Table: aws_wafregional_rule_group - Query AWS WAF Regional Rule Groups using SQL
The AWS WAF Regional Rule Groups are a feature of the AWS WAF service that allows you to categorize and manage similar rules. These groups are used to consolidate rules and simplify the process of adding multiple rules to a web ACL. Rule groups help in enhancing security by enabling you to specify which AWS resources are in scope for a rule, thereby restricting access and reducing potential threats.
Table Usage Guide
The aws_wafregional_rule_group
table in Steampipe provides you with information about rule groups within AWS WAF Regional. This table allows you, as a DevOps engineer, to query rule group-specific details, including the rule group ARN, associated rules, and metadata. You can utilize this table to gather insights on rule groups, such as the activated rules in each group, the metric names associated with each rule, and more. The schema outlines the various attributes of the rule group for you, including the rule group ID, name, ARN, metric name, and associated tags.
Examples
Basic info
Explore the configuration of AWS WAF regional rule groups to understand the security measures in place across different regions. This can be useful for auditing security protocols and identifying potential areas for improvement.
select name, arn, rule_group_id, metric_name, activated_rules, regionfrom aws_wafregional_rule_group;
select name, arn, rule_group_id, metric_name, activated_rules, regionfrom aws_wafregional_rule_group;
List rule groups with no associated rules
Determine the areas in your AWS security setup where rule groups lack associated rules, allowing you to identify potential vulnerabilities and improve your overall security posture.
select name, arn, rule_group_id, metric_name, activated_rulesfrom aws_wafregional_rule_groupwhere activated_rules is null or jsonb_array_length(activated_rules) = 0;
select name, arn, rule_group_id, metric_name, activated_rulesfrom aws_wafregional_rule_groupwhere activated_rules is null or json_array_length(activated_rules) = 0;
List details of rules associated with the rule group
Explore the specifics of rules linked to a particular rule group in AWS WAF Regional. This can help you understand the nature and function of each rule, aiding in security management and threat mitigation.
select name as rule_group_name, rule_group_id, a ->> 'RuleId' as rule_id, a -> 'Action' ->> 'Type' as rule_action_type, a ->> 'Type' as rule_typefrom aws_wafregional_rule_group, jsonb_array_elements(activated_rules) as a;
select name as rule_group_name, rule_group_id, json_extract(a.value, '$.RuleId') as rule_id, json_extract(json_extract(a.value, '$.Action'), '$.Type') as rule_action_type, json_extract(a.value, '$.Type') as rule_typefrom aws_wafregional_rule_group, json_each(activated_rules) as a;
Schema for aws_wafregional_rule_group
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
activated_rules | jsonb | A list of activated rules associated with the resource. | |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
arn | text | The Amazon Resource Name (ARN) of the entity. | |
metric_name | text | A friendly name or description for the metrics for this RuleGroup. | |
name | text | The name of the rule group. | |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
region | text | The AWS Region in which the resource is located. | |
rule_group_id | text | = | A unique identifier for the rule group. |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
tags | jsonb | A map of tags for the resource. | |
tags_src | jsonb | A list of tags associated with the resource. | |
title | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_wafregional_rule_group