steampipe plugin install aws

Table: aws_directory_service_directory - Query AWS Directory Service Directories using SQL

The AWS Directory Service provides multiple ways to use Microsoft Active Directory with other AWS services. Directories store information about a network's users, groups, and devices, enabling AWS services and instances to use this information. AWS Directory Service Directories are highly available and scalable, providing a cost-effective way to apply policies and security settings across an AWS environment.

Table Usage Guide

The aws_directory_service_directory table in Steampipe provides you with information about AWS Directory Service Directories. These include AWS Managed Microsoft AD, AWS Managed AD, and Simple AD directories. This table allows you, as a DevOps engineer, to query directory-specific details, including directory ID, type, size, and status, among others. You can utilize this table to gather insights on directories, such as their descriptions, DNS IP addresses, and security group IDs. The schema outlines the various attributes of the Directory Service Directory for you, including its ARN, creation timestamp, alias, and associated tags.

Examples

Basic Info

Explore the basic information linked to your AWS Directory Service to better manage and monitor your resources. This can be particularly useful in maintaining security and compliance within your IT infrastructure.

select
name,
arn,
directory_id
from
aws_directory_service_directory;
select
name,
arn,
directory_id
from
aws_directory_service_directory;

List MicrosoftAD type directories

Determine the areas in which MicrosoftAD type directories are being used within your AWS Directory Service. This can help in auditing and managing your AWS resources efficiently.

select
name,
arn,
directory_id,
type
from
aws_directory_service_directory
where
type = 'MicrosoftAD';
select
name,
arn,
directory_id,
type
from
aws_directory_service_directory
where
type = 'MicrosoftAD';

Get details about the shared directories

Discover the segments that share directories within your network. This query is useful to understand the distribution of shared resources, their status, and the accounts they are shared with, helping you maintain a balanced and secure network.

select
name,
directory_id,
sd ->> 'ShareMethod' share_method,
sd ->> 'ShareStatus' share_status,
sd ->> 'SharedAccountId' shared_account_id,
sd ->> 'SharedDirectoryId' shared_directory_id
from
aws_directory_service_directory,
jsonb_array_elements(shared_directories) sd;
select
name,
directory_id,
json_extract(sd.value, '$.ShareMethod') as share_method,
json_extract(sd.value, '$.ShareStatus') as share_status,
json_extract(sd.value, '$.SharedAccountId') as shared_account_id,
json_extract(sd.value, '$.SharedDirectoryId') as shared_directory_id
from
aws_directory_service_directory
join json_each(shared_directories) as sd;

Get snapshot limit details of each directory

Identify instances where the snapshot limit of each directory in your AWS Directory Service has been reached. This can help manage storage and prevent any potential disruptions due to reaching the limit.

select
name,
directory_id,
snapshot_limit ->> 'ManualSnapshotsCurrentCount' as manual_snapshots_current_count,
snapshot_limit ->> 'ManualSnapshotsLimit' as manual_snapshots_limit,
snapshot_limit ->> 'ManualSnapshotsLimitReached' as manual_snapshots_limit_reached
from
aws_directory_service_directory;
select
name,
directory_id,
json_extract(snapshot_limit, '$.ManualSnapshotsCurrentCount') as manual_snapshots_current_count,
json_extract(snapshot_limit, '$.ManualSnapshotsLimit') as manual_snapshots_limit,
json_extract(snapshot_limit, '$.ManualSnapshotsLimitReached') as manual_snapshots_limit_reached
from
aws_directory_service_directory;

Get SNS topic details of each directory

Determine the areas in which Simple Notification Service (SNS) topics are linked with each directory in your AWS Directory Service. This can be useful to understand the communication setup and status within your organization's AWS infrastructure.

select
name,
directory_id,
e ->> 'CreatedDateTime' as topic_created_date_time,
e ->> 'Status' as topic_status,
e ->> 'TopicArn' as topic_arn,
e ->> 'TopicName' as topic_name
from
aws_directory_service_directory,
jsonb_array_elements(event_topics) as e;
select
name,
directory_id,
json_extract(e.value, '$.CreatedDateTime') as topic_created_date_time,
json_extract(e.value, '$.Status') as topic_status,
json_extract(e.value, '$.TopicArn') as topic_arn,
json_extract(e.value, '$.TopicName') as topic_name
from
aws_directory_service_directory
join json_each(event_topics) as e;

Schema for aws_directory_service_directory

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
access_urltextThe access URL for the directory, such as http://<alias>.awsapps.com.
account_idtextThe AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
aliastextThe alias for the directory.
arntextThe Amazon Resource Name (ARN) that uniquely identifies the directory.
connect_settingsjsonbA DirectoryConnectSettingsDescription object that contains additional information about an AD Connector directory.
descriptiontextThe description for the directory.
desired_number_of_domain_controllersbigintThe desired number of domain controllers in the directory if the directory is Microsoft AD.
directory_idtext=The directory identifier.
dns_ip_addrsjsonbThe IP addresses of the DNS servers for the directory.
editiontextThe edition associated with this directory.
event_topicsjsonbAmazon SNS topic names that receive status messages from the specified Directory ID.
launch_timetimestamp with time zoneSpecifies when the directory was created.
nametextThe fully qualified name of the directory.
owner_directory_descriptionjsonbDescribes the AWS Managed Microsoft AD directory in the directory owner account.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
radius_settingsjsonbA RadiusSettings object that contains information about the RADIUS server.
radius_statustextThe status of the RADIUS MFA server connection.
regiontextThe AWS Region in which the resource is located.
regions_infojsonbLists the Regions where the directory has replicated.
share_methodtextThe method used when sharing a directory to determine whether the directory should be shared within your AWS organization (ORGANIZATIONS) or with any AWS account by sending a shared directory request (HANDSHAKE).
share_notestextA directory share request that is sent by the directory owner to the directory consumer.
share_statustextCurrent directory status of the shared AWS Managed Microsoft AD directory.
shared_directoriesjsonbDetails about the shared directory in the directory owner account for which the share request in the directory consumer account has been accepted.
short_nametextThe short name of the directory.
sizetextThe directory size.
snapshot_limitjsonbObtains the manual snapshot limits for a directory.
sso_enabledbooleanIndicates if single sign-on is enabled for the directory. For more information, see EnableSso and DisableSso.
stagetextThe current stage of the directory.
stage_last_updated_date_timetimestamp with time zoneThe date and time that the stage was last updated.
stage_reasontextAdditional information about the directory stage.
tagsjsonbA map of tags for the resource.
tags_srcjsonbA list of tags currently associated with the Directory Service Directory.
titletextTitle of the resource.
typetextThe directory type.
vpc_settingsjsonbA DirectoryVpcSettingsDescription object that contains additional information about a directory.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_directory_service_directory