Show (X;Y) doesn't work trying to combine aws-ec2-describe-security-groups and aws-ec2-describe-vpcs

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Show (X;Y) doesn't work trying to combine aws-ec2-describe-security-groups and aws-ec2-describe-vpcs

L0 Member

Hi All,

I would really appreciate some help here, as I have tried hundreds of iterations to get this right and it isn't working.

I followed the RQL guidance of the RQL example library, but even a basic example doesn't work with show(X;|Y;)

I tried the following and it doesn't work:

show (X;|Y;) - command doesn't work

config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' as X; config from cloud.resource where api.name = 'aws-ec2-describe-vpcs' as Y; filter '$.Y.vpcId contains $.X.vpcId and $.X.groupName == default and ($.X.ipPermissions[*] is not empty or $.X.ipPermissionsEgress[*] is not empty)'; show (X;|Y;); addcolumn $.Y.tags[?(@.key=='resource_owner')].value groupId vpcId

This works but only displays security group tag information, not the VPC tag information I need:

 

without resource_owner but has VPC ID and SG ID - show Y ( SG )

config from cloud.resource where api.name = 'aws-ec2-describe-vpcs' as X; config where api.name = 'aws-ec2-describe-security-groups' AND json.rule = '((groupName == default) and (ipPermissions[*] is not empty or ipPermissionsEgress[*] is not empty))' as Y; filter '$.X.vpcId equals $.Y.vpcId'; show Y; addcolumn vpcId groupId $.tags[?(@.key=='resource_owner')].value

 

My Aim is to redo one of the policies to display more fields based on the following api's 

aws-ec2-describe-vpcs

aws-ec2-describe-security-groups

It would be great if I could join the 2 data sets.

I would like the following fields displayed:

$.Y.vpcId

$.Y.groupId

$.X.tags[?(@.key=='resource_owner')].value

I need the vpc's tags because, unfortunately the security groups tags are not filled in.

Thanks for your forthcoming help 🙂

 

1 REPLY 1

L0 Member

Hi Miller,

So the only one that actually works in terms of outputting the tags, but also only the VPC id is:

config from cloud.resource where api.name = 'aws-ec2-describe-vpcs' as X; config where api.name = 'aws-ec2-describe-security-groups' AND json.rule = '((groupName == default) and (ipPermissions[*] is not empty or ipPermissionsEgress[*] is not empty))' as Y; filter '$.X.vpcId equals $.Y.vpcId'; show X; addcolumn vpcId groupId $.tags[?(@.key=='resource_owner')].value

You can use aws EC2 global search on the VPC and it will come up with the attached security groups, but it would be great if I could use the join to get all the info out.

Thanks

  • 1760 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!