Note: if you are running CloudGraph locally you can view the interactive, automatically generated documentation in either GraphQL Playground or Altair by clicking the docs button on the right-hand side of the screen. After reading the below information we highly suggest you use one of these tools to test your queries as they will autocomplete fields for you and let you know if your queries are valid before you even submit them.
You can currently query the following attributes and connections on an AWS ALB
query {
queryawsAlb {
id
accountId
arn
name
region
dnsName
scheme
type
subnets
hostedZone
defaultVpc
ipAddressType
idleTimeout
deletionProtection
http2
accessLogsEnabled
dropInvalidHeaderFields
createdAt
status
listeners {
arn
settings {
sslPolicy
protocol
rules {
type
order
targetGroupArn
}
}
}
tags {
id
key
value
}
securityGroups {
arn
}
ec2Instance {
arn
}
vpc {
arn
}
route53Record {
id
}
subnet {
arn
}
}
}

Get data for a single AWS ALB key that you know the ID or arn for:
query {
getawsAlb(id: "12345") {
arn
}
}

query {
getawsAlb(arn: "arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188") {
arn
}
}

Get data for all of the ALBs in a certain AWS account:
query {
queryawsAlb(filter: { accountId: { eq: "12345" } }) {
arn
}
}
// fulltext filters

Get data for all of the ALBs that are NOT in a certain AWS account:
query {
queryawsAlb(filter: { not: { accountId: { eq: "12345" } } }) {
arn
}
}

Get data for all of the ALBs that have a connected subnet:
query {
queryawsAlb(filter: { has: subnet }) {
arn
}
}

Use multiple filter selectors, (i.e. has, and, not, or) to get data for all of the ALBs that have subnets AND security groups connected to them OR that do not have route53Records connected to them. Note that you can use has, and, not, or completely independently of each other:
query {
queryawsAlb(
filter: {
has: subnet
and: { has: securityGroups }
or: { not: { has: route53Record } }
}
) {
arn
}
}

You may also filter using a regex when filtering on a string field like, type if you want to look for a value that matches say, internet-facing:
query {
queryawsAlb(filter: { type: { regexp: "/.*internet-facing*/" } }) {
arn
}
}

You can order the results you get back either asc or desc depending on your preference:
query {
queryawsAlb(order: { desc: createdAt }) {
arn
}
}

Only select and return the first two ALBs that are found:
query {
queryawsAlb(first: 2, order: { desc: createdAt }) {
arn
}
}

Only select and return the first two ALBs that are found, but offset by one so keys two & three are returned:
query {
queryawsAlb(first: 2, order: { desc: createdAt }, offset: 1) {
arn
}
}

Count the number ALBs across all scanned AWS accounts:
query {
aggregateawsAlb {
count
}
}

Count the number of ALBs in a single account. Note that you can apply all of the same filters that are listed above to aggregate queries:
query {
aggregateawsAlb(filter: { accountId: { eq: "12345" } }) {
count
}
}

Find all of the ALBs that are in the us-east-1 region across all your accounts:
query {
queryawsAlb(filter: { region: { eq: "us-east-1" } }) {
arn
}
}

Find all of the ALBs that have a tag of Environment:Production for a single AWS Account:
query {
queryawsTag(
filter: { key: { eq: "Environment" }, value: { eq: "Production" } }
) {
alb(filter: { accountId: { eq: "12345" } }) {
arn
}
}
}

With CloudGraph you can run multiple queries at the same time so you can combine the above two queries if you like:
query {
queryawsAlb(filter: { region: { eq: "us-east-1" } }) {
arn
}
queryawsTag(
filter: { key: { eq: "Environment" }, value: { eq: "Production" } }
) {
alb(filter: { accountId: { eq: "12345" } }) {
arn
}
}
}

Putting it all together; get all data for all ALBss across all regions for all scanned AWS accounts in a single query. For the purposes of this example we will only get direct children of the keys but if you want to it's easy to go from say, alb -> vpc -> lambda ...etc:
query {
queryawsAlb {
id
accountId
arn
name
region
dnsName
scheme
type
subnets
hostedZone
defaultVpc
ipAddressType
idleTimeout
deletionProtection
http2
accessLogsEnabled
dropInvalidHeaderFields
createdAt
status
listeners {
arn
settings {
sslPolicy
protocol
rules {
type
order
targetGroupArn
}
}
}
tags {
id
key
value
}
securityGroups {
id
accountId
arn
name
vpcId
description
tags {
id
key
value
}
owner
default
inboundRules {
id
}
outboundRules {
id
}
inboundRuleCount
outboundRuleCount
alb {
arn
}
lambda {
arn
}
elb {
arn
}
ec2Instance {
arn
}
asg {
arn
}
rdsCluster {
arn
}
rdsDbInstance {
arn
}
}
subnet {
id
accountId
arn
autoAssignPublicIpv4Address
autoAssignPublicIpv6Address
availabilityZone
availableIpV4Addresses
defaultForAz
ipV4Cidr
ipV6Cidr
state
tags {
id
key
value
}
alb {
arn
}
asg {
arn
}
ec2Instance {
arn
}
elb {
arn
}
lambda {
arn
}
natGateway {
arn
}
networkInterface {
arn
}
routeTable {
arn
}
vpc {
arn
}
rdsDbInstance {
arn
}
}
ec2Instance {
id
accountId
arn
region
ami
tenancy
elasticIps
publicDns
privateDns
monitoring
privateIps
keyPair {
id
}
cpuCoreCount
hibernation
ebsOptimized
ipv4PublicIp
instanceType
ipv6Addresses
placementGroup
instanceState
sourceDestCheck
availabilityZone
cpuThreadsPerCore
iamInstanceProfile
deletionProtection
dailyCost {
cost
currency
formattedCost
}
primaryNetworkInterface
metadataOptions {
state
}
metadatasecurityGroupIdsOptions
securityGroupIds
ephemeralBlockDevices {
deviceName
}
tags {
id
key
value
}
alb {
arn
}
asg {
arn
}
ebs {
arn
}
eip {
arn
}
networkInterfaces {
arn
}
securityGroups {
arn
}
subnet {
arn
}
}
route53Record {
id
accountId
zoneId
type
ttl
records
alias {
zoneId
name
evaluateTargetHealth
}
route53HostedZone {
arn
}
elb {
arn
}
alb {
arn
}
restApi {
arn
}
}
vpc {
id
accountId
arn
region
defaultVpc
dhcpOptionsSet
enableDnsHostnames
enableDnsSupport
instanceTenancy
ipV4Cidr
ipV6Cidr
state
tags {
id
key
value
}
alb {
arn
}
eip {
arn
}
igw {
arn
}
lambda {
arn
}
nacl {
arn
}
natGateway {
arn
}
networkInterface {
arn
}
rdsDbInstance {
arn
}
redshiftCluster {
arn
}
route53HostedZone {
arn
}
routeTable {
arn
}
subnet {
arn
}
eksCluster {
arn
}
ecsService {
arn
}
}
}
}

