Skip to main content

aws.ec2

Supported Platform

  • aws

Description

Amazon EC2

The aws.ec2 resource can be used to assess the configuration of AWS EC2 instances.

Fields

IDTYPEDESCRIPTION
securityGroups[]aws.ec2.securitygroupa list of security groups available to the account
instances[]aws.ec2.instancea list of instances across the aws account (all regions)
ebsEncryptionByDefaultmap[string]boolmap[region]boolean used to denote if ebs encryption is on by default per region
volumes[]aws.ec2.volumelist of volumes across the aws account
snapshots[]aws.ec2.snapshotlist of snapshots across the account
internetGateways[]aws.ec2.internetgatewaylist of internet gateways
vpnConnections[]aws.ec2.vpnconnectionlist of vpn connections
networkAcls[]aws.ec2.networkacllist of network ACLs

Examples

Return a list of all EC2 instances across all enabled regions in the account and the value for specified fields

aws.ec2.instances {
arn
instanceId
detailedMonitoring
region
publicIp
ssm
vpc
httpTokens
patchState
state
deviceMappings
securityGroups
publicDnsName
instanceStatus
stateReason
stateTransitionReason
ebsOptimized
instanceType
tags
image
launchTime
}

Return a list of security groups across every enabled region and the value for specified fields

aws.ec2.securityGroups {
arn
region
vpc
id
}

Return a list of all EBS volumes along with the associated ARN and the region the volume exists in

aws.ec2.volumes {
arn
region
}

Ensure the default security group of every VPC restricts all traffic

aws.ec2.securityGroups.where(name == "default") {
ipPermissions.all(ipRanges.length == 0 && ipv6Ranges.length == 0 && fromPort == 0 && toPort == 0)
ipPermissionsEgress.all(ipRanges.length == 0 && ipv6Ranges.length == 0 && fromPort == 0 && toPort == 0)
}

References