Table: alicloud_rds_instance - Query Alibaba Cloud RDS Instances using SQL

Alibaba Cloud Relational Database Service (RDS) is a stable and reliable online database service that supports MySQL, SQL Server, PostgreSQL, and PPAS. RDS handles routine database tasks such as database backup, patch upgrades, and failure detection and recovery. It provides automatic monitoring, backup, and disaster recovery capabilities, freeing up developers to focus on their applications rather than managing databases.

Table Usage Guide

The alicloud_rds_instance table provides insights into RDS instances within Alibaba Cloud Relational Database Service (RDS). As a database administrator, explore instance-specific details through this table, including the instance's ID, creation time, status, and associated metadata. Utilize it to uncover information about instances, such as their storage and memory usage, the network type they are using, and their security settings.

Examples

Basic info

Discover the segments that provide insights into the instances of database services, including when they were created and the type of engine used. This information can be useful in assessing the overall setup of your cloud services and ensuring they align with your operational requirements.

select
  db_instance_id,
  arn,
  vpc_id,
  creation_time,
  engine
from
  alicloud_rds_instance;

select
  db_instance_id,
  arn,
  vpc_id,
  creation_time,
  engine
from
  alicloud_rds_instance;

DB instance count in each region

Determine the distribution of database instances across different regions to better understand resource allocation and usage patterns.

select
  region_id as region,
  db_instance_class,
  count(*)
from
  alicloud_rds_instance
group by
  region_id,
  db_instance_class;

select
  region_id as region,
  db_instance_class,
  count(*)
from
  alicloud_rds_instance
group by
  region_id,
  db_instance_class;

List DB instances whose engine is MySQL

Explore which database instances are running on the MySQL engine. This can be useful for assessing your infrastructure's dependencies on this particular database engine.

select
  db_instance_id,
  vpc_id,
  creation_time,
  engine
from
  alicloud_rds_instance
where
  engine = 'MySQL';

select
  db_instance_id,
  vpc_id,
  creation_time,
  engine
from
  alicloud_rds_instance
where
  engine = 'MySQL';

List DB instances that are currently running

Identify instances where your database is currently active. This is useful for monitoring system performance and ensuring resources are not being wasted on idle databases.

select
  db_instance_id,
  vpc_id,
  creation_time,
  engine
from
  alicloud_rds_instance
where
  db_instance_status = 'Running';

select
  db_instance_id,
  vpc_id,
  creation_time,
  engine
from
  alicloud_rds_instance
where
  db_instance_status = 'Running';

List DB instances that allow 0.0.0.0/0

Determine the areas in which database instances are set to allow all IP addresses. This query is useful in identifying potential security risks, as allowing all IP addresses may expose your database to unwanted access.

select
  db_instance_id,
  security_ips
from
  alicloud_rds_instance
where
  security_ips :: jsonb ? '0.0.0.0/0';

Error: SQLite does not support CIDR operations.

List DB instances with SSL encryption disabled

Identify instances where the SSL encryption is disabled on your database, allowing you to pinpoint potential security vulnerabilities and improve your database's protection against unauthorized access.

select
  db_instance_id,
  vpc_id,
  creation_time,
  engine,
  ssl_encryption
from
  alicloud_rds_instance
where
  ssl_status = 'Disabled';

select
  db_instance_id,
  vpc_id,
  creation_time,
  engine,
  ssl_encryption
from
  alicloud_rds_instance
where
  ssl_status = 'Disabled';

List DB instances with TDE disabled

Identify instances where the Transparent Data Encryption (TDE) feature is disabled within your database instances. This can be useful for enhancing data security by pinpointing potential vulnerabilities and areas that need attention.

select
  db_instance_id,
  vpc_id,
  creation_time,
  engine,
  tde_status
from
  alicloud_rds_instance
where
  tde_status = 'Disabled';

select
  db_instance_id,
  vpc_id,
  creation_time,
  engine,
  tde_status
from
  alicloud_rds_instance
where
  tde_status = 'Disabled';

Get security group configuration details for instances

Explore the security configurations of your database instances to understand their network types and geographical regions. This can help in assessing your security measures and ensuring they align with your organization's standards and requirements.

select
  i.db_instance_id,
  s ->> 'NetworkType' as network_type,
  s ->> 'RegionId' as security_group_region_id,
  s ->> 'SecurityGroupId' as security_group_id
from
  alicloud_rds_instance as i,
  jsonb_array_elements(security_group_configuration) as s;

select
  i.db_instance_id,
  json_extract(s.value, '$.NetworkType') as network_type,
  json_extract(s.value, '$.RegionId') as security_group_region_id,
  json_extract(s.value, '$.SecurityGroupId') as security_group_id
from
  alicloud_rds_instance as i,
  json_each(security_group_configuration) as s;

Get encryption details for all the instances

Identify the encryption details for all instances to enhance your understanding of your database security. This is useful for auditing your security measures and ensuring necessary precautions are in place.

select
  i.arn as instance_arn,
  i.title as instance_name,
  encryption_key,
  k.title as kms_key_name
from
  alicloud_rds_instance i
  left join alicloud_kms_key k on encryption_key = key_id;

select
  i.arn as instance_arn,
  i.title as instance_name,
  encryption_key,
  k.title as kms_key_name
from
  alicloud_rds_instance i
  left join alicloud_kms_key k on encryption_key = k.key_id;

Query examples

Control examples

Schema for alicloud_rds_instance

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form, e.g. connection_name.
account_id	text		The Alicloud Account ID in which the resource is located.
account_max_quantity	bigint		The maximum number of accounts that can be created on the instance.
account_type	text
advanced_features	text		An array that consists of advanced features. The advanced features are separated by commas (,). This parameter is supported only for instances that run SQL Server.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
arn	text		The Alibaba Cloud Resource Name (ARN) of the RDS instance.
auto_upgrade_minor_version	text		The method that is used to update the minor engine version of the instance.
availability_value	text		The availability status of the instance. Unit: %.
category	text		The RDS edition of the instance.
collation	text		The character set collation of the instance.
connection_mode	text		The connection mode of the instances.
connection_string	text		The internal endpoint of the instance.
console_version	text		The type of proxy that is enabled on the instance.
creation_time	timestamp with time zone		The creation time of the Instance.
db_instance_class	text		The instance type of the instances.
db_instance_cpu	text		The number of CPUs that are configured for the instance.
db_instance_description	text		The description of the DB Instance.
db_instance_disk_used	text
db_instance_id	text	=	The ID of the single instance to query.
db_instance_memory	double precision		The memory capacity of the instance. Unit: MB.
db_instance_net_type	text		The ID of the resource group to which the VPC belongs.
db_instance_status	text		The status of the instances
db_instance_storage	bigint		The type of storage media that is used by the instance.
db_instance_storage_type	text		The type of storage media that is used by the instance.
db_instance_type	text		The role of the instances.
db_max_quantity	bigint		The maximum number of databases that can be created on the instance.
dedicated_host_group_id	text		The ID of the dedicated cluster to which the instances belong if the instances are created in a dedicated cluster.
dispense_mode	text
encryption_key	text		The custom encryption key for the instance.
engine	text		The database engine that the instances run.
engine_version	text		The version of the database engine that the instances run.
expire_time	timestamp with time zone		Instance expire time
guard_db_instance_id	text		The ID of the disaster recovery instance that is attached to the instance if a disaster recovery instance is deployed.
increment_source_db_instance_id	text		The ID of the instance from which incremental data comes. The incremental data of a disaster recovery or read-only instance comes from its primary instance. If this parameter is not returned, the instance is a primary instance.
ins_id	bigint
instance_network_type	text		The network type of the instances.
ip_type	text
latest_kernel_version	text
lock_mode	text		The lock mode of the instance.
lock_reason	text		The reason why the instance is locked.
maintain_time	text		The maintenance window of the instance. The maintenance window is displayed in UTC+8 in the ApsaraDB RDS console.
master_instance_id	text		The ID of the primary instance to which the instance is attached. If this parameter is not returned, the instance is a primary instance.
max_connections	bigint		The maximum number of concurrent connections that are allowed by the instance.
max_iops	bigint		The maximum number of I/O requests that the instance can process per second.
multiple_temp_upgrade	boolean
origin_configuration	text
parameters	jsonb		The list of running parameters for the instance.
pay_type	text		The billing method of the instances.
port	text		The internal port of the instance.
proxy_type	bigint		The type of proxy that is enabled on the instance.
readonly_db_instance_ids	jsonb		An array that consists of the IDs of the read-only instances attached to the primary instance.
region	text		The Alicloud region in which the resource is located.
region_id	text		The ID of the region to which the instances belong.
resource_group_id	text		The ID of the resource group to which the instances belong.
security_group_configuration	jsonb		ECS security groups that are bound to an ApsaraDB for the instance.
security_ip_mode	text		The network isolation mode of the instance.
security_ips	jsonb		An array that consists of IP addresses in the IP address whitelist.
security_ips_src	jsonb		An array that consists of IP details.
sql_collector_policy	jsonb		The status of the SQL Explorer (SQL Audit) feature.
sql_collector_retention	bigint		The log backup retention duration that is allowed by the SQL explorer feature on the instance.
ssl_status	text		The SSL encryption status of the Instance
super_permission_mode	text		Indicates whether the instance supports superuser accounts, such as the system administrator (SA) account, Active Directory (AD) account, and host account.
support_create_super_account	text
support_upgrade_account_type	text
tags	jsonb		A map of tags for the resource.
tags_src	jsonb		A map of tags for the resource.
tde_status	text		The TDE status at the instance level. Valid values: Enable \| Disable.
temp_db_instance_id	text		The ID of the temporary instance that is attached to the instance if a temporary instance is deployed.
temp_upgrade_recovery_class	text
temp_upgrade_recovery_cpu	bigint
temp_upgrade_recovery_max_connections	text
temp_upgrade_recovery_max_iops	text
temp_upgrade_recovery_memory	bigint
temp_upgrade_recovery_time	text
temp_upgrade_time_end	text
temp_upgrade_time_start	text
time_zone	text		The time zone of the instance.
title	text		Title of the resource.
vpc_cloud_instance_id	text		The ID of the cloud instance on which the specified VPC is deployed.
vpc_id	text		The ID of the VPC to which the instances belong.
vswitch_id	text		The ID of the vSwitch associated with the specified VPC.
zone_id	text		The ID of the zone to which the instances belong.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- alicloud

You can pass the configuration to the command with the --config argument:

steampipe_export_alicloud --config '<your_config>' alicloud_rds_instance