steampipe plugin install awscfn

Table: awscfn_output - Query AWS CloudFormation Outputs using SQL

AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so you can spend less time managing those resources and more time focusing on your applications that run in AWS. Outputs in AWS CloudFormation provide a way to output values from a stack and make them easily accessible. They can be used to import and export values between different stacks, and can be used to manage and organize resources in your AWS environment.

The Outputs section declares output values that you can import into other stacks (to create cross-stack references), return in response (to describe stack calls), or view on the AWS CloudFormation console. For example, you can output the S3 bucket name for a stack to make the bucket easier to find.

Table Usage Guide

The awscfn_output table provides insights into the outputs of AWS CloudFormation Stacks. As a DevOps engineer or Cloud Architect, you can explore output-specific details through this table, including stack names, output keys, and output values. This can be particularly useful for managing and organizing your AWS resources, as well as for troubleshooting and optimizing your AWS environment.

Examples

Basic info

Explore the key details of your AWS CloudFormation stack outputs. This query allows you to gain insights into the output values and their associated descriptions and paths, which can be beneficial in understanding your stack's configuration and performance.

select
name,
description,
value,
path
from
awscfn_output;
select
name,
description,
value,
path
from
awscfn_output;

List outputs that return an EC2 instance public DNS name

Explore which CloudFormation outputs provide public DNS names for EC2 instances. This can be useful for identifying resources that are potentially exposed to the internet.

select
name,
value,
description,
path
from
awscfn_output
where
value like '%Fn::GetAtt:%PublicDnsName%';
select
name,
value,
description,
path
from
awscfn_output
where
value like '%Fn::GetAtt:%PublicDnsName%';

List outputs that show sensitive parameter values

Identify the areas in your AWS CloudFormation outputs that may be exposing sensitive parameter values. This can be useful in enhancing security by pinpointing potential areas of data leakage.

with output_table as (
select
name,
description,
split_part(
substring(
value
from
'\w*Ref:*\w*'
),
':',
2
) as parameter_reference,
path
from
awscfn_output
where
value like '%Ref:%'
)
select
o.name,
o.description,
o.path
from
output_table as o
left join awscfn_parameter as p on p.name = o.parameter_reference
and o.path = p.path
where
p.no_echo;
Error: SQLite does not support split_part
and substring functions.

Schema for awscfn_output

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
descriptiontextA String type that describes the output value. The value for the description declaration must be a literal string that's between 0 and 1024 bytes in length. You can't use a parameter or function to specify the description. The description can be a maximum of 4 K in length.
exportjsonbThe name of the resource output to be exported for a cross-stack reference.
nametextAn identifier for the current output.
pathtext=Path to the file.
start_linebigintStarting line number.
valuetextThe value of the property returned by the aws cloudformation describe-stacks command. The value of an output can include literals, parameter references, pseudo-parameters, a mapping value, or intrinsic functions.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- awscfn

You can pass the configuration to the command with the --config argument:

steampipe_export_awscfn --config '<your_config>' awscfn_output