Query CloudFormation Templates
Query AWS CloudFormation and SAM templates with cnquery
Mondoo's cloudformation provider lets you use cnquery to query and analyze AWS CloudFormation and SAM (Serverless Application Model) templates. You can explore resources, parameters, outputs, and mappings within your infrastructure-as-code configurations.
Requirements
To analyze CloudFormation templates with cnquery, you must have:
- cnquery installed on your workstation
- An AWS CloudFormation or SAM template file
Connect to a CloudFormation template
To open a cnquery shell and query a CloudFormation template:
cnquery shell cloudformation PATH| For... | Substitute... |
|---|---|
| PATH | The path to the CloudFormation template file |
For example:
cnquery shell cloudformation ./templates/infrastructure.yamlTo query a SAM template:
cnquery shell cloudformation ./sam/template.yamlExample queries
Template info
Retrieve the template version and description:
cnquery> cloudformation.template { version description }
cloudformation.template: {
version: "2010-09-09"
description: "Production infrastructure stack"
}Resources
List all resources defined in the template:
cnquery> cloudformation.template.resources
cloudformation.template.resources: [
0: cloudformation.resource type="AWS::EC2::Instance"
1: cloudformation.resource type="AWS::S3::Bucket"
...
]Retrieve resource details including properties:
cnquery> cloudformation.template.resources { name type properties }
cloudformation.template.resources: [
0: {
name: "WebServer"
type: "AWS::EC2::Instance"
properties: {
InstanceType: "t3.micro"
ImageId: "ami-0abcdef1234567890"
}
}
...
]Filter resources by type
Find all S3 bucket resources:
cnquery> cloudformation.template.resources.where(type == "AWS::S3::Bucket") { name properties }
cloudformation.template.resources.where: [
0: {
name: "DataBucket"
properties: {
BucketName: "my-data-bucket"
VersioningConfiguration: {
Status: "Enabled"
}
}
}
]List all resource types used in the template:
cnquery> cloudformation.template.types
cloudformation.template.types: [
0: "AWS::EC2::Instance"
1: "AWS::S3::Bucket"
2: "AWS::IAM::Role"
...
]Parameters
Retrieve all parameters:
cnquery> cloudformation.template.parameters
cloudformation.template.parameters: {
InstanceType: {
Type: "String"
Default: "t3.micro"
AllowedValues: ["t3.micro", "t3.small", "t3.medium"]
}
Environment: {
Type: "String"
Default: "production"
}
...
}Outputs
Retrieve outputs with their properties:
cnquery> cloudformation.template.outputs { name properties }
cloudformation.template.outputs: [
0: {
name: "InstanceId"
properties: {
Description: "The instance ID"
Value: {"Ref": "WebServer"}
}
}
...
]Conditions
Retrieve template conditions:
cnquery> cloudformation.template.conditions
cloudformation.template.conditions: {
IsProduction: {
"Fn::Equals": [{"Ref": "Environment"}, "production"]
}
...
}Mappings
Retrieve mappings:
cnquery> cloudformation.template.mappings
cloudformation.template.mappings: {
RegionMap: {
us-east-1: {
AMI: "ami-0abcdef1234567890"
}
us-west-2: {
AMI: "ami-0fedcba9876543210"
}
}
...
}Request full details
For a detailed report on the template, specify that you want all fields:
cnquery> cloudformation.template { * }Learn more
-
To learn more about how the MQL query language works, read Write Effective MQL.
-
For a list of all the CloudFormation resources and fields you can query, read the CloudFormation Resource Pack Reference.