steampipe plugin install aws

Table: aws_api_gatewayv2_route - Query AWS API Gateway V2 Routes using SQL

The AWS API Gateway V2 Routes is a feature within the Amazon API Gateway service. It allows you to define the paths that a client application can take to access your API. This feature is integral to the process of creating, deploying, and managing your APIs in a secure and scalable manner.

Table Usage Guide

The aws_api_gatewayv2_route table in Steampipe provides you with information about routes within AWS API Gateway V2. This table allows you, as a DevOps engineer, to query route-specific details, including the route key, route response selection expression, and target. You can utilize this table to gather insights on routes, such as route configurations, route response behaviors, and more. The schema outlines the various attributes of the route for you, including the API identifier, route ID, route key, and associated metadata.

Examples

Basic info

Determine the areas in which your AWS API Gateway is managed and if an API key is required. This can help in identifying potential security risks and ensuring appropriate access controls are in place.

select
route_key,
api_id,
route_id,
api_gateway_managed,
api_key_required
from
aws_api_gatewayv2_route;
select
route_key,
api_id,
route_id,
api_gateway_managed,
api_key_required
from
aws_api_gatewayv2_route;

List routes by API

Explore which routes are associated with a specific API to better manage and optimize your API Gateway. This can be particularly useful for troubleshooting or for identifying opportunities for API performance enhancement.

select
route_key,
api_id,
route_id
from
aws_api_gatewayv2_route
where
api_id = 'w5n71b2m85';
select
route_key,
api_id,
route_id
from
aws_api_gatewayv2_route
where
api_id = 'w5n71b2m85';

List routes with default endpoint enabled APIs

Identify the instances where the default endpoint is enabled in APIs, allowing you to understand and manage the routes that are directly accessible.

select
r.route_id,
a.name,
a.api_id,
a.api_endpoint
from
aws_api_gatewayv2_route as r,
aws_api_gatewayv2_api as a
where
not a.disable_execute_api_endpoint;
select
r.route_id,
a.name,
a.api_id,
a.api_endpoint
from
aws_api_gatewayv2_route as r,
aws_api_gatewayv2_api as a
where
a.disable_execute_api_endpoint != 1;

Schema for aws_api_gatewayv2_route

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
api_gateway_managedbooleanSpecifies whether a route is managed by API Gateway.
api_idtext=Represents the identifier of an API.
api_key_requiredbooleanSpecifies whether an API key is required for this route. Supported only for WebSocket APIs.
authorization_scopesjsonbA list of authorization scopes configured on a route. The scopes are used with a JWT authorizer to authorize the method invocation. The authorization works by matching the route scopes against the scopes parsed from the access token in the incoming request. The method invocation is authorized if any route scope matches a claimed scope in the access token. Otherwise, the invocation is not authorized. When the route scope is configured, the client must provide an access token instead of an identity token for authorization purposes.
authorization_typetextThe authorization type for the route. For WebSocket APIs, valid values are NONE for open access, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer For HTTP APIs, valid values are NONE for open access, JWT for using JSON Web Tokens, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer.
authorizer_idtextThe identifier of the Authorizer resource to be associated with this route. The authorizer identifier is generated by API Gateway when you created the authorizer.
model_selection_expressiontextThe model selection expression for the route. Supported only for WebSocket APIs.
operation_nametextThe operation name for the route.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
request_modelsjsonbThe request models for the route. Supported only for WebSocket APIs.
request_parametersjsonbThe request parameters for the route. Supported only for WebSocket APIs.
route_idtext=The route ID.
route_keytextThe route key for the route.
route_response_selection_expressiontextThe route response selection expression for the route. Supported only for WebSocket APIs.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
targettextThe target for the route.
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_api_gatewayv2_route