Skip to main content

Sample AWS CloudFormation RQL Queries

note

The following guide will walk you through AWS CloudFormation RQL Query Examples

CloudFormation Template does not contain termination protection for EC2 Instances

config from cloud.resource where api.name = 'aws-cloudformation-describe-stacks' AND json.rule = " cloudFormationTemplate.Resources.*.[?(@.Type=='AWS::EC2::Instance')] size > 0 and (cloudFormationTemplate.Resources.*.[?(@.Type=='AWS::EC2::Instance')].Properties.DisableApiTermination is false or cloudFormationTemplate.Resources.*.[?(@.Type=='AWS::EC2::Instance')].Properties.DisableApiTermination does not exist)"

CloudFormation Stack Has Drifted from Template

config from cloud.resource where api.name = 'aws-cloudformation-describe-stacks'
AND json.rule = stackResources[*].driftInformation.stackResourceDriftStatus equals DRIFTED