aws.ec2
Supported Platform
- aws
Description
Amazon EC2
The aws.ec2
resource can be used to assess the configuration of AWS EC2 instances.
Fields
ID | TYPE | DESCRIPTION |
---|---|---|
securityGroups | []aws.ec2.securitygroup | a list of security groups available to the account |
instances | []aws.ec2.instance | a list of instances across the aws account (all regions) |
ebsEncryptionByDefault | map[string]bool | map[region]boolean used to denote if ebs encryption is on by default per region |
volumes | []aws.ec2.volume | list of volumes across the aws account |
snapshots | []aws.ec2.snapshot | list of snapshots across the account |
internetGateways | []aws.ec2.internetgateway | list of internet gateways |
vpnConnections | []aws.ec2.vpnconnection | list of vpn connections |
networkAcls | []aws.ec2.networkacl | list of network ACLs |
Examples
Return a list of all EC2 instances across all enabled regions in the account and the value for specified fields
aws.ec2.instances {
arn
instanceId
detailedMonitoring
region
publicIp
ssm
vpc
httpTokens
patchState
state
deviceMappings
securityGroups
publicDnsName
instanceStatus
stateReason
stateTransitionReason
ebsOptimized
instanceType
tags
image
launchTime
}
Return a list of security groups across every enabled region and the value for specified fields
aws.ec2.securityGroups {
arn
region
vpc
id
}
Return a list of all EBS volumes along with the associated ARN and the region the volume exists in
aws.ec2.volumes {
arn
region
}
Ensure the default security group of every VPC restricts all traffic
aws.ec2.securityGroups.where(name == "default") {
ipPermissions.all(ipRanges.length == 0 && ipv6Ranges.length == 0 && fromPort == 0 && toPort == 0)
ipPermissionsEgress.all(ipRanges.length == 0 && ipv6Ranges.length == 0 && fromPort == 0 && toPort == 0)
}
References