steampipe plugin install aws

Table: aws_docdb_cluster - Query Amazon DocumentDB Cluster using SQL

The Amazon DocumentDB Cluster is a fully managed, MongoDB compatible database service designed for workloads that need high availability, reliability, and scalability. It allows you to store, query, and index JSON data. DocumentDB makes it easy to operate mission critical MongoDB workloads at scale.

Table Usage Guide

The aws_docdb_cluster table in Steampipe provides you with information about Amazon DocumentDB clusters within AWS. This table allows you as a DevOps engineer, database administrator, or other technical professional to query cluster-specific details, including configurations, status, and associated metadata. You can utilize this table to gather insights on clusters, such as their availability, backup and restore settings, encryption status, and more. The schema outlines the various attributes of the DocumentDB cluster for you, including the cluster ARN, creation time, DB subnet group, associated VPC, and backup retention period.

Examples

Basic Info

select
arn,
db_cluster_identifier,
deletion_protection,
engine,
status,
region
from
aws_docdb_cluster;
select
arn,
db_cluster_identifier,
deletion_protection,
engine,
status,
region
from
aws_docdb_cluster;

List clusters which are not encrypted

Discover the segments that are not encrypted within your database clusters. This can help enhance your security measures by identifying potential vulnerabilities.

select
db_cluster_identifier,
status,
cluster_create_time,
kms_key_id,
storage_encrypted
from
aws_docdb_cluster
where
not storage_encrypted;
select
db_cluster_identifier,
status,
cluster_create_time,
kms_key_id,
storage_encrypted
from
aws_docdb_cluster
where
storage_encrypted = 0;

List clusters where backup retention period is greater than 7 days

Identify instances where the backup retention period for database clusters exceeds a week. This could be useful in managing data storage and ensuring compliance with data retention policies.

select
db_cluster_identifier,
backup_retention_period
from
aws_docdb_cluster
where
backup_retention_period > 7;
select
db_cluster_identifier,
backup_retention_period
from
aws_docdb_cluster
where
backup_retention_period > 7;

Get avalability zone count for each cluster

Determine the number of availability zones for each database cluster in your AWS DocumentDB service to better manage and distribute your databases across different zones for high availability and fault tolerance.

select
db_cluster_identifier,
jsonb_array_length(availability_zones) as availability_zones_count
from
aws_docdb_cluster;
select
db_cluster_identifier,
json_array_length(availability_zones) as availability_zones_count
from
aws_docdb_cluster;

List clusters where deletion protection is disabled

Discover the segments that have deletion protection disabled in order to identify potential vulnerabilities and enhance security measures. This is particularly useful in maintaining data integrity by preventing accidental deletions.

select
db_cluster_identifier,
status,
cluster_create_time,
deletion_protection
from
aws_docdb_cluster
where
not deletion_protection;
select
db_cluster_identifier,
status,
cluster_create_time,
deletion_protection
from
aws_docdb_cluster
where
deletion_protection = 0;

List cluster members details

Identify instances where you can assess the status and roles of members within your AWS DocumentDB clusters. This enables you to understand the configuration of each cluster member, including their promotion tier and whether they have write access.

select
db_cluster_identifier,
member ->> 'DBClusterParameterGroupStatus' as db_cluster_parameter_group_status,
member ->> 'DBInstanceIdentifier' as db_instance_identifier,
member ->> 'IsClusterWriter' as is_cluster_writer,
member ->> 'PromotionTier' as promotion_tier
from
aws_docdb_cluster
cross join jsonb_array_elements(members) as member;
select
db_cluster_identifier,
json_extract(member.value, '$.DBClusterParameterGroupStatus') as db_cluster_parameter_group_status,
json_extract(member.value, '$.DBInstanceIdentifier') as db_instance_identifier,
json_extract(member.value, '$.IsClusterWriter') as is_cluster_writer,
json_extract(member.value, '$.PromotionTier') as promotion_tier
from
aws_docdb_cluster,
json_each(members) as member;

List clusters where deletion protection is disabled

Determine the areas in which deletion protection is disabled for your clusters. This can help in identifying potential vulnerabilities and ensuring your data is secure.

select
db_cluster_identifier,
status,
cluster_create_time,
deletion_protection
from
aws_docdb_cluster
where
not deletion_protection;
select
db_cluster_identifier,
status,
cluster_create_time,
deletion_protection
from
aws_docdb_cluster
where
not deletion_protection = 0;

Schema for aws_docdb_cluster

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
account_idtextThe AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntextThe Amazon Resource Name (ARN) for the Cluster.
associated_rolesjsonbA list of AWS IAM roles that are associated with the cluster.
availability_zonesjsonbA list of Availability Zones (AZs) where instances in the cluster can be created.
backup_retention_periodbigintSpecifies the number of days for which automatic snapshots are retained.
clone_group_idtextIdentifies the clone group to which the DB cluster is associated.
cluster_create_timetimestamp with time zoneSpecifies the time when the cluster was created.
db_cluster_identifiertext=Contains a user-supplied cluster identifier. This identifier is the unique key that identifies a cluster.
db_cluster_parameter_grouptextSpecifies the name of the cluster parameter group for the cluster.
db_cluster_resource_idtextThe Region-unique, immutable identifier for the cluster.
db_subnet_grouptextSpecifies information on the subnet group associated with the cluster.
deletion_protectionbooleanSpecifies whether the cluster has deletion protection enabled, or not.
earliest_restorable_timetimestamp with time zoneThe earliest time to which a database can be restored with point-in-time restore.
enabled_cloudwatch_logs_exportsjsonbA list of log types that this cluster is configured to export to Amazon CloudWatch Logs.
endpointtextSpecifies the connection endpoint for the primary instance of the DB cluster.
enginetextThe name of the database engine to be used for this DB cluster.
engine_versiontextIndicates the database engine version.
hosted_zone_idtextSpecifies the ID that Amazon Route 53 assigns when you create a hosted zone.
kms_key_idtextThe AWS KMS key identifier for the encrypted cluster.
latest_restorable_timetimestamp with time zoneSpecifies the latest time to which a database can be restored with point-in-time restore.
master_user_nametextContains the master username for the cluster.
membersjsonbA list of instances that make up the cluster.
multi_azbooleanSpecifies whether the cluster has instances in multiple Availability Zones, or not.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
percent_progresstextSpecifies the progress of the operation as a percentage.
portbigintSpecifies the port that the database engine is listening on.
preferred_backup_windowtextSpecifies the daily time range during which automated backups are created.
preferred_maintenance_windowtextSpecifies the weekly time range during which system maintenance can occur
read_replica_identifiersjsonbA list of identifiers of the read replicas associated with this cluster.
reader_endpointtextThe reader endpoint for the DB cluster.
regiontextThe AWS Region in which the resource is located.
replication_source_identifiertextContains the identifier of the source cluster if this cluster is a secondary cluster.
statustextSpecifies the current state of this cluster.
storage_encryptedbooleanSpecifies whether the cluster is encrypted, or not.
tagsjsonbA map of tags for the resource.
tags_srcjsonbA list of tags attached to the Cluster.
titletextTitle of the resource.
vpc_security_groupsjsonbA list of VPC security groups that the DB cluster belongs to.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_docdb_cluster