Use VMware Aria Automation for Secure Clouds queries to create your own custom search strings

This guide provides a general reference for using simple search query language (SSQL) in VMware Aria Automation for Secure Clouds to construct query strings in Explore Search.

Search for resources by type

Your assets in the cloud provider inventory are presented in VMware Aria Automation for Secure Clouds as resources. The easiest and most common way to find resources is by their resource type, which is expressed with the Provider.Service.ResourceType pattern. For example:

  • AWS.EC2.Instance
  • Azure.Compute.VirtualMachine
  • GCP.Compute.Instance

Note: Occasionally the search for the resource type (GCP.Compute.Instance) can return results from other types as well. To limit them strictly to the type, use entityType=GCP.Compute.Instance. This is not needed if you have used property or tag conditions.

Apply property conditions

Your resource configurations are stored as properties and values of the resource object. For example, running EC2 instances will have a property StateName with value running.

To find resources with specific configurations, you can use the following property conditions.

Condition Syntax Description
property with a value pname = pvalue Property with name pname has value equal to pvalue
property different than a value pname != pvalue Property with name pname has value different than pvalue
property exists pn(pname) or propertyName(pname) There is a property with name pname
property value exists pv(pvalue) or propertyValue(pvalue) There is a property with value pvalue

To apply property conditions to your searches, use the following operators.

Operator Usage
HAS Apply one or more conditions to a resource type
AND Group conditions when all of them must be satisfied
OR Group conditions when at least one of them must be satisfied
NOT Reverse a condition
( ) Specify the order in which conditions are evaluated

Note: The operators are case-insensitive, i.e. HAS is equivalent to has

Examples:

Query Description
Azure.Compute.VirtualMachine has PowerState = PowerState/running Running Azure VMs
AWS.EC2.Instance has region = us-east-2 and pn(PublicIpAddress) EC2 Instances from region us-east-2 with Public IP address set
region = us-east-2 Any resources from region us-east-2
AWS.EC2.Instance has (region = us-east-2 or region = us-east-1) EC2 Instances from region us-east-1 or us-east-2. Without parenthesis we would get all resources from us-east-2

Apply tag conditions

The tags you configure in your cloud provider can be accessed with the tag prefix. For example, use tag.createdBy to access the tag with name createdBy

To find resources by tag, you specify the following tag conditions.

Condition Syntax Description
tag with a value tag.tagname = tagvalue Tag with name tagname has value equal to tagvalye
tag different than a value tag.tagname != tagvalue Tag with name tagname has value different than tagvalue
tag exists tag.tagname There is a tag with name tagname
tag value exists tag = tagvalue There is a tag with value tagvalue

Tag conditions are applied using the same operators as above and can be mixed and matched with property conditions.

Examples:

Query Description
Azure.Compute.VirtualMachine has PowerState = PowerState/running and tag.createdBy = Engineering Running Azure VMs created by engineering
AWS.EC2.Instance has region = us-east-2 and not tag.Owner EC2 Instances from region us-east-2 without an owner tag

Comparison operators, Date and time functions

Comparison operators (<=, <, >, =>) are available for integer and datetime properties. In addition, some special date and time functions are available to construct dates easily.

Syntax Description
hoursAgo(n) Returns the time n hours earlier than now
daysAgo(n) Returns the time n days earlier than now
monthsAgo(n) Returns the time n months earlier than now
yearsAgo(n) Returns the time n years earlier than now

Examples:

Query Description
AWS.EC2.Instance has CpuCoreCount >= 4 EC2 Instances with 4 CPU cores or more
AWS.IAM.AccessKey HAS AccessKeyLastUsedDate < 2021-01-01 Access keys last used earlier than Jan 1st 2021
AWS.IAM.AccessKey HAS AccessKeyLastUsedDate < monthsAgo(6) Access keys last used earlier than six months ago

Wildcards

To find resource matching a pattern, use the wildcard operator *** in your query to match any string. You can use the operator in property names, property values, tag names and tag values.

Possible wildcard statements

Statement type Syntax Description
begins with abc* begins with "abc"
ends with *abc ends with "abc"
begins and ends abc*xyz begins with "abc" and ends with "xyz"

Notes: To search for the asterisk symbol, surround the string in double quotes, so that it won't have any special meaning. If the string itself contains double quotes, escape them with a backslash.

Examples for using wildcards:

Query Description
AWS.EC2.Instance has PrivateIpAddress = 10.0.1.* EC2 Instances from the 10.0.1.x subnet.
AWS.IAM.PolicyStatement HAS Principal = {"Federated":* PolicyStatement with principal property starting with {"Federated":

Examples for escaping the wildcard operator:

Query Description
AWS.IAM.PolicyStatement HAS Action = "*" Policy statement valid for all actions.
AWS.IAM.PolicyStatement HAS Principal = "{"AWS":"*"}" Policy statement with Principal equal to {"AWS":"*"}.

To find related resources use the relationship operator -> to search for relationships between two sets of resources. To find resources that are not related, use the inverted relationship operator !->

Examples:

Query Description
AWS.EC2.Instance has region=us-east-1 → AWS.EC2.Volume HAS Encrypted = false EC2 Instances with unencrypted Volumes
AWS.EC2.Volume !-> AWS.EC2.Instance Volumes that are not attached to an EC2 instance.

Count search results

To count the results of a search, add count(pname) at the end of the search query. This type of aggregation is supported for queries that don't include the relationship operator.

Examples:

Query Description
AWS.EC2.Instance HAS StateName=Running and pn(PublicIpAddress) count(region) Running EC2 Instances with a public IP address by region
Azure.Compute.VirtualMachine has PowerState = PowerState/running count(ResourceGroup) Running Azure VMs counted by resource group
GCP.Compute.Instance HAS pn(ExternalIPAddresses) count(region) GCP Compute instances with external IP by region

Syntax rules

Using double quotes

The usage of double quotes around strings is optional in most cases. However, double quotes are required if the string contains special characters that may cause ambiguity during parsing.

Examples:

Query Description
tag.Project = Stardeck This is equivalent to tag.Project = "Stardeck". Double quotes are not required
tag.Project = "Stardeck(1)" Double quotes are required because of the brackets. Otherwise the query is invalid.
tag.Description = "This is a descripion with spaces" Double quotes are required because of the spaces
tag.Description = "This is a descripion with spaces and special characters !@#$%^&*()_+[]" Double quotes are required, so each of the special characters is interpreted literally
tag.Description = "This is a descripion with spaces and "quotes"" Double quotes are required and the quotes need to be escaped with a backslash.
check-circle-line exclamation-circle-line close-line
Scroll to top icon