steampipe plugin install aws

Table: aws_account - Query AWS Accounts using SQL

The AWS Account is a container for AWS resources. It is used to sign up for, organize, and manage AWS services, and it provides administrative control access to resources. An AWS Account contains its own data, with its own settings, including billing and payment information.

Table Usage Guide

The aws_account table in Steampipe provides you with information about your AWS Account. This table allows you, as a DevOps engineer, to query account-specific details, including the account status, owner, and associated resources. You can utilize this table to gather insights on your AWS account, such as the account's ARN, creation date, email address, and more. The schema outlines the various attributes of your AWS account, including the account ID, account alias, and whether your account is a root account.

Examples

Basic AWS account info

Discover the segments that are associated with your AWS account, including details about the organization and the master account. This can help you manage and understand the relationships within your AWS structure.This query provides a snapshot of basic details about your AWS account, including its alias and associated organization details. It's useful for quickly accessing key information about your account, particularly in larger organizations where multiple accounts may be in use.

select
alias,
arn,
organization_id,
organization_master_account_email,
organization_master_account_id
from
aws_account
cross join jsonb_array_elements(account_aliases) as alias;
select
alias.value as alias,
arn,
organization_id,
organization_master_account_email,
organization_master_account_id
from
aws_account,
json_each(account_aliases) as alias;

Organization policy of aws account

This query allows you to delve into the various policies within your AWS account, particularly focusing on the type and status of each policy. It's useful for managing and tracking policy configurations across your organization, ensuring compliance and efficient resource utilization.This query is used to understand the types and status of policies available for an AWS organization. This can be beneficial for auditing purposes, ensuring policy compliance across all accounts within the organization.

select
organization_id,
policy ->> 'Type' as policy_type,
policy ->> 'Status' as policy_status
from
aws_account
cross join jsonb_array_elements(organization_available_policy_types) as policy;
select
organization_id,
json_extract(policy.value, '$.Type') as policy_type,
json_extract(policy.value, '$.Status') as policy_status
from
aws_account,
json_each(organization_available_policy_types) as policy;

Query examples

Control examples

Schema for aws_account

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_aliasesjsonbA list of aliases associated with the account, if applicable.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntextThe Amazon Resource Name (ARN) specifying the account.
organization_arntextThe Amazon Resource Name (ARN) of an organization.
organization_available_policy_typesjsonbThe Region opt-in status. The possible values are opt-in-not-required, opted-in, and not-opted-in
organization_feature_settextSpecifies the functionality that currently is available to the organization. If set to "ALL", then all features are enabled and policies can be applied to accounts in the organization. If set to "CONSOLIDATED_BILLING", then only consolidated billing functionality is available.
organization_idtextThe unique identifier (ID) of an organization, if applicable.
organization_master_account_arntextThe Amazon Resource Name (ARN) of the account that is designated as the management account for the organization
organization_master_account_emailtextThe email address that is associated with the AWS account that is designated as the management account for the organization
organization_master_account_idtextThe unique identifier (ID) of the management account of an organization
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_account