steampipe plugin install aws

Table: aws_cloudfront_origin_access_identity - Query AWS CloudFront Origin Access Identity using SQL

The AWS CloudFront Origin Access Identity is a special CloudFront feature that allows secure access to your content within an Amazon S3 bucket. It's used as a virtual identity to enable sharing of your content with CloudFront while restricting access directly to your S3 bucket. Thus, it helps in maintaining the privacy of your data by preventing direct access to S3 resources.

Table Usage Guide

The aws_cloudfront_origin_access_identity table in Steampipe provides you with information about each origin access identity within AWS CloudFront. This table allows you, as a DevOps engineer, to query identity-specific details, including the identity's ID, S3 canonical user ID, caller reference, and associated comment. You can utilize this table to gather insights on origin access identities, such as the identity's configuration and CloudFront caller reference. The schema outlines the various attributes of the origin access identity for you, including the ID, S3 canonical user ID, caller reference, and comment.

Examples

Basic Info

Explore the foundational details of your AWS Cloudfront origin access identities to better understand your system's configuration and identify any potential areas for optimization or troubleshooting. This query is particularly useful for gaining insights into the identities' associated comments, user IDs, and unique identifiers, which can assist in system management and auditing tasks.

select
id,
arn,
comment,
s3_canonical_user_id,
etag
from
aws_cloudfront_origin_access_identity;
select
id,
arn,
comment,
s3_canonical_user_id,
etag
from
aws_cloudfront_origin_access_identity;

List origin access identity with comments

Discover the segments that have comments associated with their origin access identity in AWS Cloudfront. This is useful for understanding which identities have additional information or instructions provided, aiding in better resource management.

select
id,
arn,
comment,
caller_reference
from
aws_cloudfront_origin_access_identity
where
comment <> '';
select
id,
arn,
comment,
caller_reference
from
aws_cloudfront_origin_access_identity
where
comment != '';

Schema for aws_cloudfront_origin_access_identity

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntextThe Amazon Resource Name (ARN) specifying the origin access identity.
caller_referencetextA unique value that ensures that the request can't be replayed.
commenttextThe comment for this origin access identity.
etagtextThe current version of the origin access identity's information.
idtext=The ID for the origin access identity.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
s3_canonical_user_idtextThe Amazon S3 canonical user ID for the origin access identity, which you use when giving the origin access identity read permission to an object in Amazon S3.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_cloudfront_origin_access_identity