Table: aws_shield_protection_group - Query AWS Shield Advanced Protection Groups using SQL

AWS Shield Advanced Protection Groups are logical collections of your Shield Advanced protected resources. AWS Shield Advanced protection groups give you a self-service way to customize the scope of detection and mitigation by treating multiple protected resources as a single unit. Protection groups can, for example, help reduce false positives in situations such as blue/green swap, where resources alternate between being near zero load and fully loaded.

Table Usage Guide

The aws_shield_protection table in Steampipe allows you to query AWS Shield Advanced Protection Groups and retrieve information like the resources included in the group or the aggregation method used for the group. For more information about the individual columns and their values, please refer to the official AWS documentation.

Examples

Basic info

select
  protection_group_id,
  aggregation,
  pattern,
  resource_type
from
  aws_shield_protection_group;

select
  protection_group_id,
  aggregation,
  pattern,
  resource_type
from
  aws_shield_protection_group;

List all members of protection groups with the pattern `ARBITRARY`

select
  protection_group_id,
  member
from
  aws_shield_protection_group,
  jsonb_array_elements_text(members) as member
where
  pattern = 'ARBITRARY'
order by
  protection_group_id;

select
  protection_group_id,
  member
from
  aws_shield_protection_group,
  json_each(members) as member
where
  pattern = 'ARBITRARY'
order by
  protection_group_id;

Schema for aws_shield_protection_group

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
account_id	text	=, !=, ~~, ~~, !~~, !~~	The AWS Account ID in which the resource is located.
aggregation	text	=	Defines how Shield combines resource data for the group in order to detect, mitigate, and report events.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
arn	text		The ARN (Amazon Resource Name) of the protection group.
members	jsonb		The ARNs (Amazon Resource Names) of the resources that are included in the protection group.
partition	text		The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
pattern	text	=	The criteria to use to choose the protected resources for inclusion in the group.
protection_group_id	text	=	The name of the protection group.
region	text		The AWS Region in which the resource is located.
resource_type	text	=	The resource type to include in the protection group. All protected resources of this type are included in the protection group.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
tags	jsonb		A map of tags for the resource.
tags_src	jsonb		The list of tags associated with the protection group.
title	text		Title of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_shield_protection_group