Table: aws_directory_service_directory - Query AWS Directory Service Directories using SQL

The AWS Directory Service provides multiple ways to use Microsoft Active Directory with other AWS services. Directories store information about a network's users, groups, and devices, enabling AWS services and instances to use this information. AWS Directory Service Directories are highly available and scalable, providing a cost-effective way to apply policies and security settings across an AWS environment.

Table Usage Guide

The aws_directory_service_directory table in Steampipe provides you with information about AWS Directory Service Directories. These include AWS Managed Microsoft AD, AWS Managed AD, and Simple AD directories. This table allows you, as a DevOps engineer, to query directory-specific details, including directory ID, type, size, and status, among others. You can utilize this table to gather insights on directories, such as their descriptions, DNS IP addresses, and security group IDs. The schema outlines the various attributes of the Directory Service Directory for you, including its ARN, creation timestamp, alias, and associated tags.

Examples

Basic Info

Explore the basic information linked to your AWS Directory Service to better manage and monitor your resources. This can be particularly useful in maintaining security and compliance within your IT infrastructure.

select
  name,
  arn,
  directory_id
from
  aws_directory_service_directory;

select
  name,
  arn,
  directory_id
from
  aws_directory_service_directory;

List MicrosoftAD type directories

Determine the areas in which MicrosoftAD type directories are being used within your AWS Directory Service. This can help in auditing and managing your AWS resources efficiently.

select
  name,
  arn,
  directory_id,
  type
from
  aws_directory_service_directory
where
  type = 'MicrosoftAD';

select
  name,
  arn,
  directory_id,
  type
from
  aws_directory_service_directory
where
  type = 'MicrosoftAD';

Get details about the shared directories

Discover the segments that share directories within your network. This query is useful to understand the distribution of shared resources, their status, and the accounts they are shared with, helping you maintain a balanced and secure network.

select
  name,
  directory_id,
  sd ->> 'ShareMethod' share_method,
  sd ->> 'ShareStatus' share_status,
  sd ->> 'SharedAccountId' shared_account_id,
  sd ->> 'SharedDirectoryId' shared_directory_id
from
  aws_directory_service_directory,
  jsonb_array_elements(shared_directories) sd;

select
  name,
  directory_id,
  json_extract(sd.value, '$.ShareMethod') as share_method,
  json_extract(sd.value, '$.ShareStatus') as share_status,
  json_extract(sd.value, '$.SharedAccountId') as shared_account_id,
  json_extract(sd.value, '$.SharedDirectoryId') as shared_directory_id
from
  aws_directory_service_directory
  join json_each(shared_directories) as sd;

Get snapshot limit details of each directory

Identify instances where the snapshot limit of each directory in your AWS Directory Service has been reached. This can help manage storage and prevent any potential disruptions due to reaching the limit.

select
  name,
  directory_id,
  snapshot_limit ->> 'ManualSnapshotsCurrentCount' as manual_snapshots_current_count,
  snapshot_limit ->> 'ManualSnapshotsLimit' as manual_snapshots_limit,
  snapshot_limit ->> 'ManualSnapshotsLimitReached' as manual_snapshots_limit_reached
from
  aws_directory_service_directory;

select
  name,
  directory_id,
  json_extract(snapshot_limit, '$.ManualSnapshotsCurrentCount') as manual_snapshots_current_count,
  json_extract(snapshot_limit, '$.ManualSnapshotsLimit') as manual_snapshots_limit,
  json_extract(snapshot_limit, '$.ManualSnapshotsLimitReached') as manual_snapshots_limit_reached
from
  aws_directory_service_directory;

Determine the areas in which Simple Notification Service (SNS) topics are linked with each directory in your AWS Directory Service. This can be useful to understand the communication setup and status within your organization's AWS infrastructure.

select
  name,
  directory_id,
  e ->> 'CreatedDateTime' as topic_created_date_time,
  e ->> 'Status' as topic_status,
  e ->> 'TopicArn' as topic_arn,
  e ->> 'TopicName' as topic_name
from
  aws_directory_service_directory,
  jsonb_array_elements(event_topics) as e;

select
  name,
  directory_id,
  json_extract(e.value, '$.CreatedDateTime') as topic_created_date_time,
  json_extract(e.value, '$.Status') as topic_status,
  json_extract(e.value, '$.TopicArn') as topic_arn,
  json_extract(e.value, '$.TopicName') as topic_name
from
  aws_directory_service_directory
  join json_each(event_topics) as e;

Control examples

Schema for aws_directory_service_directory

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
access_url	text		The access URL for the directory, such as http://<alias>.awsapps.com.
account_id	text	=, !=, ~~, ~~, !~~, !~~	The AWS Account ID in which the resource is located.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
alias	text		The alias for the directory.
arn	text		The Amazon Resource Name (ARN) that uniquely identifies the directory.
connect_settings	jsonb		A DirectoryConnectSettingsDescription object that contains additional information about an AD Connector directory.
description	text		The description for the directory.
desired_number_of_domain_controllers	bigint		The desired number of domain controllers in the directory if the directory is Microsoft AD.
directory_id	text	=	The directory identifier.
dns_ip_addrs	jsonb		The IP addresses of the DNS servers for the directory.
edition	text		The edition associated with this directory.
event_topics	jsonb		Amazon SNS topic names that receive status messages from the specified Directory ID.
launch_time	timestamp with time zone		Specifies when the directory was created.
name	text		The fully qualified name of the directory.
os_version	text		The operating system (OS) version of the directory.
owner_directory_description	jsonb		Describes the AWS Managed Microsoft AD directory in the directory owner account.
partition	text		The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
radius_settings	jsonb		A RadiusSettings object that contains information about the RADIUS server.
radius_status	text		The status of the RADIUS MFA server connection.
region	text		The AWS Region in which the resource is located.
regions_info	jsonb		Lists the Regions where the directory has replicated.
share_method	text		The method used when sharing a directory to determine whether the directory should be shared within your AWS organization (ORGANIZATIONS) or with any AWS account by sending a shared directory request (HANDSHAKE).
share_notes	text		A directory share request that is sent by the directory owner to the directory consumer.
share_status	text		Current directory status of the shared AWS Managed Microsoft AD directory.
shared_directories	jsonb		Details about the shared directory in the directory owner account for which the share request in the directory consumer account has been accepted.
short_name	text		The short name of the directory.
size	text		The directory size.
snapshot_limit	jsonb		Obtains the manual snapshot limits for a directory.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
sso_enabled	boolean		Indicates if single sign-on is enabled for the directory. For more information, see EnableSso and DisableSso.
stage	text		The current stage of the directory.
stage_last_updated_date_time	timestamp with time zone		The date and time that the stage was last updated.
stage_reason	text		Additional information about the directory stage.
tags	jsonb		A map of tags for the resource.
tags_src	jsonb		A list of tags currently associated with the Directory Service Directory.
title	text		Title of the resource.
type	text		The directory type.
vpc_settings	jsonb		A DirectoryVpcSettingsDescription object that contains additional information about a directory.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_directory_service_directory