Amazon Web Services (AWS) MQL Resource Pack Reference
The Amazon Web Services (AWS) resource pack lets you use MQL to query and assess the security of your AWS cloud services.
Resources included in this pack:
| ID | DESCRIPTION |
|---|---|
| aws | AWS resource |
| aws.account | AWS Account |
| aws.acm | AWS Certificate Manager resource (for assessing the configuration of AWS Certificate Manager) |
| aws.acm.certificate | AWS Certificate Manager Certificate resource (provides an object representing an individual ACM certificate) |
| aws.apigateway | Amazon API Gateway |
| aws.apigateway.restapi | Amazon API Gateway REST API |
| aws.apigateway.stage | Amazon API Gateway REST API stages |
| aws.applicationAutoscaling | AWS Application Auto Scaling |
| aws.applicationautoscaling.target | AWS Application Auto Scaling target |
| aws.autoscaling | AWS Auto Scaling |
| aws.autoscaling.group | AWS Auto Scaling group |
| aws.backup | AWS Backup |
| aws.backup.vault | AWS Backup vault |
| aws.backup.vaultRecoveryPoint | AWS Backup vault recovery point |
| aws.cloudfront | Amazon CloudFront |
| aws.cloudfront.distribution | Amazon CloudFront distribution |
| aws.cloudfront.distribution.origin | Amazon CloudFront distribution origin |
| aws.cloudfront.function | Amazon CloudFront function |
| aws.cloudtrail | AWS CloudTrail |
| aws.cloudtrail.trail | AWS CloudTrail trail |
| aws.cloudwatch | Amazon CloudWatch |
| aws.cloudwatch.loggroup | Amazon CloudWatch log group |
| aws.cloudwatch.loggroup.metricsfilter | Amazon CloudWatch log group metrics filter |
| aws.cloudwatch.metric | Amazon CloudWatch metric |
| aws.cloudwatch.metric.datapoint | Amazon CloudWatch metric datapoint |
| aws.cloudwatch.metricdimension | Amazon CloudWatch metric dimension |
| aws.cloudwatch.metricsalarm | Amazon CloudWatch metrics alarm |
| aws.cloudwatch.metricstatistics | Amazon CloudWatch metric statistics |
| aws.codebuild | AWS CodeBuild for building and testing code |
| aws.codebuild.project | AWS CodeBuild project |
| aws.config | AWS Config |
| aws.config.deliverychannel | AWS Config delivery channel |
| aws.config.recorder | AWS Config recorder |
| aws.config.rule | AWS Config rule |
| aws.dms | AWS Database Migration Service (DMS) |
| aws.dynamodb | Amazon DynamoDB |
| aws.dynamodb.export | Amazon DynamoDB Export |
| aws.dynamodb.globaltable | Amazon DynamoDB global table |
| aws.dynamodb.limit | Amazon DynamoDB limits |
| aws.dynamodb.table | Amazon DynamoDB table |
| aws.ec2 | Amazon EC2 |
| aws.ec2.eip | Amazon Elastic IP (EIP) |
| aws.ec2.image | Amazon EC2 image (AMI) |
| aws.ec2.instance | Amazon EC2 instance |
| aws.ec2.instance.device | Amazon EC2 instance block device |
| aws.ec2.internetgateway | Amazon EC2 internet gateway |
| aws.ec2.keypair | Amazon EC2 key pair |
| aws.ec2.networkacl | Amazon EC2 network ACL |
| aws.ec2.networkacl.association | |
| aws.ec2.networkacl.entry | Amazon EC2 network ACL entry |
| aws.ec2.networkacl.entry.portrange | Amazon EC2 network ACL entry port range |
| aws.ec2.networkinterface | AWS EC2 network interface |
| aws.ec2.securitygroup | Amazon EC2 security group |
| aws.ec2.securitygroup.ippermission | Amazon EC2 security group IP permission |
| aws.ec2.snapshot | Amazon EC2 (EBS) snapshot |
| aws.ec2.vgwtelemetry | Amazon EC2 VPN tunnel telemetry |
| aws.ec2.volume | Amazon EC2 (EBS) volume |
| aws.ec2.vpnconnection | Amazon EC2 VPN connection |
| aws.ecr | AWS Elastic Container Registry (ECR) |
| aws.ecr.image | AWS Elastic Container Registry image |
| aws.ecr.repository | AWS Elastic Container Registry repository |
| aws.ecs | Amazon Elastic Container Service (ECS) |
| aws.ecs.cluster | Amazon ECS cluster |
| aws.ecs.container | Amazon ECS container |
| aws.ecs.instance | AWS ECS container instance |
| aws.ecs.task | Amazon ECS task |
| aws.efs | AWS Elastic File System (EFS) service |
| aws.efs.filesystem | AWS Elastic File System (EFS) file system |
| aws.eks | Amazon Elastic Kubernetes Service (EKS) |
| aws.eks.addon | Amazon EKS add-on |
| aws.eks.cluster | Amazon EKS cluster |
| aws.eks.nodegroup | Amazon EKS managed node group |
| aws.elasticache | Amazon ElastiCache |
| aws.elasticache.cluster | Amazon ElastiCache cluster |
| aws.elasticache.serverlessCache | Amazon ElastiCache serverless cache |
| aws.elb | AWS Elastic Load Balancing |
| aws.elb.loadbalancer | AWS Elastic Load Balancing load balancer |
| aws.elb.targetgroup | AWS Elastic Load Balancer (ELB) Target Group |
| aws.emr | Amazon EMR |
| aws.emr.cluster | Amazon EMR cluster |
| aws.es | AWS Elasticsearch service |
| aws.es.domain | Amazon Elasticsearch service domain |
| aws.guardduty | Amazon GuardDuty for threat detection |
| aws.guardduty.detector | Amazon GuardDuty detector |
| aws.guardduty.finding | AWS Guard Duty finding |
| aws.iam | AWS service to create and manage permissions for users and groups |
| aws.iam.accessAnalyzer | AWS IAM Access Analyzer resource (for assessing the configuration of AWS IAM Access Analyzer) |
| aws.iam.accessanalyzer.analyzer | AWS IAM Access Analyzer resource (provides an object representing an individual AWS IAM Access Analyzer configuration) |
| aws.iam.accessanalyzer.finding | AWS IAM Access Analyzer finding |
| aws.iam.group | AWS IAM group |
| aws.iam.instanceProfile | AWS IAM instance profile |
| aws.iam.loginProfile | AWS IAM login profile for a user |
| aws.iam.policy | AWS IAM policy |
| aws.iam.policyversion | AWS IAM policy version |
| aws.iam.role | AWS IAM role |
| aws.iam.user | AWS IAM user |
| aws.iam.usercredentialreportentry | Entry in AWS IAM credential report |
| aws.iam.virtualmfadevice | AWS IAM virtual MFA device |
| aws.inspector | Amazon Inspector |
| aws.inspector.coverage | Amazon Inspector environment coverage |
| aws.inspector.coverage.image | Amazon Inspector container image coverage group |
| aws.inspector.coverage.instance | Amazon Inspector instance coverage group |
| aws.inspector.coverage.repository | Amazon Inspector container registry coverage group |
| aws.kms | AWS Key Management Service (KMS) |
| aws.kms.key | AWS Key Management Service (KMS) key |
| aws.lambda | AWS Lambda |
| aws.lambda.function | AWS Lambda function |
| aws.neptune | Amazon Neptune |
| aws.neptune.cluster | Amazon Neptune cluster |
| aws.neptune.instance | Amazon Neptune instance |
| aws.organization | AWS Organization resource |
| aws.rds | Amazon Relational Database Service (RDS) |
| aws.rds.backupsetting | Amazon RDS Backup Setting |
| aws.rds.clusterParameterGroup | Amazon RDS cluster parameter groups |
| aws.rds.dbcluster | Amazon RDS database cluster |
| aws.rds.dbinstance | Amazon RDS database instance |
| aws.rds.parameterGroup | Amazon RDS parameter groups |
| aws.rds.parameterGroup.parameter | |
| aws.rds.pendingMaintenanceAction | Amazon RDS pending maintenance action |
| aws.rds.snapshot | Amazon RDS snapshot |
| aws.redshift | Amazon Redshift |
| aws.redshift.cluster | Amazon Redshift cluster |
| aws.s3 | Amazon S3 cloud object storage |
| aws.s3.bucket | Amazon S3 bucket |
| aws.s3.bucket.corsrule | Amazon S3 bucket CORS rule |
| aws.s3.bucket.grant | Amazon S3 bucket grant |
| aws.s3.bucket.policy | Amazon S3 bucket policy |
| aws.s3control | Amazon S3 bucket control |
| aws.sagemaker | AWS SageMaker |
| aws.sagemaker.endpoint | AWS SageMaker endpoint |
| aws.sagemaker.notebookinstance | AWS SageMaker notebook instance |
| aws.sagemaker.notebookinstancedetails | AWS SageMaker notebook instance details |
| aws.secretsmanager | AWS Secrets Manager |
| aws.secretsmanager.secret | AWS Secrets Manager secret |
| aws.securityhub | AWS Security Hub |
| aws.securityhub.hub | AWS Security Hub hub |
| aws.sns | AWS Simple Notification Service (SNS) |
| aws.sns.subscription | AWS Simple Notification Service (SNS) subscription |
| aws.sns.topic | AWS Simple Notification Service (SNS) topic |
| aws.sqs | Amazon Simple Queue Service (SQS) |
| aws.sqs.queue | Amazon Simple Queue Service (SQS) Queue |
| aws.ssm | Amazon Systems Manager |
| aws.ssm.instance | Amazon SSM instance |
| aws.ssm.parameter | Amazon SSM parameter |
| aws.timestream.liveanalytics | Amazon Timestream for LiveAnalytics |
| aws.timestream.liveanalytics.database | Amazon Timestream for LiveAnalytics database |
| aws.timestream.liveanalytics.table | Amazon Timestream for LiveAnalytics table |
| aws.vpc | Amazon Virtual Private Cloud (VPC) |
| aws.vpc.endpoint | Amazon Virtual Private Cloud (VPC) endpoint |
| aws.vpc.flowlog | Amazon Virtual Private Cloud (VPC) flow log |
| aws.vpc.natgateway | Amazon VPC NAT Gateway |
| aws.vpc.natgateway.address | Amazon VPC NAT gateway address |
| aws.vpc.peeringConnection | Amazon VPC Peering Connection |
| aws.vpc.peeringConnection.peeringVpc | Amazon VPC Peering Connection Peering VPC |
| aws.vpc.routetable | Amazon Virtual Private Cloud (VPC) route table |
| aws.vpc.routetable.association | Amazon Virtual Private Cloud (VPC) route table association |
| aws.vpc.serviceEndpoint | Amazon VPC Service Endpoint |
| aws.vpc.subnet | Amazon Virtual Private Cloud (VPC) subnet |
| aws.waf | Amazon WAF v2 |
| aws.waf.acl | Amazon WAF v2 ACL |
| aws.waf.ipset | Amazon WAF IP set (defining IP Ranges) |
| aws.waf.rule | Amazon WAF rule |
| aws.waf.rule.action | Action that happens if a rule statement matches |
| aws.waf.rule.fieldtomatch | Field to match |
| aws.waf.rule.fieldtomatch.body | Body of the field to match |
| aws.waf.rule.fieldtomatch.cookie | Cookie of the field to match |
| aws.waf.rule.fieldtomatch.headerorder | Order of headers of the field to match |
| aws.waf.rule.fieldtomatch.headers | Headers |
| aws.waf.rule.fieldtomatch.headers.matchpattern | Pattern to match |
| aws.waf.rule.fieldtomatch.ja3fingerprint | JA3 fingerprint |
| aws.waf.rule.fieldtomatch.jsonbody | Request body as JSON |
| aws.waf.rule.fieldtomatch.jsonbody.matchpattern | Pattern to match |
| aws.waf.rule.fieldtomatch.singleheader | Single header of the field to match |
| aws.waf.rule.fieldtomatch.singlequeryargument | Single query argument |
| aws.waf.rule.statement | |
| aws.waf.rule.statement.andstatement | Rule statement that matches if all of the rule statements inside it match |
| aws.waf.rule.statement.bytematchstatement | Rule statement that matches a specified sequence of bytes |
| aws.waf.rule.statement.geomatchstatement | Rule statement that checks for requests from certain countries |
| aws.waf.rule.statement.ipsetreferencestatement | Rule statement that checks for requests from IP addresses defined in an IPSet |
| aws.waf.rule.statement.ipsetreferencestatement.ipsetforwardedipconfig | |
| aws.waf.rule.statement.labelmatchstatement | |
| aws.waf.rule.statement.managedrulegroupstatement | Rule statement that is managed by AWS |
| aws.waf.rule.statement.notstatement | Rule statement that negates another rule statement |
| aws.waf.rule.statement.orstatement | Rule statement that matches if one of the rule statements inside it matches |
| aws.waf.rule.statement.ratebasedstatement | Rule statement that matches at a certain rate of requests (rate limiting) |
| aws.waf.rule.statement.regexmatchstatement | Rule statement that matches a specified regex pattern |
| aws.waf.rule.statement.regexpatternsetreferencestatement | Rule statement that checks for a regex pattern defined in a regex pattern set |
| aws.waf.rule.statement.rulegroupreferencestatement | Rule statement that refers to a group of rules |
| aws.waf.rule.statement.sizeconstraintstatement | Rule statement that checks the size of the specified field |
| aws.waf.rule.statement.sqlimatchstatement | Statement that matches SQLI attacks |
| aws.waf.rule.statement.xssmatchstatement | Statement that matches XSS attacks |
| aws.waf.rulegroup | Amazon WAF v2 RuleGroup |