Daily Hack #day74 - SQL in AWS Config

PublishedJune 16, 2024

•1 min read

Daily Hack #day74 - SQL in AWS Config

Part of seriesDaily Hacks

AWS Config allows you to view all your cloud resources at a glance, track how their configuration changes over time, and establish configuration rules that automatically check whether your services match the desired configuration settings. Any violation of the rules you defined will trigger an alert informing you about non-compliant resources.

But AWS Config is not only a great resource to enforce compliance. It also gives you an overview of all resources in your AWS account. One of the most impressive features that I’ve recently encountered on AWS is the SQL query editor within the AWS Config. It allows you to easily group your resources by service or filter for only resources from a specific region.

Here is an example of a query:

SELECT
  resourceId,
  resourceType,
  awsRegion,
  resourceCreationTime,
  tags,
  configuration.state.value
WHERE
  resourceType NOT IN ('AWS::EC2::SecurityGroup',
    'AWS::EC2::Subnet', 'AWS::EC2::VPC',
    'AWS::EC2::NetworkAcl', 'AWS::EC2::RouteTable')
ORDER BY
  resourceType

For instance, in the query above, we are retrieving all resources with corresponding ID, region name, time of creation, tags, and current state while filtering out all network and security group resources.

Feel free to copy / modify this query to suit your needs.

#aws #aws-config #cloud #productivity #productivity-tools

Comments

Join the discussion

No comments yet. Be the first to comment.

Daily Hacks

Part 1 of 50

Introducing our Daily Hack Series, a curated collection of bite-sized tips, tricks, and hacks aimed at optimizing your daily productivity.

More from this blog

Containers and Kubernetes: What They Actually Are and When You Actually Need Them

Containers and Kubernetes: What They Actually Are and When You Actually Need Them Series: The Modern SDLC · Post 10 of 17 ← Post 9: Infrastructure as Code · Post 11: CD and GitOps → Kubernetes has

Nov 3, 202415 min read

Containers and Kubernetes: What They Actually Are and When You Actually Need Them

Infrastructure as Code: Treat Your Cloud Like a Codebase

Infrastructure as Code: Treat Your Cloud Like a Codebase Series: The Modern SDLC · Post 9 of 17 ← Post 8: DevSecOps · Post 10: Containers and Kubernetes → There's a class of production incident tha

Nov 2, 202413 min read

Infrastructure as Code: Treat Your Cloud Like a Codebase

Shift Left: How to Make Security Every Engineer's Job Without Making It Nobody's Job

Shift Left: How to Make Security Every Engineer's Job Without Making It Nobody's Job Series: The Modern SDLC · Post 8 of 17 ← Post 7: CI Pipeline · Post 9: Infrastructure as Code → Security teams h

Nov 1, 202414 min read

Shift Left: How to Make Security Every Engineer's Job Without Making It Nobody's Job

How to Build a CI Pipeline That Engineers Actually Trust

How to Build a CI Pipeline That Engineers Actually Trust Series: The Modern SDLC · Post 7 of 17 ← Post 6: Testing Strategy · Post 8: DevSecOps → A CI pipeline is the nervous system of your delivery

Oct 31, 202414 min read

How to Build a CI Pipeline That Engineers Actually Trust

The Testing Trophy: Why You're Probably Writing the Wrong Tests

The Testing Trophy: Why You're Probably Writing the Wrong Tests Series: The Modern SDLC · Post 6 of 17 ← Post 5: Development Practices · Post 7: CI Pipeline → Most engineering teams have a testing

Oct 30, 202414 min read

The Testing Trophy: Why You're Probably Writing the Wrong Tests

Cloud Tuned

621 posts

Your starting point for anything cloud: AWS, Azure, GCP, Serverless, Architecture, Hybrid Cloud, Systems Design and other Information Technology topics.