bug: AWS Compliance pack giving error on aws_compliance__foundational_security model #18948
Description
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
When executing dbt run for the AWS Compliance pack 12 out of the 13 models complete. aws_compliance__foundational_security model gives and error.
Database Error in model aws_compliance__foundational_security (models/aws_compliance__foundational_security.sql)
column reference "account_id" is ambiguous
LINE 2876: account_id,
^
compiled Code at target/run/aws_compliance/models/aws_compliance__foundational_security.sql
Expected Behavior
Based on the other models should this not complete compile without error
CloudQuery (redacted) config
# template
#root account
kind: source
spec:
name: aws-root
# name: aws-0
registry: cloudquery
path: cloudquery/aws
version: "${SOURCEVERSIONAWS}"
skip_dependent_tables: true
tables:
- aws_accessanalyzer_analyzer_archive_rules
- aws_accessanalyzer_analyzer_findings
- aws_accessanalyzer_analyzer_findings_v2
- aws_accessanalyzer_analyzers
- aws_account_alternate_contacts
- aws_account_contacts
- aws_acm_certificates
- aws_acmpca_certificate_authorities
- aws_amp_rule_groups_namespaces
- aws_amp_workspaces
- aws_amplify_apps
- aws_apigateway_api_keys
- aws_apigateway_client_certificates
- aws_apigateway_domain_name_base_path_mappings
- aws_apigateway_domain_names
- aws_apigateway_rest_api_authorizers
- aws_apigateway_rest_api_deployments
- aws_apigateway_rest_api_documentation_parts
- aws_apigateway_rest_api_documentation_versions
- aws_apigateway_rest_api_gateway_responses
- aws_apigateway_rest_api_models
- aws_apigateway_rest_api_request_validators
- aws_apigateway_rest_api_resources
- aws_apigateway_rest_api_stages
- aws_apigateway_rest_apis
- aws_apigateway_usage_plan_keys
- aws_apigateway_usage_plans
- aws_apigateway_vpc_links
- aws_apigatewayv2_api_authorizers
- aws_apigatewayv2_api_deployments
- aws_apigatewayv2_api_integration_responses
- aws_apigatewayv2_api_integrations
- aws_apigatewayv2_api_models
- aws_apigatewayv2_api_route_responses
- aws_apigatewayv2_api_routes
- aws_apigatewayv2_api_stages
- aws_apigatewayv2_apis
- aws_apigatewayv2_domain_name_rest_api_mappings
- aws_apigatewayv2_domain_names
- aws_appconfig_applications
- aws_appconfig_configuration_profiles
- aws_appconfig_deployment_strategies
- aws_appconfig_environments
- aws_appconfig_hosted_configuration_versions
- aws_appflow_flows
- aws_appmesh_meshes
- aws_appmesh_virtual_gateways
- aws_appmesh_virtual_nodes
- aws_appmesh_virtual_routers
- aws_appmesh_virtual_services
- aws_autoscaling_group_lifecycle_hooks
- aws_autoscaling_group_scaling_policies
- aws_autoscaling_groups
- aws_autoscaling_launch_configurations
- aws_backup_jobs
- aws_backup_report_plans
- aws_backupgateway_gateways
- aws_batch_compute_environments
- aws_cloudformation_stack_instance_resource_drifts
- aws_cloudformation_stack_instance_summaries
- aws_cloudformation_stacks
- aws_cloudformation_stack_templates
- aws_cloudfront_cache_policies
- aws_cloudfront_distributions
- aws_cloudfront_functions
- aws_cloudfront_origin_access_identities
- aws_cloudfront_origin_request_policies
- aws_cloudfront_response_headers_policies
- aws_cloudtrail_trail_event_selectors
- aws_cloudtrail_trails
- aws_cloudwatch_alarms
- aws_cloudwatchlogs_log_groups
- aws_cloudwatchlogs_metric_filters
- aws_cloudwatchlogs_resource_policies
- aws_codeartifact_domains
- aws_codeartifact_repositories
- aws_codebuild_builds
- aws_codebuild_projects
- aws_codebuild_source_credentials
- aws_codecommit_repositories
- aws_codedeploy_applications
- aws_codedeploy_deployment_configs
- aws_codedeploy_deployment_groups
- aws_codedeploy_deployments
- aws_codepipeline_pipelines
- aws_codepipeline_webhooks
- aws_cognito_identity_pools
- aws_cognito_user_pool_identity_providers
- aws_cognito_user_pools
- aws_config_config_rule_compliances
- aws_config_config_rules
- aws_config_configuration_recorders
- aws_config_conformance_pack_rule_compliances
- aws_config_conformance_packs
- aws_detective_graph_members
- aws_detective_graphs
- aws_dms_certificates
- aws_dms_event_subscriptions
- aws_dms_replication_subnet_groups
- aws_dms_replication_tasks
- aws_docdb_certificates
- aws_docdb_cluster_parameters
- aws_docdb_cluster_snapshots
- aws_docdb_clusters
- aws_docdb_event_categories
- aws_docdb_event_subscriptions
- aws_docdb_events
- aws_docdb_global_clusters
- aws_docdb_instances
- aws_docdb_orderable_db_instance_options
- aws_docdb_pending_maintenance_actions
- aws_docdb_subnet_groups
- aws_dynamodb_backups
- aws_dynamodb_exports
- aws_dynamodb_global_tables
- aws_dynamodb_table_continuous_backups
- aws_dynamodb_table_replica_auto_scalings
- aws_dynamodb_tables
- aws_dynamodbstreams_streams
- aws_ec2_byoip_cidrs
- aws_ec2_capacity_reservations
- aws_ec2_customer_gateways
- aws_ec2_dhcp_options
- aws_ec2_ebs_snapshots
- aws_ec2_egress_only_internet_gateways
- aws_ec2_eips
- aws_ec2_flow_logs
- aws_ec2_hosts
- aws_ec2_images
- aws_ec2_instance_credit_specifications
- aws_ec2_instance_statuses
- aws_ec2_instances
- aws_ec2_internet_gateways
- aws_ec2_key_pairs
- aws_ec2_nat_gateways
- aws_ec2_network_acls
- aws_ec2_network_interfaces
- aws_ec2_regional_configs
- aws_ec2_reserved_instances
- aws_ec2_route_tables
- aws_ec2_security_groups
- aws_ec2_subnets # no longer in use from aws?
- aws_ec2_traffic_mirror_filters
- aws_ec2_traffic_mirror_sessions
- aws_ec2_traffic_mirror_targets
- aws_ec2_transit_gateway_attachments
- aws_ec2_transit_gateway_multicast_domains
- aws_ec2_transit_gateway_peering_attachments
- aws_ec2_transit_gateway_route_tables
- aws_ec2_transit_gateway_vpc_attachments
- aws_ec2_transit_gateways
- aws_ec2_vpc_endpoint_connections
- aws_ec2_vpc_endpoint_service_configurations
- aws_ec2_vpc_endpoint_service_permissions #do these need to be in root as they dont exist in root according to logs
- aws_ec2_vpc_endpoints
- aws_ec2_vpc_peering_connections
- aws_ec2_vpcs
- aws_ec2_vpn_connections
- aws_ec2_vpn_gateways
- aws_ecr_pull_through_cache_rules
- aws_ecr_registries
- aws_ecr_registry_policies
- aws_ecr_repositories
- aws_ecr_repository_image_scan_findings
- aws_ecr_repository_images
- aws_ecr_repository_lifecycle_policies
- aws_ecr_repository_policies
- aws_ecrpublic_repositories
- aws_ecrpublic_repository_images
- aws_ecs_cluster_container_instances
- aws_ecs_cluster_services
- aws_ecs_cluster_tasks
- aws_ecs_cluster_task_sets
- aws_ecs_clusters
- aws_ecs_task_definitions
- aws_efs_filesystems
- aws_eks_cluster_addons
- aws_eks_clusters
- aws_elasticache_clusters
- aws_elasticache_global_replication_groups
- aws_elasticache_replication_groups
- aws_elasticache_reserved_cache_nodes
- aws_elasticache_snapshots
- aws_elasticache_subnet_groups
- aws_elasticache_user_groups
- aws_elasticache_users
- aws_elasticbeanstalk_application_versions
- aws_elasticbeanstalk_applications
- aws_elasticbeanstalk_configuration_options
- aws_elasticbeanstalk_configuration_settings
- aws_elasticbeanstalk_environments
- aws_elasticsearch_domains
- aws_elbv1_load_balancer_policies
- aws_elbv1_load_balancers
- aws_elbv2_listener_certificates
- aws_elbv2_listener_rules
- aws_elbv2_listeners
- aws_elbv2_load_balancer_attributes
- aws_elbv2_load_balancer_web_acls
- aws_elbv2_load_balancers
- aws_elbv2_target_group_target_health_descriptions
- aws_elbv2_target_groups
- aws_emr_notebook_executions
- aws_emr_release_labels
- aws_emr_steps
- aws_emr_studio_session_mappings
- aws_emr_studios
- aws_eventbridge_api_destinations
- aws_eventbridge_archives
- aws_eventbridge_connections
- aws_eventbridge_endpoints
- aws_eventbridge_event_bus_rules
- aws_eventbridge_event_buses
- aws_eventbridge_event_sources
- aws_eventbridge_replays
- aws_globalaccelerator_accelerators
- aws_globalaccelerator_custom_routing_accelerators
- aws_guardduty_detectors
- aws_guardduty_detector_findings
- aws_guardduty_detector_filters
- aws_guardduty_detector_members
- aws_guardduty_detector_ip_sets
- aws_guardduty_detector_publishing_destinations
- aws_guardduty_detector_intel_sets
- aws_iam_accounts
- aws_iam_credential_reports
- aws_iam_group_attached_policies
- aws_iam_group_policies
- aws_iam_groups
- aws_iam_mfa_devices
- aws_iam_openid_connect_identity_providers
- aws_iam_password_policies
- aws_iam_policies
- aws_iam_role_policies
- aws_iam_roles
- aws_iam_saml_identity_providers
- aws_iam_server_certificates
- aws_iam_signing_certificates
- aws_iam_user_access_keys
- aws_iam_user_attached_policies
- aws_iam_user_groups
- aws_iam_user_policies
- aws_iam_users
- aws_iam_virtual_mfa_devices
- aws_identitystore_group_memberships
- aws_identitystore_groups
- aws_identitystore_users
- aws_inspector2_covered_resources
- aws_kinesis_streams
- aws_kms_aliases
- aws_kms_key_grants
- aws_kms_keys
- aws_lambda_function_aliases
- aws_lambda_function_concurrency_configs
- aws_lambda_function_event_invoke_configs
- aws_lambda_function_event_source_mappings
- aws_lambda_function_versions
- aws_lambda_functions
- aws_lambda_layer_version_policies
- aws_lambda_layer_versions
- aws_lambda_layers
- aws_lexv2_bot_aliases
- aws_lexv2_bots
- aws_lightsail_alarms
- aws_lightsail_bucket_access_keys
- aws_lightsail_buckets
- aws_lightsail_certificates
- aws_lightsail_container_service_deployments
- aws_lightsail_container_service_images
- aws_lightsail_container_services
- aws_lightsail_database_events
- aws_lightsail_database_log_events
- aws_lightsail_database_parameters
- aws_lightsail_database_snapshots
- aws_lightsail_databases
- aws_lightsail_disk_snapshots
- aws_lightsail_disks
- aws_lightsail_distributions
- aws_lightsail_instance_port_states
- aws_lightsail_instance_snapshots
- aws_lightsail_instances
- aws_lightsail_load_balancer_tls_certificates
- aws_lightsail_load_balancers
- aws_lightsail_static_ips
- aws_networkfirewall_firewalls
- aws_networkmanager_global_networks
- aws_networkmanager_links
- aws_networkmanager_sites
- aws_networkmanager_transit_gateway_registrations
- aws_organizations_accounts #do not have permission in the prod root account for this resource
- aws_organizations_account_parents
- aws_organizations_organizational_units
- aws_organizations_organizational_unit_parents
- aws_rds_certificates
- aws_rds_cluster_backtracks
- aws_rds_cluster_parameter_group_parameters
- aws_rds_cluster_parameters
- aws_rds_cluster_snapshots
- aws_rds_clusters
- aws_rds_db_parameter_group_db_parameters
- aws_rds_db_security_groups
- aws_rds_db_snapshots
- aws_rds_event_subscriptions
- aws_rds_instances
- aws_rds_subnet_groups
- aws_regions
- aws_route53_delegation_sets
- aws_route53_domains
- aws_route53_health_checks
- aws_route53_hosted_zone_query_logging_configs
- aws_route53_hosted_zone_resource_record_sets
- aws_route53_hosted_zone_traffic_policy_instances
- aws_route53_hosted_zones
- aws_route53_traffic_policies
- aws_route53_traffic_policy_versions
- aws_route53recoverycontrolconfig_clusters
- aws_route53recoverycontrolconfig_control_panels
- aws_route53recoverycontrolconfig_routing_controls
- aws_route53recoverycontrolconfig_safety_rules
- aws_route53recoveryreadiness_cells
- aws_route53recoveryreadiness_readiness_checks
- aws_route53recoveryreadiness_recovery_groups
- aws_route53recoveryreadiness_resource_sets
- aws_route53resolver_firewall_configs
- aws_route53resolver_firewall_domain_lists
- aws_route53resolver_firewall_rule_group_associations
- aws_route53resolver_firewall_rule_groups
- aws_route53resolver_resolver_endpoints
- aws_route53resolver_resolver_query_log_config_associations
- aws_route53resolver_resolver_query_log_configs
- aws_route53resolver_resolver_rule_associations
- aws_route53resolver_resolver_rules
- aws_s3_access_grants #do these need to be in root as they dont exist in root according to logs
- aws_s3_accounts
- aws_s3_bucket_cors_rules
- aws_s3_bucket_encryption_rules
- aws_s3_bucket_grants
- aws_s3_bucket_lifecycles
- aws_s3_bucket_notification_configurations
- aws_s3_bucket_object_lock_configurations
- aws_s3_buckets
- aws_s3_multi_region_access_points
- aws_sagemaker_endpoint_configurations
- aws_sagemaker_endpoints
- aws_sagemaker_models
- aws_sagemaker_notebook_instances
- aws_sagemaker_training_jobs
- aws_scheduler_schedule_groups
- aws_scheduler_schedules
- aws_secretsmanager_secrets
- aws_servicecatalog_launch_paths #empty and errors in test
- aws_servicecatalog_portfolios
- aws_servicecatalog_products
- aws_servicecatalog_provisioned_products
- aws_servicecatalog_provisioning_artifacts #empty and errors in test
- aws_servicecatalog_provisioning_parameters
- aws_servicediscovery_instances
- aws_servicediscovery_namespaces
- aws_servicediscovery_services
- aws_servicequotas_quotas
- aws_ses_active_receipt_rule_sets
- aws_ses_configuration_set_event_destinations
- aws_ses_configuration_sets
- aws_ses_contact_lists
- aws_ses_custom_verification_email_templates
- aws_ses_identities
- aws_ses_templates
- aws_signer_signing_profiles
- aws_sns_subscriptions
- aws_sns_topics
- aws_sqs_queues
- aws_ssm_associations
- aws_ssm_compliance_summary_items
- aws_ssm_documents
- aws_ssm_instance_compliance_items
- aws_ssm_instance_patches
- aws_ssm_instances
- aws_ssm_inventories
- aws_ssm_inventory_schemas
- aws_ssm_parameters
- aws_ssm_patch_baselines
- aws_ssmincidents_incident_findings
- aws_ssmincidents_incident_related_items
- aws_ssmincidents_incident_timeline_events
- aws_ssmincidents_incidents
- aws_ssmincidents_response_plans
- aws_ssoadmin_permission_sets
- aws_ssoadmin_permission_set_account_assignments
- aws_ssoadmin_permission_set_customer_managed_policies
- aws_ssoadmin_permission_set_inline_policies
- aws_ssoadmin_permission_set_managed_policies
- aws_stepfunctions_state_machines
- aws_transfer_agreements
- aws_transfer_certificates
- aws_transfer_connectors
- aws_transfer_profiles
- aws_transfer_users
- aws_transfer_workflows
- aws_waf_rule_groups
- aws_waf_rules
- aws_waf_subscribed_rule_groups
- aws_waf_web_acls
- aws_wafregional_rate_based_rules
- aws_wafregional_rule_groups
- aws_wafregional_rules
- aws_wafregional_web_acls
- aws_wafv2_ipsets
- aws_wafv2_regex_pattern_sets
- aws_wafv2_rule_groups
- aws_wafv2_web_acls
- aws_workspaces_connection_alias_permissions
- aws_workspaces_connection_aliases
- aws_workspaces_directories
- aws_workspaces_workspaces
- aws_dynamodb_table_resource_policies
- aws_dynamodb_table_stream_resource_policies
- aws_health_event_details
- aws_health_org_event_details
- aws_ssm_command_invocations
- aws_s3_bucket_object_heads
- aws_elasticsearch_reserved_instances
- aws_health_affected_entities
- aws_health_events
- aws_health_organization_affected_entities
- aws_health_organization_events
- aws_iam_policy_default_versions
- aws_memorydb_reserved_nodes
- aws_rds_db_proxy_endpoints
- aws_rds_db_proxy_target_groups
- aws_rds_db_proxy_targets
- aws_redshift_reserved_nodes
- aws_iam_policy_default_versions
- aws_rds_db_proxies
- aws_cloudfront_key_value_stores
- aws_kms_key_rotation_statuses
- aws_kms_key_rotations
- aws_redshift_clusters #need for compliance transformation
- aws_iam_instance_profiles #need for compliance transformation
- aws_efs_access_points #need for compliance transformation
- aws_dms_replication_instances #need for compliance transformation
- aws_ec2_ebs_volumes #need for compliance transformation
- aws_appsync_graphql_apis #need for compliance transformation
- aws_networkfirewall_rule_groups #need for compliance transformation
- aws_securityhub_hubs #need for compliance transformation
- aws_athena_work_groups #need for compliance transformation
- aws_neptune_cluster_snapshots #need for compliance transformation
- aws_s3_bucket_public_access_blocks #need for compliance transformation
- aws_applicationautoscaling_policies #need for compliance transformation
- aws_emr_clusters #need for compliance transformation
- aws_dax_clusters #need for compliance transformation
- aws_ec2_launch_template_versions #need for compliance transformation
- aws_rds_events #need for compliance transformation
- aws_networkfirewall_firewall_policies #need for compliance transformation
- aws_redshift_cluster_parameter_groups #need for compliance transformation
- aws_ec2_ebs_snapshot_attributes #need for compliance transformation
- aws_s3_bucket_loggings #need for compliance transformation
- aws_lambda_runtimes #need for compliance transformation
- aws_redshift_cluster_parameters #need for compliance transformation
- aws_s3_bucket_versionings #need for compliance transformation
- aws_iam_policy_versions #need for compliance transformation
- aws_s3_bucket_policies #need for compliance transformation
- aws_iam_role_attached_policies #need for compliance transformation
destinations: ["postgresql"]
spec:
scheduler: "shuffle"
# scheduler: "round-robin"
aws_debug: false
accounts:
- id: "${ROOTACCOUNTID}"
regions:
- "us-east-1"
- "us-east-2"
- "us-west-1"
- "us-west-2"
---
kind: source #all other accounts in AWS organizations
spec:
# name: "aws-1"
name: "aws-OUs"
registry: cloudquery
path: cloudquery/aws
version: "${SOURCEVERSIONAWS}"
skip_dependent_tables: true
tables:
- aws_accessanalyzer_analyzer_findings_v2
- aws_accessanalyzer_analyzers
- aws_account_contacts
- aws_apigateway_api_keys
- aws_apigateway_client_certificates
- aws_apigateway_domain_name_base_path_mappings
- aws_apigateway_domain_names
- aws_apigateway_rest_api_authorizers
- aws_apigateway_rest_api_deployments
- aws_apigateway_rest_api_documentation_parts
- aws_apigateway_rest_api_documentation_versions
- aws_apigateway_rest_api_gateway_responses
- aws_apigateway_rest_api_models
- aws_apigateway_rest_api_request_validators
- aws_apigateway_rest_api_resources
- aws_apigateway_rest_api_stages
- aws_apigateway_rest_apis
- aws_apigateway_usage_plan_keys
- aws_apigateway_usage_plans
- aws_apigateway_vpc_links
- aws_apigatewayv2_api_authorizers
- aws_apigatewayv2_api_deployments
- aws_apigatewayv2_api_integration_responses
- aws_apigatewayv2_api_integrations
- aws_apigatewayv2_api_models
- aws_apigatewayv2_api_route_responses
- aws_apigatewayv2_api_routes
- aws_apigatewayv2_api_stages
- aws_apigatewayv2_apis
- aws_apigatewayv2_domain_name_rest_api_mappings
- aws_apigatewayv2_domain_names
- aws_appconfig_applications
- aws_appconfig_configuration_profiles
- aws_appconfig_deployment_strategies
- aws_appconfig_environments
- aws_appconfig_hosted_configuration_versions
- aws_appflow_flows
- aws_appmesh_meshes
- aws_appmesh_virtual_gateways
- aws_appmesh_virtual_nodes
- aws_appmesh_virtual_routers
- aws_appmesh_virtual_services
- aws_autoscaling_group_lifecycle_hooks
- aws_autoscaling_group_scaling_policies
- aws_autoscaling_groups
- aws_autoscaling_launch_configurations
- aws_backup_jobs
- aws_backup_report_plans
- aws_backupgateway_gateways
- aws_batch_compute_environments
- aws_cloudformation_stack_instance_resource_drifts
- aws_cloudformation_stack_instance_summaries
- aws_cloudformation_stacks
- aws_cloudformation_stack_templates
- aws_cloudfront_cache_policies
- aws_cloudfront_distributions
- aws_cloudfront_functions
- aws_cloudfront_origin_access_identities
- aws_cloudfront_origin_request_policies
- aws_cloudfront_response_headers_policies
- aws_cloudtrail_trail_event_selectors
- aws_cloudtrail_trails
- aws_cloudwatch_alarms
- aws_cloudwatchlogs_log_groups
- aws_cloudwatchlogs_metric_filters
- aws_cloudwatchlogs_resource_policies
- aws_codeartifact_domains
- aws_codeartifact_repositories
- aws_codebuild_builds
- aws_codebuild_projects
- aws_codebuild_source_credentials
- aws_codecommit_repositories
- aws_codedeploy_applications
- aws_codedeploy_deployment_configs
- aws_codedeploy_deployment_groups
- aws_codedeploy_deployments
- aws_codepipeline_pipelines
- aws_codepipeline_webhooks
- aws_cognito_identity_pools
- aws_cognito_user_pool_identity_providers
- aws_cognito_user_pools
- aws_config_config_rule_compliances
- aws_config_config_rules
- aws_config_configuration_recorders
- aws_config_conformance_pack_rule_compliances
- aws_config_conformance_packs
- aws_detective_graph_members
- aws_detective_graphs
- aws_dms_certificates
- aws_dms_event_subscriptions
- aws_dms_replication_subnet_groups
- aws_dms_replication_tasks
- aws_docdb_certificates
- aws_docdb_cluster_parameters
- aws_docdb_cluster_snapshots
- aws_docdb_clusters
- aws_docdb_event_categories
- aws_docdb_event_subscriptions
- aws_docdb_events
- aws_docdb_global_clusters
- aws_docdb_instances
- aws_docdb_orderable_db_instance_options
- aws_docdb_pending_maintenance_actions
- aws_docdb_subnet_groups
- aws_dynamodb_backups
- aws_dynamodb_exports
- aws_dynamodb_global_tables
- aws_dynamodb_table_continuous_backups
- aws_dynamodb_table_replica_auto_scalings
- aws_dynamodb_tables
- aws_dynamodbstreams_streams
- aws_ec2_byoip_cidrs
- aws_ec2_capacity_reservations
- aws_ec2_customer_gateways
- aws_ec2_dhcp_options
- aws_ec2_ebs_snapshots
- aws_ec2_egress_only_internet_gateways
- aws_ec2_eips
- aws_ec2_flow_logs
- aws_ec2_hosts
- aws_ec2_images
- aws_ec2_instance_credit_specifications
- aws_ec2_instance_statuses
- aws_ec2_instances
- aws_ec2_internet_gateways
- aws_ec2_key_pairs
- aws_ec2_nat_gateways
- aws_ec2_network_acls
- aws_ec2_network_interfaces
- aws_ec2_regional_configs
- aws_ec2_reserved_instances
- aws_ec2_route_tables
- aws_ec2_security_groups
- aws_ec2_subnets # no longer in use from aws?
- aws_ec2_traffic_mirror_filters
- aws_ec2_traffic_mirror_sessions
- aws_ec2_traffic_mirror_targets
- aws_ec2_transit_gateway_attachments
- aws_ec2_transit_gateway_multicast_domains
- aws_ec2_transit_gateway_peering_attachments
- aws_ec2_transit_gateway_route_tables
- aws_ec2_transit_gateway_vpc_attachments
- aws_ec2_transit_gateways
- aws_ec2_vpc_endpoint_connections
- aws_ec2_vpc_endpoint_service_configurations
- aws_ec2_vpc_endpoint_service_permissions
- aws_ec2_vpc_endpoints
- aws_ec2_vpc_peering_connections
- aws_ec2_vpcs
- aws_ec2_vpn_connections
- aws_ec2_vpn_gateways
- aws_ecr_pull_through_cache_rules
- aws_ecr_registries
- aws_ecr_registry_policies
- aws_ecr_repositories
- aws_ecr_repository_image_scan_findings
- aws_ecr_repository_images
- aws_ecr_repository_lifecycle_policies
- aws_ecr_repository_policies
- aws_ecrpublic_repositories
- aws_ecrpublic_repository_images
- aws_ecs_cluster_container_instances
- aws_ecs_cluster_services
- aws_ecs_cluster_tasks
- aws_ecs_cluster_task_sets
- aws_ecs_clusters
- aws_ecs_task_definitions
- aws_efs_filesystems
- aws_eks_cluster_addons
- aws_eks_clusters
- aws_elasticache_clusters
# - aws_elasticache_engine_versions
- aws_elasticache_global_replication_groups
- aws_elasticache_replication_groups
- aws_elasticache_reserved_cache_nodes
- aws_elasticache_snapshots
- aws_elasticache_subnet_groups
- aws_elasticache_user_groups
- aws_elasticache_users
- aws_elasticbeanstalk_application_versions
- aws_elasticbeanstalk_applications
- aws_elasticbeanstalk_configuration_options
- aws_elasticbeanstalk_configuration_settings
- aws_elasticbeanstalk_environments
- aws_elasticsearch_domains
- aws_elbv1_load_balancer_policies
- aws_elbv1_load_balancers
- aws_elbv2_listener_certificates
- aws_elbv2_listener_rules
- aws_elbv2_listeners
- aws_elbv2_load_balancer_attributes
- aws_elbv2_load_balancer_web_acls
- aws_elbv2_load_balancers
- aws_elbv2_target_group_target_health_descriptions
- aws_elbv2_target_groups
- aws_emr_notebook_executions
- aws_emr_steps
- aws_emr_studio_session_mappings
- aws_emr_studios
- aws_eventbridge_api_destinations
- aws_eventbridge_archives
- aws_eventbridge_connections
- aws_eventbridge_endpoints
- aws_eventbridge_event_bus_rules
- aws_eventbridge_event_buses
- aws_eventbridge_event_sources
- aws_eventbridge_replays
- aws_globalaccelerator_accelerators
- aws_globalaccelerator_custom_routing_accelerators
- aws_guardduty_detectors
- aws_guardduty_detector_findings
- aws_guardduty_detector_filters
- aws_guardduty_detector_members
- aws_guardduty_detector_ip_sets
- aws_guardduty_detector_publishing_destinations
- aws_guardduty_detector_intel_sets
- aws_iam_accounts
- aws_iam_credential_reports
- aws_iam_group_attached_policies
- aws_iam_group_policies
- aws_iam_groups
- aws_iam_mfa_devices
- aws_iam_openid_connect_identity_providers
- aws_iam_password_policies
- aws_iam_policies
- aws_iam_role_policies
- aws_iam_roles
- aws_iam_saml_identity_providers
- aws_iam_server_certificates
- aws_iam_signing_certificates
- aws_iam_user_access_keys
- aws_iam_user_attached_policies
- aws_iam_user_groups
- aws_iam_user_policies
- aws_iam_users
- aws_iam_virtual_mfa_devices
- aws_identitystore_group_memberships
- aws_identitystore_groups
- aws_identitystore_users
- aws_inspector2_covered_resources
- aws_kinesis_streams
- aws_kms_aliases
- aws_kms_key_grants
- aws_kms_keys
- aws_lambda_function_aliases
- aws_lambda_function_concurrency_configs
- aws_lambda_function_event_invoke_configs
- aws_lambda_function_event_source_mappings
- aws_lambda_function_versions
- aws_lambda_functions
- aws_lambda_layer_version_policies
- aws_lambda_layer_versions
- aws_lambda_layers
- aws_lexv2_bot_aliases
- aws_lexv2_bots
- aws_lightsail_alarms
- aws_lightsail_bucket_access_keys
- aws_lightsail_buckets
- aws_lightsail_certificates
- aws_lightsail_container_service_deployments
- aws_lightsail_container_service_images
- aws_lightsail_container_services
- aws_lightsail_database_events
- aws_lightsail_database_log_events
- aws_lightsail_database_parameters
- aws_lightsail_database_snapshots
- aws_lightsail_databases
- aws_lightsail_disk_snapshots
- aws_lightsail_disks
- aws_lightsail_distributions
- aws_lightsail_instance_port_states
- aws_lightsail_instance_snapshots
- aws_lightsail_instances
- aws_lightsail_load_balancer_tls_certificates
- aws_lightsail_load_balancers
- aws_lightsail_static_ips
- aws_networkfirewall_firewalls
- aws_networkmanager_global_networks
- aws_networkmanager_links
- aws_networkmanager_sites
- aws_networkmanager_transit_gateway_registrations
- aws_rds_certificates
- aws_rds_cluster_backtracks
- aws_rds_cluster_parameter_group_parameters
# - aws_rds_cluster_parameter_groups removing per skip tables from support
- aws_rds_cluster_parameters
- aws_rds_cluster_snapshots
- aws_rds_clusters
- aws_rds_db_parameter_group_db_parameters
- aws_rds_db_security_groups
- aws_rds_db_snapshots
- aws_rds_event_subscriptions
- aws_rds_instances
- aws_rds_subnet_groups
- aws_regions
- aws_route53_delegation_sets
- aws_route53_domains
- aws_route53_health_checks
- aws_route53_hosted_zone_query_logging_configs
- aws_route53_hosted_zone_resource_record_sets
- aws_route53_hosted_zone_traffic_policy_instances
- aws_route53_hosted_zones
- aws_route53_traffic_policies
- aws_route53_traffic_policy_versions
- aws_route53recoverycontrolconfig_clusters
- aws_route53recoverycontrolconfig_control_panels
- aws_route53recoverycontrolconfig_routing_controls
- aws_route53recoverycontrolconfig_safety_rules
- aws_route53recoveryreadiness_cells
- aws_route53recoveryreadiness_readiness_checks
- aws_route53recoveryreadiness_recovery_groups
- aws_route53recoveryreadiness_resource_sets
- aws_route53resolver_firewall_configs
- aws_route53resolver_firewall_domain_lists
- aws_route53resolver_firewall_rule_group_associations
- aws_route53resolver_firewall_rule_groups
- aws_route53resolver_resolver_endpoints
- aws_route53resolver_resolver_query_log_config_associations
- aws_route53resolver_resolver_query_log_configs
- aws_route53resolver_resolver_rule_associations
- aws_route53resolver_resolver_rules
- aws_s3_access_grant_instances
- aws_s3_accounts
- aws_s3_bucket_cors_rules
- aws_s3_bucket_encryption_rules
- aws_s3_bucket_grants
- aws_s3_bucket_lifecycles
- aws_s3_bucket_notification_configurations
- aws_s3_bucket_object_lock_configurations
- aws_s3_buckets
- aws_s3_multi_region_access_points
- aws_sagemaker_endpoint_configurations
- aws_sagemaker_endpoints
- aws_sagemaker_models
- aws_sagemaker_notebook_instances
- aws_sagemaker_training_jobs
- aws_scheduler_schedule_groups
- aws_scheduler_schedules
- aws_secretsmanager_secrets
- aws_servicecatalog_launch_paths
- aws_servicecatalog_portfolios
- aws_servicecatalog_products
- aws_servicecatalog_provisioned_products
- aws_servicecatalog_provisioning_artifacts
- aws_servicecatalog_provisioning_parameters
- aws_servicediscovery_instances
- aws_servicediscovery_namespaces
- aws_servicediscovery_services
- aws_servicequotas_quotas
- aws_ses_active_receipt_rule_sets
- aws_ses_configuration_set_event_destinations
- aws_ses_configuration_sets
- aws_ses_contact_lists
- aws_ses_custom_verification_email_templates
- aws_ses_identities
- aws_ses_templates
- aws_signer_signing_profiles
- aws_sns_subscriptions
- aws_sns_topics
- aws_sqs_queues
- aws_ssm_associations
- aws_ssm_compliance_summary_items
- aws_ssm_documents
- aws_ssm_instance_compliance_items
- aws_ssm_instance_patches
- aws_ssm_instances
- aws_ssm_inventories
- aws_ssm_inventory_schemas
- aws_ssm_parameters
- aws_ssm_patch_baselines
- aws_ssmincidents_incident_findings
- aws_ssmincidents_incident_related_items
- aws_ssmincidents_incident_timeline_events
- aws_ssmincidents_incidents
- aws_ssmincidents_response_plans
- aws_stepfunctions_state_machines
- aws_transfer_agreements
- aws_transfer_certificates
- aws_transfer_connectors
- aws_transfer_profiles
- aws_transfer_users
- aws_transfer_workflows
- aws_waf_rule_groups
- aws_waf_rules
- aws_waf_subscribed_rule_groups
- aws_waf_web_acls
- aws_wafregional_rate_based_rules
- aws_wafregional_rule_groups
- aws_wafregional_rules
- aws_wafregional_web_acls
- aws_wafv2_ipsets
- aws_wafv2_regex_pattern_sets
- aws_wafv2_rule_groups
- aws_wafv2_web_acls
- aws_workspaces_connection_alias_permissions
- aws_workspaces_connection_aliases
- aws_workspaces_directories
- aws_workspaces_workspaces
- aws_dynamodb_table_resource_policies
- aws_dynamodb_table_stream_resource_policies
- aws_health_event_details
- aws_health_org_event_details
- aws_ssm_command_invocations
- aws_s3_bucket_object_heads
- aws_elasticsearch_reserved_instances
- aws_health_affected_entities
- aws_health_events
- aws_health_organization_affected_entities
- aws_health_organization_events
- aws_iam_policy_default_versions
- aws_memorydb_reserved_nodes
- aws_rds_db_proxy_endpoints
- aws_rds_db_proxy_target_groups
- aws_rds_db_proxy_targets
- aws_redshift_reserved_nodes
- aws_redshift_clusters #need for compliance transformation
- aws_iam_policy_default_versions
- aws_rds_db_proxies
- aws_cloudfront_key_value_stores
- aws_kms_key_rotation_statuses
- aws_kms_key_rotations
- aws_redshift_clusters #need for compliance transformation
- aws_iam_instance_profiles #need for compliance transformation
- aws_efs_access_points #need for compliance transformation
- aws_dms_replication_instances #need for compliance transformation
- aws_ec2_ebs_volumes #need for compliance transformation
- aws_appsync_graphql_apis #need for compliance transformation
- aws_networkfirewall_rule_groups #need for compliance transformation
- aws_securityhub_hubs #need for compliance transformation
- aws_athena_work_groups #need for compliance transformation
- aws_neptune_cluster_snapshots #need for compliance transformation
- aws_s3_bucket_public_access_blocks #need for compliance transformation
- aws_applicationautoscaling_policies #need for compliance transformation
- aws_emr_clusters #need for compliance transformation
- aws_dax_clusters #need for compliance transformation
- aws_ec2_launch_template_versions #need for compliance transformation
- aws_rds_events #need for compliance transformation
- aws_networkfirewall_firewall_policies #need for compliance transformation
- aws_redshift_cluster_parameter_groups #need for compliance transformation
- aws_ec2_ebs_snapshot_attributes #need for compliance transformation
- aws_s3_bucket_loggings #need for compliance transformation
- aws_lambda_runtimes #need for compliance transformation
- aws_redshift_cluster_parameters #need for compliance transformation
- aws_s3_bucket_versionings #need for compliance transformation
- aws_iam_policy_versions #need for compliance transformation
- aws_s3_bucket_policies #need for compliance transformation
- aws_iam_role_attached_policies #need for compliance transformation
destinations: ["postgresql"]
spec:
scheduler: "shuffle"
aws_debug: false
org:
admin_account:
role_arn: ${CQ_ADMIN_ARN}
member_role_name: ${MEMBERROLENAME}
regions:
- "us-east-1"
- "us-east-2"
- "us-west-1"
- "us-west-2"
---
kind: destination
spec:
name: "postgresql"
path: "cloudquery/postgresql"
version: "${DESTINATIONVERSIONPOSTGRESSQL}"
write_mode: "overwrite-delete-stale" # overwrite-delete-stale, overwrite, append
migrate_mode: forced # forced safe
spec:
connection_string: host=${posthost} port=${postport} sslmode=require dbname=${postdbname} user=${postuser} password=${postpassword}
### Steps To Reproduce
Run dbt run
### CloudQuery (redacted) logs
should this be needed for the compliance pack?
### CloudQuery version
6.4.0
### Additional Context
_No response_
### Pull request (optional)
- [ ] I can submit a pull request