarchitected_workload w - where - d.workload_id = w.workload_id - and d.status = 'ERROR'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n w.workload_name,\n w.workload_id,\n w.environment,\n\ + \ w.industry,\n w.owner,\n d.name as check_name,\n d.flagged_resources,\n\ + \ d.pillar_id\nfrom\n aws_wellarchitected_check_detail d,\n aws_wellarchitected_workload\ + \ w\nwhere\n d.workload_id = w.workload_id\n and d.status = 'ERROR';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List all AWS Well-Architected Tool Check Details diff --git a/queries/aws_wellarchitected_check_detail_6.yaml b/queries/aws_wellarchitected_check_detail_6.yaml index a4e3f2dd7..e3249a405 100755 --- a/queries/aws_wellarchitected_check_detail_6.yaml +++ b/queries/aws_wellarchitected_check_detail_6.yaml @@ -1,34 +1,25 @@ +Description: Allows users to query AWS Well-Architected Tool Check Details for information + on individual checks within a workload. The table provides data on the check status, + risk, reason for risk, improvement plan, and other related details. ID: aws_wellarchitected_check_detail_6 -Title: "Find AWS Well-Architected Tool Check Detail Information" -Description: "Allows users to query AWS Well-Architected Tool Check Details for information on individual checks within a workload. The table provides data on the check status, risk, reason for risk, improvement plan, and other related details." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - choice_id, - name, - pillar_id, - question_id, - flagged_resources, - status, - updated_at - from - aws_wellarchitected_check_detail - where - lens_arn = 'arn:aws:wellarchitected::aws:lens/wellarchitected' - and workload_id = 'abcdc851ac1d8d9d5b9938615da016ce'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n choice_id,\n name,\n pillar_id,\n question_id,\n\ + \ flagged_resources,\n status,\n updated_at\nfrom\n aws_wellarchitected_check_detail\n\ + where\n lens_arn = 'arn:aws:wellarchitected::aws:lens/wellarchitected'\n and\ + \ workload_id = 'abcdc851ac1d8d9d5b9938615da016ce';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: Find AWS Well-Architected Tool Check Detail Information diff --git a/queries/aws_wellarchitected_check_summary_1.yaml b/queries/aws_wellarchitected_check_summary_1.yaml index 4fedc9b45..03e3b7019 100755 --- a/queries/aws_wellarchitected_check_summary_1.yaml +++ b/queries/aws_wellarchitected_check_summary_1.yaml @@ -1,34 +1,24 @@ +Description: Allows users to query AWS Well-Architected Tool Check Summary for detailed + information about the checks for all workloads. This table provides insights into + the state of your workloads, highlighting potential risks and areas for improvement. ID: aws_wellarchitected_check_summary_1 -Title: "List all AWS Well-Architected Tool Check Summary Details" -Description: "Allows users to query AWS Well-Architected Tool Check Summary for detailed information about the checks for all workloads. This table provides insights into the state of your workloads, highlighting potential risks and areas for improvement." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - id, - name, - description, - jsonb_pretty(account_summary) as account_summary, - choice_id, - lens_arn, - pillar_id, - question_id, - status, - region, - workload_id - from - aws_wellarchitected_check_summary; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n id,\n name,\n description,\n jsonb_pretty(account_summary)\ + \ as account_summary,\n choice_id,\n lens_arn,\n pillar_id,\n question_id,\n\ + \ status,\n region,\n workload_id\nfrom\n aws_wellarchitected_check_summary;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List all AWS Well-Architected Tool Check Summary Details diff --git a/queries/aws_wellarchitected_check_summary_2.yaml b/queries/aws_wellarchitected_check_summary_2.yaml index 7358c46cc..db7ecb832 100755 --- a/queries/aws_wellarchitected_check_summary_2.yaml +++ b/queries/aws_wellarchitected_check_summary_2.yaml @@ -1,33 +1,24 @@ +Description: Allows users to query AWS Well-Architected Tool Check Summary for detailed + information about the checks for all workloads. This table provides insights into + the state of your workloads, highlighting potential risks and areas for improvement. ID: aws_wellarchitected_check_summary_2 -Title: "Find AWS Well-Architected Tool Check Summary Details" -Description: "Allows users to query AWS Well-Architected Tool Check Summary for detailed information about the checks for all workloads. This table provides insights into the state of your workloads, highlighting potential risks and areas for improvement." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workload_id, - id, - name, - jsonb_pretty(account_summary) as account_summary, - status, - choice_id, - pillar_id, - question_id - from - aws_wellarchitected_check_summary - where - workload_id = 'abcdc851ac1d8d9d5b9938615da016ce'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workload_id,\n id,\n name,\n jsonb_pretty(account_summary)\ + \ as account_summary,\n status,\n choice_id,\n pillar_id,\n question_id\n\ + from\n aws_wellarchitected_check_summary\nwhere\n workload_id = 'abcdc851ac1d8d9d5b9938615da016ce';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: Find AWS Well-Architected Tool Check Summary Details diff --git a/queries/aws_wellarchitected_check_summary_3.yaml b/queries/aws_wellarchitected_check_summary_3.yaml index 5398b2ae4..e732aca63 100755 --- a/queries/aws_wellarchitected_check_summary_3.yaml +++ b/queries/aws_wellarchitected_check_summary_3.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS Well-Architected Tool Check Summary for detailed + information about the checks for all workloads. This table provides insights into + the state of your workloads, highlighting potential risks and areas for improvement. ID: aws_wellarchitected_check_summary_3 -Title: "Find AWS Well-Architected Tool Check Summaries" -Description: "Allows users to query AWS Well-Architected Tool Check Summary for detailed information about the checks for all workloads. This table provides insights into the state of your workloads, highlighting potential risks and areas for improvement." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workload_id, - id, - name, - jsonb_pretty(account_summary) as account_summary, - pillar_id, - question_id - from - aws_wellarchitected_check_summary - where - status = 'ERROR'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workload_id,\n id,\n name,\n jsonb_pretty(account_summary)\ + \ as account_summary,\n pillar_id,\n question_id\nfrom\n aws_wellarchitected_check_summary\n\ + where\n status = 'ERROR';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Well-Architected Tool +Title: Find AWS Well-Architected Tool Check Summaries diff --git a/queries/aws_wellarchitected_check_summary_4.yaml b/queries/aws_wellarchitected_check_summary_4.yaml index 74c30e80b..89b8ce647 100755 --- a/queries/aws_wellarchitected_check_summary_4.yaml +++ b/queries/aws_wellarchitected_check_summary_4.yaml @@ -1,31 +1,24 @@ +Description: Allows users to query AWS Well-Architected Tool Check Summary for detailed + information about the checks for all workloads. This table provides insights into + the state of your workloads, highlighting potential risks and areas for improvement. ID: aws_wellarchitected_check_summary_4 -Title: "Query AWS Well-Architected Tool Check Summaries" -Description: "Allows users to query AWS Well-Architected Tool Check Summary for detailed information about the checks for all workloads. This table provides insights into the state of your workloads, highlighting potential risks and areas for improvement." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workload_id, - id, - name, - account_summary ->> 'ERROR' as errors, - account_summary ->> 'FETCH_FAILED' as fetch_failed, - account_summary ->> 'NOT_AVAILABLE' as not_available, - account_summary ->> 'OKAY' as okay, - account_summary ->> 'WARNING' as warnings, - pillar_id, - question_id - from - aws_wellarchitected_check_summary; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workload_id,\n id,\n name,\n account_summary ->> 'ERROR'\ + \ as errors,\n account_summary ->> 'FETCH_FAILED' as fetch_failed,\n account_summary\ + \ ->> 'NOT_AVAILABLE' as not_available,\n account_summary ->> 'OKAY' as okay,\n\ + \ account_summary ->> 'WARNING' as warnings,\n pillar_id,\n question_id\nfrom\n\ + \ aws_wellarchitected_check_summary;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: Query AWS Well-Architected Tool Check Summaries diff --git a/queries/aws_wellarchitected_check_summary_5.yaml b/queries/aws_wellarchitected_check_summary_5.yaml index 3af3eb100..e3144ffa5 100755 --- a/queries/aws_wellarchitected_check_summary_5.yaml +++ b/queries/aws_wellarchitected_check_summary_5.yaml @@ -1,36 +1,27 @@ +Description: Allows users to query AWS Well-Architected Tool Check Summary for detailed + information about the checks for all workloads. This table provides insights into + the state of your workloads, highlighting potential risks and areas for improvement. ID: aws_wellarchitected_check_summary_5 -Title: "Find AWS Well-Architected Tool Check Summary Insights" -Description: "Allows users to query AWS Well-Architected Tool Check Summary for detailed information about the checks for all workloads. This table provides insights into the state of your workloads, highlighting potential risks and areas for improvement." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workload_id, - id, - name, - account_summary ->> 'ERROR' as errors, - account_summary ->> 'FETCH_FAILED' as fetch_failed, - account_summary ->> 'NOT_AVAILABLE' as not_available, - account_summary ->> 'OKAY' as okay, - account_summary ->> 'WARNING' as warnings, - pillar_id, - question_id - from - aws_wellarchitected_check_summary - where - lens_arn = 'arn:aws:wellarchitected::aws:lens/wellarchitected' - and workload_id = 'abcdc851ac1d8d9d5b9938615da016ce'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workload_id,\n id,\n name,\n account_summary ->> 'ERROR'\ + \ as errors,\n account_summary ->> 'FETCH_FAILED' as fetch_failed,\n account_summary\ + \ ->> 'NOT_AVAILABLE' as not_available,\n account_summary ->> 'OKAY' as okay,\n\ + \ account_summary ->> 'WARNING' as warnings,\n pillar_id,\n question_id\nfrom\n\ + \ aws_wellarchitected_check_summary\nwhere\n lens_arn = 'arn:aws:wellarchitected::aws:lens/wellarchitected'\n\ + \ and workload_id = 'abcdc851ac1d8d9d5b9938615da016ce';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: Find AWS Well-Architected Tool Check Summary Insights diff --git a/queries/aws_wellarchitected_consolidated_report_1.yaml b/queries/aws_wellarchitected_consolidated_report_1.yaml index 9d671bcb9..72a4ea25e 100755 --- a/queries/aws_wellarchitected_consolidated_report_1.yaml +++ b/queries/aws_wellarchitected_consolidated_report_1.yaml @@ -1,29 +1,23 @@ +Description: Allows users to query consolidated reports from the AWS Well-Architected + Tool, providing a comprehensive view of a workload''s alignment with AWS architectural + best practices. ID: aws_wellarchitected_consolidated_report_1 -Title: "List all AWS Well-Architected Tool Consolidated Reports" -Description: "Allows users to query consolidated reports from the AWS Well-Architected Tool, providing a comprehensive view of a workload''s alignment with AWS architectural best practices." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workload_name, - workload_arn, - workload_id, - lenses_applied_count, - metric_type, - updated_at - from - aws_wellarchitected_consolidated_report; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workload_name,\n workload_arn,\n workload_id,\n lenses_applied_count,\n\ + \ metric_type,\n updated_at\nfrom\n aws_wellarchitected_consolidated_report;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List all AWS Well-Architected Tool Consolidated Reports diff --git a/queries/aws_wellarchitected_consolidated_report_2.yaml b/queries/aws_wellarchitected_consolidated_report_2.yaml index aec88608b..268353248 100755 --- a/queries/aws_wellarchitected_consolidated_report_2.yaml +++ b/queries/aws_wellarchitected_consolidated_report_2.yaml @@ -1,33 +1,26 @@ +Description: Allows users to query consolidated reports from the AWS Well-Architected + Tool, providing a comprehensive view of a workload''s alignment with AWS architectural + best practices. ID: aws_wellarchitected_consolidated_report_2 -Title: "Find All AWS Well-Architected Consolidated Reports" -Description: "Allows users to query consolidated reports from the AWS Well-Architected Tool, providing a comprehensive view of a workload''s alignment with AWS architectural best practices." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.workload_name, - r.workload_arn, - r.workload_id, - r.lenses_applied_count, - w.environment as workload_environment, - w.improvement_status as workload_improvement_status, - w.review_restriction_date as workload_review_restriction_date - from - aws_wellarchitected_consolidated_report as r, - aws_wellarchitected_workload as w - where - w.workload_id = r.workload_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n r.workload_name,\n r.workload_arn,\n r.workload_id,\n\ + \ r.lenses_applied_count,\n w.environment as workload_environment,\n w.improvement_status\ + \ as workload_improvement_status,\n w.review_restriction_date as workload_review_restriction_date\n\ + from\n aws_wellarchitected_consolidated_report as r,\n aws_wellarchitected_workload\ + \ as w\nwhere\n w.workload_id = r.workload_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: Find All AWS Well-Architected Consolidated Reports diff --git a/queries/aws_wellarchitected_consolidated_report_3.yaml b/queries/aws_wellarchitected_consolidated_report_3.yaml index 63ce399ef..0ab11d669 100755 --- a/queries/aws_wellarchitected_consolidated_report_3.yaml +++ b/queries/aws_wellarchitected_consolidated_report_3.yaml @@ -1,24 +1,21 @@ +Description: Allows users to query consolidated reports from the AWS Well-Architected + Tool, providing a comprehensive view of a workload''s alignment with AWS architectural + best practices. ID: aws_wellarchitected_consolidated_report_3 -Title: "List all AWS Well-Architected Tool Consolidated Reports" -Description: "Allows users to query consolidated reports from the AWS Well-Architected Tool, providing a comprehensive view of a workload''s alignment with AWS architectural best practices." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workload_name, - workload_id, - risk_counts -> 'HIGH' as high_risk_counts - from - aws_wellarchitected_consolidated_report; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workload_name,\n workload_id,\n risk_counts -> 'HIGH'\ + \ as high_risk_counts\nfrom\n aws_wellarchitected_consolidated_report;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List all AWS Well-Architected Tool Consolidated Reports diff --git a/queries/aws_wellarchitected_consolidated_report_4.yaml b/queries/aws_wellarchitected_consolidated_report_4.yaml index 4953b4c77..866c923f0 100755 --- a/queries/aws_wellarchitected_consolidated_report_4.yaml +++ b/queries/aws_wellarchitected_consolidated_report_4.yaml @@ -1,29 +1,25 @@ +Description: Allows users to query consolidated reports from the AWS Well-Architected + Tool, providing a comprehensive view of a workload''s alignment with AWS architectural + best practices. ID: aws_wellarchitected_consolidated_report_4 -Title: "List all AWS Well-Architected Tool Consolidated Reports" -Description: "Allows users to query consolidated reports from the AWS Well-Architected Tool, providing a comprehensive view of a workload''s alignment with AWS architectural best practices." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workload_name, - workload_id, - l ->> 'LensArn' as lens_arn, - l -> 'Pillars' as pillars, - l -> 'RiskCounts' as risk_counts - from - aws_wellarchitected_consolidated_report, - jsonb_array_elements(lenses) as l; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workload_name,\n workload_id,\n l ->> 'LensArn' as\ + \ lens_arn,\n l -> 'Pillars' as pillars,\n l -> 'RiskCounts' as risk_counts\n\ + from\n aws_wellarchitected_consolidated_report,\n jsonb_array_elements(lenses)\ + \ as l;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List all AWS Well-Architected Tool Consolidated Reports diff --git a/queries/aws_wellarchitected_lens_1.yaml b/queries/aws_wellarchitected_lens_1.yaml index 28a7810e8..495314209 100755 --- a/queries/aws_wellarchitected_lens_1.yaml +++ b/queries/aws_wellarchitected_lens_1.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS Well-Architected Lens, providing details about + each lens such as its name, description, and associated AWS Well-Architected Framework + pillars. ID: aws_wellarchitected_lens_1 -Title: "List all AWS Well-Architected Lenses with details" -Description: "Allows users to query AWS Well-Architected Lens, providing details about each lens such as its name, description, and associated AWS Well-Architected Framework pillars." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - lens_name, - lens_alias, - arn, - lens_status, - lens_type, - owner - from - aws_wellarchitected_lens; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n lens_name,\n lens_alias,\n arn,\n lens_status,\n \ + \ lens_type,\n owner\nfrom\n aws_wellarchitected_lens;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected +Title: List all AWS Well-Architected Lenses with details diff --git a/queries/aws_wellarchitected_lens_2.yaml b/queries/aws_wellarchitected_lens_2.yaml index 3c999f268..900e7ed46 100755 --- a/queries/aws_wellarchitected_lens_2.yaml +++ b/queries/aws_wellarchitected_lens_2.yaml @@ -1,25 +1,21 @@ +Description: Allows users to query AWS Well-Architected Lens, providing details about + each lens such as its name, description, and associated AWS Well-Architected Framework + pillars. ID: aws_wellarchitected_lens_2 -Title: "List AWS Well-Architected Lens Details" -Description: "Allows users to query AWS Well-Architected Lens, providing details about each lens such as its name, description, and associated AWS Well-Architected Framework pillars." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select distinct - on(arn) arn, - lens_name, - lens_status, - lens_type - from - aws_wellarchitected_lens; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select distinct\n on(arn) arn,\n lens_name,\n lens_status,\n\ + \ lens_type\nfrom\n aws_wellarchitected_lens;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Lens +Title: List AWS Well-Architected Lens Details diff --git a/queries/aws_wellarchitected_lens_3.yaml b/queries/aws_wellarchitected_lens_3.yaml index 261c9a595..2b451a8b7 100755 --- a/queries/aws_wellarchitected_lens_3.yaml +++ b/queries/aws_wellarchitected_lens_3.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query AWS Well-Architected Lens, providing details about + each lens such as its name, description, and associated AWS Well-Architected Framework + pillars. ID: aws_wellarchitected_lens_3 -Title: "Find AWS Well-Architected Lens details" -Description: "Allows users to query AWS Well-Architected Lens, providing details about each lens such as its name, description, and associated AWS Well-Architected Framework pillars." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - lens_name, - arn, - lens_status, - lens_type, - owner, - share_invitation_id - from - aws_wellarchitected_lens - where - lens_type = 'CUSTOM_SHARED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n lens_name,\n arn,\n lens_status,\n lens_type,\n owner,\n\ + \ share_invitation_id\nfrom\n aws_wellarchitected_lens\nwhere\n lens_type =\ + \ 'CUSTOM_SHARED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Lens +Title: Find AWS Well-Architected Lens details diff --git a/queries/aws_wellarchitected_lens_4.yaml b/queries/aws_wellarchitected_lens_4.yaml index 5af1e231b..a89818268 100755 --- a/queries/aws_wellarchitected_lens_4.yaml +++ b/queries/aws_wellarchitected_lens_4.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS Well-Architected Lens, providing details about + each lens such as its name, description, and associated AWS Well-Architected Framework + pillars. ID: aws_wellarchitected_lens_4 -Title: "List all AWS Well-Architected Lens with Details" -Description: "Allows users to query AWS Well-Architected Lens, providing details about each lens such as its name, description, and associated AWS Well-Architected Framework pillars." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - lens_name, - lens_status, - lens_type, - lens_version, - owner - from - aws_wellarchitected_lens - where - lens_status = 'DEPRECATED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n lens_name,\n lens_status,\n lens_type,\n lens_version,\n\ + \ owner\nfrom\n aws_wellarchitected_lens\nwhere\n lens_status = 'DEPRECATED';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Well-Architected Lens +Title: List all AWS Well-Architected Lens with Details diff --git a/queries/aws_wellarchitected_lens_5.yaml b/queries/aws_wellarchitected_lens_5.yaml index fc287e03f..44c304374 100755 --- a/queries/aws_wellarchitected_lens_5.yaml +++ b/queries/aws_wellarchitected_lens_5.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query AWS Well-Architected Lens, providing details about + each lens such as its name, description, and associated AWS Well-Architected Framework + pillars. ID: aws_wellarchitected_lens_5 -Title: "List all AWS Well-Architected Lens with Details" -Description: "Allows users to query AWS Well-Architected Lens, providing details about each lens such as its name, description, and associated AWS Well-Architected Framework pillars." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - lens_name, - lens_status, - lens_type, - created_at, - lens_version - from - aws_wellarchitected_lens - where - created_at <= now() - interval '30' day; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n lens_name,\n lens_status,\n lens_type,\n created_at,\n\ + \ lens_version\nfrom\n aws_wellarchitected_lens\nwhere\n created_at <= now()\ + \ - interval '30' day;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Lens +Title: List all AWS Well-Architected Lens with Details diff --git a/queries/aws_wellarchitected_lens_6.yaml b/queries/aws_wellarchitected_lens_6.yaml index 8c8e51f05..55109921a 100755 --- a/queries/aws_wellarchitected_lens_6.yaml +++ b/queries/aws_wellarchitected_lens_6.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS Well-Architected Lens, providing details about + each lens such as its name, description, and associated AWS Well-Architected Framework + pillars. ID: aws_wellarchitected_lens_6 -Title: "List All AWS Well-Architected Lens Details" -Description: "Allows users to query AWS Well-Architected Lens, providing details about each lens such as its name, description, and associated AWS Well-Architected Framework pillars." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - lens_name, - lens_status, - lens_type, - lens_version, - owner, - account_id - from - aws_wellarchitected_lens - where - owner = account_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n lens_name,\n lens_status,\n lens_type,\n lens_version,\n\ + \ owner,\n account_id\nfrom\n aws_wellarchitected_lens\nwhere\n owner = account_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Lens +Title: List All AWS Well-Architected Lens Details diff --git a/queries/aws_wellarchitected_lens_review_1.yaml b/queries/aws_wellarchitected_lens_review_1.yaml index f47c53479..15d1e9c31 100755 --- a/queries/aws_wellarchitected_lens_review_1.yaml +++ b/queries/aws_wellarchitected_lens_review_1.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS Well-Architected Tool Lens Reviews to obtain + detailed information about each review, including its associated workload, lens, + and milestone information. ID: aws_wellarchitected_lens_review_1 -Title: "List all AWS Well-Architected Tool Lens Reviews" -Description: "Allows users to query AWS Well-Architected Tool Lens Reviews to obtain detailed information about each review, including its associated workload, lens, and milestone information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - lens_name, - workload_id, - lens_arn, - lens_alias, - lens_version, - updated_at - from - aws_wellarchitected_lens_review; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n lens_name,\n workload_id,\n lens_arn,\n lens_alias,\n\ + \ lens_version,\n updated_at\nfrom\n aws_wellarchitected_lens_review;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List all AWS Well-Architected Tool Lens Reviews diff --git a/queries/aws_wellarchitected_lens_review_2.yaml b/queries/aws_wellarchitected_lens_review_2.yaml index bc066f9a6..eb65b8719 100755 --- a/queries/aws_wellarchitected_lens_review_2.yaml +++ b/queries/aws_wellarchitected_lens_review_2.yaml @@ -1,27 +1,21 @@ +Description: Allows users to query AWS Well-Architected Tool Lens Reviews to obtain + detailed information about each review, including its associated workload, lens, + and milestone information. ID: aws_wellarchitected_lens_review_2 -Title: "List all AWS Well-Architected Lens Reviews with Status" -Description: "Allows users to query AWS Well-Architected Tool Lens Reviews to obtain detailed information about each review, including its associated workload, lens, and milestone information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - lens_name, - workload_id, - lens_alias, - lens_status - from - aws_wellarchitected_lens_review - where - lens_status = 'DEPRECATED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n lens_name,\n workload_id,\n lens_alias,\n lens_status\n\ + from\n aws_wellarchitected_lens_review\nwhere\n lens_status = 'DEPRECATED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List all AWS Well-Architected Lens Reviews with Status diff --git a/queries/aws_wellarchitected_lens_review_3.yaml b/queries/aws_wellarchitected_lens_review_3.yaml index 104d6c952..3692dc818 100755 --- a/queries/aws_wellarchitected_lens_review_3.yaml +++ b/queries/aws_wellarchitected_lens_review_3.yaml @@ -1,26 +1,23 @@ +Description: Allows users to query AWS Well-Architected Tool Lens Reviews to obtain + detailed information about each review, including its associated workload, lens, + and milestone information. ID: aws_wellarchitected_lens_review_3 -Title: "List all AWS Well-Architected Tool Lens Review Information" -Description: "Allows users to query AWS Well-Architected Tool Lens Reviews to obtain detailed information about each review, including its associated workload, lens, and milestone information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - lens_name, - workload_id, - risk_counts -> 'HIGH' as high_risk_counts - from - aws_wellarchitected_lens_review; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n lens_name,\n workload_id,\n risk_counts -> 'HIGH' as\ + \ high_risk_counts\nfrom\n aws_wellarchitected_lens_review;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List all AWS Well-Architected Tool Lens Review Information diff --git a/queries/aws_wellarchitected_lens_review_4.yaml b/queries/aws_wellarchitected_lens_review_4.yaml index d017283f8..fed49db0e 100755 --- a/queries/aws_wellarchitected_lens_review_4.yaml +++ b/queries/aws_wellarchitected_lens_review_4.yaml @@ -1,33 +1,25 @@ +Description: Allows users to query AWS Well-Architected Tool Lens Reviews to obtain + detailed information about each review, including its associated workload, lens, + and milestone information. ID: aws_wellarchitected_lens_review_4 -Title: "Query AWS Well-Architected Lens Reviews using SQL" -Description: "Allows users to query AWS Well-Architected Tool Lens Reviews to obtain detailed information about each review, including its associated workload, lens, and milestone information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.lens_name, - r.workload_id, - r.lens_status, - r.lens_version, - w.architectural_design, - w.environment, - w.review_restriction_date - from - aws_wellarchitected_lens_review as r, - aws_wellarchitected_workload as w - where - r.workload_id = w.workload_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n r.lens_name,\n r.workload_id,\n r.lens_status,\n r.lens_version,\n\ + \ w.architectural_design,\n w.environment,\n w.review_restriction_date\nfrom\n\ + \ aws_wellarchitected_lens_review as r,\n aws_wellarchitected_workload as w\n\ + where\n r.workload_id = w.workload_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: Query AWS Well-Architected Lens Reviews using SQL diff --git a/queries/aws_wellarchitected_lens_review_5.yaml b/queries/aws_wellarchitected_lens_review_5.yaml index 1509f9f4a..3192071a6 100755 --- a/queries/aws_wellarchitected_lens_review_5.yaml +++ b/queries/aws_wellarchitected_lens_review_5.yaml @@ -1,30 +1,25 @@ +Description: Allows users to query AWS Well-Architected Tool Lens Reviews to obtain + detailed information about each review, including its associated workload, lens, + and milestone information. ID: aws_wellarchitected_lens_review_5 -Title: "List AWS Well-Architected Tool Lens Reviews with SQL" -Description: "Allows users to query AWS Well-Architected Tool Lens Reviews to obtain detailed information about each review, including its associated workload, lens, and milestone information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - lens_name, - lens_arn, - s ->> 'Notes' as pillar_review_summary_note, - s ->> 'PillarId' as pillar_id, - s ->> 'PillarName' as pillar_name, - s ->> 'RiskCounts' as RiskCounts - from - aws_wellarchitected_lens_review, - jsonb_array_elements(pillar_review_summaries) as s; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n lens_name,\n lens_arn,\n s ->> 'Notes' as pillar_review_summary_note,\n\ + \ s ->> 'PillarId' as pillar_id,\n s ->> 'PillarName' as pillar_name,\n s ->>\ + \ 'RiskCounts' as RiskCounts\nfrom\n aws_wellarchitected_lens_review,\n jsonb_array_elements(pillar_review_summaries)\ + \ as s;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List AWS Well-Architected Tool Lens Reviews with SQL diff --git a/queries/aws_wellarchitected_lens_review_6.yaml b/queries/aws_wellarchitected_lens_review_6.yaml index 2e3e3eaa2..e7b0e7011 100755 --- a/queries/aws_wellarchitected_lens_review_6.yaml +++ b/queries/aws_wellarchitected_lens_review_6.yaml @@ -1,24 +1,21 @@ +Description: Allows users to query AWS Well-Architected Tool Lens Reviews to obtain + detailed information about each review, including its associated workload, lens, + and milestone information. ID: aws_wellarchitected_lens_review_6 -Title: "Find Lens Reviews with Workload and Milestone Info" -Description: "Allows users to query AWS Well-Architected Tool Lens Reviews to obtain detailed information about each review, including its associated workload, lens, and milestone information." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - lens_name, - lens_arn, - jsonb_pretty(risk_counts) as risk_counts - from - aws_wellarchitected_lens_review; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n lens_name,\n lens_arn,\n jsonb_pretty(risk_counts)\ + \ as risk_counts\nfrom\n aws_wellarchitected_lens_review;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: Find Lens Reviews with Workload and Milestone Info diff --git a/queries/aws_wellarchitected_lens_review_improvement_1.yaml b/queries/aws_wellarchitected_lens_review_improvement_1.yaml index 3e091359b..4c84ca5c8 100755 --- a/queries/aws_wellarchitected_lens_review_improvement_1.yaml +++ b/queries/aws_wellarchitected_lens_review_improvement_1.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query Lens Review Improvements in the AWS Well-Architected + Framework. ID: aws_wellarchitected_lens_review_improvement_1 -Title: "List AWS Well-Architected Framework Lens Review Improvements" -Description: "Allows users to query Lens Review Improvements in the AWS Well-Architected Framework." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - lens_alias, - lens_arn, - workload_id, - improvement_plan_url, - pillar_id, - question_id, - question_title - from - aws_wellarchitected_lens_review_improvement; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n lens_alias,\n lens_arn,\n workload_id,\n improvement_plan_url,\n\ + \ pillar_id,\n question_id,\n question_title\nfrom\n aws_wellarchitected_lens_review_improvement;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Framework +Title: List AWS Well-Architected Framework Lens Review Improvements diff --git a/queries/aws_wellarchitected_lens_review_improvement_2.yaml b/queries/aws_wellarchitected_lens_review_improvement_2.yaml index 22fe9b6c4..7b5e2a497 100755 --- a/queries/aws_wellarchitected_lens_review_improvement_2.yaml +++ b/queries/aws_wellarchitected_lens_review_improvement_2.yaml @@ -1,31 +1,21 @@ +Description: Allows users to query Lens Review Improvements in the AWS Well-Architected + Framework. ID: aws_wellarchitected_lens_review_improvement_2 -Title: "List All AWS Lens Review Improvements with High Risk" -Description: "Allows users to query Lens Review Improvements in the AWS Well-Architected Framework." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - lens_alias, - lens_arn, - workload_id, - improvement_plan_url, - question_id, - question_title, - risk - from - aws_wellarchitected_lens_review_improvement - where - workload_id = '4fca39b680a31bb118be6bc0d177849d' - and risk = 'HIGH'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n lens_alias,\n lens_arn,\n workload_id,\n improvement_plan_url,\n\ + \ question_id,\n question_title,\n risk\nfrom\n aws_wellarchitected_lens_review_improvement\n\ + where\n workload_id = '4fca39b680a31bb118be6bc0d177849d'\n and risk = 'HIGH';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Framework +Title: List All AWS Lens Review Improvements with High Risk diff --git a/queries/aws_wellarchitected_lens_review_improvement_3.yaml b/queries/aws_wellarchitected_lens_review_improvement_3.yaml index 9d2558af6..81d51ea19 100755 --- a/queries/aws_wellarchitected_lens_review_improvement_3.yaml +++ b/queries/aws_wellarchitected_lens_review_improvement_3.yaml @@ -1,32 +1,22 @@ +Description: Allows users to query Lens Review Improvements in the AWS Well-Architected + Framework. ID: aws_wellarchitected_lens_review_improvement_3 -Title: "List All Lens Review Improvements in AWS Well-Architected" -Description: "Allows users to query Lens Review Improvements in the AWS Well-Architected Framework." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - lens_arn, - workload_id, - risk, - count(risk) - from - aws_wellarchitected_lens_review_improvement - where - lens_alias = 'wellarchitected' - and workload_id = '4fca39b680a31bb118be6bc0d177849d' - group by - risk, - lens_arn, - workload_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n lens_arn,\n workload_id,\n risk,\n count(risk)\nfrom\n\ + \ aws_wellarchitected_lens_review_improvement\nwhere\n lens_alias = 'wellarchitected'\n\ + \ and workload_id = '4fca39b680a31bb118be6bc0d177849d'\ngroup by\n risk,\n \ + \ lens_arn,\n workload_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Framework +Title: List All Lens Review Improvements in AWS Well-Architected diff --git a/queries/aws_wellarchitected_lens_review_improvement_4.yaml b/queries/aws_wellarchitected_lens_review_improvement_4.yaml index 1c941c06e..be84ebab9 100755 --- a/queries/aws_wellarchitected_lens_review_improvement_4.yaml +++ b/queries/aws_wellarchitected_lens_review_improvement_4.yaml @@ -1,27 +1,22 @@ +Description: Allows users to query Lens Review Improvements in the AWS Well-Architected + Framework. ID: aws_wellarchitected_lens_review_improvement_4 -Title: "List AWS Well-Architected Framework Lens Review Improvements" -Description: "Allows users to query Lens Review Improvements in the AWS Well-Architected Framework." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - lens_alias, - workload_id, - p ->> 'ChoiceId' as choice_id, - p ->> 'DisplayText' as display_text, - p ->> 'ImprovementPlanUrl' as improvement_plan_url - from - aws_wellarchitected_lens_review_improvement, - jsonb_array_elements(improvement_plans) as p; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n lens_alias,\n workload_id,\n p ->> 'ChoiceId' as choice_id,\n\ + \ p ->> 'DisplayText' as display_text,\n p ->> 'ImprovementPlanUrl' as improvement_plan_url\n\ + from\n aws_wellarchitected_lens_review_improvement,\n jsonb_array_elements(improvement_plans)\ + \ as p;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Framework +Title: List AWS Well-Architected Framework Lens Review Improvements diff --git a/queries/aws_wellarchitected_lens_review_report_1.yaml b/queries/aws_wellarchitected_lens_review_report_1.yaml index 0459317d3..44f232f50 100755 --- a/queries/aws_wellarchitected_lens_review_report_1.yaml +++ b/queries/aws_wellarchitected_lens_review_report_1.yaml @@ -1,28 +1,22 @@ +Description: Allows users to query Lens Review Reports in the AWS Well-Architected + Tool. ID: aws_wellarchitected_lens_review_report_1 -Title: "Find AWS Well-Architected Tool Lens Review Reports" -Description: "Allows users to query Lens Review Reports in the AWS Well-Architected Tool." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - lens_alias, - lens_arn, - workload_id, - milestone_number, - base64_string - from - aws_wellarchitected_lens_review_report; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n lens_alias,\n lens_arn,\n workload_id,\n milestone_number,\n\ + \ base64_string\nfrom\n aws_wellarchitected_lens_review_report;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: Find AWS Well-Architected Tool Lens Review Reports diff --git a/queries/aws_wellarchitected_lens_review_report_2.yaml b/queries/aws_wellarchitected_lens_review_report_2.yaml index 9e7cda16a..0672fc34a 100755 --- a/queries/aws_wellarchitected_lens_review_report_2.yaml +++ b/queries/aws_wellarchitected_lens_review_report_2.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query Lens Review Reports in the AWS Well-Architected + Tool. ID: aws_wellarchitected_lens_review_report_2 -Title: "List all AWS Well-Architected Tool Lens Review Reports" -Description: "Allows users to query Lens Review Reports in the AWS Well-Architected Tool." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - w.workload_name, - r.workload_id, - r.base64_string, - w.environment, - w.is_review_owner_update_acknowledged - from - aws_wellarchitected_lens_review_report as r, - aws_wellarchitected_workload as w - where - r.workload_id = w.workload_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n w.workload_name,\n r.workload_id,\n r.base64_string,\n\ + \ w.environment,\n w.is_review_owner_update_acknowledged\nfrom\n aws_wellarchitected_lens_review_report\ + \ as r,\n aws_wellarchitected_workload as w\nwhere\n r.workload_id = w.workload_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List all AWS Well-Architected Tool Lens Review Reports diff --git a/queries/aws_wellarchitected_lens_review_report_3.yaml b/queries/aws_wellarchitected_lens_review_report_3.yaml index f6bb77fb4..34f326c8c 100755 --- a/queries/aws_wellarchitected_lens_review_report_3.yaml +++ b/queries/aws_wellarchitected_lens_review_report_3.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query Lens Review Reports in the AWS Well-Architected + Tool. ID: aws_wellarchitected_lens_review_report_3 -Title: "List all AWS Well-Architected Tool Lens Review Reports" -Description: "Allows users to query Lens Review Reports in the AWS Well-Architected Tool." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - r.lens_alias, - r.lens_arn, - r.base64_string, - l.lens_type - from - aws_wellarchitected_lens_review_report as r, - aws_wellarchitected_lens as l - where - l.lens_type <> `aws_OFFICIAL'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n r.lens_alias,\n r.lens_arn,\n r.base64_string,\n l.lens_type\n\ + from\n aws_wellarchitected_lens_review_report as r,\n aws_wellarchitected_lens\ + \ as l\nwhere\n l.lens_type <> `aws_OFFICIAL';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List all AWS Well-Architected Tool Lens Review Reports diff --git a/queries/aws_wellarchitected_lens_share_1.yaml b/queries/aws_wellarchitected_lens_share_1.yaml index 76b73e7de..ad0324207 100755 --- a/queries/aws_wellarchitected_lens_share_1.yaml +++ b/queries/aws_wellarchitected_lens_share_1.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query Lens Shares in AWS Well-Architected Tool, providing + details about shared lenses including the share ARN, share status, and the AWS account + ID of the lens owner. ID: aws_wellarchitected_lens_share_1 -Title: "Find AWS Well-Architected Tool Lens Shares Details" -Description: "Allows users to query Lens Shares in AWS Well-Architected Tool, providing details about shared lenses including the share ARN, share status, and the AWS account ID of the lens owner." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - lens_name, - lens_alias, - lens_arn, - share_id, - shared_with - from - aws_wellarchitected_lens_share; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n lens_name,\n lens_alias,\n lens_arn,\n share_id,\n\ + \ shared_with\nfrom\n aws_wellarchitected_lens_share;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: Find AWS Well-Architected Tool Lens Shares Details diff --git a/queries/aws_wellarchitected_lens_share_2.yaml b/queries/aws_wellarchitected_lens_share_2.yaml index 337470341..4a1429d64 100755 --- a/queries/aws_wellarchitected_lens_share_2.yaml +++ b/queries/aws_wellarchitected_lens_share_2.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query Lens Shares in AWS Well-Architected Tool, providing + details about shared lenses including the share ARN, share status, and the AWS account + ID of the lens owner. ID: aws_wellarchitected_lens_share_2 -Title: "Find AWS Well-Architected Tool Lens Shares Details" -Description: "Allows users to query Lens Shares in AWS Well-Architected Tool, providing details about shared lenses including the share ARN, share status, and the AWS account ID of the lens owner." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - s.lens_name, - l.arn, - l.lens_status, - l.lens_type, - l.owner, - l.share_invitation_id - from - aws_wellarchitected_lens_share as s, - aws_wellarchitected_lens as l - where - s.lens_arn = l.arn; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n s.lens_name,\n l.arn,\n l.lens_status,\n l.lens_type,\n\ + \ l.owner,\n l.share_invitation_id\nfrom\n aws_wellarchitected_lens_share as\ + \ s,\n aws_wellarchitected_lens as l\nwhere\n s.lens_arn = l.arn;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: Find AWS Well-Architected Tool Lens Shares Details diff --git a/queries/aws_wellarchitected_lens_share_3.yaml b/queries/aws_wellarchitected_lens_share_3.yaml index 6377eb4e2..a2070c116 100755 --- a/queries/aws_wellarchitected_lens_share_3.yaml +++ b/queries/aws_wellarchitected_lens_share_3.yaml @@ -1,29 +1,22 @@ +Description: Allows users to query Lens Shares in AWS Well-Architected Tool, providing + details about shared lenses including the share ARN, share status, and the AWS account + ID of the lens owner. ID: aws_wellarchitected_lens_share_3 -Title: "List all AWS Well-Architected Tool Lens Shares" -Description: "Allows users to query Lens Shares in AWS Well-Architected Tool, providing details about shared lenses including the share ARN, share status, and the AWS account ID of the lens owner." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - lens_name, - lens_alias, - lens_arn, - share_id, - shared_with, - status - from - aws_wellarchitected_lens_share - where - status = 'PENDING'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n lens_name,\n lens_alias,\n lens_arn,\n share_id,\n\ + \ shared_with,\n status\nfrom\n aws_wellarchitected_lens_share\nwhere\n status\ + \ = 'PENDING';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List all AWS Well-Architected Tool Lens Shares diff --git a/queries/aws_wellarchitected_milestone_1.yaml b/queries/aws_wellarchitected_milestone_1.yaml index 6e44180e7..f1af768c5 100755 --- a/queries/aws_wellarchitected_milestone_1.yaml +++ b/queries/aws_wellarchitected_milestone_1.yaml @@ -1,26 +1,20 @@ +Description: Allows users to query AWS Well-Architected Tool Milestones for detailed + information about the milestones of a workload. ID: aws_wellarchitected_milestone_1 -Title: "List all AWS Well-Architected Tool Milestones" -Description: "Allows users to query AWS Well-Architected Tool Milestones for detailed information about the milestones of a workload." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workload_id, - milestone_name, - milestone_number, - recorded_at, - region - from - aws_wellarchitected_milestone; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workload_id,\n milestone_name,\n milestone_number,\n\ + \ recorded_at,\n region\nfrom\n aws_wellarchitected_milestone;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List all AWS Well-Architected Tool Milestones diff --git a/queries/aws_wellarchitected_milestone_2.yaml b/queries/aws_wellarchitected_milestone_2.yaml index 31c1369ee..9aa24b385 100755 --- a/queries/aws_wellarchitected_milestone_2.yaml +++ b/queries/aws_wellarchitected_milestone_2.yaml @@ -1,42 +1,26 @@ +Description: Allows users to query AWS Well-Architected Tool Milestones for detailed + information about the milestones of a workload. ID: aws_wellarchitected_milestone_2 -Title: "List AWS Well-Architected Tool milestone details" -Description: "Allows users to query AWS Well-Architected Tool Milestones for detailed information about the milestones of a workload." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - with latest_milestones as - ( - select - max(milestone_number) as milestone_number, - workload_id - from - aws_wellarchitected_milestone - group by - workload_id - ) - select - m.workload_id, - m.milestone_name, - m.milestone_number as latest_milestone_number, - m.recorded_at, - m.region - from - aws_wellarchitected_milestone m, - latest_milestones l - where - m.milestone_number = l.milestone_number - and m.workload_id = l.workload_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "with latest_milestones as \n(\n select\n max(milestone_number)\ + \ as milestone_number,\n workload_id\n from\n aws_wellarchitected_milestone\n\ + \ group by\n workload_id\n) \nselect\n m.workload_id,\n m.milestone_name,\n\ + \ m.milestone_number as latest_milestone_number,\n m.recorded_at,\n m.region\n\ + from\n aws_wellarchitected_milestone m,\n latest_milestones l\nwhere\n m.milestone_number\ + \ = l.milestone_number\n and m.workload_id = l.workload_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List AWS Well-Architected Tool milestone details diff --git a/queries/aws_wellarchitected_milestone_3.yaml b/queries/aws_wellarchitected_milestone_3.yaml index d2b53d6c9..11e6acf29 100755 --- a/queries/aws_wellarchitected_milestone_3.yaml +++ b/queries/aws_wellarchitected_milestone_3.yaml @@ -1,33 +1,23 @@ +Description: Allows users to query AWS Well-Architected Tool Milestones for detailed + information about the milestones of a workload. ID: aws_wellarchitected_milestone_3 -Title: "Query AWS Well-Architected Tool Milestones in Detail" -Description: "Allows users to query AWS Well-Architected Tool Milestones for detailed information about the milestones of a workload." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - m.milestone_name, - m.milestone_number, - w.workload_name, - w.workload_id, - w.environment, - w.industry, - w.owner - from - aws_wellarchitected_workload w, - aws_wellarchitected_milestone m - where - w.workload_id = m.workload_id; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n m.milestone_name,\n m.milestone_number,\n w.workload_name,\n\ + \ w.workload_id,\n w.environment,\n w.industry,\n w.owner\nfrom\n aws_wellarchitected_workload\ + \ w,\n aws_wellarchitected_milestone m\nwhere\n w.workload_id = m.workload_id;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: Query AWS Well-Architected Tool Milestones in Detail diff --git a/queries/aws_wellarchitected_milestone_4.yaml b/queries/aws_wellarchitected_milestone_4.yaml index b65177851..bc0cdfec7 100755 --- a/queries/aws_wellarchitected_milestone_4.yaml +++ b/queries/aws_wellarchitected_milestone_4.yaml @@ -1,35 +1,24 @@ +Description: Allows users to query AWS Well-Architected Tool Milestones for detailed + information about the milestones of a workload. ID: aws_wellarchitected_milestone_4 -Title: "Find All AWS Well-Architected Tool Milestones" -Description: "Allows users to query AWS Well-Architected Tool Milestones for detailed information about the milestones of a workload." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - m.milestone_name, - m.milestone_number, - w.workload_name, - w.workload_id, - w.environment, - w.industry, - w.owner - from - aws_wellarchitected_workload w, - aws_wellarchitected_milestone m - where - w.workload_id = m.workload_id - and milestone_number = 1 - and w.workload_id = 'abcdec851ac1d8d9d5b9938615da016ce'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n m.milestone_name,\n m.milestone_number,\n w.workload_name,\n\ + \ w.workload_id,\n w.environment,\n w.industry,\n w.owner\nfrom\n aws_wellarchitected_workload\ + \ w,\n aws_wellarchitected_milestone m\nwhere\n w.workload_id = m.workload_id\n\ + \ and milestone_number = 1\n and w.workload_id = 'abcdec851ac1d8d9d5b9938615da016ce';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: Find All AWS Well-Architected Tool Milestones diff --git a/queries/aws_wellarchitected_notification_1.yaml b/queries/aws_wellarchitected_notification_1.yaml index 9a93bdb92..a782665e1 100755 --- a/queries/aws_wellarchitected_notification_1.yaml +++ b/queries/aws_wellarchitected_notification_1.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS Well-Architected Tool Notifications for detailed + information about each notification. ID: aws_wellarchitected_notification_1 -Title: "List AWS Well-Architected Tool Notifications" -Description: "Allows users to query AWS Well-Architected Tool Notifications for detailed information about each notification." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workload_name, - lens_alias, - lens_arn, - current_lens_version, - latest_lens_version - from - aws_wellarchitected_notification - where - type = 'LENS_VERSION_UPGRADED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workload_name,\n lens_alias,\n lens_arn,\n current_lens_version,\n\ + \ latest_lens_version\nfrom\n aws_wellarchitected_notification\nwhere\n type\ + \ = 'LENS_VERSION_UPGRADED';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List AWS Well-Architected Tool Notifications diff --git a/queries/aws_wellarchitected_notification_2.yaml b/queries/aws_wellarchitected_notification_2.yaml index d692646b8..9bc13ac6f 100755 --- a/queries/aws_wellarchitected_notification_2.yaml +++ b/queries/aws_wellarchitected_notification_2.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS Well-Architected Tool Notifications for detailed + information about each notification. ID: aws_wellarchitected_notification_2 -Title: "List AWS Well-Architected Tool Notification Details" -Description: "Allows users to query AWS Well-Architected Tool Notifications for detailed information about each notification." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workload_name, - lens_alias, - lens_arn, - current_lens_version, - latest_lens_version - from - aws_wellarchitected_notification - where - type = 'LENS_VERSION_DEPRECATED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workload_name,\n lens_alias,\n lens_arn,\n current_lens_version,\n\ + \ latest_lens_version\nfrom\n aws_wellarchitected_notification\nwhere\n type\ + \ = 'LENS_VERSION_DEPRECATED';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List AWS Well-Architected Tool Notification Details diff --git a/queries/aws_wellarchitected_notification_3.yaml b/queries/aws_wellarchitected_notification_3.yaml index 27eb57261..db882ad83 100755 --- a/queries/aws_wellarchitected_notification_3.yaml +++ b/queries/aws_wellarchitected_notification_3.yaml @@ -1,28 +1,21 @@ +Description: Allows users to query AWS Well-Architected Tool Notifications for detailed + information about each notification. ID: aws_wellarchitected_notification_3 -Title: "Find AWS Well-Architected Tool Notification Details" -Description: "Allows users to query AWS Well-Architected Tool Notifications for detailed information about each notification." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workload_name, - lens_alias, - lens_arn, - current_lens_version, - latest_lens_version - from - aws_wellarchitected_notification - where - workload_id = '123451c59cebcd4612f1f858bf75566'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workload_name,\n lens_alias,\n lens_arn,\n current_lens_version,\n\ + \ latest_lens_version\nfrom\n aws_wellarchitected_notification\nwhere\n workload_id\ + \ = '123451c59cebcd4612f1f858bf75566';" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: Find AWS Well-Architected Tool Notification Details diff --git a/queries/aws_wellarchitected_share_invitation_1.yaml b/queries/aws_wellarchitected_share_invitation_1.yaml index 2cb49f6aa..eab6648b1 100755 --- a/queries/aws_wellarchitected_share_invitation_1.yaml +++ b/queries/aws_wellarchitected_share_invitation_1.yaml @@ -1,26 +1,19 @@ +Description: Allows users to query Share Invitations in the AWS Well-Architected Tool. ID: aws_wellarchitected_share_invitation_1 -Title: "List AWS Well-Architected Tool Share Invitations" -Description: "Allows users to query Share Invitations in the AWS Well-Architected Tool." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - share_invitation_id, - permission_type, - shared_by, - shared_with, - share_resource_type - from - aws_wellarchitected_share_invitation; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n share_invitation_id,\n permission_type,\n shared_by,\n\ + \ shared_with,\n share_resource_type\nfrom\n aws_wellarchitected_share_invitation;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List AWS Well-Architected Tool Share Invitations diff --git a/queries/aws_wellarchitected_share_invitation_2.yaml b/queries/aws_wellarchitected_share_invitation_2.yaml index c270398c0..987a858bc 100755 --- a/queries/aws_wellarchitected_share_invitation_2.yaml +++ b/queries/aws_wellarchitected_share_invitation_2.yaml @@ -1,30 +1,20 @@ +Description: Allows users to query Share Invitations in the AWS Well-Architected Tool. ID: aws_wellarchitected_share_invitation_2 -Title: "Find AWS Well-Architected Tool Share Invitations" -Description: "Allows users to query Share Invitations in the AWS Well-Architected Tool." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - lens_arn, - lens_name, - share_invitation_id, - permission_type, - shared_by, - shared_with - from - aws_wellarchitected_share_invitation - where - share_resource_type = 'LENS' - or lens_arn is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n lens_arn,\n lens_name,\n share_invitation_id,\n permission_type,\n\ + \ shared_by,\n shared_with\nfrom\n aws_wellarchitected_share_invitation\nwhere\n\ + \ share_resource_type = 'LENS'\n or lens_arn is not null;" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Well-Architected Tool +Title: Find AWS Well-Architected Tool Share Invitations diff --git a/queries/aws_wellarchitected_share_invitation_3.yaml b/queries/aws_wellarchitected_share_invitation_3.yaml index 5c37045f9..16ce6194c 100755 --- a/queries/aws_wellarchitected_share_invitation_3.yaml +++ b/queries/aws_wellarchitected_share_invitation_3.yaml @@ -1,30 +1,20 @@ +Description: Allows users to query Share Invitations in the AWS Well-Architected Tool. ID: aws_wellarchitected_share_invitation_3 -Title: "Find Share Invitations in AWS Well-Architected Tool" -Description: "Allows users to query Share Invitations in the AWS Well-Architected Tool." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workload_id, - workload_name, - share_invitation_id, - permission_type, - shared_by, - shared_with - from - aws_wellarchitected_share_invitation - where - share_resource_type = 'WORKLOAD' - or workload_id is not null; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workload_id,\n workload_name,\n share_invitation_id,\n\ + \ permission_type,\n shared_by,\n shared_with\nfrom\n aws_wellarchitected_share_invitation\n\ + where\n share_resource_type = 'WORKLOAD'\n or workload_id is not null;" Tags: cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: Find Share Invitations in AWS Well-Architected Tool diff --git a/queries/aws_wellarchitected_share_invitation_4.yaml b/queries/aws_wellarchitected_share_invitation_4.yaml index e09e6a7cc..d84d27458 100755 --- a/queries/aws_wellarchitected_share_invitation_4.yaml +++ b/queries/aws_wellarchitected_share_invitation_4.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query Share Invitations in the AWS Well-Architected Tool. ID: aws_wellarchitected_share_invitation_4 -Title: "Find All AWS Well-Architected Tool Share Invitations" -Description: "Allows users to query Share Invitations in the AWS Well-Architected Tool." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - share_invitation_id, - permission_type, - shared_by, - shared_with, - share_resource_type - from - aws_wellarchitected_share_invitation - where - permission_type = 'CONTRIBUTOR'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n share_invitation_id,\n permission_type,\n shared_by,\n\ + \ shared_with,\n share_resource_type\nfrom\n aws_wellarchitected_share_invitation\n\ + where\n permission_type = 'CONTRIBUTOR';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: Find All AWS Well-Architected Tool Share Invitations diff --git a/queries/aws_wellarchitected_share_invitation_5.yaml b/queries/aws_wellarchitected_share_invitation_5.yaml index 0073bb327..d03c0bac2 100755 --- a/queries/aws_wellarchitected_share_invitation_5.yaml +++ b/queries/aws_wellarchitected_share_invitation_5.yaml @@ -1,28 +1,20 @@ +Description: Allows users to query Share Invitations in the AWS Well-Architected Tool. ID: aws_wellarchitected_share_invitation_5 -Title: "List all AWS Well-Architected Tool Share Invitations" -Description: "Allows users to query Share Invitations in the AWS Well-Architected Tool." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - share_invitation_id, - permission_type, - shared_by, - shared_with, - share_resource_type - from - aws_wellarchitected_share_invitation - where - permission_type = 'READONLY'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n share_invitation_id,\n permission_type,\n shared_by,\n\ + \ shared_with,\n share_resource_type\nfrom\n aws_wellarchitected_share_invitation\n\ + where\n permission_type = 'READONLY';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List all AWS Well-Architected Tool Share Invitations diff --git a/queries/aws_wellarchitected_share_invitation_6.yaml b/queries/aws_wellarchitected_share_invitation_6.yaml index 29a982511..e307ff524 100755 --- a/queries/aws_wellarchitected_share_invitation_6.yaml +++ b/queries/aws_wellarchitected_share_invitation_6.yaml @@ -1,25 +1,19 @@ +Description: Allows users to query Share Invitations in the AWS Well-Architected Tool. ID: aws_wellarchitected_share_invitation_6 -Title: "List All Share Invitations in AWS Well-Architected Tool" -Description: "Allows users to query Share Invitations in the AWS Well-Architected Tool." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - count(*) as total, - share_resource_type - from - aws_wellarchitected_share_invitation - group by - share_resource_type; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n count(*) as total,\n share_resource_type\nfrom\n aws_wellarchitected_share_invitation\n\ + group by\n share_resource_type;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List All Share Invitations in AWS Well-Architected Tool diff --git a/queries/aws_wellarchitected_workload_1.yaml b/queries/aws_wellarchitected_workload_1.yaml index 39e56bf97..694037fce 100755 --- a/queries/aws_wellarchitected_workload_1.yaml +++ b/queries/aws_wellarchitected_workload_1.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS Well-Architected Tool Workloads to retrieve + and manage workload data, including workload names, ARNs, risk counts, and improvement + statuses. ID: aws_wellarchitected_workload_1 -Title: "List all AWS Well-Architected Tool Workloads including names, ARNs, and statuses" -Description: "Allows users to query AWS Well-Architected Tool Workloads to retrieve and manage workload data, including workload names, ARNs, risk counts, and improvement statuses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workload_name, - workload_id, - environment, - industry, - owner - from - aws_wellarchitected_workload; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workload_name,\n workload_id,\n environment,\n industry,\n\ + \ owner\nfrom\n aws_wellarchitected_workload;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List all AWS Well-Architected Tool Workloads including names, ARNs, and statuses diff --git a/queries/aws_wellarchitected_workload_2.yaml b/queries/aws_wellarchitected_workload_2.yaml index 189967346..8a5cab268 100755 --- a/queries/aws_wellarchitected_workload_2.yaml +++ b/queries/aws_wellarchitected_workload_2.yaml @@ -1,28 +1,23 @@ +Description: Allows users to query AWS Well-Architected Tool Workloads to retrieve + and manage workload data, including workload names, ARNs, risk counts, and improvement + statuses. ID: aws_wellarchitected_workload_2 -Title: "List all AWS Well-Architected Tool Workloads Data" -Description: "Allows users to query AWS Well-Architected Tool Workloads to retrieve and manage workload data, including workload names, ARNs, risk counts, and improvement statuses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workload_name, - workload_id, - environment - from - aws_wellarchitected_workload - where - environment = 'PRODUCTION'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workload_name,\n workload_id,\n environment\nfrom\n\ + \ aws_wellarchitected_workload\nwhere\n environment = 'PRODUCTION';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS Well-Architected Tool Workloads +Title: List all AWS Well-Architected Tool Workloads Data diff --git a/queries/aws_wellarchitected_workload_3.yaml b/queries/aws_wellarchitected_workload_3.yaml index 5e383fe2d..69c60c079 100755 --- a/queries/aws_wellarchitected_workload_3.yaml +++ b/queries/aws_wellarchitected_workload_3.yaml @@ -1,26 +1,23 @@ +Description: Allows users to query AWS Well-Architected Tool Workloads to retrieve + and manage workload data, including workload names, ARNs, risk counts, and improvement + statuses. ID: aws_wellarchitected_workload_3 -Title: "Find AWS Well-Architected Workloads Risk and IDs" -Description: "Allows users to query AWS Well-Architected Tool Workloads to retrieve and manage workload data, including workload names, ARNs, risk counts, and improvement statuses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workload_name, - workload_id, - risk_counts -> 'HIGH' as high_risk_counts - from - aws_wellarchitected_workload; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workload_name,\n workload_id,\n risk_counts -> 'HIGH'\ + \ as high_risk_counts\nfrom\n aws_wellarchitected_workload;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: Find AWS Well-Architected Workloads Risk and IDs diff --git a/queries/aws_wellarchitected_workload_4.yaml b/queries/aws_wellarchitected_workload_4.yaml index d8df0b29f..2bdb0f386 100755 --- a/queries/aws_wellarchitected_workload_4.yaml +++ b/queries/aws_wellarchitected_workload_4.yaml @@ -1,26 +1,21 @@ +Description: Allows users to query AWS Well-Architected Tool Workloads to retrieve + and manage workload data, including workload names, ARNs, risk counts, and improvement + statuses. ID: aws_wellarchitected_workload_4 -Title: "Find all AWS Well-Architected Tool Workloads" -Description: "Allows users to query AWS Well-Architected Tool Workloads to retrieve and manage workload data, including workload names, ARNs, risk counts, and improvement statuses." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workload_name, - workload_id, - is_review_owner_update_acknowledged - from - aws_wellarchitected_workload - where - not is_review_owner_update_acknowledged; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workload_name,\n workload_id,\n is_review_owner_update_acknowledged\n\ + from\n aws_wellarchitected_workload\nwhere\n not is_review_owner_update_acknowledged;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: Find all AWS Well-Architected Tool Workloads diff --git a/queries/aws_wellarchitected_workload_share_1.yaml b/queries/aws_wellarchitected_workload_share_1.yaml index 6aa65765b..47712865e 100755 --- a/queries/aws_wellarchitected_workload_share_1.yaml +++ b/queries/aws_wellarchitected_workload_share_1.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query AWS Well-Architected Workload Share, providing + information about shared workloads within AWS Well-Architected Tool. ID: aws_wellarchitected_workload_share_1 -Title: "Find Shared Workloads in AWS Well-Architected Tool" -Description: "Allows users to query AWS Well-Architected Workload Share, providing information about shared workloads within AWS Well-Architected Tool." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workload_id, - share_id, - shared_with - permission_type, - status, - region - from - aws_wellarchitected_workload_share; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workload_id,\n share_id,\n shared_with\n permission_type,\n\ + \ status,\n region\nfrom\n aws_wellarchitected_workload_share;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: Find Shared Workloads in AWS Well-Architected Tool diff --git a/queries/aws_wellarchitected_workload_share_2.yaml b/queries/aws_wellarchitected_workload_share_2.yaml index 2170db113..db22e1695 100755 --- a/queries/aws_wellarchitected_workload_share_2.yaml +++ b/queries/aws_wellarchitected_workload_share_2.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS Well-Architected Workload Share, providing + information about shared workloads within AWS Well-Architected Tool. ID: aws_wellarchitected_workload_share_2 -Title: "List all AWS Well-Architected Workload Shares" -Description: "Allows users to query AWS Well-Architected Workload Share, providing information about shared workloads within AWS Well-Architected Tool." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workload_id, - share_id, - shared_with - permission_type, - status, - region - from - aws_wellarchitected_workload_share - where - status = 'PENDING'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workload_id,\n share_id,\n shared_with\n permission_type,\n\ + \ status,\n region\nfrom\n aws_wellarchitected_workload_share\nwhere\n status\ + \ = 'PENDING';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List all AWS Well-Architected Workload Shares diff --git a/queries/aws_wellarchitected_workload_share_3.yaml b/queries/aws_wellarchitected_workload_share_3.yaml index b41c40eec..75e668f21 100755 --- a/queries/aws_wellarchitected_workload_share_3.yaml +++ b/queries/aws_wellarchitected_workload_share_3.yaml @@ -1,29 +1,21 @@ +Description: Allows users to query AWS Well-Architected Workload Share, providing + information about shared workloads within AWS Well-Architected Tool. ID: aws_wellarchitected_workload_share_3 -Title: "List all AWS Well-Architected Tool Workload Shares" -Description: "Allows users to query AWS Well-Architected Workload Share, providing information about shared workloads within AWS Well-Architected Tool." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workload_id, - share_id, - shared_with - permission_type, - status, - region - from - aws_wellarchitected_workload_share - where - permission_type = 'CONTRIBUTOR'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workload_id,\n share_id,\n shared_with\n permission_type,\n\ + \ status,\n region\nfrom\n aws_wellarchitected_workload_share\nwhere\n permission_type\ + \ = 'CONTRIBUTOR';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: List all AWS Well-Architected Tool Workload Shares diff --git a/queries/aws_wellarchitected_workload_share_4.yaml b/queries/aws_wellarchitected_workload_share_4.yaml index f3d930197..9086a7fca 100755 --- a/queries/aws_wellarchitected_workload_share_4.yaml +++ b/queries/aws_wellarchitected_workload_share_4.yaml @@ -1,31 +1,23 @@ +Description: Allows users to query AWS Well-Architected Workload Share, providing + information about shared workloads within AWS Well-Architected Tool. ID: aws_wellarchitected_workload_share_4 -Title: "Find AWS Well-Architected Workload Share With Read-Only Permission" -Description: "Allows users to query AWS Well-Architected Workload Share, providing information about shared workloads within AWS Well-Architected Tool." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - workload_id, - share_id, - shared_with - permission_type, - status, - region - from - aws_wellarchitected_workload_share - where - permission_type = 'READONLY'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n workload_id,\n share_id,\n shared_with\n permission_type,\n\ + \ status,\n region\nfrom\n aws_wellarchitected_workload_share\nwhere\n permission_type\ + \ = 'READONLY';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Well-Architected Tool +Title: Find AWS Well-Architected Workload Share With Read-Only Permission diff --git a/queries/aws_workspaces_directory_1.yaml b/queries/aws_workspaces_directory_1.yaml index 33cbd8bcd..201ed29a1 100755 --- a/queries/aws_workspaces_directory_1.yaml +++ b/queries/aws_workspaces_directory_1.yaml @@ -1,30 +1,23 @@ +Description: Allows users to query AWS WorkSpaces Directory information to retrieve + details such as directory ID, directory type, workspace creation properties, and + more. ID: aws_workspaces_directory_1 -Title: "Find AWS WorkSpaces Directory Information Details" -Description: "Allows users to query AWS WorkSpaces Directory information to retrieve details such as directory ID, directory type, workspace creation properties, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - directory_id, - arn, - alias, - customer_user_name, - directory_type, - state - from - aws_workspaces_directory; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n directory_id,\n arn,\n alias,\n customer_user_name,\n\ + \ directory_type,\n state\nfrom\n aws_workspaces_directory;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS WorkSpaces +Title: Find AWS WorkSpaces Directory Information Details diff --git a/queries/aws_workspaces_directory_2.yaml b/queries/aws_workspaces_directory_2.yaml index 25a40d858..9403d4ccf 100755 --- a/queries/aws_workspaces_directory_2.yaml +++ b/queries/aws_workspaces_directory_2.yaml @@ -1,34 +1,26 @@ +Description: Allows users to query AWS WorkSpaces Directory information to retrieve + details such as directory ID, directory type, workspace creation properties, and + more. ID: aws_workspaces_directory_2 -Title: "Find all AWS WorkSpaces Directory Details via SQL" -Description: "Allows users to query AWS WorkSpaces Directory information to retrieve details such as directory ID, directory type, workspace creation properties, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - directory_id, - arn, - alias, - customer_user_name, - directory_type, - state - from - aws_workspaces_directory - where - certificate_based_auth_properties ->> 'Status' = 'ENABLED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n directory_id,\n arn,\n alias,\n customer_user_name,\n\ + \ directory_type,\n state\nfrom\n aws_workspaces_directory\nwhere\n certificate_based_auth_properties\ + \ ->> 'Status' = 'ENABLED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WorkSpaces +Title: Find all AWS WorkSpaces Directory Details via SQL diff --git a/queries/aws_workspaces_directory_3.yaml b/queries/aws_workspaces_directory_3.yaml index aeb560195..168b7e583 100755 --- a/queries/aws_workspaces_directory_3.yaml +++ b/queries/aws_workspaces_directory_3.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS WorkSpaces Directory information to retrieve + details such as directory ID, directory type, workspace creation properties, and + more. ID: aws_workspaces_directory_3 -Title: "Find AWS WorkSpaces Directory Information" -Description: "Allows users to query AWS WorkSpaces Directory information to retrieve details such as directory ID, directory type, workspace creation properties, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - directory_id, - arn, - alias, - customer_user_name, - directory_type, - state - from - aws_workspaces_directory - where - directory_type = 'SIMPLE_AD'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n directory_id,\n arn,\n alias,\n customer_user_name,\n\ + \ directory_type,\n state\nfrom\n aws_workspaces_directory\nwhere\n directory_type\ + \ = 'SIMPLE_AD';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WorkSpaces +Title: Find AWS WorkSpaces Directory Information diff --git a/queries/aws_workspaces_directory_4.yaml b/queries/aws_workspaces_directory_4.yaml index cd40f481e..27f26ac52 100755 --- a/queries/aws_workspaces_directory_4.yaml +++ b/queries/aws_workspaces_directory_4.yaml @@ -1,31 +1,25 @@ +Description: Allows users to query AWS WorkSpaces Directory information to retrieve + details such as directory ID, directory type, workspace creation properties, and + more. ID: aws_workspaces_directory_4 -Title: "Find all AWS WorkSpaces Directory Information" -Description: "Allows users to query AWS WorkSpaces Directory information to retrieve details such as directory ID, directory type, workspace creation properties, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - directory_id, - arn, - saml_properties ->> 'RelayStateParameterName' as saml_relay_state_parameter_name, - saml_properties ->> 'Status' as saml_status, - saml_properties ->> 'UserAccessUrl' as saml_user_access_url - from - aws_workspaces_directory - where - directory_id = 'd-96676995ea'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n directory_id,\n arn,\n saml_properties ->>\ + \ 'RelayStateParameterName' as saml_relay_state_parameter_name,\n saml_properties\ + \ ->> 'Status' as saml_status,\n saml_properties ->> 'UserAccessUrl' as saml_user_access_url\n\ + from\n aws_workspaces_directory\nwhere\n directory_id = 'd-96676995ea';" Tags: cloud_identity_security: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WorkSpaces +Title: Find all AWS WorkSpaces Directory Information diff --git a/queries/aws_workspaces_directory_5.yaml b/queries/aws_workspaces_directory_5.yaml index 5c97242d4..49bbe4a46 100755 --- a/queries/aws_workspaces_directory_5.yaml +++ b/queries/aws_workspaces_directory_5.yaml @@ -1,33 +1,25 @@ +Description: Allows users to query AWS WorkSpaces Directory information to retrieve + details such as directory ID, directory type, workspace creation properties, and + more. ID: aws_workspaces_directory_5 -Title: "List AWS WorkSpaces Directory Information" -Description: "Allows users to query AWS WorkSpaces Directory information to retrieve details such as directory ID, directory type, workspace creation properties, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - directory_id, - arn, - alias, - customer_user_name, - directory_type, - state, - selfservice_permissions ->> 'SwitchRunningMode' as switch_running_mode - from - aws_workspaces_directory - where - selfservice_permissions ->> 'SwitchRunningMode' = 'ENABLED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n directory_id,\n arn,\n alias,\n customer_user_name,\n\ + \ directory_type,\n state,\n selfservice_permissions ->> 'SwitchRunningMode'\ + \ as switch_running_mode\nfrom\n aws_workspaces_directory\nwhere\n selfservice_permissions\ + \ ->> 'SwitchRunningMode' = 'ENABLED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_ops: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WorkSpaces +Title: List AWS WorkSpaces Directory Information diff --git a/queries/aws_workspaces_directory_6.yaml b/queries/aws_workspaces_directory_6.yaml index be486b51f..a53d8e611 100755 --- a/queries/aws_workspaces_directory_6.yaml +++ b/queries/aws_workspaces_directory_6.yaml @@ -1,32 +1,27 @@ +Description: Allows users to query AWS WorkSpaces Directory information to retrieve + details such as directory ID, directory type, workspace creation properties, and + more. ID: aws_workspaces_directory_6 -Title: "Find AWS WorkSpaces Directory Details Including IDs and Properties" -Description: "Allows users to query AWS WorkSpaces Directory information to retrieve details such as directory ID, directory type, workspace creation properties, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - directory_id, - arn, - workspace_creation_properties ->> 'CustomSecurityGroupId' as custom_security_group_id, - workspace_creation_properties ->> 'DefaultOu' as default_ou, - workspace_creation_properties ->> 'EnableInternetAccess' as enable_internet_access, - workspace_creation_properties ->> 'EnableMaintenanceMode' as enable_maintenance_mode, - workspace_creation_properties ->> 'EnableWorkDocs' as enable_work_docs, - workspace_creation_properties ->> 'UserEnabledAsLocalAdministrator' as user_enabled_as_local_administrator - from - aws_workspaces_directory - where - directory_id = 'd-96676995ea'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n directory_id,\n arn,\n workspace_creation_properties\ + \ ->> 'CustomSecurityGroupId' as custom_security_group_id,\n workspace_creation_properties\ + \ ->> 'DefaultOu' as default_ou,\n workspace_creation_properties ->> 'EnableInternetAccess'\ + \ as enable_internet_access,\n workspace_creation_properties ->> 'EnableMaintenanceMode'\ + \ as enable_maintenance_mode,\n workspace_creation_properties ->> 'EnableWorkDocs'\ + \ as enable_work_docs,\n workspace_creation_properties ->> 'UserEnabledAsLocalAdministrator'\ + \ as user_enabled_as_local_administrator\nfrom\n aws_workspaces_directory\nwhere\n\ + \ directory_id = 'd-96676995ea';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS WorkSpaces +Title: Find AWS WorkSpaces Directory Details Including IDs and Properties diff --git a/queries/aws_workspaces_directory_7.yaml b/queries/aws_workspaces_directory_7.yaml index b0258fed5..5902f6e4f 100755 --- a/queries/aws_workspaces_directory_7.yaml +++ b/queries/aws_workspaces_directory_7.yaml @@ -1,30 +1,22 @@ +Description: Allows users to query AWS WorkSpaces Directory information to retrieve + details such as directory ID, directory type, workspace creation properties, and + more. ID: aws_workspaces_directory_7 -Title: "List all AWS WorkSpaces Directory Information" -Description: "Allows users to query AWS WorkSpaces Directory information to retrieve details such as directory ID, directory type, workspace creation properties, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - directory_id, - arn, - alias, - customer_user_name, - directory_type, - state - from - aws_workspaces_directory - where - state = 'REGISTERED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n directory_id,\n arn,\n alias,\n customer_user_name,\n\ + \ directory_type,\n state\nfrom\n aws_workspaces_directory\nwhere\n state\ + \ = 'REGISTERED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - WorkSpaces +Title: List all AWS WorkSpaces Directory Information diff --git a/queries/aws_workspaces_directory_8.yaml b/queries/aws_workspaces_directory_8.yaml index f77ff099e..43368bb4a 100755 --- a/queries/aws_workspaces_directory_8.yaml +++ b/queries/aws_workspaces_directory_8.yaml @@ -1,36 +1,30 @@ +Description: Allows users to query AWS WorkSpaces Directory information to retrieve + details such as directory ID, directory type, workspace creation properties, and + more. ID: aws_workspaces_directory_8 -Title: "List AWS WorkSpaces Directory Details Using SQL" -Description: "Allows users to query AWS WorkSpaces Directory information to retrieve details such as directory ID, directory type, workspace creation properties, and more." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - directory_id, - arn, - workspace_access_properties ->> 'DeviceTypeAndroid' as device_type_android, - workspace_access_properties ->> 'DeviceTypeChromeOs' as device_type_chrome_os, - workspace_access_properties ->> 'DeviceTypeIos' as device_type_ios, - workspace_access_properties ->> 'DeviceTypeLinux' as device_type_linux, - workspace_access_properties ->> 'DeviceTypeOsx' as device_type_osx, - workspace_access_properties ->> 'DeviceTypeWeb' as device_type_web, - workspace_access_properties ->> 'DeviceTypeWindows' as device_type_windows, - workspace_access_properties ->> 'DeviceTypeZeroClient' as device_type_zero_client - from - aws_workspaces_directory - where - directory_id = 'd-96676995ea'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n directory_id,\n arn,\n workspace_access_properties\ + \ ->> 'DeviceTypeAndroid' as device_type_android,\n workspace_access_properties\ + \ ->> 'DeviceTypeChromeOs' as device_type_chrome_os,\n workspace_access_properties\ + \ ->> 'DeviceTypeIos' as device_type_ios,\n workspace_access_properties ->> 'DeviceTypeLinux'\ + \ as device_type_linux,\n workspace_access_properties ->> 'DeviceTypeOsx' as\ + \ device_type_osx,\n workspace_access_properties ->> 'DeviceTypeWeb' as device_type_web,\n\ + \ workspace_access_properties ->> 'DeviceTypeWindows' as device_type_windows,\n\ + \ workspace_access_properties ->> 'DeviceTypeZeroClient' as device_type_zero_client\n\ + from\n aws_workspaces_directory\nwhere\n directory_id = 'd-96676995ea';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_identity_security: - - "true" + - 'true' cloud_provider: - aws cloud_service: - AWS WorkSpaces +Title: List AWS WorkSpaces Directory Details Using SQL diff --git a/queries/aws_workspaces_workspace_1.yaml b/queries/aws_workspaces_workspace_1.yaml index 300b4f380..94308191a 100755 --- a/queries/aws_workspaces_workspace_1.yaml +++ b/queries/aws_workspaces_workspace_1.yaml @@ -1,25 +1,19 @@ +Description: Allows users to query Amazon WorkSpaces Workspace to retrieve details + about each workspace in the AWS account. ID: aws_workspaces_workspace_1 -Title: "List all Amazon WorkSpaces Workspace details" -Description: "Allows users to query Amazon WorkSpaces Workspace to retrieve details about each workspace in the AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - workspace_id, - arn, - state - from - aws_workspaces_workspace; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n workspace_id,\n arn,\n state\nfrom\n aws_workspaces_workspace;" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon WorkSpaces +Title: List all Amazon WorkSpaces Workspace details diff --git a/queries/aws_workspaces_workspace_2.yaml b/queries/aws_workspaces_workspace_2.yaml index f636358c5..b33150119 100755 --- a/queries/aws_workspaces_workspace_2.yaml +++ b/queries/aws_workspaces_workspace_2.yaml @@ -1,27 +1,20 @@ +Description: Allows users to query Amazon WorkSpaces Workspace to retrieve details + about each workspace in the AWS account. ID: aws_workspaces_workspace_2 -Title: "Find Amazon WorkSpaces Workspace details in AWS" -Description: "Allows users to query Amazon WorkSpaces Workspace to retrieve details about each workspace in the AWS account." -Connector: -- aws +IntegrationTypeName: +- aws_cloud Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - name, - workspace_id, - arn, - state - from - aws_workspaces_workspace - where - state = 'TERMINATED'; - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select\n name,\n workspace_id,\n arn,\n state\nfrom\n aws_workspaces_workspace\n\ + where\n state = 'TERMINATED';" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Amazon WorkSpaces +Title: Find Amazon WorkSpaces Workspace details in AWS diff --git a/queries/bulk_update_yaml.sh b/queries/bulk_update_yaml.sh index 5dab704c4..6f84c1da4 100755 --- a/queries/bulk_update_yaml.sh +++ b/queries/bulk_update_yaml.sh @@ -1,41 +1,113 @@ #!/bin/bash -# Description: -# This script traverses all subdirectories to find YAML files containing the 'Connector' key -# and renames the key to 'IntegrationTypeName' while mapping specific values. - -# Define the root directory (current directory) -ROOT_DIR="." - -# Create or clear the log files -> processed_files.log -> error_files.log -> error_messages.log - -# Function to process each file -process_file() { - local file="$1" - echo "Processing: $file" - - # Apply the yq transformation - if yq eval -i '.IntegrationTypeName = (if (.Connector | type) == "array" then .Connector | map({"aws": "aws_cloud", "azure": "azure_subscription"}[.] // .) else {"aws": "aws_cloud", "azure": "azure_subscription"}[.Connector] // .Connector end) | del(.Connector)' "$file" - then - echo "$file processed successfully." >> processed_files.log - else - echo "Error processing $file" >> error_files.log - # Capture detailed error messages - yq eval '.IntegrationTypeName = (if (.Connector | type) == "array" then .Connector | map({"aws": "aws_cloud", "azure": "azure_subscription"}[.] // .) else {"aws": "aws_cloud", "azure": "azure_subscription"}[.Connector] // .Connector end) | del(.Connector)' "$file" 2>> error_messages.log - fi +# Script Name: replace_integration_types.sh +# Description: +# Replaces '- aws' with '- aws_cloud' and '- azure' with '- azure_subscription' +# within the IntegrationTypeName sections of YAML files. +# +# Usage: +# ./replace_integration_types.sh [-r] [directory] +# -r : Recursively search through subdirectories +# directory : Directory to start from (default: current directory) + +# Exit immediately if a command exits with a non-zero status +set -e + +# Function to display usage instructions +usage() { + echo "Usage: $0 [-r] [directory]" + echo " -r Recursively search through subdirectories" + echo " directory Directory to start from (default: current directory)" + exit 1 } -export -f process_file +# Initialize variables +RECURSIVE=false +START_DIR="." + +# Parse options +while getopts "r" opt; do + case "$opt" in + r) + RECURSIVE=true + ;; + \?) + echo "Invalid option: -$OPTARG" >&2 + usage + ;; + esac +done +shift $((OPTIND -1)) + +# If a directory is provided, use it +if [ "$#" -ge 1 ]; then + START_DIR="$1" +fi + +# Check if the starting directory exists and is a directory +if [ ! -d "$START_DIR" ]; then + echo "Error: Directory '$START_DIR' does not exist." >&2 + exit 1 +fi + +# Determine the find command based on the recursive flag +if [ "$RECURSIVE" = true ]; then + FIND_CMD=(find "$START_DIR" -type f) +else + FIND_CMD=(find "$START_DIR" -maxdepth 1 -type f) +fi + +# Find and process each file +for FILE in "${FIND_CMD[@]}"; do + # Check if the file has a .yaml or .yml extension + if [[ "$FILE" =~ \.(yaml|yml)$ ]]; then + # Output processing message + echo "Processing: $FILE" + + # Check if the file contains 'IntegrationTypeName:' + if grep -q "^IntegrationTypeName:" "$FILE"; then + # Create a temporary file securely + TMP_FILE=$(mktemp) + + # Use awk to perform the replacements within the IntegrationTypeName block + awk ' + BEGIN { in_block = 0 } + /^IntegrationTypeName:/ { + print; + in_block = 1; + next + } + # Exit the block if a new top-level key starts (line starts with non-space and not a list item) + /^[^[:space:]]/ && !/^[[:space:]]*-/ { + in_block = 0 + } + # If within the IntegrationTypeName block and line matches '- aws', replace it + in_block == 1 && /^[[:space:]]*-[[:space:]]*aws[[:space:]]*$/ { + sub(/- aws[[:space:]]*$/, "- aws_cloud") + } + # If within the IntegrationTypeName block and line matches '- azure', replace it + in_block == 1 && /^[[:space:]]*-[[:space:]]*azure[[:space:]]*$/ { + sub(/- azure[[:space:]]*$/, "- azure_subscription") + } + { print } + ' "$FILE" > "$TMP_FILE" -# Find and process all .yaml and .yml files containing the 'Connector' key -find "$ROOT_DIR" -type f \( -iname "*.yaml" -o -iname "*.yml" \) -print0 | while IFS= read -r -d '' file; do - if grep -q '^Connector:' "$file"; then - process_file "$file" - fi + # Compare the original file with the modified file + if ! cmp -s "$FILE" "$TMP_FILE"; then + # Replace the original file with the modified file + mv "$TMP_FILE" "$FILE" + echo "Modified: $FILE" + else + # No changes made; remove the temporary file + rm "$TMP_FILE" + fi + else + echo "No IntegrationTypeName section found in: $FILE" + fi + else + # Non-YAML files are ignored, but still output processing message + echo "Processing: $FILE (skipped, not a YAML file)" + fi done -echo "Bulk update completed. Check 'processed_files.log' for details." -echo "Any errors are logged in 'error_files.log' and 'error_messages.log'." \ No newline at end of file +echo "Replacement process complete." diff --git a/queries/cloud_managed_software.yaml b/queries/cloud_managed_software.yaml index 086ca44a8..fb437579e 100755 --- a/queries/cloud_managed_software.yaml +++ b/queries/cloud_managed_software.yaml @@ -1,36 +1,26 @@ +Description: '' ID: cloud_managed_software -Title: "Cloud Managed Software" -Description: "" -Connector: -- aws -- azure +IntegrationTypeName: +- aws_cloud +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - case - when resource_type like 'aws::%' then 'AWS' - else 'Azure' - end as provider, - c.name as cloud_account_name, - c.id as _discovered_provider_id, - r.name as name, - r.region as location, - r.connection_id as _og_connection_id, - r.resource_id as _resource_id, - r.resource_type as _resource_type, - r.created_at as _last_discovered - from - og_resources r inner join og_connections c on r.connection_id = c.og_id - where - resource_type IN ('aws::kafka::cluster', 'aws::mwaa::environment', 'aws::amp::workspace', 'microsoft.dashboard/grafana') - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n case\n when resource_type like 'aws::%' then 'AWS'\n\ + \ else 'Azure'\n end as provider, \n c.name as cloud_account_name, \n c.id\ + \ as _discovered_provider_id,\n r.name as name, \n r.region as location, \n\ + \ r.connection_id as _og_connection_id,\n r.resource_id as _resource_id,\n \ + \ r.resource_type as _resource_type,\n r.created_at as _last_discovered\nfrom\ + \ \n og_resources r inner join og_connections c on r.connection_id = c.og_id\n\ + where \n resource_type IN ('aws::kafka::cluster', 'aws::mwaa::environment', 'aws::amp::workspace',\ + \ 'microsoft.dashboard/grafana')" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws cloud_service: - Managed Software +Title: Cloud Managed Software diff --git a/queries/cloud_networks.yaml b/queries/cloud_networks.yaml index ca4ac8bfd..66da66908 100755 --- a/queries/cloud_networks.yaml +++ b/queries/cloud_networks.yaml @@ -1,37 +1,26 @@ +Description: '' ID: cloud_networks -Title: "Cloud Networks" -Description: "" -Connector: -- aws -- azure +IntegrationTypeName: +- aws_cloud +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - case - when resource_type like 'aws::%' then 'AWS' - else 'Azure' - end as provider, - c.name as cloud_account_name, - c.id as _discovered_provider_id, - r.name as name, - r.region as location, - r.connection_id as _og_connection_id, - r.resource_id as _resource_id, - r.resource_type as _resource_type, - r.created_at as _last_discovered - from - og_resources r inner join og_connections c on r.connection_id = c.og_id - where - resource_type IN ('aws::ec2::vpc', 'microsoft.network/virtualnetworks') - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n case\n when resource_type like 'aws::%' then 'AWS'\n\ + \ else 'Azure'\n end as provider, \n c.name as cloud_account_name, \n c.id\ + \ as _discovered_provider_id,\n r.name as name, \n r.region as location, \n\ + \ r.connection_id as _og_connection_id,\n r.resource_id as _resource_id,\n \ + \ r.resource_type as _resource_type,\n r.created_at as _last_discovered\nfrom\ + \ \n og_resources r inner join og_connections c on r.connection_id = c.og_id\n\ + where \n resource_type IN ('aws::ec2::vpc', 'microsoft.network/virtualnetworks')" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws - azure cloud_service: - Network +Title: Cloud Networks diff --git a/queries/container_workload.yaml b/queries/container_workload.yaml index ae1a83900..0afc35108 100755 --- a/queries/container_workload.yaml +++ b/queries/container_workload.yaml @@ -1,36 +1,26 @@ +Description: '' ID: container_workload -Title: "Container Workload" -Description: "" -Connector: -- aws -- azure +IntegrationTypeName: +- aws_cloud +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - case - when resource_type like 'aws::%' then 'AWS' - else 'Azure' - end as provider, - c.name as cloud_account_name, - c.id as _discovered_provider_id, - r.name as name, - r.region as location, - r.connection_id as _og_connection_id, - r.resource_id as _resource_id, - r.resource_type as _resource_type, - r.created_at as _last_discovered - from - og_resources r inner join og_connections c on r.connection_id = c.og_id - where - resource_type IN ('aws::eks::cluster', 'aws::ecs::cluster', 'microsoft.containerregistry/registries', 'microsoft.containerservice/managedclusters', 'microsoft.app/containerapps') - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n case\n when resource_type like 'aws::%' then 'AWS'\n\ + \ else 'Azure'\n end as provider, \n c.name as cloud_account_name, \n c.id\ + \ as _discovered_provider_id,\n r.name as name, \n r.region as location, \n\ + \ r.connection_id as _og_connection_id,\n r.resource_id as _resource_id,\n \ + \ r.resource_type as _resource_type,\n r.created_at as _last_discovered\nfrom\ + \ \n og_resources r inner join og_connections c on r.connection_id = c.og_id\n\ + where \n resource_type IN ('aws::eks::cluster', 'aws::ecs::cluster', 'microsoft.containerregistry/registries',\ + \ 'microsoft.containerservice/managedclusters', 'microsoft.app/containerapps')" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws and azure cloud_service: - Container Workload +Title: Container Workload diff --git a/queries/database_workload.yaml b/queries/database_workload.yaml index 1cade3dc7..faf7aad66 100755 --- a/queries/database_workload.yaml +++ b/queries/database_workload.yaml @@ -1,40 +1,30 @@ +Description: '' ID: database_workload -Title: "List Database Workloads and Cloud Provider Information" -Description: "" -Connector: -- aws -- azure +IntegrationTypeName: +- aws_cloud +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - case - when resource_type like 'aws::%' then 'AWS' - else 'Azure' - end as provider, - c.name as cloud_account_name, - c.id as _discovered_provider_id, - r.name as name, - r.region as location, - r.connection_id as _og_connection_id, - r.resource_id as _resource_id, - r.resource_type as _resource_type, - r.created_at as _last_discovered - from - og_resources r inner join og_connections c on r.connection_id = c.og_id - where - resource_type IN ('aws::memorydb::cluster', 'aws::neptune::database', 'aws::dynamodb::table', 'aws::rds::dbinstance', - 'aws::elasticache::cluster', 'aws::redshift::cluster', 'aws::dms::replicationinstance', 'aws::redshiftserverless::namespace', - 'aws::opensearchserverless::collection', 'microsoft.dbforpostgresql/servers', 'microsoft.documentdb/sqldatabases', 'microsoft.sql/servers', - 'microsoft.dbformysql/servers','microsoft.sql/managedinstances') - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n case\n when resource_type like 'aws::%' then 'AWS'\n\ + \ else 'Azure'\n end as provider, \n c.name as cloud_account_name, \n c.id\ + \ as _discovered_provider_id,\n r.name as name, \n r.region as location, \n\ + \ r.connection_id as _og_connection_id,\n r.resource_id as _resource_id,\n \ + \ r.resource_type as _resource_type,\n r.created_at as _last_discovered\nfrom\ + \ \n og_resources r inner join og_connections c on r.connection_id = c.og_id\n\ + where \n resource_type IN ('aws::memorydb::cluster', 'aws::neptune::database',\ + \ 'aws::dynamodb::table', 'aws::rds::dbinstance', \n 'aws::elasticache::cluster',\ + \ 'aws::redshift::cluster', 'aws::dms::replicationinstance', 'aws::redshiftserverless::namespace',\ + \ \n 'aws::opensearchserverless::collection', 'microsoft.dbforpostgresql/servers',\ + \ 'microsoft.documentdb/sqldatabases', 'microsoft.sql/servers', \n 'microsoft.dbformysql/servers','microsoft.sql/managedinstances')" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws - azure cloud_service: - Database +Title: List Database Workloads and Cloud Provider Information diff --git a/queries/devops.yaml b/queries/devops.yaml index 29bd7ef7c..ec11308ac 100755 --- a/queries/devops.yaml +++ b/queries/devops.yaml @@ -1,38 +1,27 @@ +Description: '' ID: devops -Title: "DevOps" -Description: "" -Connector: -- aws -- azure +IntegrationTypeName: +- aws_cloud +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - case - when resource_type like 'aws::%' then 'AWS' - else 'Azure' - end as provider, - c.name as cloud_account_name, - c.id as _discovered_provider_id, - r.name as name, - r.region as location, - r.connection_id as _og_connection_id, - r.resource_id as _resource_id, - r.resource_type as _resource_type, - r.created_at as _last_discovered - from - og_resources r inner join og_connections c on r.connection_id = c.og_id - where - resource_type IN ('aws::codecommit::repository', 'aws::codedeploy::deploymentgroup') - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n case\n when resource_type like 'aws::%' then 'AWS'\n\ + \ else 'Azure'\n end as provider, \n c.name as cloud_account_name, \n c.id\ + \ as _discovered_provider_id,\n r.name as name, \n r.region as location, \n\ + \ r.connection_id as _og_connection_id,\n r.resource_id as _resource_id,\n \ + \ r.resource_type as _resource_type,\n r.created_at as _last_discovered\nfrom\ + \ \n og_resources r inner join og_connections c on r.connection_id = c.og_id\n\ + where \n resource_type IN ('aws::codecommit::repository', 'aws::codedeploy::deploymentgroup')" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws - azure cloud_service: - Codecommit - Codedeploy +Title: DevOps diff --git a/queries/error_files.log b/queries/error_files.log deleted file mode 100644 index 52c6d0a46..000000000 --- a/queries/error_files.log +++ /dev/null @@ -1,36 +0,0 @@ -Error processing ./aws_workspaces_directory_8.yaml -Error processing ./aws_dynamodb_metric_account_provisioned_read_capacity_util_1.yaml -Error processing ./aws_route53_health_check_5.yaml -Error processing ./aws_wafv2_ip_set_3.yaml -Error processing ./aws_iam_service_specific_credential_2.yaml -Error processing ./aws_securityhub_hub_3.yaml -Error processing ./aws_ecr_repository_2.yaml -Error processing ./aws_glacier_vault_2.yaml -Error processing ./aws_athena_query_execution_3.yaml -Error processing ./aws_wellarchitected_workload_4.yaml -Error processing ./aws_ebs_volume_metric_write_ops_daily_2.yaml -Error processing ./aws_elasticache_redis_metric_engine_cpu_utilization_hourly_2.yaml -Error processing ./aws_securitylake_subscriber_4.yaml -Error processing ./17-azure_insight_compute_disk_unattached.yaml -Error processing ./aws_cloudwatch_log_event_5.yaml -Error processing ./aws_ebs_volume_metric_read_ops_1.yaml -Error processing ./aws_eks_addon_3.yaml -Error processing ./aws_vpc_flow_log_event_4.yaml -Error processing ./aws_iot_thing_group_3.yaml -Error processing ./aws_ec2_instance_type_2.yaml -Error processing ./aws_msk_cluster_2.yaml -Error processing ./aws_cloudtrail_import_5.yaml -Error processing ./aws_vpc_peering_connection_8.yaml -Error processing ./aws_resource_explorer_search_6.yaml -Error processing ./aws_availability_zone_2.yaml -Error processing ./aws_guardduty_publishing_destination_1.yaml -Error processing ./aws_inspector2_coverage_3.yaml -Error processing ./aws_kms_alias_3.yaml -Error processing ./aws_wellarchitected_share_invitation_6.yaml -Error processing ./aws_iam_server_certificate_1.yaml -Error processing ./aws_accessanalyzer_analyzer_2.yaml -Error processing ./aws_emr_block_public_access_configuration_1.yaml -Error processing ./aws_tagging_resource_1.yaml -Error processing ./aws_s3_object_8.yaml -Error processing ./aws_elasticache_redis_metric_get_type_cmds_hourly_2.yaml -Error processing ./aws_securitylake_data_lake_4.yaml diff --git a/queries/error_messages.log b/queries/error_messages.log deleted file mode 100644 index 6769e53f8..000000000 --- a/queries/error_messages.log +++ /dev/null @@ -1,35 +0,0 @@ -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." -Error: 1:25: invalid input text "if (.Connector |..." diff --git a/queries/keys_and_secrets.yaml b/queries/keys_and_secrets.yaml index e80acb1d8..bcfb95c86 100755 --- a/queries/keys_and_secrets.yaml +++ b/queries/keys_and_secrets.yaml @@ -1,35 +1,24 @@ +Description: '' ID: keys_and_secrets -Title: "Keys and Secrets" -Description: "" -Connector: -- aws -- azure +IntegrationTypeName: +- aws_cloud +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - case - when resource_type like 'aws::%' then 'AWS' - else 'Azure' - end as provider, - c.name as cloud_account_name, - c.id as _discovered_provider_id, - r.name as name, - r.region as location, - r.connection_id as _og_connection_id, - r.resource_id as _resource_id, - r.resource_type as _resource_type, - r.created_at as _last_discovered - from - og_resources r inner join og_connections c on r.connection_id = c.og_id - where - resource_type IN ('aws::secretsmanager::secret', 'microsoft.keyvault/vaults', 'microsoft.compute/sshpublickeys', 'aws::ec2::keypair') - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n case\n when resource_type like 'aws::%' then 'AWS'\n\ + \ else 'Azure'\n end as provider, \n c.name as cloud_account_name, \n c.id\ + \ as _discovered_provider_id,\n r.name as name, \n r.region as location, \n\ + \ r.connection_id as _og_connection_id,\n r.resource_id as _resource_id,\n \ + \ r.resource_type as _resource_type,\n r.created_at as _last_discovered\nfrom\ + \ \n og_resources r inner join og_connections c on r.connection_id = c.og_id\n\ + where \n resource_type IN ('aws::secretsmanager::secret', 'microsoft.keyvault/vaults',\ + \ 'microsoft.compute/sshpublickeys', 'aws::ec2::keypair')" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws - azure @@ -37,3 +26,4 @@ Tags: - Secrets Manager - Key Vault - EC2 +Title: Keys and Secrets diff --git a/queries/kubernetes_clusters.yaml b/queries/kubernetes_clusters.yaml index 48198f079..05b1040c9 100755 --- a/queries/kubernetes_clusters.yaml +++ b/queries/kubernetes_clusters.yaml @@ -1,54 +1,32 @@ +Description: '' ID: kubernetes_clusters -Title: "List All Kubernetes Clusters with Details" -Description: "" -Connector: -- aws -- azure +IntegrationTypeName: +- aws_cloud +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select c.name as cloud_account_name, c.id as _discovered_provider_id, t.* from ( - (select - 'AWS' as provider, - r.name as name, - r.region as location, - jsonb_path_query(r.description, '$.Cluster.Tags') as _tags, - r.connection_id as _og_connection_id, - r.resource_id as _resource_id, - r.resource_type as _resource_type, - jsonb_path_query(r.description, '$.Cluster.PlatformVersion') as kubernetes_version, - r.created_at as _last_discovered - from - og_resources r - where - resource_type = 'aws::eks::cluster') - - union - - (select - 'Azure' as provider, - r.name as vm_name, - r.region as location, - jsonb_path_query(r.description, '$.ManagedCluster.Tags') as _tags, - r.connection_id as _og_connection_id, - r.resource_id as _resource_id, - r.resource_type as _resource_type, - jsonb_path_query(r.description, '$.ManagedCluster.Properties.KubernetesVersion') as kubernetes_version, - r.created_at as _last_discovered - from - og_resources r - where - resource_type = 'microsoft.containerservice/managedclusters') - - ) as t inner join og_connections c on t._og_connection_id = c.og_id - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select c.name as cloud_account_name, c.id as _discovered_provider_id,\ + \ t.* from (\n(select \n 'AWS' as provider, \n r.name as name, \n r.region\ + \ as location, \n jsonb_path_query(r.description, '$.Cluster.Tags') as _tags,\n\ + \ r.connection_id as _og_connection_id,\n r.resource_id as _resource_id,\n \ + \ r.resource_type as _resource_type,\n jsonb_path_query(r.description, '$.Cluster.PlatformVersion')\ + \ as kubernetes_version,\n r.created_at as _last_discovered\nfrom \n og_resources\ + \ r\nwhere \n resource_type = 'aws::eks::cluster') \n\nunion \n\n(select \n \ + \ 'Azure' as provider, \n r.name as vm_name, \n r.region as location, \n jsonb_path_query(r.description,\ + \ '$.ManagedCluster.Tags') as _tags,\n r.connection_id as _og_connection_id,\n\ + \ r.resource_id as _resource_id,\n r.resource_type as _resource_type,\n jsonb_path_query(r.description,\ + \ '$.ManagedCluster.Properties.KubernetesVersion') as kubernetes_version,\n r.created_at\ + \ as _last_discovered\nfrom \n og_resources r \nwhere \n resource_type = 'microsoft.containerservice/managedclusters')\n\ + \n) as t inner join og_connections c on t._og_connection_id = c.og_id " Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws - azure cloud_service: - Kubernetes +Title: List All Kubernetes Clusters with Details diff --git a/queries/load_balancers.yaml b/queries/load_balancers.yaml index 65571ffdd..7a721cbf1 100755 --- a/queries/load_balancers.yaml +++ b/queries/load_balancers.yaml @@ -1,36 +1,24 @@ +Description: Load Balancers ID: load_balancers -Title: "Load Balancers" -Description: "Load Balancers" -Connector: -- aws -- azure +IntegrationTypeName: +- aws_cloud +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - case - when resource_type like 'aws::%' then 'AWS' - else 'Azure' - end as provider, - c.name as cloud_account_name, - c.id as _discovered_provider_id, - r.name as name, - r.region as location, - r.connection_id as _og_connection_id, - r.resource_id as _resource_id, - r.resource_type as _resource_type, - r.created_at as _last_discovered, - r.description -> 'LoadBalancer' -> 'Scheme' as scheme - from - og_resources r inner join og_connections c on r.connection_id = c.og_id - where - resource_type IN ('aws::elasticloadbalancing::loadbalancer', 'microsoft.network/loadbalancers', 'microsoft.network/applicationgateways') - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n case\n when resource_type like 'aws::%' then 'AWS'\n\ + \ else 'Azure'\n end as provider, \n c.name as cloud_account_name, \n c.id\ + \ as _discovered_provider_id,\n r.name as name, \n r.region as location, \n\ + \ r.connection_id as _og_connection_id,\n r.resource_id as _resource_id,\n \ + \ r.resource_type as _resource_type,\n r.created_at as _last_discovered,\n r.description\ + \ -> 'LoadBalancer' -> 'Scheme' as scheme\nfrom \n og_resources r inner join\ + \ og_connections c on r.connection_id = c.og_id\nwhere \n resource_type IN ('aws::elasticloadbalancing::loadbalancer',\ + \ 'microsoft.network/loadbalancers', 'microsoft.network/applicationgateways')" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws - azure @@ -38,3 +26,4 @@ Tags: - Elastic Load Balancing - Azure Load Balancer - Azure Application Gateway +Title: Load Balancers diff --git a/queries/network_&_file_stores.yaml b/queries/network_&_file_stores.yaml index fb71a4f9d..6573698be 100755 --- a/queries/network_&_file_stores.yaml +++ b/queries/network_&_file_stores.yaml @@ -1,34 +1,23 @@ +Description: '' ID: network_&_file_stores -Title: "Network & File Stores" -Description: "" -Connector: -- aws -- azure +IntegrationTypeName: +- aws_cloud +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - case - when resource_type like 'aws::%' then 'AWS' - else 'Azure' - end as provider, - c.name as cloud_account_name, - c.id as _discovered_provider_id, - r.name as name, - r.region as location, - r.connection_id as _og_connection_id, - r.resource_id as _resource_id, - r.resource_type as _resource_type, - r.created_at as _last_discovered - from - og_resources r inner join og_connections c on r.connection_id = c.og_id - where - resource_type IN ('aws::fsx::filesystem', 'aws::efs::filesystem') - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n case\n when resource_type like 'aws::%' then 'AWS'\n\ + \ else 'Azure'\n end as provider, \n c.name as cloud_account_name, \n c.id\ + \ as _discovered_provider_id,\n r.name as name, \n r.region as location, \n\ + \ r.connection_id as _og_connection_id,\n r.resource_id as _resource_id,\n \ + \ r.resource_type as _resource_type,\n r.created_at as _last_discovered\nfrom\ + \ \n og_resources r inner join og_connections c on r.connection_id = c.og_id\n\ + where \n resource_type IN ('aws::fsx::filesystem', 'aws::efs::filesystem')" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws +Title: Network & File Stores diff --git a/queries/object_stores.yaml b/queries/object_stores.yaml index f999a5050..ab40167fd 100755 --- a/queries/object_stores.yaml +++ b/queries/object_stores.yaml @@ -1,35 +1,23 @@ +Description: Object Stores ID: object_stores -Title: "Object Stores" -Description: "Object Stores" -Connector: -- aws -- azure +IntegrationTypeName: +- aws_cloud +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - case - when resource_type like 'aws::%' then 'AWS' - else 'Azure' - end as provider, - c.name as cloud_account_name, - c.id as _discovered_provider_id, - r.name as name, - r.region as location, - r.connection_id as _og_connection_id, - r.resource_id as _resource_id, - r.resource_type as _resource_type, - r.created_at as _last_discovered - from - og_resources r inner join og_connections c on r.connection_id = c.og_id - where - resource_type IN ('aws::s3::bucket', 'aws::glacier::vault', 'microsoft.storage/storageaccounts') - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n case\n when resource_type like 'aws::%' then 'AWS'\n\ + \ else 'Azure'\n end as provider, \n c.name as cloud_account_name, \n c.id\ + \ as _discovered_provider_id,\n r.name as name, \n r.region as location, \n\ + \ r.connection_id as _og_connection_id,\n r.resource_id as _resource_id,\n \ + \ r.resource_type as _resource_type,\n r.created_at as _last_discovered\nfrom\ + \ \n og_resources r inner join og_connections c on r.connection_id = c.og_id\n\ + where \n resource_type IN ('aws::s3::bucket', 'aws::glacier::vault', 'microsoft.storage/storageaccounts')" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws - azure @@ -37,3 +25,4 @@ Tags: - S3 - Glacier - Storage Accounts +Title: Object Stores diff --git a/queries/processed_files.log b/queries/processed_files.log deleted file mode 100644 index e69de29bb..000000000 diff --git a/queries/replace_integration_types.py b/queries/replace_integration_types.py new file mode 100644 index 000000000..a2b5efdd6 --- /dev/null +++ b/queries/replace_integration_types.py @@ -0,0 +1,84 @@ +#!/usr/bin/env python3 + +import os +import sys +import argparse +import yaml + +def process_file(filepath): + with open(filepath, 'r') as file: + try: + data = yaml.safe_load(file) + except yaml.YAMLError as exc: + print(f"Error parsing {filepath}: {exc}") + return False + + if data is None: + print(f"File is empty or contains invalid YAML: {filepath}") + return False + + original_data = yaml.dump(data) + modified = False + + def replace_integration_type(data): + nonlocal modified + if isinstance(data, dict): + for key, value in data.items(): + if key == 'IntegrationTypeName' and isinstance(value, list): + new_list = [] + for item in value: + if item == 'aws': + new_list.append('aws_cloud') + modified = True + elif item == 'azure': + new_list.append('azure_subscription') + modified = True + else: + new_list.append(item) + data[key] = new_list + else: + replace_integration_type(value) + elif isinstance(data, list): + for item in data: + replace_integration_type(item) + + replace_integration_type(data) + + if modified: + with open(filepath, 'w') as file: + yaml.dump(data, file, default_flow_style=False) + print(f"Modified: {filepath}") + else: + print(f"No changes in: {filepath}") + + return True + +def main(): + parser = argparse.ArgumentParser(description='Replace IntegrationTypeName values in YAML files.') + parser.add_argument('directory', nargs='?', default='.', help='Directory to start from (default: current directory)') + parser.add_argument('-r', '--recursive', action='store_true', help='Recursively search through subdirectories') + args = parser.parse_args() + + if not os.path.isdir(args.directory): + print(f"Error: Directory '{args.directory}' does not exist.") + sys.exit(1) + + yaml_files = [] + if args.recursive: + for root, dirs, files in os.walk(args.directory): + for file in files: + if file.endswith(('.yaml', '.yml')): + yaml_files.append(os.path.join(root, file)) + else: + for file in os.listdir(args.directory): + if file.endswith(('.yaml', '.yml')): + yaml_files.append(os.path.join(args.directory, file)) + + for filepath in yaml_files: + print(f"Processing: {filepath}") + process_file(filepath) + + print("Replacement process complete.") + +if __name__ == "__main__": + main() diff --git a/queries/server_workload.yaml b/queries/server_workload.yaml index fe65825b4..7de3d8745 100755 --- a/queries/server_workload.yaml +++ b/queries/server_workload.yaml @@ -1,61 +1,40 @@ +Description: List Cloud VM Workloads for AWS and Azure ID: server_workload -Title: "List Cloud VM Workloads for AWS and Azure" -Description: "List Cloud VM Workloads for AWS and Azure" -Connector: -- aws -- azure +IntegrationTypeName: +- aws_cloud +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select c.name as cloud_account_name, c.id as _discovered_provider_id, t.* from ( - (select - 'AWS' as provider, - r.name as vm_name, - r.region as location, - jsonb_path_query(r.description, '$.Instance.InstanceType') as instance_size, - jsonb_path_query(r.description, '$.Instance.NetworkInterfaces[*].PrivateIpAddress') as private_ip, - jsonb_path_query(r.description, '$.Instance.PlatformDetails') as platform, - jsonb_path_query(r.description, '$.InstanceStatus.InstanceState.Name') as state, - jsonb_path_query(r.description, '$.Instance.Tags') as _tags, - r.connection_id as _og_connection_id, - r.resource_id as _resource_id, - r.resource_type as _resource_type, - r.created_at as _last_discovered - from - og_resources r - where - resource_type = 'aws::ec2::instance') - - union - - (select - 'Azure' as provider, - r.name as vm_name, - r.region as location, - jsonb_path_query(r.description, '$.VirtualMachine.Properties.HardwareProfile.VMSize') as instance_size, - jsonb_path_query(r.description, '$.InterfaceIPConfigurations[*].Properties.PrivateIPAddress') as private_ip, - jsonb_path_query(r.description, '$.VirtualMachineInstanceView.OSName') as platform, - jsonb_path_query(r.description, '$.VirtualMachineInstanceView.Statuses') as state, - jsonb_path_query(r.description, '$.VirtualMachine.Tags') as _tags, - r.connection_id as _og_connection_id, - r.resource_id as _resource_id, - r.resource_type as _resource_type, - r.created_at as _last_discovered - from - og_resources r - where - resource_type = 'microsoft.compute/virtualmachines') - - ) as t inner join og_connections c on t._og_connection_id = c.og_id - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select c.name as cloud_account_name, c.id as _discovered_provider_id,\ + \ t.* from (\n(select \n 'AWS' as provider, \n r.name as vm_name, \n r.region\ + \ as location, \n jsonb_path_query(r.description, '$.Instance.InstanceType')\ + \ as instance_size,\n jsonb_path_query(r.description, '$.Instance.NetworkInterfaces[*].PrivateIpAddress')\ + \ as private_ip,\n jsonb_path_query(r.description, '$.Instance.PlatformDetails')\ + \ as platform,\n jsonb_path_query(r.description, '$.InstanceStatus.InstanceState.Name')\ + \ as state,\n jsonb_path_query(r.description, '$.Instance.Tags') as _tags,\n\ + \ r.connection_id as _og_connection_id,\n r.resource_id as _resource_id,\n \ + \ r.resource_type as _resource_type,\n r.created_at as _last_discovered\nfrom\ + \ \n og_resources r\nwhere \n resource_type = 'aws::ec2::instance') \n\nunion\ + \ \n\n(select \n 'Azure' as provider, \n r.name as vm_name, \n r.region as\ + \ location, \n jsonb_path_query(r.description, '$.VirtualMachine.Properties.HardwareProfile.VMSize')\ + \ as instance_size,\n jsonb_path_query(r.description, '$.InterfaceIPConfigurations[*].Properties.PrivateIPAddress')\ + \ as private_ip,\n jsonb_path_query(r.description, '$.VirtualMachineInstanceView.OSName')\ + \ as platform,\n jsonb_path_query(r.description, '$.VirtualMachineInstanceView.Statuses')\ + \ as state,\n jsonb_path_query(r.description, '$.VirtualMachine.Tags') as _tags,\n\ + \ r.connection_id as _og_connection_id,\n r.resource_id as _resource_id,\n \ + \ r.resource_type as _resource_type,\n r.created_at as _last_discovered\nfrom\ + \ \n og_resources r \nwhere \n resource_type = 'microsoft.compute/virtualmachines')\n\ + \n) as t inner join og_connections c on t._og_connection_id = c.og_id " Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws - azure cloud_service: - EC2 - Virtual Machines +Title: List Cloud VM Workloads for AWS and Azure diff --git a/queries/snapshots_&_backup_media.yaml b/queries/snapshots_&_backup_media.yaml index 06039fc0b..5eb4430b4 100755 --- a/queries/snapshots_&_backup_media.yaml +++ b/queries/snapshots_&_backup_media.yaml @@ -1,35 +1,23 @@ +Description: Snapshots and Backup Resources by Cloud Account ID: snapshots_&_backup_media -Title: "Snapshots and Backup Resources by Cloud Account" -Description: "Snapshots and Backup Resources by Cloud Account" -Connector: -- aws -- azure +IntegrationTypeName: +- aws_cloud +- azure_subscription Query: Engine: CloudQL-v0.0.1 - QueryToExecute: |- - select - case - when resource_type like 'aws::%' then 'AWS' - else 'Azure' - end as provider, - c.name as cloud_account_name, - c.id as _discovered_provider_id, - r.name as name, - r.region as location, - r.connection_id as _og_connection_id, - r.resource_id as _resource_id, - r.resource_type as _resource_type, - r.created_at as _last_discovered - from - og_resources r inner join og_connections c on r.connection_id = c.og_id - where - resource_type IN ('aws::ec2::image', 'aws::elasticache::cluster', 'aws::rds::dbsnapshot') - PrimaryTable: null ListOfTables: [] Parameters: [] + PrimaryTable: null + QueryToExecute: "select \n case\n when resource_type like 'aws::%' then 'AWS'\n\ + \ else 'Azure'\n end as provider, \n c.name as cloud_account_name, \n c.id\ + \ as _discovered_provider_id,\n r.name as name, \n r.region as location, \n\ + \ r.connection_id as _og_connection_id,\n r.resource_id as _resource_id,\n \ + \ r.resource_type as _resource_type,\n r.created_at as _last_discovered\nfrom\ + \ \n og_resources r inner join og_connections c on r.connection_id = c.og_id\n\ + where \n resource_type IN ('aws::ec2::image', 'aws::elasticache::cluster', 'aws::rds::dbsnapshot')" Tags: cloud_asset_management: - - "true" + - 'true' cloud_provider: - aws - azure @@ -37,3 +25,4 @@ Tags: - EC2 - Elasticache - RDS +Title: Snapshots and Backup Resources by Cloud Account