v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Steampipe logo 
Hub
Plugins
turbot/aws
Overview
496Tables
Versions
PowerpipeMods
GitHub
steampipe plugin install aws

Table: aws_config_conformance_pack - Query AWS Config Conformance Packs using SQL

The AWS Config Conformance Pack is a collection of AWS Config rules and remediation actions that can be easily deployed as a single entity in an account and a region. These packs can be used to create a common baseline of security, compliance, or operational best practices across multiple accounts in your organization. AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.

Table Usage Guide

The aws_config_conformance_pack table in Steampipe provides you with information about AWS Config conformance packs within the AWS Config service. This table allows you, as a DevOps engineer, to query conformance pack-specific details, including pack names, delivery S3 bucket, and associated metadata. You can utilize this table to gather insights on conformance packs, such as pack ARN, creation time, last update requested time, input parameters, and more. The schema outlines the various attributes of the conformance pack for you, including the pack ARN, delivery S3 bucket, input parameters, and associated tags.

Examples

Basic info

Explore the general information about AWS Config Conformance Packs, such as who created them and when they were last updated. This can help understand the management and status of these resources in your AWS environment.

select
  name,
  conformance_pack_id,
  created_by,
  last_update_requested_time,
  title,
  akas
from
  aws_config_conformance_pack;
select
  name,
  conformance_pack_id,
  created_by,
  last_update_requested_time,
  title,
  akas
from
  aws_config_conformance_pack;

Get S3 bucket info for each conformance pack

Explore which conformance packs are associated with each S3 bucket. This can help streamline and improve the management of AWS configurations.

select
  name,
  conformance_pack_id,
  delivery_s3_bucket,
  delivery_s3_key_prefix
from
  aws_config_conformance_pack;
select
  name,
  conformance_pack_id,
  delivery_s3_bucket,
  delivery_s3_key_prefix
from
  aws_config_conformance_pack;

Get input parameter details of each conformance pack

Determine the settings of each conformance pack in your AWS Config service. This helps in understanding how each pack is configured and can assist in identifying any discrepancies or areas for optimization.

select
  name,
  inp ->> 'ParameterName' as parameter_name,
  inp ->> 'ParameterValue' as parameter_value,
  title,
  akas
from
  aws_config_conformance_pack,
  jsonb_array_elements(input_parameters) as inp;
select
  aws_config_conformance_pack.name,
  json_extract(inp.value, '$.ParameterName') as parameter_name,
  json_extract(inp.value, '$.ParameterValue') as parameter_value,
  title,
  akas
from
  aws_config_conformance_pack,
  json_each(input_parameters) as inp;

Schema for aws_config_conformance_pack

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntextAmazon Resource Name (ARN) of the conformance pack.
conformance_pack_idtextID of the conformance pack.
created_bytextAWS service that created the conformance pack.
delivery_s3_buckettextAmazon S3 bucket where AWS Config stores conformance pack templates.
delivery_s3_key_prefixtextThe prefix for the Amazon S3 delivery bucket.
input_parametersjsonbA list of ConformancePackInputParameter objects.
last_update_requested_timetimestamp with time zoneLast update to the conformance pack.
nametext=Name of the conformance pack.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
template_ssm_document_detailsjsonbAn object that contains the name or Amazon Resource Name (ARN) of the Amazon Web Services Systems Manager document (SSM document) and the version of the SSM document that is used to create a conformance pack.
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_config_conformance_pack