aws.ec2
Supported platform
- aws
Description
Amazon EC2
Use the aws.ec2 resource to assess the configuration of AWS EC2 instances.
Fields
| ID | TYPE | DESCRIPTION |
|---|---|---|
| securityGroups | []aws.ec2.securitygroup | List of security groups available to the account |
| instances | []aws.ec2.instance | List of instances across the AWS account (all regions) |
| ebsEncryptionByDefault | map[string]bool | map[region]boolean used to denote if EBS encryption is on by default per region |
| volumes | []aws.ec2.volume | List of volumes across the AWS account |
| snapshots | []aws.ec2.snapshot | List of snapshots across the account |
| internetGateways | []aws.ec2.internetgateway | List of internet gateways |
| vpnConnections | []aws.ec2.vpnconnection | List of VPN connections |
| networkAcls | []aws.ec2.networkacl | List of network ACLs |
| keypairs | []aws.ec2.keypair | List of keypairs for the account |
| eips | []aws.ec2.eip | List of Elastic IPs (EIPs) |
Examples
Return a list of all EC2 instances across all enabled regions in the account and the values for specified fields
aws.ec2.instances {
arn
instanceId
detailedMonitoring
region
publicIp
ssm
vpc
httpTokens
patchState
state
deviceMappings
securityGroups
publicDnsName
instanceStatus
stateReason
stateTransitionReason
ebsOptimized
instanceType
tags
image
launchTime
}
Return a list of security groups across every enabled region and the value for specified fields
aws.ec2.securityGroups {
arn
region
vpc
id
}
Return a list of all EBS volumes along with the associated ARN and the region the volume exists in
aws.ec2.volumes {
arn
region
}
Ensure the default security group of every VPC restricts all traffic
aws.ec2.securityGroups.where(name == "default") {
ipPermissions.all(ipRanges.length == 0 && ipv6Ranges.length == 0 && fromPort == 0 && toPort == 0)
ipPermissionsEgress.all(ipRanges.length == 0 && ipv6Ranges.length == 0 && fromPort == 0 && toPort == 0)
}
References