Query AWS
With cnquery, you can explore and interrogate your entire AWS infrastructure. It's like having a powerful search engine for your AWS environment. For example, you can analyze IAM practices, identify containers running across all EKS clusters, or find S3 buckets that don't use encryption... all with a single tool.
cnquery provides the answers you need about every AWS configuration. For a list of AWS resources you can query, read Mondoo Amazon Web Services (AWS) Resource Pack Reference and Mondoo Core Resource Pack Reference.
Connect cnquery with your AWS environment
Requirements
To analyze and explore your AWS environment with cnquery, you must have:
- cnquery installed on your workstation.
- An AWS account.
- Your AWS credentials. To learn about creating a new access key pair, read Creating new access keys for an IAM user in the AWS documentation.
- The
AWS_REGIONenvironment variable configured. To learn how to set your region, read How to set environment variables in the AWS documentation.
Verify with a quick AWS query
To quickly confirm that cnquery has access to your AWS environment, run this query from your terminal:
cnquery run aws -c aws.account
cnquery returns the AWS account ID:
> aws.account: aws.account id="aws.account/123456789000"
Next step
You've successfully used cnquery to answer your first question about your AWS account. Now you're ready to explore your AWS environment.