account_countaccount_tableaction_trails_for_oss_bucketaction_trails_for_ram_rolebucket_policy_stds_for_oss_bucketecs_autoscaling_groups_for_ecs_instanceecs_autoscaling_groups_for_rds_instanceecs_autoscaling_groups_for_vpc_vswitchecs_disk_1_year_countecs_disk_24_hours_countecs_disk_30_90_days_countecs_disk_30_days_countecs_disk_90_365_days_countecs_disk_age_tableecs_disk_attached_instancesecs_disk_attached_instances_countecs_disk_auto_snapshotecs_disk_auto_snapshot_deletionecs_disk_by_accountecs_disk_by_categoryecs_disk_by_creation_monthecs_disk_by_encryption_statusecs_disk_by_regionecs_disk_by_statusecs_disk_categoryecs_disk_countecs_disk_delete_auto_snapshot_countecs_disk_encryptionecs_disk_encryption_statusecs_disk_encryption_tableecs_disk_inputecs_disk_iopsecs_disk_overviewecs_disk_storageecs_disk_storage_by_accountecs_disk_storage_by_categoryecs_disk_storage_by_creation_monthecs_disk_storage_by_regionecs_disk_storage_totalecs_disk_tagsecs_disk_top_10_read_ops_avgecs_disk_top_10_write_ops_avgecs_disk_unattached_countecs_disk_unencrypted_countecs_disks_for_ecs_instanceecs_disks_for_kms_keyecs_images_for_ecs_diskecs_images_for_ecs_instanceecs_images_for_ecs_snapshotecs_instance_1_year_countecs_instance_24_hours_countecs_instance_30_90_days_countecs_instance_30_days_countecs_instance_90_365_days_countecs_instance_age_tableecs_instance_by_accountecs_instance_by_cpu_utilization_categoryecs_instance_by_creation_monthecs_instance_by_deletion_protectionecs_instance_by_io_optimizedecs_instance_by_network_typeecs_instance_by_os_typeecs_instance_by_public_ipecs_instance_by_regionecs_instance_by_stateecs_instance_by_typeecs_instance_countecs_instance_cpu_coresecs_instance_dedicated_hostecs_instance_deletion_protection_disabled_countecs_instance_inputecs_instance_io_optimizedecs_instance_io_optimized_countecs_instance_network_interfacesecs_instance_os_typeecs_instance_overviewecs_instance_public_accessecs_instance_public_access_countecs_instance_public_access_tableecs_instance_public_instance_countecs_instance_security_groupsecs_instance_statusecs_instance_tagsecs_instance_top10_cpu_past_weekecs_instance_total_coresecs_instance_total_cores_countecs_instance_typeecs_instances_for_ecs_diskecs_instances_for_ecs_security_groupecs_instances_for_ecs_snapshotecs_instances_for_ram_roleecs_instances_for_vpcecs_instances_for_vpc_vswitchecs_launch_templates_for_ecs_security_groupecs_launch_templates_for_ecs_snapshotecs_network_interfaces_for_ecs_instanceecs_network_interfaces_for_ecs_security_groupecs_network_interfaces_for_vpcecs_network_interfaces_for_vpc_vswitchecs_security_group_associatedecs_security_group_by_acountecs_security_group_by_regionecs_security_group_by_typeecs_security_group_by_unrestricted_egress_statusecs_security_group_by_unrestricted_ingress_statusecs_security_group_by_vpcecs_security_group_countecs_security_group_egress_rule_sankeyecs_security_group_egress_rulesecs_security_group_ingress_rule_sankeyecs_security_group_ingress_rulesecs_security_group_inputecs_security_group_overviewecs_security_group_tagsecs_security_group_unassociatedecs_security_group_unassociated_countecs_security_group_unassociated_statusecs_security_groups_for_ecs_instanceecs_security_groups_for_rds_instanceecs_security_groups_for_vpcecs_security_unrestricted_egressecs_security_unrestricted_egress_countecs_security_unrestricted_ingressecs_security_unrestricted_ingress_countecs_snapshot_1_year_countecs_snapshot_24_hours_countecs_snapshot_30_90_days_countecs_snapshot_30_days_countecs_snapshot_90_365_days_countecs_snapshot_ageecs_snapshot_age_tableecs_snapshot_by_accountecs_snapshot_by_creation_monthecs_snapshot_by_encryption_statusecs_snapshot_by_regionecs_snapshot_by_usageecs_snapshot_countecs_snapshot_encryptionecs_snapshot_encryption_statusecs_snapshot_inputecs_snapshot_instant_accessecs_snapshot_overviewecs_snapshot_source_diskecs_snapshot_stateecs_snapshot_storage_by_accountecs_snapshot_storage_by_ageecs_snapshot_storage_by_regionecs_snapshot_storage_totalecs_snapshot_tagsecs_snapshot_usageecs_snapshot_usage_source_disk_sizeecs_snapshots_for_ecs_instanceecs_snapshots_for_kms_keyecs_unencrypted_snapshot_countecs_unused_snapshot_counthsm_based_keyskms_cmk_lifecycle_tablekms_cmk_pending_deletion_countkms_cmk_rotation_disabled_countkms_deletion_protectionkms_deletion_protection_disabled_countkms_key_1_year_countkms_key_24_hours_countkms_key_30_90_days_countkms_key_30_days_countkms_key_90_365_days_countkms_key_agekms_key_age_tablekms_key_aliaseskms_key_by_accountkms_key_by_creation_monthkms_key_by_protection_levelkms_key_by_regionkms_key_by_statekms_key_countkms_key_deletion_protection_statuskms_key_disabled_countkms_key_disabled_statuskms_key_inputkms_key_originkms_key_overviewkms_key_rds_instanceskms_key_rotation_disabled_countkms_key_rotation_enabledkms_key_rotation_statuskms_key_statekms_key_tagskms_keys_for_ecs_diskkms_keys_for_ecs_snapshotkms_keys_for_oss_bucketkms_protection_levelkms_secrets_for_kms_keyoss_bucket_1_year_countoss_bucket_24_hours_countoss_bucket_30_90_days_countoss_bucket_30_days_countoss_bucket_90_365_days_countoss_bucket_access_typeoss_bucket_age_tableoss_bucket_by_accountoss_bucket_by_creation_monthoss_bucket_by_default_encryption_statusoss_bucket_by_logging_statusoss_bucket_by_public_access_blocked_statusoss_bucket_by_regionoss_bucket_by_ssl_enforced_statusoss_bucket_by_storage_classoss_bucket_by_versioning_statusoss_bucket_countoss_bucket_encrypted_with_byok_countoss_bucket_encrypted_with_servcie_key_countoss_bucket_encryptionoss_bucket_encryption_tableoss_bucket_https_enforceoss_bucket_inputoss_bucket_lifecycle_policyoss_bucket_lifecycle_tableoss_bucket_loggingoss_bucket_logging_disabled_countoss_bucket_logging_enabledoss_bucket_logging_tableoss_bucket_overviewoss_bucket_policyoss_bucket_public_access_not_blocked_countoss_bucket_public_access_tableoss_bucket_server_side_encryptionoss_bucket_ssl_not_enforced_countoss_bucket_tags_detailoss_bucket_unencrypted_countoss_bucket_versioningoss_bucket_versioning_disabled_countoss_buckets_for_kms_keyram_access_countram_access_key_1_year_countram_access_key_24_hours_countram_access_key_30_90_days_countram_access_key_30_days_countram_access_key_90_365_days_countram_access_key_age_tableram_all_policies_for_groupram_all_policies_for_userram_credential_entities_console_access_with_no_mfa_countram_credential_entities_countram_credential_entities_root_access_keys_tableram_group_1_year_countram_group_24_hours_countram_group_30_90_days_countram_group_30_days_countram_group_90_365_days_countram_group_age_tableram_group_countram_group_inputram_group_overviewram_groups_by_accountram_groups_by_creation_monthram_groups_for_ram_policyram_groups_for_ram_userram_groups_for_userram_groups_policies_countram_groups_users_countram_groups_with_no_attached_policy_countram_groups_without_policiesram_groups_without_usersram_groups_without_users_countram_policies_for_ram_groupram_policies_for_ram_roleram_policies_for_ram_userram_policies_for_roleram_policy_alicloud_managedram_policy_attachedram_policy_inputram_policy_overviewram_policy_statementram_policy_std_for_ram_policyram_role_1_year_countram_role_24_hours_countram_role_30_90_days_countram_role_30_days_countram_role_90_365_days_countram_role_age_tableram_role_allows_cross_account_access_countram_role_countram_role_inputram_role_overviewram_role_policy_count_for_roleram_role_with_admin_accessram_role_with_admin_access_countram_role_with_cross_account_accessram_roles_allow_admin_actionram_roles_allow_cross_account_accessram_roles_by_accountram_roles_by_creation_monthram_roles_for_ecs_instanceram_roles_for_ram_policyram_roles_without_policy_countram_user_1_year_countram_user_24_hours_countram_user_30_90_days_countram_user_30_days_countram_user_90_365_days_countram_user_access_keysram_user_age_tableram_user_by_creation_monthram_user_countram_user_direct_attached_policy_count_for_userram_user_inputram_user_manage_policies_hierarchyram_user_manage_policies_sankeyram_user_mfa_devicesram_user_mfa_for_userram_user_mfa_tableram_user_no_mfa_countram_user_overviewram_users_by_accountram_users_by_mfa_enabledram_users_for_groupram_users_for_ram_groupram_users_for_ram_policyram_users_with_direct_attached_policyram_users_with_direct_policy_countrds_backups_for_rds_instancerds_databases_for_rds_instancerds_db_instance_configurationrds_instance_1_year_countrds_instance_24_hours_countrds_instance_30_90_days_countrds_instance_30_days_countrds_instance_90_365_days_countrds_instance_age_tablerds_instance_by_accountrds_instance_by_classrds_instance_by_cpu_utilization_categoryrds_instance_by_creation_monthrds_instance_by_encryption_statusrds_instance_by_engine_typerds_instance_by_regionrds_instance_by_statusrds_instance_classrds_instance_collector_policyrds_instance_countrds_instance_engine_typerds_instance_inputrds_instance_instance_public_accessrds_instance_instance_tde_statusrds_instance_overviewrds_instance_parameter_groupsrds_instance_public_access_tablerds_instance_public_countrds_instance_public_statusrds_instance_security_ipsrds_instance_ssl_disabled_countrds_instance_ssl_enabledrds_instance_ssl_statusrds_instance_storagerds_instance_tagsrds_instance_top10_cpu_past_weekrds_instance_unencrypted_countrds_instances_for_ecs_security_grouprds_instances_for_vpcrds_instances_for_vpc_vswitchsource_ecs_disks_for_ecs_snapshotsource_ecs_snapshots_for_ecs_disksource_logging_oss_buckets_for_oss_buckettarget_ecs_disks_for_ecs_snapshottarget_ecs_snapshots_for_ecs_disktarget_logging_oss_buckets_for_oss_buckettarget_ro_rds_db_instances_for_rds_instancevpc_by_accountvpc_by_regionvpc_by_rfc1918_rangevpc_by_sizevpc_cidr_blocksvpc_countvpc_default_countvpc_default_statusvpc_dhcp_optionsvpc_dhcp_options_sets_for_vpcvpc_egress_nacl_sankeyvpc_eips_for_ecs_instancevpc_empty_statusvpc_flow_logs_for_vpcvpc_flow_logs_for_vpc_vswitchvpc_gateways_detailvpc_ingress_nacl_sankeyvpc_inputvpc_ipv4_countvpc_ipv6_countvpc_is_defaultvpc_nat_gateways_for_vpcvpc_nat_gateways_for_vpc_vswitchvpc_network_acls_for_vpc_vswitchvpc_no_vswitch_countvpc_overviewvpc_route_tables_detailvpc_route_tables_for_vpcvpc_route_tables_for_vpc_vswitchvpc_routes_detailvpc_security_groups_detailvpc_tagsvpc_vpcs_for_ecs_instancevpc_vpcs_for_ecs_security_groupvpc_vpcs_for_rds_instancevpc_vpcs_for_vpc_vswitchvpc_vswitch_associationvpc_vswitch_available_ip_address_countvpc_vswitch_by_azvpc_vswitch_cidr_blockvpc_vswitch_countvpc_vswitch_inputvpc_vswitch_overviewvpc_vswitch_statusvpc_vswitch_tagsvpc_vswitches_detailvpc_vswitches_for_ecs_instancevpc_vswitches_for_rds_instancevpc_vswitches_for_vpc
Query: ecs_security_group_ingress_rule_sankey
Usage
powerpipe query alicloud_insights.query.ecs_security_group_ingress_rule_sankeySteampipe Tables
SQL
with associations as ( select title, arn, sg as security_group_id from alicloud_ecs_instance, jsonb_array_elements_text(security_group_ids) as sg where sg = $1),rules as ( select concat( text(p ->> 'SourceCidrIp'), text(p ->> 'Ipv6SourceCidrIp'), text(p ->> 'SourceGroupId'), text(p ->> 'SourcePrefixListId') ) as "source", case when p ->> 'IpProtocol' = 'ALL' then 'All Traffic' when p ->> 'IpProtocol' = 'ICMP' then 'All ICMP' when p ->> 'PortRange' = '-1/-1' or p ->> 'PortRange' = '1/65535' then concat('All ', p ->> 'IpProtocol') when SPLIT_PART(p ->> 'PortRange', '/', 2) = SPLIT_PART(p ->> 'PortRange', '/', 1) then concat( SPLIT_PART(p ->> 'PortRange', '/', 2), '/', p ->> 'IpProtocol' ) else concat( SPLIT_PART(p ->> 'PortRange', '/', 1), '-', SPLIT_PART(p ->> 'PortRange', '/', 2), '/', p ->> 'IpProtocol' ) end as port_proto, case when ( text(p ->> 'SourceCidrIp') = '0.0.0.0/0' or text(p ->> 'Ipv6SourceCidrIp') = '::/0' ) and p ->> 'IpProtocol' <> 'ICMP' and ( p ->> 'PortRange' = '-1/-1' or p ->> 'PortRange' = '1/65535' ) then 'alert' else 'ok' end as category, security_group_id from alicloud_ecs_security_group, jsonb_array_elements(permissions) as p where security_group_id = $1 and p ->> 'Direction' = 'ingress') -- Nodes ---------select distinct concat('src_', source) as id, source as title, 0 as depth, 'source' as category, null as from_id, null as to_idfrom rulesunionselect distinct port_proto as id, port_proto as title, 1 as depth, 'port_proto' as category, null as from_id, null as to_idfrom rulesunionselect distinct sg.security_group_id as id, name as title, 2 as depth, 'security_group' as category, null as from_id, null as to_idfrom alicloud_ecs_security_group sg inner join rules sgr on sg.security_group_id = sgr.security_group_idunionselect distinct arn as id, title as title, 3 as depth, title, security_group_id as from_id, null as to_idfrom associations -- Edges ---------unionselect null as id, null as title, null as depth, category, concat('src_', source) as from_id, port_proto as to_idfrom rulesunionselect null as id, null as title, null as depth, category, port_proto as from_id, security_group_id as to_idfrom rulesDashboards
The query is used in the dashboards: