v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Steampipe logo 
Hub
Plugins
turbot/aws
Overview
496Tables
Versions
PowerpipeMods
GitHub
steampipe plugin install aws

Table: aws_cloudtrail_channel - Query AWS CloudTrail Channel using SQL

The AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. It helps you to log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. The CloudTrail Channel specifically, allows you to manage the delivery of CloudTrail event log files to your specified S3 bucket and CloudWatch Logs log group.

Table Usage Guide

The aws_cloudtrail_channel table in Steampipe provides you with information about CloudTrail trails within AWS CloudTrail. This table allows you, as a DevOps engineer, to query trail-specific details, including trail configurations, status, and associated metadata. You can utilize this table to gather insights on trails, such as their status, S3 bucket details, encryption status, and more. The schema outlines the various attributes of the CloudTrail trail for you, including the trail ARN, home region, S3 bucket name, and whether log file validation is enabled.

Examples

Basic info

Analyze the settings of your AWS CloudTrail channels to understand whether they are applied to all regions. This is beneficial to ensure consistent logging and monitoring across your entire AWS environment.

select
  name,
  arn,
  source,
  apply_to_all_regions
from
  aws_cloudtrail_channel;
select
  name,
  arn,
  source,
  apply_to_all_regions
from
  aws_cloudtrail_channel;

List channels that are not applied to all regions

Identify the AWS Cloudtrail channels which are not configured to apply to all regions. This can be useful for auditing regional compliance or identifying potential gaps in log coverage.

select
  name,
  arn,
  source,
  apply_to_all_regions,
  advanced_event_selectors
from
  aws_cloudtrail_channel
where
  not apply_to_all_regions;
select
  name,
  arn,
  source,
  apply_to_all_regions,
  advanced_event_selectors
from
  aws_cloudtrail_channel
where
  apply_to_all_regions = 0;

Get advanced event selector details of each channel

Determine the specific event selector details associated with each AWS CloudTrail channel. This query is useful for analyzing channel configurations and identifying any potential areas for optimization or troubleshooting.

select
  name,
  a ->> 'Name' as advanced_event_selector_name,
  a ->> 'FieldSelectors' as field_selectors
from
  aws_cloudtrail_channel,
  jsonb_array_elements(advanced_event_selectors) as a;
select
  name,
  json_extract(a.value, '$.Name') as advanced_event_selector_name,
  json_extract(a.value, '$.FieldSelectors') as field_selectors
from
  aws_cloudtrail_channel,
  json_each(advanced_event_selectors) as a;

Schema for aws_cloudtrail_channel

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
advanced_event_selectorsjsonbThe advanced event selectors that are configured for the channel.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
apply_to_all_regionsbooleanSpecifies whether the channel applies to a single region or to all regions.
arntext=The Amazon Resource Name (ARN) of a channel.
destinationsjsonbThe Amazon Web Services service that created the service-linked channel.
ingestion_statusjsonbA table showing information about the most recent successful and failed attempts to ingest events.
nametextThe name of the cloudtrail channel.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
sourcetextThe event source for the cloudtrail channel.
source_configjsonbConfiguration information about the channel.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_cloudtrail_channel