20min
Security Group

Note: if you are running CloudGraph locally you can view the interactive, automatically generated documentation in either GraphQL Playground or Altair by clicking the docs button on the right-hand side of the screen. After reading the below information we highly suggest you use one of these tools to test your queries as they will autocomplete fields for you and let you know if your queries are valid before you even submit them.
Overview
You can currently query the following attributes and connections on an AWS Security Group:
GraphQL
|
Filtering
Get data for a single AWS Security Group that you know the ID for:
GraphQL
|
Get data for a single Security Group that you know the ARN for:
GraphQL
|
Get data for all of the Security Groups in a certain AWS account:
GraphQL
|
Get data for all of the Security Groups that are NOT in a certain AWS account:
GraphQL
|
Advanced Filtering
Get data for all of the Security Groups that have EC2 Instances in them:
GraphQL
|
Use multiple filter selectors, (i.e. has, and, not, or) to get data for all of the Security Groups that have Lambdas AND RDS DB Instances associated with them OR that do not have ALBs associated in them. Note that you can use has, and, not, or completely independently of each other:
GraphQL
|
You may also filter using a regex when filtering on a string field like, description if you want to look for a value that matches say, production (case insensitive):
GraphQL
|
Ordering
You can order the results you get back either asc or desc depending on your preference:
GraphQL
|
Only select and return the first two Security Groups that are found:
GraphQL
|
Only select and return the first two Security Groups that are found, but offset by one so Security Groups two & three are returned:
GraphQL
|
Aggregation
Count the number of Security Groups across all scanned AWS accounts:
GraphQL
|
Count the number of Security Groups in a single account. Note that you can apply all of the same filters that are listed above to aggregate queries:
GraphQL
|
Examples
Get all of the Security Groups in VPC 12345:
GraphQL
|
Find all of the Security Groups that have a tag of Environment:Production for a single AWS Account:
GraphQL
|
With CloudGraph you can run multiple queries at the same time so you can combine the above two queries if you like:
GraphQL
|
Kitchen Sink
Putting it all together; get all data for all Security Groups across all regions for all scanned AWS accounts in a single query. For the purposes of this example we will only get direct children of the Security Groups but if you want to it's easy to go from say, Security Group -> ALB -> EC2 -> EBS...etc:
GraphQL
|
References
﻿Dgraph documentation on querying﻿
﻿AWS Security Group documentation﻿
﻿