Update SQL queries to exclude removed table columns

docs/tables/aws_accessanalyzer_analyzer.md

@@ -16,7 +16,6 @@ The `aws_accessanalyzer_analyzer` table in Steampipe provides you with informati
 ### Basic info
 Explore the status and type of your AWS Access Analyzer to understand when the last resource was analyzed. This could be beneficial for maintaining security and compliance in your AWS environment.The query provides an overview of AWS Access Analyzer analyzers in a user's environment. It helps in monitoring the current status and types of analyzers, along with the details of the most recent resources analyzed. This is useful for administrators and security personnel to ensure that their AWS environment is continuously scanned for compliance and security risks, and to stay informed about the analyzer's activities and findings.
 
-
 ```sql+postgres
 select
   name,
@@ -42,7 +41,6 @@ from
 ### List analyzers which are enabled
 Determine the areas in which AWS Access Analyzer is active to gain insights into potential security and access control issues. This is useful for maintaining optimal security practices and ensuring that all analyzers are functioning as expected.The query identifies and provides details on all active AWS Access Analyzer analyzers. It is particularly useful for ensuring that the necessary analyzers are operational and actively scanning resources. This information aids in maintaining continuous compliance and security oversight by highlighting only those analyzers currently in an active state, along with their last analyzed resources and associated tags. This enables efficient tracking and management of security analysis tools within the AWS environment.
 
-
 ```sql+postgres
 select
   name,
@@ -72,29 +70,44 @@ where
 ### List analyzers with findings that need to be resolved
 Explore which active AWS Access Analyzer instances have findings that require resolution. This is useful in identifying potential security risks that need immediate attention.The query focuses on identifying active AWS Access Analyzer analyzers that have unresolved findings. It serves as a tool for security and compliance teams to pinpoint which analyzers have detected potential issues, needing immediate attention. By filtering for active analyzers with existing findings, it streamlines the process of addressing security or compliance concerns within the AWS environment, ensuring that no critical issues are overlooked. This aids in maintaining a secure and compliant cloud infrastructure.
 
-
 ```sql+postgres
 select
-  name,
-  status,
-  type,
-  last_resource_analyzed
+  a.arn as analyzer_arn,
+  a.name as analyzer_name,
+  a.region as analyzer_region,
+  a.account_id,
+  count(f.id) as findings_count
 from
-  aws_accessanalyzer_analyzer
+  aws_accessanalyzer_analyzer as a
+  join aws_accessanalyzer_finding as f on f.access_analyzer_arn = a.arn
 where
-  status = 'ACTIVE'
-  and findings is not null;
+  a.status = 'ACTIVE'
+group by
+  a.arn,
+  a.name,
+  a.region,
+  a.account_id
+having
+  count(f.id) > 0;
 ```
 
 ```sql+sqlite
 select
-  name,
-  status,
-  type,
-  last_resource_analyzed
+  a.arn as analyzer_arn,
+  a.name as analyzer_name,
+  a.region as analyzer_region,
+  a.account_id,
+  count(f.id) as findings_count
 from
-  aws_accessanalyzer_analyzer
+  aws_accessanalyzer_analyzer as a
+  join aws_accessanalyzer_finding as f on f.access_analyzer_arn = a.arn
 where
-  status = 'ACTIVE'
-  and findings is not null;
+  a.status = 'ACTIVE'
+group by
+  a.arn,
+  a.name,
+  a.region,
+  a.account_id
+having
+  count(f.id) > 0;
 ```

docs/tables/aws_rds_db_subnet_group.md

@@ -34,7 +34,6 @@ from
   aws_rds_db_subnet_group;
 ```
 
-
 ### Subnets info of each subnet in subnet group
 Determine the status and location details of each subnet within a subnet group in your AWS RDS, to understand their availability and configuration. This information can be crucial for managing your database's network performance and security.
 
@@ -62,7 +61,6 @@ from
   json_each(subnets) as subnet;
 ```
 
-
 ### List of subnet group without application tag key
 Discover the segments that lack the 'application' tag key in your AWS RDS subnet groups. This can be useful in identifying potential areas for better resource tagging and management.
 

docs/tables/aws_ssm_document.md

@@ -110,27 +110,55 @@ where
 Discover the segments that consist of documents which are shared publicly. This query is handy in identifying potential security risks by pinpointing documents that are open to all, thus allowing for appropriate action to be taken.
 
 ```sql+postgres
+with ssm_documents as (
+  select
+    name,
+    owner,
+    region,
+    account_id
+  from
+    aws_ssm_document
+  where
+    owner_type = 'Self'
+  order by
+    name
+)
 select
-  name,
-  owner,
-  account_ids
+  d.name,
+  d.owner,
+  p.account_ids
 from
-  aws_ssm_document
+  ssm_documents as d
+  left join aws_ssm_document_permission as p on p.document_name = d.name and p.region = d.region and p.account_id = d.account_id
 where
-  owner_type = 'Self'
-  and account_ids :: jsonb ? 'all';
+  p.account_ids :: jsonb ? 'all';
 ```
 
 ```sql+sqlite
+with ssm_documents as (
+  select
+    name,
+    owner,
+    region,
+    account_id
+  from
+    aws_ssm_document
+  where
+    owner_type = 'Self'
+  order by
+    name
+)
 select
-  name,
-  owner,
-  account_ids
+  d.name,
+  d.owner,
+  p.account_ids
 from
-  aws_ssm_document
+  ssm_documents as d
+  left join aws_ssm_document_permission as p on p.document_name = d.name 
+    and p.region = d.region 
+    and p.account_id = d.account_id
 where
-  owner_type = 'Self'
-  and json_extract(account_ids, '$.all') is not null;
+  json_extract(account_ids, '$.all') is not null;
 ```
 
 ### Get a specific document

docs/tables/aws_vpc_security_group.md

@@ -59,13 +59,13 @@ select
   sgr.ip_protocol,
   sgr.from_port,
   sgr.to_port,
-  cidr_ip
+  cidr_ipv4
 from
   aws_vpc_security_group as sg
-  join aws_vpc_security_group_rule as sgr on sg.group_name = sgr.group_name
+  join aws_vpc_security_group_rule as sgr on sg.group_id = sgr.group_id
 where
   sgr.type = 'ingress'
-  and sgr.cidr_ip = '0.0.0.0/0'
+  and sgr.cidr_ipv4 = '0.0.0.0/0'
   and (
     (
       sgr.ip_protocol = '-1' -- all traffic
@@ -90,13 +90,13 @@ select
   sgr.ip_protocol,
   sgr.from_port,
   sgr.to_port,
-  cidr_ip
+  cidr_ipv4
 from
   aws_vpc_security_group as sg
-  join aws_vpc_security_group_rule as sgr on sg.group_name = sgr.group_name
+  join aws_vpc_security_group_rule as sgr on sg.group_id = sgr.group_id
 where
   sgr.type = 'ingress'
-  and sgr.cidr_ip = '0.0.0.0/0'
+  and sgr.cidr_ipv4 = '0.0.0.0/0'
   and (
     (
       sgr.ip_protocol = '-1' -- all traffic

docs/tables/aws_vpc_security_group_rule.md

@@ -114,8 +114,7 @@ select
   r.to_port,
   r.cidr_ipv4,
   r.group_id,
-  sg.group_name,
-  sg.vpc_id 
+  sg.group_name
 from
   aws_vpc_security_group_rule as r,
   aws_vpc_security_group as sg 
@@ -131,8 +130,7 @@ select
   r.to_port,
   r.cidr_ipv4,
   r.group_id,
-  sg.group_name,
-  sg.vpc_id 
+  sg.group_name
 from
   aws_vpc_security_group_rule as r
 join