### Event-based Sync Start Time Format Source: https://hub.cloudquery.io/plugins/source/cloudquery/aws/latest/docs Example of the RFC 3339 timestamp format required for the `start_time` parameter in event-based synchronization. ```Text 2023-09-04T19:24:14Z ``` -------------------------------- ### AWS Credentials File Example Source: https://hub.cloudquery.io/plugins/source/cloudquery/aws/latest/docs An example of an AWS credentials file showing different profiles that can be used for authentication. ```INI [default] aws_access_key_id=xxxx aws_secret_access_key=xxxx [user1] aws_access_key_id=xxxx aws_secret_access_key=xxxx ``` -------------------------------- ### Configure CloudQuery AWS Source - Basic Source: https://hub.cloudquery.io/plugins/source/cloudquery/aws/latest/docs A basic configuration for the CloudQuery AWS Source plugin. This example specifies the source name, path, registry, version, desired tables, and destination. It also includes commented-out optional parameters for customization. ```yaml kind: source spec: # Source spec section name: aws path: cloudquery/aws registry: cloudquery version: "v32.42.0" tables: ["aws_ec2_instances"] destinations: ["postgresql"] # Learn more about the configuration options at https://cql.ink/aws_source spec: # Optional parameters # regions: [] # accounts: [] # org: nil # concurrency: 50000 # initialization_concurrency: 4 # aws_debug: false # max_retries: 10 # max_backoff: 30 # custom_endpoint_url: "" # custom_endpoint_hostname_immutable: nil # required when custom_endpoint_url is set # custom_endpoint_partition_id: "" # required when custom_endpoint_url is set # custom_endpoint_signing_region: "" # required when custom_endpoint_url is set # use_paid_apis: false # table_options: nil # scheduler: shuffle # options are: dfs, round-robin, shuffle, or shuffle-queue # use_nested_table_rate_limiting: false # enable_api_level_tracing: false ``` -------------------------------- ### Configure CloudQuery AWS Source - Organization Example Source: https://hub.cloudquery.io/plugins/source/cloudquery/aws/latest/docs Configuration for the CloudQuery AWS Source plugin to discover AWS Accounts via AWS Organizations. This setup enables automatic handling of new or removed accounts. It specifies the admin account, member role name, and uses '*' to include all regions. ```yaml kind: source spec: name: aws path: cloudquery/aws registry: cloudquery version: "v32.42.0" tables: ['aws_s3_buckets'] destinations: ["postgresql"] spec: aws_debug: false org: admin_account: local_profile: "" member_role_name: OrganizationAccountAccessRole regions: - '*' # Optional parameters # regions: [] # accounts: [] # org: nil # concurrency: 50000 # initialization_concurrency: 4 # aws_debug: false # max_retries: 10 # max_backoff: 30 # custom_endpoint_url: "" # custom_endpoint_hostname_immutable: nil # required when custom_endpoint_url is set # custom_endpoint_partition_id: "" # required when custom_endpoint_url is set # custom_endpoint_signing_region: "" # required when custom_endpoint_url is set # use_paid_apis: false # table_options: nil # scheduler: shuffle # options are: dfs, round-robin or shuffle ``` -------------------------------- ### Sync CloudQuery Configuration Source: https://hub.cloudquery.io/plugins/source/cloudquery/aws/latest/docs Executes the CloudQuery synchronization process using a specified configuration file. This starts a long-lived process for data syncing. ```bash cloudquery sync config.yml ``` -------------------------------- ### AWS Credentials File Configuration Source: https://hub.cloudquery.io/plugins/source/cloudquery/aws/latest/docs Example content for the AWS credentials file, specifying default access key ID and secret access key. The CloudQuery plugin prioritizes this file for authentication. ```ini [default] aws_access_key_id = YOUR_ACCESS_KEY_ID aws_secret_access_key = YOUR_SECRET_ACCESS_KEY ``` -------------------------------- ### AWS Source Plugin: Skip Specific APIs Example Source: https://hub.cloudquery.io/plugins/source/cloudquery/aws/latest/docs Demonstrates how to configure the `skip_specific_apis` option in the AWS source plugin to exclude specific API actions for certain AWS services. This is useful for fine-tuning data synchronization and avoiding unnecessary API calls. ```yaml spec: regions: ["us-east-1","us-east-2"] skip_specific_apis: lambda: GetRuntimeManagementConfig: true GetFunction: true ``` -------------------------------- ### Get AWS Session Token with MFA Source: https://hub.cloudquery.io/plugins/source/cloudquery/aws/latest/docs Obtain temporary AWS credentials by using the `aws sts get-session-token` command with your IAM User's long-term security credentials and MFA token. These temporary credentials can then be exported to environment variables. ```bash aws sts get-session-token --serial-number --token-code --duration-seconds 3600 ``` ```bash export AWS_ACCESS_KEY_ID= export AWS_SECRET_ACCESS_KEY= export AWS_SESSION_TOKEN= ``` -------------------------------- ### CloudQuery AWS Plugin Versioning Strategy Source: https://hub.cloudquery.io/plugins/source/cloudquery/aws/latest/docs Explains the CloudQuery AWS plugin's versioning strategy, differentiating between major and minor version bumps based on schema, configuration, and permission changes. Recommends specific table syncing and skipping dependent tables. ```markdown ## Versioning # Changes to schema, configurations and required user permissions are all factors that go into the versioning of the AWS plugin. Any release that requires manual changes to an existing deployment of the AWS plugin in order to retain the same functionality will be indicated by an increase to the major version. When support for additional resources is added it will result in a minor version bump. This is important to be aware of because if you are using `tables: ["*"]` to specify the set of tables to sync then in minor versions new resources that might require additional IAM permissions might result in errors being raised. It is recommended that you specify the exact tables you wish to sync rather than using wildcard characters as well as specifying `skip_dependent_tables: true` to limit risk while upgrading versions as new resources that can take significant time to sync can be added. #### Breaking changes # The following examples are some of the most common examples of reasons for a major version change: 1. Changing a primary key for a table 2. Changing the name of a table 3. Changing the permissions required to sync a resource All releases contain a change log that indicates all the changes (and highlights the breaking changes). If you are ever unsure about a change that is included feel free to reach out to the CloudQuery team on Discord to find out more. #### Preview features # Sometimes features or tables will be released and marked as `alpha`. This indicates that future minor versions might change, break or remove functionality. This enables the CloudQuery team to release functionality prior to it being fully stable so that the community can give feedback. Once a feature is released as Generally Available then all of the above rules for semantic versioning will apply. ##### Current Preview features The following features are currently in `Preview`: * All tables that are prefixed with `aws_alpha_` * `table_options` feature ``` -------------------------------- ### Move table options docs to tables descriptions Source: https://hub.cloudquery.io/plugins/source/cloudquery/aws/latest/versions_page=9 This refactoring moves table options documentation into the table descriptions themselves, making it easier to find and manage configuration details for each table. This was done in release v27.19.0. ```go github.com/cloudquery/cloudquery/plugin/source/aws/tables.go ``` -------------------------------- ### Support EC2 Start/Stop Instances in Event-Based Sync (Go) Source: https://hub.cloudquery.io/plugins/source/cloudquery/aws/latest/versions_page=5 Enables event-based synchronization for EC2 `StartInstances` and `StopInstances` actions. This feature allows for near real-time updates on EC2 instance state changes. ```go github.com/cloudquery/cloudquery/plugin/source/aws/service/ec2/instance ``` -------------------------------- ### Deploy CloudFormation for Kinesis Stream Source: https://hub.cloudquery.io/plugins/source/cloudquery/aws/latest/docs Deploys a CloudFormation stack to set up a Kinesis Data Stream for CloudTrail events. Requires AWS CLI and a local YAML template file. ```bash aws cloudformation deploy --template-file ./streaming-deployment.yml --stack-name --capabilities CAPABILITY_IAM --disable-rollback --region ``` -------------------------------- ### Add aws_kendra_faqs table Source: https://hub.cloudquery.io/plugins/source/cloudquery/aws/latest/versions_page=9 This update introduces the `aws_kendra_faqs` table, enabling the extraction of AWS Kendra frequently asked questions (FAQ) data. This was done in v27.18.0. ```go github.com/cloudquery/cloudquery/plugin/source/aws/client/kendra/faqs.go ``` -------------------------------- ### AWS Table Options Overview Source: https://hub.cloudquery.io/plugins/source/cloudquery/aws/latest/docs Provides a general structure for defining table options in CloudQuery for various AWS services. It shows how to map table names to API methods and specify input objects or parameters for each. ```yaml table_options: aws_accessanalyzer_analyzer_findings: ListFindings: - # NextToken & AnalyzerArn are prohibited aws_accessanalyzer_analyzer_findings_v2: ListFindingsV2: - # NextToken & AnalyzerArn are prohibited aws_cloudtrail_events: LookupEvents: - # NextToken is prohibited aws_cloudtrail_trails: DescribeTrails: - aws_cloudwatch_metrics: - ListMetrics: # NextToken is prohibited GetMetricData: - # MaxDatapoints, NextToken and ScanBy are prohibited GetMetricStatistics: - # Namespace, MetricName and Dimensions are prohibited aws_cloudwatchlogs_delivery_destinations: DescribeDeliveryDestinations: - # NextToken is prohibited aws_cloudwatchlogs_delivery_sources: DescribeDeliverySources: - # NextToken is prohibited aws_cloudwatchlogs_log_groups: - DescribeGroups: # NextToken is prohibited DescribeStreams: cloudwatchStreamLastEventTimeAfter: