v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Steampipe logo 
Hub
Plugins
turbot/aws
Overview
496Tables
Versions
PowerpipeMods
GitHub
steampipe plugin install aws

Table: aws_waf_rule - Query AWS WAF Rule using SQL

The AWS WAF Rule is a component of AWS Web Application Firewall (WAF) service. It allows you to protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules.

Table Usage Guide

The aws_waf_rule table in Steampipe provides you with information about AWS WAF rules. These rules are used to block common web-based attacks. This table allows you, as a security professional or developer, to query rule-specific details, including the rule action (block, allow, or count), the predicates that make up the rule, and associated metadata. You can utilize this table to gather insights on rules, such as rules that are currently in effect, the conditions under which a rule is triggered, and more. The schema outlines the various attributes of the WAF rule for you, including the rule ID, type, metric name, and associated tags.

Examples

Basic info

This query allows you to analyze the rules associated with your AWS Web Application Firewall (WAF). It helps in understanding the effectiveness of your security measures by identifying the specific rules and metrics applied.

select
  name,
  rule_id,
  metric_name
from
  aws_waf_rule;
select
  name,
  rule_id,
  metric_name
from
  aws_waf_rule;

Get predicate details for each rule

Explore the specifics of each rule within AWS WAF, including whether the rule is negated and its type. This information can be useful for assessing the configuration and effectiveness of your web application firewall rules.

select
  name,
  rule_id,
  p ->> 'DataId' as data_id,
  p ->> 'Negated' as negated,
  p ->> 'Type' as type
from
  aws_waf_rule,
  jsonb_array_elements(predicates) as p;
select
  name,
  rule_id,
  json_extract(p.value, '$.DataId') as data_id,
  json_extract(p.value, '$.Negated') as negated,
  json_extract(p.value, '$.Type') as type
from
  aws_waf_rule,
  json_each(predicates) as p;

Control examples

Schema for aws_waf_rule

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
metric_nametextThe name of the metric for the Rule.
nametextThe name for the rule.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
predicatesjsonbThe Predicates object contains one Predicate element for each ByteMatchSet,IPSet, or SqlInjectionMatchSet object that you want to include in a Rule.
regiontextThe AWS Region in which the resource is located.
rule_idtext=The ID of the Rule.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
tagsjsonbA map of tags for the resource.
tags_srcjsonbA list of tags assigned to the Rule.
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_waf_rule