steampipe plugin install aws

Table: aws_route53_resolver_rule - Query AWS Route 53 Resolver Rule using SQL

The AWS Route 53 Resolver Rule is a feature of Amazon Route 53, a highly available and scalable cloud Domain Name System (DNS) web service. It allows you to specify how DNS queries from your VPC are routed to your network. This rule can help to simplify DNS operations and enhance security by directing queries to your managed DNS service.

Table Usage Guide

The aws_route53_resolver_rule table in Steampipe provides you with information about DNS resolver rules within AWS Route 53. This table allows you, as a DevOps engineer, to query resolver rule-specific details, including rule action, domain name, rule type, and associated metadata. You can utilize this table to gather insights on resolver rules, such as rule configuration, rule status, and rule action. The schema outlines the various attributes of the resolver rule for you, including the rule ID, resolver endpoint ID, rule action, and associated tags.

Examples

Basic info

Explore which domain names are associated with specific resolver rules in AWS Route53. This can help identify areas where rules may need to be updated or shared differently for optimal network routing.

select
name,
domain_name owner_id,
resolver_endpoint_id,
rule_type,
share_status,
status
from
aws_route53_resolver_rule;
select
name,
domain_name as owner_id,
resolver_endpoint_id,
rule_type,
share_status,
status
from
aws_route53_resolver_rule;

List rules that are not associated with VPCs

Discover the segments that are not connected to any Virtual Private Networks (VPNs). This is useful for identifying potential security risks or unused resources within your network infrastructure.

select
name,
id,
arn,
resolver_rule_associations
from
aws_route53_resolver_rule
Where
resolver_rule_associations = '[]';
select
name,
id,
arn,
resolver_rule_associations
from
aws_route53_resolver_rule
Where
resolver_rule_associations = '[]';

List the IP addresses enabled for outbound DNS queries for each rule

Determine the areas in which specific rules allow outbound DNS queries by IP address. This can help assess the elements within your network security setup, providing insights into potential vulnerabilities or areas for optimization.

select
name,
p ->> 'Ip' as ip,
p ->> 'Port' as port
from
aws_route53_resolver_rule,
jsonb_array_elements(target_ips) as p;
select
name,
json_extract(p.value, '$.Ip') as ip,
json_extract(p.value, '$.Port') as port
from
aws_route53_resolver_rule,
json_each(target_ips) as p;

List resolver rules shared with another account

Identify instances where AWS Route53 resolver rules are shared with another account, in order to better manage and understand your shared resources.

select
name,
id,
share_status,
rule_type
from
aws_route53_resolver_rule
where
share_status = 'SHARED';
select
name,
id,
share_status,
rule_type
from
aws_route53_resolver_rule
where
share_status = 'SHARED';

Schema for aws_route53_resolver_rule

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntextThe ARN (Amazon Resource Name) for the Resolver rule specified by Id.
creation_timetextThe date and time that the Resolver rule was created, in Unix time format and Coordinated Universal Time (UTC).
creator_request_idtext=A unique string that you specified when you created the Resolver rule. CreatorRequestId identifies the request and allows failed requests to be retried without the risk of executing the operation twice.
domain_nametext=DNS queries for this domain name are forwarded to the IP addresses that are specified in TargetIps.
idtext=The ID that Resolver assigned to the Resolver rule when you created it.
modification_timetextThe date and time that the Resolver rule was last updated, in Unix time format and Coordinated Universal Time (UTC).
nametext=The name for the Resolver rule, which you specified when you created the Resolver rule.
owner_idtextWhen a rule is shared with another AWS account, the account ID of the account that the rule is shared with.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
resolver_endpoint_idtext=The ID of the endpoint that the rule is associated with.
resolver_rule_associationsjsonbThe associations that were created between Resolver rules and VPCs using the current AWS account, and that match the specified filters, if any.
rule_typetextWhen you want to forward DNS queries for specified domain name to resolvers on your network, specify FORWARD.When you have a forwarding rule to forward DNS queries for a domain to your network and you want Resolver to process queries for a subdomain of that domain, specify SYSTEM.
share_statustextIndicates whether the rules is shared and, if so, whether the current account is sharing the rule with another account, or another account is sharing the rule with the current account.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statustext=A code that specifies the current status of the Resolver rule.
status_messagetextA detailed description of the status of a Resolver rule.
tagsjsonbA map of tags for the resource.
tags_srcjsonbA list of tags assigned to the Resolver Rule.
target_ipsjsonbAn array that contains the IP addresses and ports that an outbound endpoint forwards DNS queries to. Typically, these are the IP addresses of DNS resolvers on your network. Specify IPv4 addresses. IPv6 is not supported.
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_route53_resolver_rule