Query Using the SQL Query Editor for Amazon Config (Console) - Amazon Config
ConsiderationsUse an Amazon Sample QueryCreate your custom query
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Query Using the SQL Query Editor for Amazon Config (Console)

Introducing a preview feature for advanced queries that allows you to use generative artificial intelligence (generative AI) capabilities to enter prompts in plain English and convert them into a ready-to-use query format. For more information, see Natural language query processor for advanced queries.

You can either use Amazon sample queries or you can create your own query called as custom queries.

Considerations

Prerequisites

If you are using the one of the following Amazon managed policies, you will have the necessary permissions to run and save a query: AWSServiceRoleForConfig (service-linked role) or AWS_ConfigRole.

Otherwise, you must have the permissions included in the AWSConfigUserAccess Amazon managed policy.

List of properties that you can query

An updated list of properties and their data types is available in GitHub.

Advanced queries and aggregators

To run a query on an aggregator, create an aggregator. For more information, see Creating Aggregators for Amazon Config.

If you already have an aggregator set up, in the query scope, choose the aggregator to run an advanced query on that aggregator. When you select an aggregator, consider adding the Amazon Web Services account ID and Amazon Region in the query statement to view that information in the results.

Use an Amazon Sample Query

  1. Sign in to the Amazon Web Services Management Console and open the Amazon Config console at https://console.amazonaws.cn/config/.

  2. Choose Advanced queries from the left navigation to query your resource configurations for a single account and Region or for multiple accounts and Regions.

  3. On the Advanced queries page, choose an appropriate query from the list of queries. You can filter through the list of queries either by the name, description, creator, or tags. To filter for Amazon queries, choose Creator, and enter Amazon. The query that you select is displayed in the SQL query editor. You can edit the selected query to fit your needs.

  4. To save this query to a new query, choose Save As.

    • In the Query Name field, update the name of the query.

    • In the Description field, update the description of the query.

    • Enter up to 50 unique tags for this query.

    • Choose Save.

  5. Choose Run. The query results are displayed in the table below the query editor.

  6. Choose Export as to export the query results in CSV or JSON format.

Create your custom query

  1. Sign in to the Amazon Web Services Management Console and open the Amazon Config console at https://console.amazonaws.cn/config/.

  2. Choose Advanced queries from the left navigation to query your resource configurations for a single account and Region or for multiple accounts and Regions.

  3. To create your custom query, choose New query.

    To view or edit a custom query, filter a query either by the name, description, creator or tags. To filter custom queries, choose Creater and enter Custom.

  4. On the Query editor page, create your own query for this account and Region. You can also select an appropriate aggregator to create a query for multiple accounts and Regions.

  5. Edit if you wish you make changes to this query. Choose Save Query to save this query.

    • In the Query Name field, update the name of the query.

    • In the Description field, update the description of the query.

    • Enter up to 50 unique tags for this query.

    • Choose Save.

  6. Choose Run. The query results are displayed in the table below the query editor.

  7. Choose Export as to export the query results in CSV or JSON format.