Table: aws_api_gateway_stage - Query AWS API Gateway Stages using SQL
The AWS API Gateway Stages are crucial parts of the API Gateway service that help manage and control the lifecycle of an API. Stages are named references to a specific deployment of an API and associated settings. They enable API call traffic management, throttling, access permissions, and enable or disable API Gateway caching.
Table Usage Guide
The aws_api_gateway_stage
table in Steampipe provides you with information about stages within AWS API Gateway. This table allows you, as a DevOps engineer, to query stage-specific details, including the associated deployment, API, stage description, and associated metadata. You can utilize this table to gather insights on stages, such as the stage's deployment ID, the associated API, stage settings, and more. The schema outlines the various attributes of the API Gateway stage for you, including the stage name, deployment ID, API ID, created date, and associated tags.
Examples
Count of stages per rest APIs
Determine the distribution of stages across different REST APIs to understand the complexity and structure of your API Gateway. This could aid in optimizing the management and deployment of your APIs.This query is used to determine the number of stages for each REST API in a system. This can be useful for understanding the distribution of stages across APIs, which can aid in managing and optimizing API performance.
select rest_api_id, count(name) stage_countfrom aws_api_gateway_stagegroup by rest_api_id;
select rest_api_id, count(name) as stage_countfrom aws_api_gateway_stagegroup by rest_api_id;
List of stages where API caching is enabled
Identify the stages in your API Gateway where caching is enabled. This could be useful for optimizing performance and reducing latency in your application.This query is used to identify stages in the AWS API Gateway where caching is enabled. This is useful for optimizing performance and reducing latency by avoiding unnecessary calls to the backend.
select name, rest_api_id, cache_cluster_enabled, cache_cluster_sizefrom aws_api_gateway_stagewhere cache_cluster_enabled;
select name, rest_api_id, cache_cluster_enabled, cache_cluster_sizefrom aws_api_gateway_stagewhere cache_cluster_enabled = 1;
List web ACLs associated with the gateway stages
Assess the elements within your network by identifying the web access control lists (ACLs) associated with various stages of your gateway. This aids in understanding your security configuration and ensuring the correct ACLs are in place.This example shows how to identify the web access control lists (ACLs) associated with each stage of your API Gateway. This could be useful for auditing security settings or troubleshooting access issues.
select name, split_part(web_acl_arn, '/', 3) as web_acl_namefrom aws_api_gateway_stage;
select name, substr( web_acl_arn, instr(web_acl_arn, '/') + 1, instr(substr(web_acl_arn, instr(web_acl_arn, '/') + 1), '/') - 1 ) as web_acl_namefrom aws_api_gateway_stage;
List stages with CloudWatch logging disabled
This query is used to identify the stages in your AWS API Gateway that don't have CloudWatch logging enabled. It's useful for improving your system's security and troubleshooting capabilities by ensuring all stages are properly logging activity.This query is used to identify stages in AWS API Gateway where CloudWatch logging is turned off. It's useful for ensuring all stages are properly monitored and adhering to logging best practices.
select deployment_id, name, tracing_enabled, method_settings -> '*/*' ->> 'LoggingLevel' as cloudwatch_log_levelfrom aws_api_gateway_stagewhere method_settings -> '*/*' ->> 'LoggingLevel' = 'OFF';
select deployment_id, name, tracing_enabled, json_extract(method_settings, '$."*/*".LoggingLevel') as cloudwatch_log_levelfrom aws_api_gateway_stagewhere json_extract(method_settings, '$."*/*".LoggingLevel') = 'OFF';
Schema for aws_api_gateway_stage
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
access_log_settings | jsonb | Settings for logging access in this stage. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
arn | text | The Amazon Resource Name (ARN) of the stage. | |
cache_cluster_enabled | boolean | Specifies whether a cache cluster is enabled for the stage. | |
cache_cluster_size | text | The size of the cache cluster for the stage, if enabled. | |
cache_cluster_status | text | The status of the cache cluster for the stage, if enabled. | |
canary_settings | jsonb | A map of settings for the canary deployment in this stage. | |
client_certificate_id | text | The identifier of a client certificate for an API stage. | |
created_date | timestamp with time zone | The timestamp when the stage was created. | |
deployment_id | text | The identifier of the Deployment that the stage points to. | |
description | text | The stage's description. | |
documentation_version | text | The version of the associated API documentation. | |
last_updated_date | timestamp with time zone | The timestamp when the stage last updated. | |
method_settings | jsonb | A map that defines the method settings for a Stage resource. | |
name | text | = | The name of the stage. |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
region | text | The AWS Region in which the resource is located. | |
rest_api_id | text | = | The id of the rest api which contains this stage. |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
tags | jsonb | A map of tags for the resource. | |
title | text | Title of the resource. | |
tracing_enabled | boolean | Specifies whether active tracing with X-ray is enabled for the Stage. | |
variables | jsonb | A map that defines the stage variables for a Stage resource. | |
web_acl_arn | text | The ARN of the WebAcl associated with the Stage. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_api_gateway_stage