diff --git a/providers/aws/resources/aws.lr b/providers/aws/resources/aws.lr
index 7836fe78c9..4e135ba582 100644
--- a/providers/aws/resources/aws.lr
+++ b/providers/aws/resources/aws.lr
@@ -50,6 +50,8 @@ private aws.vpc @defaults("arn isDefault") {
   flowLogs() []aws.vpc.flowlog
   // List of route tables for the VPC
   routeTables() []aws.vpc.routetable
+  // List of subnets for the VPC
+  subnets() []aws.vpc.subnet
   // Tags on the VPC
   tags map[string]string
 }
@@ -62,6 +64,16 @@ private aws.vpc.routetable @defaults("id") {
   routes []dict
 }
 
+// Amazon Virtual Private Cloud (VPC) Subnet
+private aws.vpc.subnet @defaults("id") {
+  // Unique ID of the subnet
+  id string
+  // A list of CIDR descriptions
+  cidrs string
+  // Indicates whether instances launched in this subnet receive a public IPv4 address
+  mapPublicIpOnLaunch bool
+}
+
 // Amazon Virtual Private Cloud (VPC) Flow Log
 private aws.vpc.flowlog @defaults("id region status") {
   // Unique ID of the flow log
diff --git a/providers/aws/resources/aws.lr.go b/providers/aws/resources/aws.lr.go
index a83899cf30..e6c352dd26 100644
--- a/providers/aws/resources/aws.lr.go
+++ b/providers/aws/resources/aws.lr.go
@@ -38,6 +38,10 @@ func init() {
 			// to override args, implement: initAwsVpcRoutetable(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error)
 			Create: createAwsVpcRoutetable,
 		},
+		"aws.vpc.subnet": {
+			// to override args, implement: initAwsVpcSubnet(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error)
+			Create: createAwsVpcSubnet,
+		},
 		"aws.vpc.flowlog": {
 			// to override args, implement: initAwsVpcFlowlog(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error)
 			Create: createAwsVpcFlowlog,
@@ -606,6 +610,9 @@ var getDataFields = map[string]func(r plugin.Resource) *plugin.DataRes{
 	"aws.vpc.routeTables": func(r plugin.Resource) *plugin.DataRes {
 		return (r.(*mqlAwsVpc).GetRouteTables()).ToDataRes(types.Array(types.Resource("aws.vpc.routetable")))
 	},
+	"aws.vpc.subnets": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlAwsVpc).GetSubnets()).ToDataRes(types.Array(types.Resource("aws.vpc.subnet")))
+	},
 	"aws.vpc.tags": func(r plugin.Resource) *plugin.DataRes {
 		return (r.(*mqlAwsVpc).GetTags()).ToDataRes(types.Map(types.String, types.String))
 	},
@@ -615,6 +622,15 @@ var getDataFields = map[string]func(r plugin.Resource) *plugin.DataRes{
 	"aws.vpc.routetable.routes": func(r plugin.Resource) *plugin.DataRes {
 		return (r.(*mqlAwsVpcRoutetable).GetRoutes()).ToDataRes(types.Array(types.Dict))
 	},
+	"aws.vpc.subnet.id": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlAwsVpcSubnet).GetId()).ToDataRes(types.String)
+	},
+	"aws.vpc.subnet.cidrs": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlAwsVpcSubnet).GetCidrs()).ToDataRes(types.String)
+	},
+	"aws.vpc.subnet.mapPublicIpOnLaunch": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlAwsVpcSubnet).GetMapPublicIpOnLaunch()).ToDataRes(types.Bool)
+	},
 	"aws.vpc.flowlog.id": func(r plugin.Resource) *plugin.DataRes {
 		return (r.(*mqlAwsVpcFlowlog).GetId()).ToDataRes(types.String)
 	},
@@ -1872,6 +1888,9 @@ var getDataFields = map[string]func(r plugin.Resource) *plugin.DataRes{
 	"aws.rds.dbinstance.status": func(r plugin.Resource) *plugin.DataRes {
 		return (r.(*mqlAwsRdsDbinstance).GetStatus()).ToDataRes(types.String)
 	},
+	"aws.rds.dbinstance.autoMinorVersionUpgrade": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlAwsRdsDbinstance).GetAutoMinorVersionUpgrade()).ToDataRes(types.Bool)
+	},
 	"aws.elasticache.clusters": func(r plugin.Resource) *plugin.DataRes {
 		return (r.(*mqlAwsElasticache).GetClusters()).ToDataRes(types.Array(types.Dict))
 	},
@@ -2636,6 +2655,10 @@ var setDataFields = map[string]func(r plugin.Resource, v *llx.RawData) bool {
 		r.(*mqlAwsVpc).RouteTables, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error)
 		return
 	},
+	"aws.vpc.subnets": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlAwsVpc).Subnets, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error)
+		return
+	},
 	"aws.vpc.tags": func(r plugin.Resource, v *llx.RawData) (ok bool) {
 		r.(*mqlAwsVpc).Tags, ok = plugin.RawToTValue[map[string]interface{}](v.Value, v.Error)
 		return
@@ -2652,6 +2675,22 @@ var setDataFields = map[string]func(r plugin.Resource, v *llx.RawData) bool {
 		r.(*mqlAwsVpcRoutetable).Routes, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error)
 		return
 	},
+	"aws.vpc.subnet.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+			r.(*mqlAwsVpcSubnet).__id, ok = v.Value.(string)
+			return
+		},
+	"aws.vpc.subnet.id": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlAwsVpcSubnet).Id, ok = plugin.RawToTValue[string](v.Value, v.Error)
+		return
+	},
+	"aws.vpc.subnet.cidrs": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlAwsVpcSubnet).Cidrs, ok = plugin.RawToTValue[string](v.Value, v.Error)
+		return
+	},
+	"aws.vpc.subnet.mapPublicIpOnLaunch": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlAwsVpcSubnet).MapPublicIpOnLaunch, ok = plugin.RawToTValue[bool](v.Value, v.Error)
+		return
+	},
 	"aws.vpc.flowlog.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) {
 			r.(*mqlAwsVpcFlowlog).__id, ok = v.Value.(string)
 			return
@@ -4640,6 +4679,10 @@ var setDataFields = map[string]func(r plugin.Resource, v *llx.RawData) bool {
 		r.(*mqlAwsRdsDbinstance).Status, ok = plugin.RawToTValue[string](v.Value, v.Error)
 		return
 	},
+	"aws.rds.dbinstance.autoMinorVersionUpgrade": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlAwsRdsDbinstance).AutoMinorVersionUpgrade, ok = plugin.RawToTValue[bool](v.Value, v.Error)
+		return
+	},
 	"aws.elasticache.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) {
 			r.(*mqlAwsElasticache).__id, ok = v.Value.(string)
 			return
@@ -5907,6 +5950,7 @@ type mqlAwsVpc struct {
 	Region plugin.TValue[string]
 	FlowLogs plugin.TValue[[]interface{}]
 	RouteTables plugin.TValue[[]interface{}]
+	Subnets plugin.TValue[[]interface{}]
 	Tags plugin.TValue[map[string]interface{}]
 }
 
@@ -5999,6 +6043,22 @@ func (c *mqlAwsVpc) GetRouteTables() *plugin.TValue[[]interface{}] {
 	})
 }
 
+func (c *mqlAwsVpc) GetSubnets() *plugin.TValue[[]interface{}] {
+	return plugin.GetOrCompute[[]interface{}](&c.Subnets, func() ([]interface{}, error) {
+		if c.MqlRuntime.HasRecording {
+			d, err := c.MqlRuntime.FieldResourceFromRecording("aws.vpc", c.__id, "subnets")
+			if err != nil {
+				return nil, err
+			}
+			if d != nil {
+				return d.Value.([]interface{}), nil
+			}
+		}
+
+		return c.subnets()
+	})
+}
+
 func (c *mqlAwsVpc) GetTags() *plugin.TValue[map[string]interface{}] {
 	return &c.Tags
 }
@@ -6052,6 +6112,60 @@ func (c *mqlAwsVpcRoutetable) GetRoutes() *plugin.TValue[[]interface{}] {
 	return &c.Routes
 }
 
+// mqlAwsVpcSubnet for the aws.vpc.subnet resource
+type mqlAwsVpcSubnet struct {
+	MqlRuntime *plugin.Runtime
+	__id string
+	// optional: if you define mqlAwsVpcSubnetInternal it will be used here
+	Id plugin.TValue[string]
+	Cidrs plugin.TValue[string]
+	MapPublicIpOnLaunch plugin.TValue[bool]
+}
+
+// createAwsVpcSubnet creates a new instance of this resource
+func createAwsVpcSubnet(runtime *plugin.Runtime, args map[string]*llx.RawData) (plugin.Resource, error) {
+	res := &mqlAwsVpcSubnet{
+		MqlRuntime: runtime,
+	}
+
+	err := SetAllData(res, args)
+	if err != nil {
+		return res, err
+	}
+
+	// to override __id implement: id() (string, error)
+
+	if runtime.HasRecording {
+		args, err = runtime.ResourceFromRecording("aws.vpc.subnet", res.__id)
+		if err != nil || args == nil {
+			return res, err
+		}
+		return res, SetAllData(res, args)
+	}
+
+	return res, nil
+}
+
+func (c *mqlAwsVpcSubnet) MqlName() string {
+	return "aws.vpc.subnet"
+}
+
+func (c *mqlAwsVpcSubnet) MqlID() string {
+	return c.__id
+}
+
+func (c *mqlAwsVpcSubnet) GetId() *plugin.TValue[string] {
+	return &c.Id
+}
+
+func (c *mqlAwsVpcSubnet) GetCidrs() *plugin.TValue[string] {
+	return &c.Cidrs
+}
+
+func (c *mqlAwsVpcSubnet) GetMapPublicIpOnLaunch() *plugin.TValue[bool] {
+	return &c.MapPublicIpOnLaunch
+}
+
 // mqlAwsVpcFlowlog for the aws.vpc.flowlog resource
 type mqlAwsVpcFlowlog struct {
 	MqlRuntime *plugin.Runtime
@@ -12403,6 +12517,7 @@ type mqlAwsRdsDbinstance struct {
 	Engine plugin.TValue[string]
 	SecurityGroups plugin.TValue[[]interface{}]
 	Status plugin.TValue[string]
+	AutoMinorVersionUpgrade plugin.TValue[bool]
 }
 
 // createAwsRdsDbinstance creates a new instance of this resource
@@ -12526,6 +12641,10 @@ func (c *mqlAwsRdsDbinstance) GetStatus() *plugin.TValue[string] {
 	return &c.Status
 }
 
+func (c *mqlAwsRdsDbinstance) GetAutoMinorVersionUpgrade() *plugin.TValue[bool] {
+	return &c.AutoMinorVersionUpgrade
+}
+
 // mqlAwsElasticache for the aws.elasticache resource
 type mqlAwsElasticache struct {
 	MqlRuntime *plugin.Runtime
diff --git a/providers/aws/resources/aws.lr.manifest.yaml b/providers/aws/resources/aws.lr.manifest.yaml
index 7642e82a47..9076f33dfd 100755
--- a/providers/aws/resources/aws.lr.manifest.yaml
+++ b/providers/aws/resources/aws.lr.manifest.yaml
@@ -1423,6 +1423,8 @@ resources:
       region: {}
       routeTables: {}
       state: {}
+      subnets:
+        min_mondoo_version: 9.0.0
       tags: {}
     is_private: true
     min_mondoo_version: latest
@@ -1450,3 +1452,13 @@ resources:
     platform:
       name:
       - aws
+  aws.vpc.subnet:
+    fields:
+      cidrs: {}
+      id: {}
+      mapPublicIpOnLaunch: {}
+    is_private: true
+    min_mondoo_version: 9.0.0
+    platform:
+      name:
+      - aws
diff --git a/providers/aws/resources/aws_vpc.go b/providers/aws/resources/aws_vpc.go
index 29aeb31d83..449b18908b 100644
--- a/providers/aws/resources/aws_vpc.go
+++ b/providers/aws/resources/aws_vpc.go
@@ -180,6 +180,43 @@ func (a *mqlAwsVpc) routeTables() ([]interface{}, error) {
 	return res, nil
 }
 
+func (a *mqlAwsVpc) subnets() ([]interface{}, error) {
+	conn := a.MqlRuntime.Connection.(*connection.AwsConnection)
+	vpcVal := a.Id.Data
+
+	svc := conn.Ec2(a.Region.Data)
+	ctx := context.Background()
+	res := []interface{}{}
+
+	nextToken := aws.String("no_token_to_start_with")
+	filterName := "vpc-id"
+	params := &ec2.DescribeSubnetsInput{Filters: []vpctypes.Filter{{Name: &filterName, Values: []string{vpcVal}}}}
+	for nextToken != nil {
+		subnets, err := svc.DescribeSubnets(ctx, params)
+		if err != nil {
+			return nil, err
+		}
+		nextToken = subnets.NextToken
+		if subnets.NextToken != nil {
+			params.NextToken = nextToken
+		}
+
+		for _, subnet := range subnets.Subnets {
+			subnetResource, err := CreateResource(a.MqlRuntime, "aws.vpc.subnet",
+				map[string]*llx.RawData{
+					"id":    llx.StringData(convert.ToString(subnet.SubnetId)),
+					"cidrs": llx.StringData(*subnet.CidrBlock),
+					"mapPublicIpOnLaunch": llx.BoolData(*subnet.MapPublicIpOnLaunch),
+				})
+			if err != nil {
+				return nil, err
+			}
+			res = append(res, subnetResource)
+		}
+	}
+	return res, nil
+}
+
 func initAwsVpc(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) {
 	if len(args) > 2 {
 		return args, nil, nil