'AWS Config advanced query to limit results based on relationship congigurations
Not sure if it is possible to do, but I am trying to retrieve a list of default VPCs and the respective accounts from AWS Config advanced queries.
I have the following query that gives me the result of all the accounts if they have default VPC and the resources that are attached to those default VPCs
SELECT
accountId,
awsRegion,
configuration.vpcId,
relationships
WHERE
resourceType = 'AWS::EC2::VPC'
AND configuration.isDefault = TRUE
AND relationships.resourceType IN (
'AWS::EC2::Instance',
'AWS::EC2::InternetGateway',
'AWS::EC2::NetworkACL',
'AWS::EC2::RouteTable',
'AWS::EC2::Subnet',
'AWS::EC2::SecurityGroup'
)
What I want to achieve further is that the result set should be filtered more based on the properties of relationships.
For example I only want to return a VPC record if the resource 'AWS::EC2::Subnet' has property defaultForAz set to true
Another example is to limit records where the 'AWS::EC2::RouteTable' has configuration configuration.associations.main is set to true.
Right now it selects all default VPCs from organisation member accounts.
I am also happy to know any other better approach
amazon-web-servicesSources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|