Table: aws_api_gatewayv2_route - Query AWS API Gateway V2 Routes using SQL
The AWS API Gateway V2 Routes is a feature within the Amazon API Gateway service. It allows you to define the paths that a client application can take to access your API. This feature is integral to the process of creating, deploying, and managing your APIs in a secure and scalable manner.
Table Usage Guide
The aws_api_gatewayv2_route
table in Steampipe provides you with information about routes within AWS API Gateway V2. This table allows you, as a DevOps engineer, to query route-specific details, including the route key, route response selection expression, and target. You can utilize this table to gather insights on routes, such as route configurations, route response behaviors, and more. The schema outlines the various attributes of the route for you, including the API identifier, route ID, route key, and associated metadata.
Examples
Basic info
Determine the areas in which your AWS API Gateway is managed and if an API key is required. This can help in identifying potential security risks and ensuring appropriate access controls are in place.
select route_key, api_id, route_id, api_gateway_managed, api_key_requiredfrom aws_api_gatewayv2_route;
select route_key, api_id, route_id, api_gateway_managed, api_key_requiredfrom aws_api_gatewayv2_route;
List routes by API
Explore which routes are associated with a specific API to better manage and optimize your API Gateway. This can be particularly useful for troubleshooting or for identifying opportunities for API performance enhancement.
select route_key, api_id, route_idfrom aws_api_gatewayv2_routewhere api_id = 'w5n71b2m85';
select route_key, api_id, route_idfrom aws_api_gatewayv2_routewhere api_id = 'w5n71b2m85';
List routes with default endpoint enabled APIs
Identify the instances where the default endpoint is enabled in APIs, allowing you to understand and manage the routes that are directly accessible.
select r.route_id, a.name, a.api_id, a.api_endpointfrom aws_api_gatewayv2_route as r, aws_api_gatewayv2_api as awhere not a.disable_execute_api_endpoint;
select r.route_id, a.name, a.api_id, a.api_endpointfrom aws_api_gatewayv2_route as r, aws_api_gatewayv2_api as awhere a.disable_execute_api_endpoint != 1;
Schema for aws_api_gatewayv2_route
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
api_gateway_managed | boolean | Specifies whether a route is managed by API Gateway. | |
api_id | text | = | Represents the identifier of an API. |
api_key_required | boolean | Specifies whether an API key is required for this route. Supported only for WebSocket APIs. | |
authorization_scopes | jsonb | A list of authorization scopes configured on a route. The scopes are used with a JWT authorizer to authorize the method invocation. The authorization works by matching the route scopes against the scopes parsed from the access token in the incoming request. The method invocation is authorized if any route scope matches a claimed scope in the access token. Otherwise, the invocation is not authorized. When the route scope is configured, the client must provide an access token instead of an identity token for authorization purposes. | |
authorization_type | text | The authorization type for the route. For WebSocket APIs, valid values are NONE for open access, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer For HTTP APIs, valid values are NONE for open access, JWT for using JSON Web Tokens, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer. | |
authorizer_id | text | The identifier of the Authorizer resource to be associated with this route. The authorizer identifier is generated by API Gateway when you created the authorizer. | |
model_selection_expression | text | The model selection expression for the route. Supported only for WebSocket APIs. | |
operation_name | text | The operation name for the route. | |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
region | text | The AWS Region in which the resource is located. | |
request_models | jsonb | The request models for the route. Supported only for WebSocket APIs. | |
request_parameters | jsonb | The request parameters for the route. Supported only for WebSocket APIs. | |
route_id | text | = | The route ID. |
route_key | text | The route key for the route. | |
route_response_selection_expression | text | The route response selection expression for the route. Supported only for WebSocket APIs. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
target | text | The target for the route. | |
title | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_api_gatewayv2_route