Table: aws_directory_service_directory - Query AWS Directory Service Directories using SQL
The AWS Directory Service provides multiple ways to use Microsoft Active Directory with other AWS services. Directories store information about a network's users, groups, and devices, enabling AWS services and instances to use this information. AWS Directory Service Directories are highly available and scalable, providing a cost-effective way to apply policies and security settings across an AWS environment.
Table Usage Guide
The aws_directory_service_directory
table in Steampipe provides you with information about AWS Directory Service Directories. These include AWS Managed Microsoft AD, AWS Managed AD, and Simple AD directories. This table allows you, as a DevOps engineer, to query directory-specific details, including directory ID, type, size, and status, among others. You can utilize this table to gather insights on directories, such as their descriptions, DNS IP addresses, and security group IDs. The schema outlines the various attributes of the Directory Service Directory for you, including its ARN, creation timestamp, alias, and associated tags.
Examples
Basic Info
Explore the basic information linked to your AWS Directory Service to better manage and monitor your resources. This can be particularly useful in maintaining security and compliance within your IT infrastructure.
select name, arn, directory_idfrom aws_directory_service_directory;
select name, arn, directory_idfrom aws_directory_service_directory;
List MicrosoftAD type directories
Determine the areas in which MicrosoftAD type directories are being used within your AWS Directory Service. This can help in auditing and managing your AWS resources efficiently.
select name, arn, directory_id, typefrom aws_directory_service_directorywhere type = 'MicrosoftAD';
select name, arn, directory_id, typefrom aws_directory_service_directorywhere type = 'MicrosoftAD';
Get details about the shared directories
Discover the segments that share directories within your network. This query is useful to understand the distribution of shared resources, their status, and the accounts they are shared with, helping you maintain a balanced and secure network.
select name, directory_id, sd ->> 'ShareMethod' share_method, sd ->> 'ShareStatus' share_status, sd ->> 'SharedAccountId' shared_account_id, sd ->> 'SharedDirectoryId' shared_directory_idfrom aws_directory_service_directory, jsonb_array_elements(shared_directories) sd;
select name, directory_id, json_extract(sd.value, '$.ShareMethod') as share_method, json_extract(sd.value, '$.ShareStatus') as share_status, json_extract(sd.value, '$.SharedAccountId') as shared_account_id, json_extract(sd.value, '$.SharedDirectoryId') as shared_directory_idfrom aws_directory_service_directory join json_each(shared_directories) as sd;
Get snapshot limit details of each directory
Identify instances where the snapshot limit of each directory in your AWS Directory Service has been reached. This can help manage storage and prevent any potential disruptions due to reaching the limit.
select name, directory_id, snapshot_limit ->> 'ManualSnapshotsCurrentCount' as manual_snapshots_current_count, snapshot_limit ->> 'ManualSnapshotsLimit' as manual_snapshots_limit, snapshot_limit ->> 'ManualSnapshotsLimitReached' as manual_snapshots_limit_reachedfrom aws_directory_service_directory;
select name, directory_id, json_extract(snapshot_limit, '$.ManualSnapshotsCurrentCount') as manual_snapshots_current_count, json_extract(snapshot_limit, '$.ManualSnapshotsLimit') as manual_snapshots_limit, json_extract(snapshot_limit, '$.ManualSnapshotsLimitReached') as manual_snapshots_limit_reachedfrom aws_directory_service_directory;
Get SNS topic details of each directory
Determine the areas in which Simple Notification Service (SNS) topics are linked with each directory in your AWS Directory Service. This can be useful to understand the communication setup and status within your organization's AWS infrastructure.
select name, directory_id, e ->> 'CreatedDateTime' as topic_created_date_time, e ->> 'Status' as topic_status, e ->> 'TopicArn' as topic_arn, e ->> 'TopicName' as topic_namefrom aws_directory_service_directory, jsonb_array_elements(event_topics) as e;
select name, directory_id, json_extract(e.value, '$.CreatedDateTime') as topic_created_date_time, json_extract(e.value, '$.Status') as topic_status, json_extract(e.value, '$.TopicArn') as topic_arn, json_extract(e.value, '$.TopicName') as topic_namefrom aws_directory_service_directory join json_each(event_topics) as e;
Schema for aws_directory_service_directory
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
access_url | text | The access URL for the directory, such as http://<alias>.awsapps.com. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
alias | text | The alias for the directory. | |
arn | text | The Amazon Resource Name (ARN) that uniquely identifies the directory. | |
connect_settings | jsonb | A DirectoryConnectSettingsDescription object that contains additional information about an AD Connector directory. | |
description | text | The description for the directory. | |
desired_number_of_domain_controllers | bigint | The desired number of domain controllers in the directory if the directory is Microsoft AD. | |
directory_id | text | = | The directory identifier. |
dns_ip_addrs | jsonb | The IP addresses of the DNS servers for the directory. | |
edition | text | The edition associated with this directory. | |
event_topics | jsonb | Amazon SNS topic names that receive status messages from the specified Directory ID. | |
launch_time | timestamp with time zone | Specifies when the directory was created. | |
name | text | The fully qualified name of the directory. | |
os_version | text | The operating system (OS) version of the directory. | |
owner_directory_description | jsonb | Describes the AWS Managed Microsoft AD directory in the directory owner account. | |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
radius_settings | jsonb | A RadiusSettings object that contains information about the RADIUS server. | |
radius_status | text | The status of the RADIUS MFA server connection. | |
region | text | The AWS Region in which the resource is located. | |
regions_info | jsonb | Lists the Regions where the directory has replicated. | |
share_method | text | The method used when sharing a directory to determine whether the directory should be shared within your AWS organization (ORGANIZATIONS) or with any AWS account by sending a shared directory request (HANDSHAKE). | |
share_notes | text | A directory share request that is sent by the directory owner to the directory consumer. | |
share_status | text | Current directory status of the shared AWS Managed Microsoft AD directory. | |
shared_directories | jsonb | Details about the shared directory in the directory owner account for which the share request in the directory consumer account has been accepted. | |
short_name | text | The short name of the directory. | |
size | text | The directory size. | |
snapshot_limit | jsonb | Obtains the manual snapshot limits for a directory. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
sso_enabled | boolean | Indicates if single sign-on is enabled for the directory. For more information, see EnableSso and DisableSso. | |
stage | text | The current stage of the directory. | |
stage_last_updated_date_time | timestamp with time zone | The date and time that the stage was last updated. | |
stage_reason | text | Additional information about the directory stage. | |
tags | jsonb | A map of tags for the resource. | |
tags_src | jsonb | A list of tags currently associated with the Directory Service Directory. | |
title | text | Title of the resource. | |
type | text | The directory type. | |
vpc_settings | jsonb | A DirectoryVpcSettingsDescription object that contains additional information about a directory. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_directory_service_directory