v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Steampipe logo 
Hub
Plugins
turbot/aws
Overview
496Tables
Versions
PowerpipeMods
GitHub
steampipe plugin install aws

Table: aws_emr_block_public_access_configuration - Query AWS EMR Block Public Access Configuration using SQL

The AWS EMR Block Public Access Configuration is a security feature that helps protect your EMR resources from public accessibility. It allows you to control the inbound network connections to your Amazon EMR clusters, preventing unauthorized access. This configuration is crucial for ensuring the security and privacy of your data processing and analytical tasks on AWS EMR.

Table Usage Guide

The aws_emr_block_public_access_configuration table in Steampipe provides you with information about the block public access configurations for Amazon EMR clusters. This table allows you, as a DevOps engineer, to query configuration-specific details, including the block public access status, permitted public security group rules, and associated metadata. You can utilize this table to gather insights on configurations, such as the number of permitted public security group rules, the block public access status, and more. The schema outlines the various attributes of the block public access configuration for you, including the block public access status, the permitted public security group rules, and the metadata.

Examples

Basic info

Determine the areas in which public access to your AWS Elastic MapReduce (EMR) clusters is blocked, and gain insights into the security group rules and their creation dates. This can help enhance your understanding of the access control measures in place for your EMR resources.

select
  created_by_arn,
  block_public_security_group_rules,
  creation_date,
  classification,
  permitted_public_security_group_rule_ranges
from
  aws_emr_block_public_access_configuration
order by
  created_by_arn,
  creation_date;
select
  created_by_arn,
  block_public_security_group_rules,
  creation_date,
  classification,
  permitted_public_security_group_rule_ranges
from
  aws_emr_block_public_access_configuration
order by
  created_by_arn,
  creation_date;

List block public access configurations that block public security group rules

Identify configurations that are set to block public security group rules, allowing you to understand which elements in your AWS EMR block public access settings are preventing public access. This can be useful in strengthening your security measures and preventing unauthorized access.

select
  created_by_arn,
  creation_date
from
  aws_emr_block_public_access_configuration
where
  block_public_security_group_rules;
select
  created_by_arn,
  creation_date
from
  aws_emr_block_public_access_configuration
where
  block_public_security_group_rules = 1;

List permitted public security group rule maximum and minimum port ranges

Discover the segments that have the maximum and minimum port ranges allowed by public security group rules. This can be useful for understanding your security setup and identifying potential vulnerabilities.

select
  created_by_arn,
  creation_date,
  rules ->> 'MaxRange' as max_range,
  rules ->> 'MinRange' as min_range
from
  aws_emr_block_public_access_configuration
  cross join jsonb_array_elements(permitted_public_security_group_rule_ranges) as rules;
select
  created_by_arn,
  creation_date,
  json_extract(rules.value, '$.MaxRange') as max_range,
  json_extract(rules.value, '$.MinRange') as min_range
from
  aws_emr_block_public_access_configuration,
  json_each(permitted_public_security_group_rule_ranges) as rules;

List block public access configurations created in last 90 days

Explore the recent configurations that block public access, specifically those set up within the last 90 days. This can help maintain security by ensuring that public access restrictions are up-to-date and relevant.

select
  created_by_arn,
  creation_date
from
  aws_emr_block_public_access_configuration
where
  date_part('day', now() - creation_date) < 90;
select
  created_by_arn,
  creation_date
from
  aws_emr_block_public_access_configuration
where
  julianday('now') - julianday(creation_date) < 90;

Control examples

Schema for aws_emr_block_public_access_configuration

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
block_public_security_group_rulesbooleanIndicates whether Amazon EMR block public access is enabled (true) or disabled (false).
classificationtextThe classification within a configuration.
created_by_arntextThe Amazon Resource Name that created or last modified the configuration.
creation_datetimestamp with time zoneThe date and time that the configuration was created.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
permitted_public_security_group_rule_rangesjsonbSpecifies ports and port ranges that are permitted to have security group rules that allow inbound traffic from all public sources.
regiontextThe AWS Region in which the resource is located.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_emr_block_public_access_configuration