RQL query to find Security Groups in AWS that are not attached to any EC2 instance

RQL query to find Security Groups in AWS that are not attached to any EC2 instance

6003
Created On 10/01/21 08:36 AM - Last Modified 02/28/23 12:57 PM


Question


  • RQL query to find Security Groups in AWS that are not attached to, or associated with, any EC2 (Elastic Compute Cloud) instance

Environment


  • Prisma Cloud
  • AWS

Answer


config from cloud.resource where cloud.type = 'aws' AND api.name = 'aws-ec2-describe-security-groups' as X; config from cloud.resource where api.name = 'aws-ec2-describe-instances' as Y; filter ' not ($.Y.securityGroups[*].groupId contains $.X.groupId) '; show X;

 

Additional Information


Example:
  • AWS Security Group "SG_NoEC2" not attached to any EC2 instance created. 
User-added image
  • Run the above RQL query in "Investigate" tab to list all the Security Groups in AWS that are not attached to any EC2 instance. In our example, it listed "SG_NoEC2".
User-added image

Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004LuECAU&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language