Query Using the SQL Query Editor (Console) - AWS Config

Query Using the SQL Query Editor (Console)

You can either use AWS sample queries or you can create your own query called as custom queries.

Prerequisites

You must have permissions for config:SelectResourceConfig and config:SelectAggregateResourceConfig APIs. For more information, see SelectResourceConfig API and SelectAggregateResourceConfig API.

You must have permissions for the AWSConfigUserAccess IAM managed policy. For more information, see Granting Permissions for AWS Config Administration.

If you are using AWSServiceRoleForConfig (service linked role) or AWSConfigRole, you will have permissions to save a query. If you are not using either of these roles, you must have permissions to config:PutStoredQuery, config:GetStoredQuery, config:TagResource, config:UntagResource, config:ListTagsForResource and config:GetResources.

Use an AWS Sample Query

  1. Sign in to the AWS Management Console and open the AWS Config console at https://console.aws.amazon.com/config/.

  2. Choose Advanced queries from the left navigation to query your resource configurations for a single account and Region or for multiple accounts and Regions.

  3. On the Advanced queries page, choose an appropriate query from the list of queries. You can filter a query either by the name, description, creator or tags. To filter AWS queries, choose Creater and enter AWS. The query is displayed in the SQL query editor. If required, you can edit this query.

    Important

    An updated list of properties and their data types is available in GitHub.

    Note

    To run a query on an aggregator, create an aggregator. For more information, see Setting Up an Aggregator Using the Console. If you already have an aggregator set up, in the query scope, choose the aggregator to run an advanced query on that aggregator. When you select an aggregator, consider adding the AWS account ID and AWS Region in the query statement to view that information in the results.

  4. To save this query to a new query, choose Save As.

    • In the Query Name field, update the name of the query.

    • In the Description field, update the description of the query.

    • Enter up to 50 unique tags for this query.

    • Choose Save.

  5. Choose Run. The query results are displayed in the table below the query editor.

  6. Choose Export as to export the query results in CSV or JSON format.

    Note

    The query results are paginated. When you choose export, upto 500 results are exported.

    You can also use the APIs to retrieve all the results. The results are paginated and you can retrieve 100 results at a time.

Create your custom query

  1. Sign in to the AWS Management Console and open the AWS Config console at https://console.aws.amazon.com/config/.

  2. Choose Advanced queries from the left navigation to query your resource configurations for a single account and Region or for multiple accounts and Regions.

  3. To create your custom query, choose New query.

    Important

    An updated list of properties and their data types is available in GitHub.

    Note

    To view or edit a custom query, filter a query either by the name, description, creator or tags. To filter custom queries, choose Creater and enter Custom.

  4. On the Query editor page, create your own query for this account and Region. You can also select an appropriate aggregator to create a query for multiple accounts and Regions.

    Note

    To run a query on an aggregator, create an aggregator. For more information, see Setting Up an Aggregator Using the Console. If you already have an aggregator set up, in the query scope, choose the aggregator to run an advanced query on that aggregator. When you select an aggregator, consider adding the AWS account ID and AWS Region in the query statement to view that information in the results.

  5. Edit if you wish you make changes to this query. Choose Save Query to save this query.

    • In the Query Name field, update the name of the query.

    • In the Description field, update the description of the query.

    • Enter up to 50 unique tags for this query.

    • Choose Save.

  6. Choose Run. The query results are displayed in the table below the query editor.

  7. Choose Export as to export the query results in CSV or JSON format.

    Note

    The query results are paginated. When you choose export, upto 500 results are exported.

    You can also use the APIs to retrieve all the results. The results are paginated and you can retrieve 100 results at a time.