steampipe plugin install aws

Table: aws_wafv2_rule_group - Query AWS WAFv2 Rule Groups using SQL

The AWS WAFv2 Rule Groups is a feature of AWS Web Application Firewall (WAF) that allows you to encapsulate a set of rules that you can reuse across multiple web ACLs. It helps you manage similar set of rules across your AWS resources without having to recreate them individually. This aids in maintaining consistency in your security posture and simplifies the management of your WAF configurations.

Table Usage Guide

The aws_wafv2_rule_group table in Steampipe allows you to query details related to rule groups in AWS WAFv2 (Web Application Firewall version 2). You can use this table to gather information such as the ARN, capacity, description, rules, visibility configuration, and more about each rule group. As a DevOps engineer or security professional, you can utilize this table to analyze and manage rule groups, monitor rule group capacity, review rule configurations, and ensure visibility settings are correctly configured. The schema outlines the various attributes of the rule group for you, including the ARN, capacity, description, rules, visibility configuration, and associated tags.

Examples

Basic info

This query allows you to gain insights into various rule groups within your AWS Web Application Firewall (WAF) version 2. It's useful for understanding the configuration and capacity of each rule group, as well as their associated regions, helping to manage and optimize your security settings.

select
name,
description,
arn,
id,
scope,
capacity,
rules,
region
from
aws_wafv2_rule_group;
select
name,
description,
arn,
id,
scope,
capacity,
rules,
region
from
aws_wafv2_rule_group;

List global (CloudFront) rule groups

Determine the areas in which global rule groups are applied within CloudFront. This is useful for assessing security measures and identifying potential vulnerabilities across your cloud-based content delivery network.

select
name,
description,
arn,
id,
scope,
capacity,
region
from
aws_wafv2_rule_group
where
scope = 'CLOUDFRONT';
select
name,
description,
arn,
id,
scope,
capacity,
region
from
aws_wafv2_rule_group
where
scope = 'CLOUDFRONT';

List rule groups with fewer than 5 web ACL capacity units (WCUs)

Determine the areas in which rule groups are operating with less than optimal web access control (WAC) capacity. This is useful for identifying potential vulnerabilities or inefficiencies in your system's security settings.

select
name,
description,
arn,
id,
scope,
capacity,
region
from
aws_wafv2_rule_group
where
capacity < 5;
select
name,
description,
arn,
id,
scope,
capacity,
region
from
aws_wafv2_rule_group
where
capacity < 5;

Schema for aws_wafv2_rule_group

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntextThe Amazon Resource Name (ARN) of the entity.
capacitybigintThe web ACL capacity units (WCUs) required for this rule group.
descriptiontextA description of the rule group that helps with identification.
idtext=A unique identifier for the rule group.
lock_tokentextA token used for optimistic locking.
nametext=The name of the rule group.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
rulesjsonbThe Rule statements used to identify the web requests that you want to allow, block, or count.
scopetext=Specifies the scope of the rule group. Possible values are: 'REGIONAL' and 'CLOUDFRONT'.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
tagsjsonbA map of tags for the resource.
tags_srcjsonbA list of tags associated with the resource.
titletextTitle of the resource.
visibility_configjsonbDefines and enables Amazon CloudWatch metrics and web request sample collection.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_wafv2_rule_group