Table: awscfn_parameter - Query AWS CloudFormation Parameters using SQL

AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so you can spend less time managing those resources and more time focusing on your applications that run in AWS. You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and AWS CloudFormation takes care of provisioning and configuring those resources for you. You don't need to individually create and configure AWS resources and figure out what's dependent on what; AWS CloudFormation handles all of that.

Table Usage Guide

The awscfn_parameter table provides insights into the parameters used in the AWS CloudFormation service. As a Cloud Engineer or DevOps professional, you can explore parameter-specific details through this table, including default values, descriptions, and types. Utilize it to understand the configuration and dependencies of your AWS resources, and to ensure that the parameters used in your AWS CloudFormation templates are correctly configured and secure.

Examples

Basic info

Discover the segments that utilize different AWS CloudFormation parameters, such as their names and types, to gain insights into their default values and the path where they're stored. This is useful in understanding the configuration and usage of different parameters within your AWS CloudFormation service.

select
  name,
  type,
  default_value,
  path
from
  awscfn_parameter;

select
  name,
  type,
  default_value,
  path
from
  awscfn_parameter;

List S3 buckets with BucketName properties that reference a parameter

Determine the areas in which S3 bucket properties are referencing a parameter. This can be useful in managing and organizing your AWS resources, by allowing you to identify any dependencies or links between your S3 buckets and other AWS parameters. For instance, if a CloudFormation template is defined as:

Parameters:
  WebBucketName:
    Type: String
    Default: 'TestWebBucket'
Resources:
  DevBucket:
    Type: "AWS::S3::Bucket"
    Condition: CreateDevBucket
    Properties:
      AccessControl: PublicRead
      BucketName: !Ref WebBucketName
      WebsiteConfiguration:
        IndexDocument: index.html

select
  r.name as resource_name,
  r.type as resource_type,
  r.properties_src ->> 'BucketName' as bucket_name_src,
  p.default_value as bucket_name
from
  awscfn_resource as r,
  awscfn_parameter as p
where
  p.name = properties_src -> 'BucketName' ->> 'Ref'
  and r.type = 'AWS::S3::Bucket';

select
  r.name as resource_name,
  r.type as resource_type,
  json_extract(r.properties_src, '$.BucketName') as bucket_name_src,
  p.default_value as bucket_name
from
  awscfn_resource as r,
  awscfn_parameter as p
where
  p.name = json_extract(
    json_extract(r.properties_src, '$.BucketName'),
    '$.Ref'
  )
  and r.type = 'AWS::S3::Bucket';

+---------------+-----------------+--------------------------+----------------+
| resource_name | resource_type   | bucket_name_src          | bucket_name    |
+---------------+-----------------+--------------------------+----------------+
| DevBucket     | AWS::S3::Bucket | {"Ref": "WebBucketName"} | TestWebBucket  |
+---------------+-----------------+--------------------------+----------------+

List parameters with no default value configured

Determine the areas in which parameters are lacking a default setting. This is useful to identify potential areas of concern or oversight in your configuration.

select
  name,
  type,
  description,
  path
from
  awscfn_parameter
where
  default_value is null;

select
  name,
  type,
  description,
  path
from
  awscfn_parameter
where
  default_value is null;

Schema for awscfn_parameter

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form, e.g. connection_name.
allowed_pattern	text		A regular expression that represents the patterns to allow for String types. The pattern must match the entire parameter value provided.
allowed_values	jsonb		An array containing the list of values allowed for the parameter.
constraint_description	text		A string that explains a constraint when the constraint is violated.
default_value	text		A value of the appropriate type for the template to use if no value is specified when a stack is created. If you define constraints for the parameter, you must specify a value that adheres to those constraints.
description	text		A string of up to 4000 characters that describes the parameter.
max_length	bigint		An integer value that determines the largest number of characters you want to allow for String types.
max_value	bigint		A numeric value that determines the largest numeric value you want to allow for Number types.
min_length	bigint		An integer value that determines the smallest number of characters you want to allow for String types.
min_value	bigint		A numeric value that determines the smallest numeric value you want to allow for Number types.
name	text		Parameter name.
no_echo	boolean		Indicates whether to mask the parameter value to prevent it from being displayed in the console, command line tools, or API. If you set the NoEcho attribute to true, CloudFormation returns the parameter value masked as asterisks (*****) for any calls that describe the stack or stack events, except for information stored in the locations specified below.
path	text	=	Path to the file.
start_line	bigint		Starting line number.
type	text		The data type for the parameter.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- awscfn

You can pass the configuration to the command with the --config argument:

steampipe_export_awscfn --config '<your_config>' awscfn_parameter