I found that when I use the filter command in RQL, it requires you to assign two variables in order for the filter command to work appropriately. Even if you don’t use the other assigned variable in the filter command, the api requires the two variables to be assigned. Otherwise, a warning is returned with no output. I beleive this could be problematic because of unnecessary calls to AWS or Redlocks api when the variable isn't used. This can also accumulate large unnecessary costs when Redlock is performing these scans numerous times a day to thousands of services. Also, the response “bad request” makes it very difficult to debug what the issue could be in the command. This error is consistent regardless of the RQL mistake, and error specific responses would help development much more. You can perform this test in the investigate tab. https://app3.redlock.io/investigate
Example:
Command:
config where api.name = 'aws-ec2-describe-internet-gateways' as X; config where api.name = 'aws-ec2-describe-vpcs' as Y; filter '$.X.attachments[*].vpcId exists'; show X;
Returns:
{
"tags": [],
"ownerId": "999999999",
"attachments": [
{
"state": "available",
"vpcId": "vpc-9999999"
}
],
"internetGatewayId": "igw-99999999"
}
Command:
config where api.name = 'aws-ec2-describe-internet-gateways' as X; filter '$.X.attachments[*].vpcId exists'; show X;
Returns:
Warning: Bad Request
