steampipe plugin install aws

Table: aws_cloudformation_stack - Query AWS CloudFormation Stack using SQL

The AWS CloudFormation Stack is a service that allows you to manage and provision AWS resources in an orderly and predictable fashion. You can use AWS CloudFormation to leverage AWS products such as Amazon EC2, Amazon Elastic Block Store, Amazon SNS, Elastic Load Balancing, and Auto Scaling to build highly reliable, highly scalable, cost-effective applications without creating or configuring the underlying AWS infrastructure. With CloudFormation, you describe your desired resources in a template, and AWS CloudFormation takes care of provisioning and configuring those resources for you.

Table Usage Guide

The aws_cloudformation_stack table in Steampipe provides you with information about stacks within AWS CloudFormation. This table enables you as a DevOps engineer to query stack-specific details, including stack name, status, creation time, and associated tags. You can utilize this table to gather insights on stacks, such as stack status, stack resources, stack capabilities, and more. The schema outlines the various attributes of the CloudFormation stack for you, including stack ID, stack name, creation time, stack status, and associated tags.

Examples

Find the status of each cloudformation stack

Explore the current status of each AWS CloudFormation stack to monitor the health and progress of your infrastructure deployments. This can help in identifying any potential issues or failures in your stack deployments.

select
name,
id,
status
from
aws_cloudformation_stack;
select
name,
id,
status
from
aws_cloudformation_stack;

List of cloudformation stack where rollback is disabled

Discover the segments that have disabled rollback in their AWS CloudFormation stacks. This can be useful for identifying potential risk areas, as these stacks will not automatically revert to a previous state if an error occurs during stack operations.

select
name,
disable_rollback
from
aws_cloudformation_stack
where
disable_rollback;
select
name,
disable_rollback
from
aws_cloudformation_stack
where
disable_rollback = 1;

List of stacks where termination protection is not enabled

Discover the segments that have not enabled termination protection in their stacks. This is crucial to identify potential risk areas and ensure the safety of your resources.

select
name,
enable_termination_protection
from
aws_cloudformation_stack
where
not enable_termination_protection;
select
name,
enable_termination_protection
from
aws_cloudformation_stack
where
enable_termination_protection = 0;

Rollback configuration info for each cloudformation stack

Explore the settings of your AWS CloudFormation stacks to understand their rollback configurations, including how long they monitor for signs of trouble and what triggers a rollback. This can help optimize your stack management by adjusting these settings based on your operational needs.

select
name,
rollback_configuration ->> 'MonitoringTimeInMinutes' as monitoring_time_in_min,
rollback_configuration ->> 'RollbackTriggers' as rollback_triggers
from
aws_cloudformation_stack;
select
name,
json_extract(
rollback_configuration,
'$.MonitoringTimeInMinutes'
) as monitoring_time_in_min,
json_extract(rollback_configuration, '$.RollbackTriggers') as rollback_triggers
from
aws_cloudformation_stack;

Resource ARNs where notifications about stack actions will be sent

Determine the areas in which notifications related to stack actions will be sent. This is useful for managing and tracking changes in your AWS CloudFormation stacks.

select
name,
jsonb_array_elements_text(notification_arns) as resource_arns
from
aws_cloudformation_stack;
select
name,
json_extract(
json_each.value,
') as resource_arns
from
aws_cloudformation_stack,
json_each(notification_arns);

Schema for aws_cloudformation_stack

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
account_idtextThe AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
capabilitiesjsonbThe capabilities allowed in the stack.
creation_timetimestamp with time zoneThe time at which the stack was created.
descriptiontextA user-defined description associated with the stack.
disable_rollbackbooleanBoolean to enable or disable rollback on stack creation failures.
enable_termination_protectionbooleanSpecifies whether termination protection is enabled for the stack.
idtextUnique identifier of the stack.
last_updated_timetimestamp with time zoneThe time the stack was last updated. This field will only be returned if the stack has been updated at least once.
nametext=The name associated with the stack.
notification_arnsjsonbSNS topic ARNs to which stack related events are published.
outputsjsonbA list of output structures.
parametersjsonbA list of Parameter structures.
parent_idtextID of the direct parent of this stack.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
resourcesjsonbA list of Stack resource structures.
role_arntextThe Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that is associated with the stack.
rollback_configurationjsonbThe rollback triggers for AWS CloudFormation to monitor during stack creation and updating operations, and for the specified monitoring period afterwards.
root_idtextID of the top-level stack to which the nested stack ultimately belongs.
stack_drift_statustextStatus of the stack's actual configuration compared to its expected template configuration.
statustextCurrent status of the stack.
tagsjsonbA map of tags for the resource.
tags_srcjsonbA list of tags associated with stack.
template_bodytextStructure containing the template body.
template_body_jsonjsonbStructure containing the template body. Parsed into json object for better readability.
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_cloudformation_stack