steampipe plugin install awssteampipe plugin install aws

Table: aws_fms_app_list - Query AWS Firewall Manager Applications using SQL

The AWS Firewall Manager Applications is a resource that enables you to centrally manage and deploy AWS WAF rules across your AWS accounts and applications. This service allows you to set up firewall rules once and apply them across your entire infrastructure. It helps to maintain a consistent security posture, even as new resources and accounts are added.

Table Usage Guide

The aws_fms_app_list table in Steampipe provides you with information about applications within AWS Firewall Manager (FMS). This table allows you, as a DevOps engineer, to query application-specific details, including application ID, protocol, source and destination IP ranges, and source and destination ports. You can utilize this table to gather insights on applications, such as their associated protocols, IP ranges, and ports. The schema outlines the various attributes of the application for you, including the application ARN, creation date, attached policies, and associated tags.

Examples

Basic info

Explore the creation times of various applications in AWS Firewall Manager to understand their longevity and potential security implications. This can be particularly useful for auditing purposes or identifying outdated applications that may pose a security risk.

select
  list_name,
  list_id,
  arn,
  create_time
from
  aws_fms_app_list;

select
  list_name,
  list_id,
  arn,
  create_time
from
  aws_fms_app_list;

List of apps created in last 30 days

Discover the segments that have newly created apps within the past month. This can help in tracking recent additions and managing app inventory effectively.

select
  list_name,
  list_id,
  arn,
  create_time
from
  aws_fms_app_list
where
  create_time >= now() - interval '30' day;

select
  list_name,
  list_id,
  arn,
  create_time
from
  aws_fms_app_list
where
  create_time >= datetime('now', '-30 day');

Get application details of each app list

This query is used to gain insights into the applications within each list, including their names and network settings. This could be useful for understanding the structure and organization of your applications, particularly in terms of their network configurations.

select
  list_name,
  list_id,
  a ->> 'AppName' as app_name,
  a ->> 'Port' as port,
  a ->> 'Protocol' as protocol
from
  aws_fms_app_list,
  jsonb_array_elements(apps_list -> 'AppsList') as a;

select
  list_name,
  list_id,
  json_extract(a.value, '$.AppName') as app_name,
  json_extract(a.value, '$.Port') as port,
  json_extract(a.value, '$.Protocol') as protocol
from
  aws_fms_app_list
  join json_each(aws_fms_app_list.apps_list, '$.AppsList') as a;

Schema for aws_fms_app_list

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
account_id	text	=, !=, ~~, ~~, !~~, !~~	The AWS Account ID in which the resource is located.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
apps_list	jsonb		An array of applications in the Firewall Manager applications list.
arn	text		The Amazon Resource Name (ARN) of the applications list.
create_time	timestamp with time zone		The time that the Firewall Manager applications list was created.
last_update_time	timestamp with time zone		The time that the Firewall Manager applications list was last updated.
list_id	text	=	The ID of the applications list.
list_name	text		The name of the applications list.
list_update_token	text		A unique identifier for each update to the list. When you update the list, the update token must match the token of the current version of the application list.
partition	text		The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
previous_apps_list	jsonb		A map of previous version numbers to their corresponding App object arrays.
region	text		The AWS Region in which the resource is located.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
title	text		Title of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_fms_app_list