steampipe plugin install aws

Table: aws_accessanalyzer_finding - Query AWS Access Analyzer Findings using SQL

AWS Access Analyzer findings provide detailed information about potential security risks in your AWS environment. These findings are generated when Access Analyzer identifies resources that are shared with an external entity, highlighting potential unintended access. By analyzing the resource-based policies, Access Analyzer helps you understand how access to your resources is granted and suggests modifications to achieve desired access policies, enhancing your security posture.

Table Usage Guide

The aws_accessanalyzer_finding table in Steampipe allows you to query information related to findings from the AWS IAM Access Analyzer. This table is essential for security and compliance teams, enabling them to identify, analyze, and manage findings related to resource access policies. Through this table, users can access detailed information about each finding, including the actions involved, the condition that led to the finding, the resource and principal involved, and the finding's status. By leveraging this table, you can efficiently address security and compliance issues in your AWS environment.

Examples

Basic Info

Retrieve essential details of findings to understand potential access issues and their current status. This query helps in identifying the nature of each finding, the resources involved, and the actions recommended or taken to resolve these issues.

select
id,
access_analyzer_arn,
analyzed_at,
resource_type,
status,
is_public
from
aws_accessanalyzer_finding;
select
id,
analyzed_at,
resource_type,
status,
is_public
from
aws_accessanalyzer_finding;

Findings involving public access

Identify findings where resources are potentially exposed to public access. Highlighting such findings is critical for prioritizing issues that may lead to unauthorized access. This query helps in swiftly identifying and addressing potential vulnerabilities, ensuring that resources are adequately secured against public exposure.

select
id,
resource_type,
access_analyzer_arn,
status,
is_public
from
aws_accessanalyzer_finding
where
is_public = true;
select
id,
resource_type,
access_analyzer_arn,
status,
is_public
from
aws_accessanalyzer_finding
where
is_public = true;

Findings by resource type

Aggregate findings by resource type to focus remediation efforts on specific types of resources. This categorization helps in streamlining the security review process by allowing teams to prioritize resources based on their sensitivity and exposure.

select
resource_type,
count(*) as findings_count
from
aws_accessanalyzer_finding
group by
resource_type;
select
resource_type,
count(*) as findings_count
from
aws_accessanalyzer_finding
group by
resource_type;

Recent findings

Focus on findings that have been identified recently to address potentially new security risks. This query aids in maintaining an up-to-date security posture by ensuring that recent findings are promptly reviewed and addressed.

select
id,
resource,
status,
analyzed_at
from
aws_accessanalyzer_finding
where
analyzed_at > current_date - interval '30 days';
select
id,
resource,
status,
analyzed_at
from
aws_accessanalyzer_finding
where
analyzed_at > date('now', '-30 day');

Schema for aws_accessanalyzer_finding

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
access_analyzer_arntext=The Amazon Resource Name (ARN) of the analyzer that generated the finding.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
actionjsonbThe action in the analyzed policy statement that an external principal has permission to use.
analyzed_attimestamp with time zoneThe time at which the resource-based policy that generated the finding was analyzed.
conditionjsonbThe condition in the analyzed policy statement that resulted in a finding.
created_attimestamp with time zoneThe time at which the finding was created.
errortext=The error that resulted in an Error finding.
idtext=The ID of the finding.
is_publicboolean=Indicates whether the finding reports a resource that has a policy that allows public access.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
principaljsonbThe external principal that has access to a resource within the zone of trust.
regiontextThe AWS Region in which the resource is located.
resourcetext=The resource that the external principal has access to.
resource_owner_accounttext=The Amazon Web Services account ID that owns the resource.
resource_typetext=The type of the resource that the external principal has access to.
sourcesjsonbThe sources of the finding, indicating how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statustext=The status of the finding.
titletextTitle of the resource.
updated_attimestamp with time zoneThe time at which the finding was most recently updated.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_accessanalyzer_finding