Table: alicloud_rds_instance - Query Alibaba Cloud RDS Instances using SQL
Alibaba Cloud Relational Database Service (RDS) is a stable and reliable online database service that supports MySQL, SQL Server, PostgreSQL, and PPAS. RDS handles routine database tasks such as database backup, patch upgrades, and failure detection and recovery. It provides automatic monitoring, backup, and disaster recovery capabilities, freeing up developers to focus on their applications rather than managing databases.
Table Usage Guide
The alicloud_rds_instance table provides insights into RDS instances within Alibaba Cloud Relational Database Service (RDS). As a database administrator, explore instance-specific details through this table, including the instance's ID, creation time, status, and associated metadata. Utilize it to uncover information about instances, such as their storage and memory usage, the network type they are using, and their security settings.
Examples
Basic info
Discover the segments that provide insights into the instances of database services, including when they were created and the type of engine used. This information can be useful in assessing the overall setup of your cloud services and ensuring they align with your operational requirements.
select db_instance_id, arn, vpc_id, creation_time, enginefrom alicloud_rds_instance;select db_instance_id, arn, vpc_id, creation_time, enginefrom alicloud_rds_instance;DB instance count in each region
Determine the distribution of database instances across different regions to better understand resource allocation and usage patterns.
select region_id as region, db_instance_class, count(*)from alicloud_rds_instancegroup by region_id, db_instance_class;select region_id as region, db_instance_class, count(*)from alicloud_rds_instancegroup by region_id, db_instance_class;List DB instances whose engine is MySQL
Explore which database instances are running on the MySQL engine. This can be useful for assessing your infrastructure's dependencies on this particular database engine.
select db_instance_id, vpc_id, creation_time, enginefrom alicloud_rds_instancewhere engine = 'MySQL';select db_instance_id, vpc_id, creation_time, enginefrom alicloud_rds_instancewhere engine = 'MySQL';List DB instances that are currently running
Identify instances where your database is currently active. This is useful for monitoring system performance and ensuring resources are not being wasted on idle databases.
select db_instance_id, vpc_id, creation_time, enginefrom alicloud_rds_instancewhere db_instance_status = 'Running';select db_instance_id, vpc_id, creation_time, enginefrom alicloud_rds_instancewhere db_instance_status = 'Running';List DB instances that allow 0.0.0.0/0
Determine the areas in which database instances are set to allow all IP addresses. This query is useful in identifying potential security risks, as allowing all IP addresses may expose your database to unwanted access.
select db_instance_id, security_ipsfrom alicloud_rds_instancewhere security_ips :: jsonb ? '0.0.0.0/0';Error: SQLite does not support CIDR operations.List DB instances with SSL encryption disabled
Identify instances where the SSL encryption is disabled on your database, allowing you to pinpoint potential security vulnerabilities and improve your database's protection against unauthorized access.
select db_instance_id, vpc_id, creation_time, engine, ssl_encryptionfrom alicloud_rds_instancewhere ssl_status = 'Disabled';select db_instance_id, vpc_id, creation_time, engine, ssl_encryptionfrom alicloud_rds_instancewhere ssl_status = 'Disabled';List DB instances with TDE disabled
Identify instances where the Transparent Data Encryption (TDE) feature is disabled within your database instances. This can be useful for enhancing data security by pinpointing potential vulnerabilities and areas that need attention.
select db_instance_id, vpc_id, creation_time, engine, tde_statusfrom alicloud_rds_instancewhere tde_status = 'Disabled';select db_instance_id, vpc_id, creation_time, engine, tde_statusfrom alicloud_rds_instancewhere tde_status = 'Disabled';Get security group configuration details for instances
Explore the security configurations of your database instances to understand their network types and geographical regions. This can help in assessing your security measures and ensuring they align with your organization's standards and requirements.
select i.db_instance_id, s ->> 'NetworkType' as network_type, s ->> 'RegionId' as security_group_region_id, s ->> 'SecurityGroupId' as security_group_idfrom alicloud_rds_instance as i, jsonb_array_elements(security_group_configuration) as s;select i.db_instance_id, json_extract(s.value, '$.NetworkType') as network_type, json_extract(s.value, '$.RegionId') as security_group_region_id, json_extract(s.value, '$.SecurityGroupId') as security_group_idfrom alicloud_rds_instance as i, json_each(security_group_configuration) as s;Get encryption details for all the instances
Identify the encryption details for all instances to enhance your understanding of your database security. This is useful for auditing your security measures and ensuring necessary precautions are in place.
select i.arn as instance_arn, i.title as instance_name, encryption_key, k.title as kms_key_namefrom alicloud_rds_instance i left join alicloud_kms_key k on encryption_key = key_id;select i.arn as instance_arn, i.title as instance_name, encryption_key, k.title as kms_key_namefrom alicloud_rds_instance i left join alicloud_kms_key k on encryption_key = k.key_id;Query examples
- ecs_autoscaling_groups_for_rds_instance
- ecs_security_groups_for_rds_instance
- rds_backups_for_rds_instance
- rds_databases_for_rds_instance
- rds_db_instance_configuration
- rds_instance_1_year_count
- rds_instance_24_hours_count
- rds_instance_30_90_days_count
- rds_instance_30_days_count
- rds_instance_90_365_days_count
- rds_instance_by_account
- rds_instance_by_class
- rds_instance_by_creation_month
- rds_instance_by_engine_type
- rds_instance_by_region
- rds_instance_class
- rds_instance_collector_policy
- rds_instance_count
- rds_instance_engine_type
- rds_instance_input
- rds_instance_instance_public_access
- rds_instance_overview
- rds_instance_parameter_groups
- rds_instance_public_count
- rds_instance_security_ips
- rds_instance_storage
- rds_instance_tags
- rds_instances_for_ecs_security_group
- rds_instances_for_vpc
- rds_instances_for_vpc_vswitch
- target_ro_rds_db_instances_for_rds_instance
- vpc_vpcs_for_rds_instance
- vpc_vswitch_association
- vpc_vswitches_for_rds_instance
Control examples
- CIS v1.0.0 > 6 Relational Database Services > 6.1 Ensure that RDS instance requires all incoming connections to use SSL
- CIS v1.0.0 > 6 Relational Database Services > 6.2 Ensure that RDS Instances are not open to the world
- CIS v1.0.0 > 6 Relational Database Services > 6.3 Ensure that 'Auditing' is set to 'On' for applicable database instances
- CIS v1.0.0 > 6 Relational Database Services > 6.4 Ensure that 'Auditing' Retention is 'greater than 6 months'
- CIS v1.0.0 > 6 Relational Database Services > 6.5 Ensure that 'TDE' is set to 'Enabled' on for applicable database instance
- CIS v1.0.0 > 6 Relational Database Services > 6.7 Ensure parameter 'log_connections' is set to 'ON' for PostgreSQL Database
- CIS v1.0.0 > 6 Relational Database Services > 6.8 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server
- CIS v1.0.0 > 6 Relational Database Services > 6.9 Ensure server parameter 'log_duration is set to 'ON' for PostgreSQL Database Server
Schema for alicloud_rds_instance
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Alicloud Account ID in which the resource is located. |
| account_max_quantity | bigint | The maximum number of accounts that can be created on the instance. | |
| account_type | text | ||
| advanced_features | text | An array that consists of advanced features. The advanced features are separated by commas (,). This parameter is supported only for instances that run SQL Server. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| arn | text | The Alibaba Cloud Resource Name (ARN) of the RDS instance. | |
| auto_upgrade_minor_version | text | The method that is used to update the minor engine version of the instance. | |
| availability_value | text | The availability status of the instance. Unit: %. | |
| category | text | The RDS edition of the instance. | |
| collation | text | The character set collation of the instance. | |
| connection_mode | text | The connection mode of the instances. | |
| connection_string | text | The internal endpoint of the instance. | |
| console_version | text | The type of proxy that is enabled on the instance. | |
| creation_time | timestamp with time zone | The creation time of the Instance. | |
| db_instance_class | text | The instance type of the instances. | |
| db_instance_cpu | text | The number of CPUs that are configured for the instance. | |
| db_instance_description | text | The description of the DB Instance. | |
| db_instance_disk_used | text | ||
| db_instance_id | text | = | The ID of the single instance to query. |
| db_instance_memory | double precision | The memory capacity of the instance. Unit: MB. | |
| db_instance_net_type | text | The ID of the resource group to which the VPC belongs. | |
| db_instance_status | text | The status of the instances | |
| db_instance_storage | bigint | The type of storage media that is used by the instance. | |
| db_instance_storage_type | text | The type of storage media that is used by the instance. | |
| db_instance_type | text | The role of the instances. | |
| db_max_quantity | bigint | The maximum number of databases that can be created on the instance. | |
| dedicated_host_group_id | text | The ID of the dedicated cluster to which the instances belong if the instances are created in a dedicated cluster. | |
| dispense_mode | text | ||
| encryption_key | text | The custom encryption key for the instance. | |
| engine | text | The database engine that the instances run. | |
| engine_version | text | The version of the database engine that the instances run. | |
| expire_time | timestamp with time zone | Instance expire time | |
| guard_db_instance_id | text | The ID of the disaster recovery instance that is attached to the instance if a disaster recovery instance is deployed. | |
| increment_source_db_instance_id | text | The ID of the instance from which incremental data comes. The incremental data of a disaster recovery or read-only instance comes from its primary instance. If this parameter is not returned, the instance is a primary instance. | |
| ins_id | bigint | ||
| instance_network_type | text | The network type of the instances. | |
| ip_type | text | ||
| latest_kernel_version | text | ||
| lock_mode | text | The lock mode of the instance. | |
| lock_reason | text | The reason why the instance is locked. | |
| maintain_time | text | The maintenance window of the instance. The maintenance window is displayed in UTC+8 in the ApsaraDB RDS console. | |
| master_instance_id | text | The ID of the primary instance to which the instance is attached. If this parameter is not returned, the instance is a primary instance. | |
| max_connections | bigint | The maximum number of concurrent connections that are allowed by the instance. | |
| max_iops | bigint | The maximum number of I/O requests that the instance can process per second. | |
| multiple_temp_upgrade | boolean | ||
| origin_configuration | text | ||
| parameters | jsonb | The list of running parameters for the instance. | |
| pay_type | text | The billing method of the instances. | |
| port | text | The internal port of the instance. | |
| proxy_type | bigint | The type of proxy that is enabled on the instance. | |
| readonly_db_instance_ids | jsonb | An array that consists of the IDs of the read-only instances attached to the primary instance. | |
| region | text | The Alicloud region in which the resource is located. | |
| region_id | text | The ID of the region to which the instances belong. | |
| resource_group_id | text | The ID of the resource group to which the instances belong. | |
| security_group_configuration | jsonb | ECS security groups that are bound to an ApsaraDB for the instance. | |
| security_ip_mode | text | The network isolation mode of the instance. | |
| security_ips | jsonb | An array that consists of IP addresses in the IP address whitelist. | |
| security_ips_src | jsonb | An array that consists of IP details. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| sql_collector_policy | jsonb | The status of the SQL Explorer (SQL Audit) feature. | |
| sql_collector_retention | bigint | The log backup retention duration that is allowed by the SQL explorer feature on the instance. | |
| ssl_status | text | The SSL encryption status of the Instance | |
| super_permission_mode | text | Indicates whether the instance supports superuser accounts, such as the system administrator (SA) account, Active Directory (AD) account, and host account. | |
| support_create_super_account | text | ||
| support_upgrade_account_type | text | ||
| tags | jsonb | A map of tags for the resource. | |
| tags_src | jsonb | A map of tags for the resource. | |
| tde_status | text | The TDE status at the instance level. Valid values: Enable | Disable. | |
| temp_db_instance_id | text | The ID of the temporary instance that is attached to the instance if a temporary instance is deployed. | |
| temp_upgrade_recovery_class | text | ||
| temp_upgrade_recovery_cpu | bigint | ||
| temp_upgrade_recovery_max_connections | text | ||
| temp_upgrade_recovery_max_iops | text | ||
| temp_upgrade_recovery_memory | bigint | ||
| temp_upgrade_recovery_time | text | ||
| temp_upgrade_time_end | text | ||
| temp_upgrade_time_start | text | ||
| time_zone | text | The time zone of the instance. | |
| title | text | Title of the resource. | |
| vpc_cloud_instance_id | text | The ID of the cloud instance on which the specified VPC is deployed. | |
| vpc_id | text | The ID of the VPC to which the instances belong. | |
| vswitch_id | text | The ID of the vSwitch associated with the specified VPC. | |
| zone_id | text | The ID of the zone to which the instances belong. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- alicloudYou can pass the configuration to the command with the --config argument:
steampipe_export_alicloud --config '<your_config>' alicloud_rds_instance