Skip to main content

aws.ec2

Supported platform

  • aws

Description

Amazon EC2

Use the aws.ec2 resource to assess the configuration of AWS EC2 instances.

Fields

IDTYPEDESCRIPTION
securityGroups[]aws.ec2.securitygroupList of security groups available to the account
instances[]aws.ec2.instanceList of instances across the AWS account (all regions)
ebsEncryptionByDefaultmap[string]boolmap[region]boolean used to denote if ebs encryption is on by default per region
volumes[]aws.ec2.volumeList of volumes across the AWS account
snapshots[]aws.ec2.snapshotList of snapshots across the account
internetGateways[]aws.ec2.internetgatewayList of internet gateways
vpnConnections[]aws.ec2.vpnconnectionList of VPN connections
networkAcls[]aws.ec2.networkaclList of network ACLs
keypairs[]aws.ec2.keypairList of keypairs for the account

Examples

Return a list of all EC2 instances across all enabled regions in the account and the values for specified fields

aws.ec2.instances {
arn
instanceId
detailedMonitoring
region
publicIp
ssm
vpc
httpTokens
patchState
state
deviceMappings
securityGroups
publicDnsName
instanceStatus
stateReason
stateTransitionReason
ebsOptimized
instanceType
tags
image
launchTime
}

Return a list of security groups across every enabled region and the value for specified fields

aws.ec2.securityGroups {
arn
region
vpc
id
}

Return a list of all EBS volumes along with the associated ARN and the region the volume exists in

aws.ec2.volumes {
arn
region
}

Ensure the default security group of every VPC restricts all traffic

aws.ec2.securityGroups.where(name == "default") {
ipPermissions.all(ipRanges.length == 0 && ipv6Ranges.length == 0 && fromPort == 0 && toPort == 0)
ipPermissionsEgress.all(ipRanges.length == 0 && ipv6Ranges.length == 0 && fromPort == 0 && toPort == 0)
}

References