AWS Queries

AlertD helps you understand, explore, and diagnose your AWS environment through natural language. This page provides comprehensive examples of questions you can ask about your AWS infrastructure, organized by service.

What You Can Ask AlertD

AlertD automatically ingests your CloudWatch metrics and connects with key AWS services. You can ask simple, high-level questions or dive deeper with specific filters based on tags, IP ranges, regions, or resource states.

Simple Questions

“List all my EC2 instances.”

Filtered Questions

“List all my EC2 instances in 10.74.50.0/24 using public IPs in us-west-2.”

Storage Questions

“What files above 1 GB are there in my S3 buckets?”

Performance + Metadata Questions

“What EC2 instances have CPUUtilization above 85%?”

“Which of these have a ‘production’ tag set?”

Optimization Questions

“For those instances with consistently low CPU utilization, what CPU families should I change them to in order to save money?”

AlertD doesn’t just answer questions—it builds intelligent execution plans that pull in relevant data, interpret the results, and surface insights you can act on.

Verified Query Examples by AWS Service

Below are real questions the agent can answer today. These are validated queries that return useful and accurate results.

🚀 EC2 (Elastic Compute Cloud)

AlertD can query EC2 instances, analyze metrics, and identify optimization opportunities.

Performance Analysis:

Any EC2 instances with CPU spikes?
Can we downsize or shut down any underutilized EC2 instances?
Are there any idle EC2s that could be turned off?
List all EC2 instances with low network activity.
Which instances have high CPU utilization?
Show me EC2 instances with disk I/O issues.

Resource Listing:

List all EC2 instances
Show me EC2 instances in us-west-2
List all stopped EC2 instances
What EC2 instances are running Windows?

Cost Optimization:

Which EC2 instances are underutilized?
Show me EC2 instances that haven’t been accessed in 7 days
List instances with CPU below 20%

Configuration:

List EC2 instances by instance type
Show me all t3 instances
Which instances have public IP addresses?

💾 EBS (Elastic Block Store)

Query EBS volumes, identify unused storage, and optimize IOPS usage.

Storage Optimization:

Which EBS volumes are unattached and could be deleted?
Are any volumes consistently at max throughput?
List all encrypted EBS volumes.
Show me EBS volumes larger than 1TB

Performance:

Which volumes have high IOPS usage?
Are there any volumes experiencing performance issues?
Show me volumes with low utilization

Compliance:

List all unencrypted EBS volumes
Which volumes don’t have snapshots?
Show me volumes without tags

📦 S3 (Simple Storage Service)

Analyze S3 buckets, access patterns, and storage usage.

Security:

Are any of our S3 buckets public?
Which buckets have versioning disabled?
List buckets without encryption
Show me buckets with public read access

Storage Analysis:

List all buckets in ap-southeast-1.
Which S3 buckets haven’t been accessed in 30 days?
Show me buckets larger than 100GB
What files above 1 GB are there in my S3 buckets?

Access Patterns:

Which buckets have the most GET requests?
Show me bucket access logs for the last 7 days
List buckets by creation date

Organization:

Group S3 buckets by region
Show me all production buckets
List buckets by naming convention

🧠 RDS & Aurora (Relational Database Service)

Query database instances, analyze performance, and monitor replication health.

Performance:

Which RDS instances are underutilized and could be right-sized?
What’s causing replication lag on my Aurora read replicas?
Show me RDS instances with high CPU
Which databases have more than 100 connections?

Configuration:

Have we enabled audit logging on our Aurora clusters?
List all RDS instances by engine version
Show me multi-AZ RDS instances
Which databases have automated backups disabled?

Cost Optimization:

Which RDS instances can be downsized?
Show me idle RDS databases
List instances with low connection counts

Monitoring:

What’s the replication lag across all read replicas?
Show me RDS instances with storage issues
Which databases have high query latency?

🔐 IAM (Identity and Access Management)

Investigate access patterns and review permissions.

Security Review:

Do our CloudWatch logs show any “Access Denied” events?
Are there IAM users with admin privileges who haven’t logged in recently?
List all IAM users without MFA
Show me roles with wildcard permissions

Access Patterns:

Which users logged in from unusual locations?
Show me failed login attempts
List inactive IAM access keys

⚡ DynamoDB

Analyze DynamoDB tables, capacity, and cost.

Cost Analysis:

Which DynamoDB tables are costing me the most money?
Are there tables with provisioned capacity that are barely used?
Show me tables with on-demand pricing

Performance:

Which tables have high read/write throttling?
Show me tables with hot partitions
List tables by consumed capacity

🌐 Route 53

Query DNS records and hosted zones.

DNS Management:

List all A records across my hosted zones.
Are there any duplicate DNS entries for the same domain?
Show me all CNAME records
Which records point to deleted resources?

Health Checks:

List all Route53 health checks
Show me failing health checks
Which records have health checks enabled?

🔍 CloudWatch

Query metrics, alarms, and logs.

Metrics:

Show me all CloudWatch metrics for EC2
Which metrics have breached thresholds?
List all custom metrics

Alarms:

Show me all CloudWatch alarms in ALARM state
List disabled alarms
Which alarms haven’t triggered in 30 days?

Logs:

Show me recent CloudWatch log errors
List all log groups
Which log groups are largest by size?

🔒 VPC & Networking

Analyze VPC configuration and network security.

Security Groups:

Which security groups allow 0.0.0.0/0 access?
Show me security groups with SSH open to the world
List unused security groups

Subnets & Routing:

List all VPCs and their CIDR blocks
Show me all public subnets
Which subnets have available IP addresses?

Network ACLs:

Show me all network ACLs
List NACLs with deny rules

AWS Services Currently Supported

AlertD ingests resources from the following AWS services for querying and analysis.

Compute & Containers

EC2 - Instances, AMIs, launch templates, NAT gateways
EKS - Clusters, nodegroups
ECR - Repositories, images
Lambda - Functions
EMR - Clusters
Auto Scaling - Auto Scaling groups

Storage

S3 - Buckets, policies, ACLs, replication
EBS - Volumes, snapshots
EFS - File systems, access points

Database

RDS - Instances, clusters
DynamoDB - Tables
Keyspaces - Cassandra keyspaces, tables
Timestream - Databases, tables

Networking

VPC - VPCs, endpoints, client VPN endpoints
VPN - Connections, gateways
Route53 - Hosted zones, record sets, health checks
ELB - Classic load balancers
ELBv2 - ALB/NLB, target groups, listeners

Security & IAM

IAM - Users, roles, groups, policies, access keys
KMS - Keys, aliases, rotation status
Secrets Manager - Secrets
Certificate Manager - Certificates
WAFv2 - Web ACLs

Messaging & Events

SNS - Topics, subscriptions, attributes
SQS - Queues
EventBridge - Rules
Kinesis Firehose - Delivery streams

Monitoring & Management

CloudWatch - Alarms, log groups, log streams
Config - Rules compliance
Trusted Advisor - Checks
SSM - Managed instances, documents

Other Services

API Gateway - REST APIs, VPC links
API Gateway V2 - HTTP/WebSocket APIs
Amplify - App branches, domains
Backup - Plans, vaults, report plans
Directory Service - Directories
ElastiCache - Cache clusters
HealthLake - Datastores
License Manager - License configurations
QuickSight - Dashboards
Step Functions - State machines

Next Steps

Asking Questions - Tips for formulating effective queries
Analyzing Results - Deep dive on interpreting AWS query results