Sample Queries
==============

Find old IAM user access keys

::

    select ?account_id ?iam_user_name ?access_key_id ?access_key_create_date ?access_key_status where
    {
        ?iam_user   a                  <alti:aws:iam:user> ;
                    <alti:name>        ?iam_user_name ;
                    <alti:account>     ?account .
        ?account    <alti:account_id>  ?account_id

        optional {
            ?iam_user   <alti:access_key>    ?access_key .
            ?access_key <alti:access_key_id> ?access_key_id ;
                        <alti:create_date>   ?access_key_create_date ;
                        <alti:status>        ?access_key_status
        }
    }
    order by ?access_key_create_date


Locate vpcs with no ec2 instances, rds instances lambdas or ENIs attached.

::

    select ?account_id ?region_name ?vpc_id
    where {
        ?vpc        a                          <alti:aws:ec2:vpc> ;
                    <alti:account>             ?account ;
                    <alti:region>              ?region ;
                    <alti:id>                  ?vpc_id ;
                    <alti:is_default>          ?is_default .

        ?region     <alti:name>                ?region_name .

        ?account    <alti:account_id>          ?account_id .

        FILTER NOT EXISTS { ?resource   <alti:aws:ec2:vpc> ?vpc .
                            ?resource   a                   ?resource_type .
                            FILTER ( ?resource_type = <alti:aws:ec2:instance> ||
                                     ?resource_type = <alti:aws:rds:db> ||
                                     ?resource_type = <alti:aws:lambda:function> ||
                                     ?resource_type = <alti:aws:ec2:network-interface> ) }
    }
    order by ?account_id ?region_name ?vpc_id

Locate EC2 instances which are running, have a public IP and have security groups which
allow tcp port 22, ordered by uptime.

::

    select ?launch_time ?ec2_instance_id ?sg_id ?public_ip_address ?from_port ?to_port
    where {
            ?ec2_instance     a                                <alti:aws:ec2:instance> ;
                              <alti:id>                        ?ec2_instance_id ;
                              <alti:account>                   ?account ;
                              <alti:public_ip_address>         ?public_ip_address ;
                              <alti:state>                     'running' ;
                              <alti:launch_time>               ?launch_time ;
                              <alti:security-group>            ?sg .

            ?sg               <alti:id>                        ?sg_id ;
                              <alti:ingress_rule>              ?ingress_rule .

            ?ingress_rule     <alti:ip_protocol>               'tcp' ;
                              <alti:from_port>                 ?from_port ;
                              <alti:to_port>                   ?to_port

            FILTER (?from_port <= 22 && ?to_port >= 22)

    } order by desc(?launch_time)