Table: aws_ec2_load_balancer_listener_rule - Query AWS EC2 Load Balancer Listener Rules using SQL

AWS Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as EC2 instances. The listener rules determine how traffic is routed based on conditions specified by the user. The aws_ec2_load_balancer_listener_rule table in Steampipe allows you to query information about these listener rules, including their actions, conditions, priorities, and more.

Table Usage Guide

The aws_ec2_load_balancer_listener_rule table enables cloud administrators and DevOps engineers to gather detailed insights into their load balancer listener rules. You can query various aspects of the rules, such as their actions, conditions, priorities, and associated listeners. This table is particularly useful for monitoring traffic routing, ensuring compliance with traffic rules, and managing load balancer configurations.

Important Notes

You must specify arn or listener_arn in a where clause in order to use this table.

Examples

Basic info

Retrieve basic information about your AWS EC2 Load Balancer Listener Rules, including their ARN, priority, and associated listener.

select
  arn,
  listener_arn,
  priority,
  is_default,
  region
from
  aws_ec2_load_balancer_listener_rule
where
  arn = 'arn:aws:elasticloadbalancing:us-east-1:123456789098:listener-rule/app/test53333/f7cc8cdc44ff910b/c9418b57592205f0/a8fe6d8842838dfa';

select
  arn,
  listener_arn,
  priority,
  is_default,
  region
from
  aws_ec2_load_balancer_listener_rule
where
  arn = 'arn:aws:elasticloadbalancing:us-east-1:123456789098:listener-rule/app/test53333/f7cc8cdc44ff910b/c9418b57592205f0/a8fe6d8842838dfa';

List rules for a specific listener

Fetch all the rules associated with a specific listener by providing the listener ARN.

select
  arn,
  priority,
  is_default,
  actions,
  conditions
from
  aws_ec2_load_balancer_listener_rule
where
  listener_arn = 'arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/70d7923f8398b272';

select
  arn,
  priority,
  is_default,
  actions,
  conditions
from
  aws_ec2_load_balancer_listener_rule
where
  listener_arn = 'arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/70d7923f8398b272';

Get rule action details

Retrieve rules action details.

select
  arn,
  a ->> 'Type' as action_type,
  a ->> 'Order' as action_order,
  a ->> 'TargetGroupArn' as target_group_arn,
  a -> 'RedirectConfig' as redirect_config,
  a -> 'ForwardConfig' as forward_config,
  a -> 'FixedResponseConfig' as fixed_response_config,
  a -> 'AuthenticateOidcConfig' as authenticate_oidc_config,
  a -> 'AuthenticateCognitoConfig' as authenticate_cognito_config
from
  aws_ec2_load_balancer_listener_rule,
  jsonb_array_elements(actions) as a
where
  listener_arn = 'arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/70d7923f8398b272';

select
  arn,
  json_extract(a.value, '$.Type') as action_type,
  json_extract(a.value, '$.Order') as action_order,
  json_extract(a.value, '$.TargetGroupArn') as target_group_arn,
  json_extract(a.value, '$.RedirectConfig') as redirect_config,
  json_extract(a.value, '$.ForwardConfig') as forward_config,
  json_extract(a.value, '$.FixedResponseConfig') as fixed_response_config,
  json_extract(a.value, '$.AuthenticateOidcConfig') as authenticate_oidc_config,
  json_extract(a.value, '$.AuthenticateCognitoConfig') as authenticate_cognito_config
from
  aws_ec2_load_balancer_listener_rule,
  json_each(actions) as a
where
  listener_arn = 'arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/70d7923f8398b272';

List default listener rules

Identify the listener rules that are set as the default rule for a listener.

select
  arn,
  listener_arn,
  priority
from
  aws_ec2_load_balancer_listener_rule
where
  listener_arn = 'arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/70d7923f8398b272'
  and is_default = true;

select
  arn,
  listener_arn,
  priority
from
  aws_ec2_load_balancer_listener_rule
where
  listener_arn = 'arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/70d7923f8398b272'
  and is_default = 1;

Get all rules for listeners

Retrieve detailed information about the rules associated with AWS EC2 load balancer listeners.

select
  r.arn,
  r.listener_arn,
  l.load_balancer_arn,
  l.protocol as listener_protocol,
  l.ssl_policy,
  r.priority,
  r.is_default,
  r.actions,
  r.conditions
from
  aws_ec2_load_balancer_listener_rule as r
  join aws_ec2_load_balancer_listener as l on r.listener_arn = l.arn;

select
  r.arn,
  r.listener_arn,
  l.load_balancer_arn,
  l.protocol as listener_protocol,
  l.ssl_policy,
  r.priority,
  r.is_default,
  r.actions,
  r.conditions
from
  aws_ec2_load_balancer_listener_rule as r
  join aws_ec2_load_balancer_listener as l on r.listener_arn = l.arn;

Get listener rules for application load balancers

Retrieve detailed information about the rules associated with AWS EC2 Application load balancer listeners.

select
  r.arn,
  r.listener_arn,
  l.load_balancer_arn,
  l.protocol as listener_protocol,
  l.ssl_policy,
  a.canonical_hosted_zone_id,
  a.dns_name,
  a.ip_address_type,
  r.priority,
  r.is_default,
  r.actions,
  r.conditions
from
  aws_ec2_load_balancer_listener_rule as r
  join aws_ec2_load_balancer_listener as l on r.listener_arn = l.arn
  join aws_ec2_application_load_balancer as a on l.load_balancer_arn = a.arn;

select
  r.arn,
  r.listener_arn,
  l.load_balancer_arn,
  l.protocol as listener_protocol,
  l.ssl_policy,
  a.canonical_hosted_zone_id,
  a.dns_name,
  a.ip_address_type,
  r.priority,
  r.is_default,
  r.actions,
  r.conditions
from
  aws_ec2_load_balancer_listener_rule as r
  join aws_ec2_load_balancer_listener as l on r.listener_arn = l.arn
  join aws_ec2_application_load_balancer as a on l.load_balancer_arn = a.arn;

Schema for aws_ec2_load_balancer_listener_rule

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
account_id	text	=, !=, ~~, ~~, !~~, !~~	The AWS Account ID in which the resource is located.
actions	jsonb		The actions. Each rule must include exactly one of the following types of actions: forward , redirect , or fixed-response , and it must be the last action to be performed.
arn	text	=	The Amazon Resource Name (ARN) of the rule.
conditions	jsonb		The conditions. Each rule can include zero or one of the following conditions: http-request-method , host-header , path-pattern , and source-ip , and zero or more of the following conditions: http-header and query-string.
is_default	boolean		Indicates whether this is the default rule.
listener_arn	text	=	The Amazon Resource Name (ARN) of the listener.
partition	text		The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
priority	text		The priority of the rule.
region	text		The AWS Region in which the resource is located.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_ec2_load_balancer_listener_rule