Table: aws_ec2_network_acls

This table shows data for Amazon Elastic Compute Cloud (EC2) Network ACLs.

https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_NetworkAcl.html (opens in a new tab)

The primary key for this table is arn.

Columns

NameType
_cq_iduuid
_cq_parent_iduuid
account_idutf8
regionutf8
arn (PK)utf8
tagsjson
associationsjson
entriesjson
is_defaultbool
network_acl_idutf8
owner_idutf8
vpc_idutf8

Example Queries

These SQL queries are sampled from CloudQuery policies and are compatible with PostgreSQL.

Unused network access control list

SELECT
  'Unused network access control list' AS title,
  account_id,
  arn AS resource_id,
  'fail' AS status
FROM
  aws_ec2_network_acls
WHERE
  COALESCE(jsonb_array_length(associations), 0) = 0;

Unused network access control lists should be removed

WITH
  results
    AS (
      SELECT
        DISTINCT
        account_id,
        network_acl_id AS resource_id,
        CASE
        WHEN (a->>'NetworkAclAssociationId') IS NULL THEN 'fail'
        ELSE 'pass'
        END
          AS status
      FROM
        aws_ec2_network_acls
        LEFT JOIN jsonb_array_elements(aws_ec2_network_acls.associations)
            AS a ON true
    )
SELECT
  'Unused network access control lists should be removed' AS title,
  account_id,
  resource_id,
  status
FROM
  results;