Table: aws_wafv2_rule_group - Query AWS WAFv2 Rule Groups using SQL
The AWS WAFv2 Rule Groups is a feature of AWS Web Application Firewall (WAF) that allows you to encapsulate a set of rules that you can reuse across multiple web ACLs. It helps you manage similar set of rules across your AWS resources without having to recreate them individually. This aids in maintaining consistency in your security posture and simplifies the management of your WAF configurations.
Table Usage Guide
The aws_wafv2_rule_group
table in Steampipe allows you to query details related to rule groups in AWS WAFv2 (Web Application Firewall version 2). You can use this table to gather information such as the ARN, capacity, description, rules, visibility configuration, and more about each rule group. As a DevOps engineer or security professional, you can utilize this table to analyze and manage rule groups, monitor rule group capacity, review rule configurations, and ensure visibility settings are correctly configured. The schema outlines the various attributes of the rule group for you, including the ARN, capacity, description, rules, visibility configuration, and associated tags.
Examples
Basic info
This query allows you to gain insights into various rule groups within your AWS Web Application Firewall (WAF) version 2. It's useful for understanding the configuration and capacity of each rule group, as well as their associated regions, helping to manage and optimize your security settings.
select name, description, arn, id, scope, capacity, rules, regionfrom aws_wafv2_rule_group;
select name, description, arn, id, scope, capacity, rules, regionfrom aws_wafv2_rule_group;
List global (CloudFront) rule groups
Determine the areas in which global rule groups are applied within CloudFront. This is useful for assessing security measures and identifying potential vulnerabilities across your cloud-based content delivery network.
select name, description, arn, id, scope, capacity, regionfrom aws_wafv2_rule_groupwhere scope = 'CLOUDFRONT';
select name, description, arn, id, scope, capacity, regionfrom aws_wafv2_rule_groupwhere scope = 'CLOUDFRONT';
List rule groups with fewer than 5 web ACL capacity units (WCUs)
Determine the areas in which rule groups are operating with less than optimal web access control (WAC) capacity. This is useful for identifying potential vulnerabilities or inefficiencies in your system's security settings.
select name, description, arn, id, scope, capacity, regionfrom aws_wafv2_rule_groupwhere capacity < 5;
select name, description, arn, id, scope, capacity, regionfrom aws_wafv2_rule_groupwhere capacity < 5;
Schema for aws_wafv2_rule_group
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
arn | text | The Amazon Resource Name (ARN) of the entity. | |
capacity | bigint | The web ACL capacity units (WCUs) required for this rule group. | |
description | text | A description of the rule group that helps with identification. | |
id | text | = | A unique identifier for the rule group. |
lock_token | text | A token used for optimistic locking. | |
name | text | = | The name of the rule group. |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
region | text | The AWS Region in which the resource is located. | |
rules | jsonb | The Rule statements used to identify the web requests that you want to allow, block, or count. | |
scope | text | = | Specifies the scope of the rule group. Possible values are: 'REGIONAL' and 'CLOUDFRONT'. |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
tags | jsonb | A map of tags for the resource. | |
tags_src | jsonb | A list of tags associated with the resource. | |
title | text | Title of the resource. | |
visibility_config | jsonb | Defines and enables Amazon CloudWatch metrics and web request sample collection. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_wafv2_rule_group