Table: aws_accessanalyzer_finding - Query AWS Access Analyzer Findings using SQL
AWS Access Analyzer findings provide detailed information about potential security risks in your AWS environment. These findings are generated when Access Analyzer identifies resources that are shared with an external entity, highlighting potential unintended access. By analyzing the resource-based policies, Access Analyzer helps you understand how access to your resources is granted and suggests modifications to achieve desired access policies, enhancing your security posture.
Table Usage Guide
The aws_accessanalyzer_finding
table in Steampipe allows you to query information related to findings from the AWS IAM Access Analyzer. This table is essential for security and compliance teams, enabling them to identify, analyze, and manage findings related to resource access policies. Through this table, users can access detailed information about each finding, including the actions involved, the condition that led to the finding, the resource and principal involved, and the finding's status. By leveraging this table, you can efficiently address security and compliance issues in your AWS environment.
Examples
Basic Info
Retrieve essential details of findings to understand potential access issues and their current status. This query helps in identifying the nature of each finding, the resources involved, and the actions recommended or taken to resolve these issues.
select id, access_analyzer_arn, analyzed_at, resource_type, status, is_publicfrom aws_accessanalyzer_finding;
select id, analyzed_at, resource_type, status, is_publicfrom aws_accessanalyzer_finding;
Findings involving public access
Identify findings where resources are potentially exposed to public access. Highlighting such findings is critical for prioritizing issues that may lead to unauthorized access. This query helps in swiftly identifying and addressing potential vulnerabilities, ensuring that resources are adequately secured against public exposure.
select id, resource_type, access_analyzer_arn, status, is_publicfrom aws_accessanalyzer_findingwhere is_public = true;
select id, resource_type, access_analyzer_arn, status, is_publicfrom aws_accessanalyzer_findingwhere is_public = true;
Findings by resource type
Aggregate findings by resource type to focus remediation efforts on specific types of resources. This categorization helps in streamlining the security review process by allowing teams to prioritize resources based on their sensitivity and exposure.
select resource_type, count(*) as findings_countfrom aws_accessanalyzer_findinggroup by resource_type;
select resource_type, count(*) as findings_countfrom aws_accessanalyzer_findinggroup by resource_type;
Recent findings
Focus on findings that have been identified recently to address potentially new security risks. This query aids in maintaining an up-to-date security posture by ensuring that recent findings are promptly reviewed and addressed.
select id, resource, status, analyzed_atfrom aws_accessanalyzer_findingwhere analyzed_at > current_date - interval '30 days';
select id, resource, status, analyzed_atfrom aws_accessanalyzer_findingwhere analyzed_at > date('now', '-30 day');
Schema for aws_accessanalyzer_finding
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
access_analyzer_arn | text | = | The Amazon Resource Name (ARN) of the analyzer that generated the finding. |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
action | jsonb | The action in the analyzed policy statement that an external principal has permission to use. | |
analyzed_at | timestamp with time zone | The time at which the resource-based policy that generated the finding was analyzed. | |
condition | jsonb | The condition in the analyzed policy statement that resulted in a finding. | |
created_at | timestamp with time zone | The time at which the finding was created. | |
error | text | = | The error that resulted in an Error finding. |
id | text | = | The ID of the finding. |
is_public | boolean | = | Indicates whether the finding reports a resource that has a policy that allows public access. |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
principal | jsonb | The external principal that has access to a resource within the zone of trust. | |
region | text | The AWS Region in which the resource is located. | |
resource | text | = | The resource that the external principal has access to. |
resource_owner_account | text | = | The Amazon Web Services account ID that owns the resource. |
resource_type | text | = | The type of the resource that the external principal has access to. |
sources | jsonb | The sources of the finding, indicating how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
status | text | = | The status of the finding. |
title | text | Title of the resource. | |
updated_at | timestamp with time zone | The time at which the finding was most recently updated. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_accessanalyzer_finding