Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Config Advanved Query Editor - Return ConfigRuleName

0

I am using the AWS Config Service across multiple Accounts within my Organization. My goal is to write a query which will give me a full list of non-compliant resources in all regions, in all accounts. I have an Aggregator which has the visibility for this task. The Advanced Query I am using is similar to the AWS Example in the docs:

SELECT
  configuration.targetResourceId,
  configuration.targetResourceType,
  configuration.complianceType,
  configuration.configRuleList,
  accountId,
  awsRegion
WHERE
  configuration.configRuleList.complianceType = 'NON_COMPLIANT'

However, the ConfigRuleName is nested within configuration.configRuleList - as there could be multiple config rules, (hence the list) assigned to configuration.targetResourceId

How can I write a query that picks apart the JSON list returned this way? Because the results returned do not export to csv for example very well at all. Exporting a JSON object within a csv provides an unsuitable method if we wanted to import this into a spreadsheet for example, for viewership.

I have tried to use configuration.configRuleList.configRuleName and this only returns - even when the list has a single object within. If there is a better way to create a centralised place to view all my Org's Non-Compliant Resources, I would like to learn about it. Thanks in Advance.

Temas
Seguridad, identidad y cumplimientoGestión y gobierno
Etiquetas
Seguridad, identidad y cumplimientoAWS ConfigGestión y gobierno
Idioma
English
RWare_StackZone
preguntada hace 2 años191 visualizaciones
1 Respuesta
0

Hello, this is a great question.

Upon testing in my environment, I have been able to yield results using the following query:

SELECT
  configuration.configRuleList.configRuleId,
  configuration.configRuleList.configRuleName,
  configuration.targetResourceId,
  configuration.targetResourceType,
  configuration.complianceType,
  configuration.configRuleList.configRuleArn,
  configuration.complianceType,
  accountId,
  awsRegion
WHERE
  configuration.complianceType = 'NON_COMPLIANT'

Feel free to rearrange the columnization, or order, of the line items above (configuration.configRuleList.configRuleId, configuration.configRuleList.configRuleName, or configuration.configRuleList.configRuleArn, etc.).

This should present each value in a .csv friendly format. If there are any questions that you may have, please feel free to ask.

Thank you!

AWS
Gabriel_S
respondido hace 4 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante