From 2c7d6997ed60c352f0a86aa6d71810f2937952eb Mon Sep 17 00:00:00 2001 From: Ved misra <47312748+misraved@users.noreply.github.com> Date: Tue, 29 Oct 2024 19:13:57 +0530 Subject: [PATCH] Update SQL queries to exclude removed table columns (#2328) --- docs/tables/aws_accessanalyzer_analyzer.md | 47 ++++++++++++------- docs/tables/aws_rds_db_subnet_group.md | 2 - docs/tables/aws_ssm_document.md | 52 +++++++++++++++++----- docs/tables/aws_vpc_security_group.md | 12 ++--- docs/tables/aws_vpc_security_group_rule.md | 6 +-- 5 files changed, 78 insertions(+), 41 deletions(-) diff --git a/docs/tables/aws_accessanalyzer_analyzer.md b/docs/tables/aws_accessanalyzer_analyzer.md index b1063165e..11e0804d2 100644 --- a/docs/tables/aws_accessanalyzer_analyzer.md +++ b/docs/tables/aws_accessanalyzer_analyzer.md @@ -16,7 +16,6 @@ The `aws_accessanalyzer_analyzer` table in Steampipe provides you with informati ### Basic info Explore the status and type of your AWS Access Analyzer to understand when the last resource was analyzed. This could be beneficial for maintaining security and compliance in your AWS environment.The query provides an overview of AWS Access Analyzer analyzers in a user's environment. It helps in monitoring the current status and types of analyzers, along with the details of the most recent resources analyzed. This is useful for administrators and security personnel to ensure that their AWS environment is continuously scanned for compliance and security risks, and to stay informed about the analyzer's activities and findings. - ```sql+postgres select name, @@ -42,7 +41,6 @@ from ### List analyzers which are enabled Determine the areas in which AWS Access Analyzer is active to gain insights into potential security and access control issues. This is useful for maintaining optimal security practices and ensuring that all analyzers are functioning as expected.The query identifies and provides details on all active AWS Access Analyzer analyzers. It is particularly useful for ensuring that the necessary analyzers are operational and actively scanning resources. This information aids in maintaining continuous compliance and security oversight by highlighting only those analyzers currently in an active state, along with their last analyzed resources and associated tags. This enables efficient tracking and management of security analysis tools within the AWS environment. - ```sql+postgres select name, @@ -72,29 +70,44 @@ where ### List analyzers with findings that need to be resolved Explore which active AWS Access Analyzer instances have findings that require resolution. This is useful in identifying potential security risks that need immediate attention.The query focuses on identifying active AWS Access Analyzer analyzers that have unresolved findings. It serves as a tool for security and compliance teams to pinpoint which analyzers have detected potential issues, needing immediate attention. By filtering for active analyzers with existing findings, it streamlines the process of addressing security or compliance concerns within the AWS environment, ensuring that no critical issues are overlooked. This aids in maintaining a secure and compliant cloud infrastructure. - ```sql+postgres select - name, - status, - type, - last_resource_analyzed + a.arn as analyzer_arn, + a.name as analyzer_name, + a.region as analyzer_region, + a.account_id, + count(f.id) as findings_count from - aws_accessanalyzer_analyzer + aws_accessanalyzer_analyzer as a + join aws_accessanalyzer_finding as f on f.access_analyzer_arn = a.arn where - status = 'ACTIVE' - and findings is not null; + a.status = 'ACTIVE' +group by + a.arn, + a.name, + a.region, + a.account_id +having + count(f.id) > 0; ``` ```sql+sqlite select - name, - status, - type, - last_resource_analyzed + a.arn as analyzer_arn, + a.name as analyzer_name, + a.region as analyzer_region, + a.account_id, + count(f.id) as findings_count from - aws_accessanalyzer_analyzer + aws_accessanalyzer_analyzer as a + join aws_accessanalyzer_finding as f on f.access_analyzer_arn = a.arn where - status = 'ACTIVE' - and findings is not null; + a.status = 'ACTIVE' +group by + a.arn, + a.name, + a.region, + a.account_id +having + count(f.id) > 0; ``` \ No newline at end of file diff --git a/docs/tables/aws_rds_db_subnet_group.md b/docs/tables/aws_rds_db_subnet_group.md index abe312830..9bd4a3df0 100644 --- a/docs/tables/aws_rds_db_subnet_group.md +++ b/docs/tables/aws_rds_db_subnet_group.md @@ -34,7 +34,6 @@ from aws_rds_db_subnet_group; ``` - ### Subnets info of each subnet in subnet group Determine the status and location details of each subnet within a subnet group in your AWS RDS, to understand their availability and configuration. This information can be crucial for managing your database's network performance and security. @@ -62,7 +61,6 @@ from json_each(subnets) as subnet; ``` - ### List of subnet group without application tag key Discover the segments that lack the 'application' tag key in your AWS RDS subnet groups. This can be useful in identifying potential areas for better resource tagging and management. diff --git a/docs/tables/aws_ssm_document.md b/docs/tables/aws_ssm_document.md index f3f18e52b..4444de216 100644 --- a/docs/tables/aws_ssm_document.md +++ b/docs/tables/aws_ssm_document.md @@ -110,27 +110,55 @@ where Discover the segments that consist of documents which are shared publicly. This query is handy in identifying potential security risks by pinpointing documents that are open to all, thus allowing for appropriate action to be taken. ```sql+postgres +with ssm_documents as ( + select + name, + owner, + region, + account_id + from + aws_ssm_document + where + owner_type = 'Self' + order by + name +) select - name, - owner, - account_ids + d.name, + d.owner, + p.account_ids from - aws_ssm_document + ssm_documents as d + left join aws_ssm_document_permission as p on p.document_name = d.name and p.region = d.region and p.account_id = d.account_id where - owner_type = 'Self' - and account_ids :: jsonb ? 'all'; + p.account_ids :: jsonb ? 'all'; ``` ```sql+sqlite +with ssm_documents as ( + select + name, + owner, + region, + account_id + from + aws_ssm_document + where + owner_type = 'Self' + order by + name +) select - name, - owner, - account_ids + d.name, + d.owner, + p.account_ids from - aws_ssm_document + ssm_documents as d + left join aws_ssm_document_permission as p on p.document_name = d.name + and p.region = d.region + and p.account_id = d.account_id where - owner_type = 'Self' - and json_extract(account_ids, '$.all') is not null; + json_extract(account_ids, '$.all') is not null; ``` ### Get a specific document diff --git a/docs/tables/aws_vpc_security_group.md b/docs/tables/aws_vpc_security_group.md index 46c6296de..f79c0b0ba 100644 --- a/docs/tables/aws_vpc_security_group.md +++ b/docs/tables/aws_vpc_security_group.md @@ -59,13 +59,13 @@ select sgr.ip_protocol, sgr.from_port, sgr.to_port, - cidr_ip + cidr_ipv4 from aws_vpc_security_group as sg - join aws_vpc_security_group_rule as sgr on sg.group_name = sgr.group_name + join aws_vpc_security_group_rule as sgr on sg.group_id = sgr.group_id where sgr.type = 'ingress' - and sgr.cidr_ip = '0.0.0.0/0' + and sgr.cidr_ipv4 = '0.0.0.0/0' and ( ( sgr.ip_protocol = '-1' -- all traffic @@ -90,13 +90,13 @@ select sgr.ip_protocol, sgr.from_port, sgr.to_port, - cidr_ip + cidr_ipv4 from aws_vpc_security_group as sg - join aws_vpc_security_group_rule as sgr on sg.group_name = sgr.group_name + join aws_vpc_security_group_rule as sgr on sg.group_id = sgr.group_id where sgr.type = 'ingress' - and sgr.cidr_ip = '0.0.0.0/0' + and sgr.cidr_ipv4 = '0.0.0.0/0' and ( ( sgr.ip_protocol = '-1' -- all traffic diff --git a/docs/tables/aws_vpc_security_group_rule.md b/docs/tables/aws_vpc_security_group_rule.md index d16b3781d..726e34ab3 100644 --- a/docs/tables/aws_vpc_security_group_rule.md +++ b/docs/tables/aws_vpc_security_group_rule.md @@ -114,8 +114,7 @@ select r.to_port, r.cidr_ipv4, r.group_id, - sg.group_name, - sg.vpc_id + sg.group_name from aws_vpc_security_group_rule as r, aws_vpc_security_group as sg @@ -131,8 +130,7 @@ select r.to_port, r.cidr_ipv4, r.group_id, - sg.group_name, - sg.vpc_id + sg.group_name from aws_vpc_security_group_rule as r join