turbot/alicloud_insights

Query: ecs_security_group_by_unrestricted_ingress_status

Usage

powerpipe query alicloud_insights.query.ecs_security_group_by_unrestricted_ingress_status

SQL

with ingress_sg as (
select
distinct arn
from
alicloud_ecs_security_group,
jsonb_array_elements(permissions) as p
where
p ->> 'Policy' = 'Accept' and p ->> 'IpProtocol' <> 'ICMP'
and p ->> 'Direction' = 'ingress'
and p ->> 'SourceCidrIp' = '0.0.0.0/0'
and (
p ->> 'PortRange' in ('-1/-1', '1/65535')
)
)
select
case when arn is null then 'restricted' else 'unrestricted' end as status,
count(*)
from
ingress_sg
group by
status;

Dashboards

The query is used in the dashboards: