Table: aws_networkfirewall_firewall_policy
An AWS Network Firewall Policy defines the behavior of a firewall in a particular stateless or stateful rule group. It sets the actions that are taken on a packet when it matches the rule criteria. The policy can be tailored to fit any network security needs, offering granular control over the traffic passing through the firewall.
Examples
Basic info
Explore the status and regional distribution of your AWS Network Firewall policies. This allows you to understand the overall security posture and manage resources effectively across various regions.
select arn, name, description, firewall_policy_status, region, tagsfrom aws_networkfirewall_firewall_policy;
select arn, name, description, firewall_policy_status, region, tagsfrom aws_networkfirewall_firewall_policy;
List policies using default encryption
Determine the areas in your AWS network firewall policies where the default encryption is being used. This is useful for assessing your network's security measures and identifying any potential areas for improvement.
select arn, name, description, firewall_policy_status, encryption_configurationfrom aws_networkfirewall_firewall_policywhere encryption_configuration ->> 'Type' = ` aws_OWNED_KMS_KEY ';
select arn, name, description, firewall_policy_status, encryption_configurationfrom aws_networkfirewall_firewall_policywhere json_extract(encryption_configuration, '$.Type') = 'aws_OWNED_KMS_KEY';
List inactive policies
Identify instances where certain firewall policies within your AWS Network Firewall are not active. This can help in assessing the security posture of your network and ensure that all necessary policies are in effect.
select arn, name, description, firewall_policy_status, region, tagsfrom aws_networkfirewall_firewall_policywhere firewall_policy_status != 'ACTIVE';
select arn, name, description, firewall_policy_status, region, tagsfrom aws_networkfirewall_firewall_policywhere firewall_policy_status != 'ACTIVE';
Get policy's default stateful actions and rule group details
Determine the default actions and rule group details of a policy within a network firewall. This can be useful in understanding the policy's behavior and configuration, which is crucial for managing network security.
select arn, name as firewall_policy_name, firewall_policy_status, firewall_policy -> 'StatefulDefaultActions' as stateful_default_actions, firewall_policy -> 'StatefulRuleGroupReferences' as stateful_rule_group_referencesfrom aws_networkfirewall_firewall_policy;
select arn, name as firewall_policy_name, firewall_policy_status, json_extract(firewall_policy, '$.StatefulDefaultActions') as stateful_default_actions, json_extract(firewall_policy, '$.StatefulRuleGroupReferences') as stateful_rule_group_referencesfrom aws_networkfirewall_firewall_policy;
Get policy's default stateless actions and rule group details for full packets
Explore the default actions and rule group details for full packets in a policy to better understand the firewall's configuration and status. This can help in assessing the security measures in place and identifying areas for improvement.
select arn, name as firewall_policy_name, firewall_policy_status, firewall_policy -> 'StatelessDefaultActions' as stateless_default_actions, firewall_policy -> 'StatelessRuleGroupReferences' as stateless_rule_group_referencesfrom aws_networkfirewall_firewall_policy;
select arn, name as firewall_policy_name, firewall_policy_status, json_extract(firewall_policy, '$.StatelessDefaultActions') as stateless_default_actions, json_extract(firewall_policy, '$.StatelessRuleGroupReferences') as stateless_rule_group_referencesfrom aws_networkfirewall_firewall_policy;
Get policy's default stateless actions and rule group details for fragmented packets
This query allows you to examine the default actions and rule group details for fragmented packets within a firewall policy. It's particularly useful for understanding your network firewall's behavior and configuration when handling fragmented packets.
select arn, name as firewall_policy_name, firewall_policy_status, firewall_policy -> 'StatelessFragmentDefaultActions' as stateless_default_actions, firewall_policy -> 'StatelessRuleGroupReferences' as stateless_rule_group_referencesfrom aws_networkfirewall_firewall_policy;
select arn, name as firewall_policy_name, firewall_policy_status, json_extract( firewall_policy, '$.StatelessFragmentDefaultActions' ) as stateless_default_actions, json_extract(firewall_policy, '$.StatelessRuleGroupReferences') as stateless_rule_group_referencesfrom aws_networkfirewall_firewall_policy;
Get policy's custom stateless actions
This query is useful for understanding the custom actions associated with your network firewall policies in AWS. It allows you to assess the stateless actions configured and their definitions, enabling you to manage your security measures more effectively.
select arn, name as firewall_policy_name, firewall_policy_status, firewall_policy -> 'StatelessRuleGroupReferences' ->> 'ActionName' as custom_action_name, firewall_policy -> 'StatelessRuleGroupReferences' ->> 'ActionDefinition' as custom_action_definitionfrom aws_networkfirewall_firewall_policy;
select arn, name as firewall_policy_name, firewall_policy_status, json_extract( firewall_policy, '$.StatelessRuleGroupReferences.ActionName' ) as custom_action_name, json_extract( firewall_policy, '$.StatelessRuleGroupReferences.ActionDefinition' ) as custom_action_definitionfrom aws_networkfirewall_firewall_policy;
Schema for aws_networkfirewall_firewall_policy
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
arn | text | = | The Amazon Resource Name (ARN) of the rule group. |
consumed_stateful_rule_capacity | bigint | The number of capacity units currently consumed by the policy's stateful rules. | |
consumed_stateless_rule_capacity | bigint | The number of capacity units currently consumed by the policy's stateless rules. | |
description | text | A description of the firewall policy. | |
encryption_configuration | jsonb | A complex type that contains the Amazon Web Services KMS encryption configuration settings for your firewall policy. | |
firewall_policy | jsonb | The policy for the specified firewall policy. | |
firewall_policy_id | text | The unique identifier for the firewall policy. | |
firewall_policy_status | text | The current status of the firewall policy. | |
last_modified_time | timestamp with time zone | The last time that the firewall policy was changed. | |
name | text | = | The descriptive name of the rule group. |
number_of_associations | bigint | The number of firewall policies that use this rule group. | |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
region | text | The AWS Region in which the resource is located. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
tags | jsonb | A map of tags for the resource. | |
tags_src | jsonb | A list of tags assigned to the resource. | |
title | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_networkfirewall_firewall_policy