Table: aws_docdb_cluster_instance - Query Amazon DocumentDB Cluster Instances using SQL
The Amazon DocumentDB Cluster Instance is a part of Amazon DocumentDB, a fast, scalable, highly available, and fully managed document database service that supports MongoDB workloads. It provides the performance, scalability, and availability you need when operating mission-critical MongoDB workloads at scale. With DocumentDB, you can store, query, and index JSON data.
Table Usage Guide
The aws_docdb_cluster_instance
table in Steampipe provides you with information about Amazon DocumentDB Cluster Instances. This table allows you as a DevOps engineer, database administrator, or other technical professional to query detailed information about each cluster instance, such as its identifier, associated cluster identifier, instance class, availability zone, engine version, and other relevant metadata. You can utilize this table to gather insights on the configuration, performance, and status of your DocumentDB cluster instances. The schema outlines the various attributes of the DocumentDB cluster instance, including instance ARN, creation time, instance status, and associated tags for you.
Examples
Basic info
Gain insights into the specifics of your AWS DocumentDB Cluster instances, such as the engine type, version, and instance class. This can be useful for assessing your current configuration and identifying potential areas for optimization or upgrade.
select db_instance_identifier, db_cluster_identifier, engine, engine_version, db_instance_class, availability_zonefrom aws_docdb_cluster_instance;
select db_instance_identifier, db_cluster_identifier, engine, engine_version, db_instance_class, availability_zonefrom aws_docdb_cluster_instance;
List instances which are publicly accessible
Identify instances that are accessible to the public, allowing you to review and manage your data's exposure and security. This query is useful for maintaining control over your data privacy and ensuring that only authorized users have access.
select db_instance_identifier, db_cluster_identifier, engine, engine_version, db_instance_class, availability_zonefrom aws_docdb_cluster_instancewhere publicly_accessible;
select db_instance_identifier, db_cluster_identifier, engine, engine_version, db_instance_class, availability_zonefrom aws_docdb_cluster_instancewhere publicly_accessible = 1;
Get DB subnet group information of each instance
Explore the status and details of your database subnet groups across instances to understand their configuration and ensure optimal database management. This is beneficial for maintaining network efficiency and security in your AWS DocumentDB clusters.
select db_subnet_group_arn, db_subnet_group_name, db_subnet_group_description, db_subnet_group_statusfrom aws_docdb_cluster_instance;
select db_subnet_group_arn, db_subnet_group_name, db_subnet_group_description, db_subnet_group_statusfrom aws_docdb_cluster_instance;
Get VPC and subnet information of each instance
Determine the areas in which each instance of your database is connected to a VPC and its associated subnet. This is useful for understanding your database's network configuration and ensuring it aligns with your security and performance requirements.
select db_instance_identifier as attached_vpc, vsg ->> 'VpcSecurityGroupId' as vpc_security_group_id, vsg ->> 'Status' as status, sub -> 'SubnetAvailabilityZone' ->> 'Name' as subnet_availability_zone, sub ->> 'SubnetIdentifier' as subnet_identifier, sub -> 'SubnetOutpost' ->> 'Arn' as subnet_outpost, sub ->> 'SubnetStatus' as subnet_statusfrom aws_docdb_cluster_instance cross join jsonb_array_elements(vpc_security_groups) as vsg cross join jsonb_array_elements(subnets) as sub;
select db_instance_identifier as attached_vpc, json_extract(vsg.value, '$.VpcSecurityGroupId') as vpc_security_group_id, json_extract(vsg.value, '$.Status') as status, json_extract( json_extract(sub.value, '$.SubnetAvailabilityZone'), '$.Name' ) as subnet_availability_zone, json_extract(sub.value, '$.SubnetIdentifier') as subnet_identifier, json_extract( json_extract(sub.value, '$.SubnetOutpost'), '$.Arn' ) as subnet_outpost, json_extract(sub.value, '$.SubnetStatus') as subnet_statusfrom aws_docdb_cluster_instance, json_each(vpc_security_groups) as vsg, json_each(subnets) as sub;
List instances with unecrypted storage
Identify instances where storage is not encrypted to understand potential vulnerabilities in your database security. This is crucial for ensuring data protection and compliance with security regulations.
select db_instance_identifier, db_cluster_identifier, db_instance_classfrom aws_docdb_cluster_instancewhere not storage_encrypted;
select db_instance_identifier, db_cluster_identifier, db_instance_classfrom aws_docdb_cluster_instancewhere storage_encrypted = 0;
List instances with cloudwatch logs disabled
Identify instances where DocumentDB clusters in AWS might be vulnerable due to disabled CloudWatch logs. This query is beneficial for improving security and compliance by ensuring that all instances have logging enabled.
select db_instance_identifier, db_cluster_identifier, db_instance_classfrom aws_docdb_cluster_instancewhere enabled_cloudwatch_logs_exports is null;
select db_instance_identifier, db_cluster_identifier, db_instance_classfrom aws_docdb_cluster_instancewhere enabled_cloudwatch_logs_exports is null;
Get network endpoint information of each instance
Gain insights into the network connectivity of each instance by identifying the network endpoint details. This can be beneficial in diagnosing connectivity issues or planning network configurations.
select db_instance_identifier, endpoint_address, endpoint_hosted_zone_id, endpoint_portfrom aws_docdb_cluster_instance;
select db_instance_identifier, endpoint_address, endpoint_hosted_zone_id, endpoint_portfrom aws_docdb_cluster_instance;
Schema for aws_docdb_cluster_instance
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
availability_zone | text | Specifies the name of the availability zone the instance is located in. | |
backup_retention_period | bigint | Specifies the number of days for which automatic snapshots are retained. | |
ca_certificate_identifier | text | The identifier of the CA certificate for this DB instance. | |
copy_tags_to_snapshot | boolean | Specifies whether tags are copied from the DB instance to snapshots of the DB instance, or not. | |
db_cluster_identifier | text | = | Contains the name of the cluster that the instance is a member of if the instance is a member of a cluster. |
db_instance_arn | text | = | The Amazon Resource Name (ARN) for the instance. |
db_instance_class | text | Contains the name of the compute and memory capacity class of the instance. | |
db_instance_identifier | text | = | Contains a user-provided database identifier. This identifier is the unique key that identifies an instance. |
db_instance_status | text | Specifies the current state of this database. | |
db_subnet_group_arn | text | The Amazon Resource Name (ARN) for the DB subnet group. | |
db_subnet_group_description | text | Provides the description of the DB subnet group. | |
db_subnet_group_name | text | The name of the DB subnet group. | |
db_subnet_group_status | text | Provides the status of the DB subnet group. | |
dbi_resource_id | text | The Amazon Web Services Region-unique, immutable identifier for the instance. | |
enabled_cloudwatch_logs_exports | jsonb | A list of log types that this instance is configured to export to CloudWatch Logs. | |
endpoint_address | text | Specifies the DNS address of the instance. | |
endpoint_hosted_zone_id | text | Specifies the ID that Amazon Route 53 assigns when you create a hosted zone. | |
endpoint_port | bigint | Specifies the port that the database engine is listening on. | |
engine | text | The name of the database engine to be used for this instance. | |
engine_version | text | Indicates the database engine version. | |
instance_create_time | timestamp with time zone | Provides the date and time the instance was created. | |
kms_key_id | text | If StorageEncrypted is true, the KMS key identifier for the encrypted instance. | |
latest_restorable_time | timestamp with time zone | Specifies the latest time to which a database can be restored with point-in-time restore. | |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
pending_modified_values | jsonb | Specifies that changes to the instance are pending. | |
preferred_backup_window | text | Specifies the daily time range during which automated backups are created. | |
preferred_maintenance_window | text | Specifies the weekly time range during which system maintenance can occur. | |
promotion_tier | bigint | A value that specifies the order in which an Amazon DocumentDB replica is promoted to the primary instance after a failure of the existing primary instance. | |
publicly_accessible | boolean | Specifies the accessibility options for the DB instance. | |
region | text | The AWS Region in which the resource is located. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
status_infos | jsonb | The status of a read replica. | |
storage_encrypted | boolean | Specifies whether or not the instance is encrypted. | |
subnets | jsonb | A list of subnet elements. | |
tags | jsonb | A map of tags for the resource. | |
tags_src | jsonb | A list of tags attached to the Instance. | |
title | text | Title of the resource. | |
vpc_id | text | Provides the VpcId of the DB subnet group. | |
vpc_security_groups | jsonb | A list of VPC security group elements that the instance belongs to. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_docdb_cluster_instance