v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Steampipe logo 
Hub
Plugins
turbot/aws
Overview
509Tables
Versions
PowerpipeMods
GitHub
steampipe plugin install aws

Table: aws_config_delivery_channel - Query AWS Config Delivery Channels using SQL

The AWS Config Delivery Channel is a feature that enables AWS Config to deliver configuration snapshots and configuration change notifications to specified destinations. It plays a key role in ensuring that your configuration data is stored securely and notifications are sent promptly for compliance or operational purposes.

Table Usage Guide

The aws_config_delivery_channel table in Steampipe provides insights into the Delivery Channels associated with AWS Config. This table enables DevOps engineers, security analysts, and cloud administrators to query delivery channel details such as the destination S3 bucket, SNS topic for notifications, and delivery status. Use this table to ensure your configuration change data is being delivered correctly and troubleshoot delivery-related issues.

Examples

Retrieve basic delivery channel information

Get a detailed view of your AWS Config Delivery Channels, including their destinations and notification settings.

select
  name,
  s3_bucket_name,
  s3_key_prefix,
  sns_topic_arn,
  delivery_frequency,
  status,
  title,
  akas
from
  aws_config_delivery_channel;
select
  name,
  s3_bucket_name,
  s3_key_prefix,
  sns_topic_arn,
  delivery_frequency,
  status,
  title,
  akas
from
  aws_config_delivery_channel;

List delivery channels without SNS topic configured

Identify delivery channels that do not have an SNS topic configured for notifications. This can help ensure you have proper alerting mechanisms in place.

select
  name,
  s3_bucket_name,
  sns_topic_arn
from
  aws_config_delivery_channel
where
  sns_topic_arn is null;
select
  name,
  s3_bucket_name,
  sns_topic_arn
from
  aws_config_delivery_channel
where
  sns_topic_arn is null;

Check delivery channels with delivery failures

Discover delivery channels with failed deliveries to address issues in your AWS Config setup.

select
  name,
  status ->> 'LastStatus' as last_status,
  status ->> 'LastStatusChangeTime' as last_status_change_time,
  status ->> 'LastErrorCode' as last_error_code,
  status ->> 'LastErrorMessage' as last_error_message
from
  aws_config_delivery_channel
where
  (status ->> 'LastStatus') = 'FAILURE';
select
  name,
  json_extract(status, '$.LastStatus') as last_status,
  json_extract(status, '$.LastStatusChangeTime') as last_status_change_time,
  json_extract(status, '$.LastErrorCode') as last_error_code,
  json_extract(status, '$.LastErrorMessage') as last_error_message
from
  aws_config_delivery_channel
where
  json_extract(status, '$.LastStatus') = 'FAILURE';

List delivery channels sending to a specific S3 bucket

Query the delivery channels that are configured to send data to a particular S3 bucket.

select
  name,
  s3_bucket_name,
  sns_topic_arn,
  delivery_frequency
from
  aws_config_delivery_channel
where
  s3_bucket_name = 'test-bucket-delivery-channel';
select
  name,
  s3_bucket_name,
  sns_topic_arn,
  delivery_frequency
from
  aws_config_delivery_channel
where
  s3_bucket_name = 'test-bucket-delivery-channel';

Analyze delivery frequency of all channels

Get an overview of how often your delivery channels send data, ensuring they align with organizational requirements.

select
  name,
  delivery_frequency,
  s3_bucket_name,
  sns_topic_arn
from
  aws_config_delivery_channel;
select
  name,
  delivery_frequency,
  s3_bucket_name,
  sns_topic_arn
from
  aws_config_delivery_channel;

Schema for aws_config_delivery_channel

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
delivery_frequencytextThe frequency with which the AWS Config delivers configuration snapshots to the Amazon S3 bucket.
nametext=The name of the delivery channel.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
s3_bucket_nametextThe name of the Amazon S3 bucket to which AWS Config delivers configuration snapshots and configuration history files.
s3_key_prefixtextThe prefix for the specified Amazon S3 bucket.
s3_kms_key_arntextThe Amazon Resource Name (ARN) of the KMS key.
sns_topic_arntextThe Amazon Resource Name (ARN) of the Amazon SNS topic to which AWS Config sends notifications about configuration changes.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statusjsonbThe current status of the delivery channel.
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_config_delivery_channel