steampipe plugin install awssteampipe plugin install aws

Table: aws_docdb_cluster_snapshot - Query Amazon DocumentDB Cluster Snapshots using SQL

The aws_docdb_cluster_snapshot table provides detailed information about snapshots of Amazon DocumentDB clusters. These snapshots are storage volume snapshots that back up the entire cluster, enabling data recovery and historical analysis.

Table Usage Guide

This table allows DevOps engineers, database administrators, and other technical professionals to query detailed information about Amazon DocumentDB cluster snapshots. Utilize this table to analyze snapshot configurations, encryption statuses, and other metadata. The schema includes attributes of the DocumentDB cluster snapshots, such as identifiers, creation times, and the associated cluster details.

Examples

List of cluster snapshots that are not encrypted

Identify unencrypted cluster snapshots to assess and improve your security posture.

select
  db_cluster_snapshot_identifier,
  snapshot_type,
  not storage_encrypted as storage_not_encrypted,
  split_part(kms_key_id, '/', 1) as kms_key_id
from
  aws_docdb_cluster_snapshot
where
  not storage_encrypted;

select
  db_cluster_snapshot_identifier,
  snapshot_type,
  not storage_encrypted as storage_not_encrypted,
  substr(kms_key_id, 1, instr(kms_key_id, '/') - 1) as kms_key_id
from
  aws_docdb_cluster_snapshot
where
  not storage_encrypted;

Cluster information of each snapshot

Retrieve basic information about each cluster snapshot, including its creation time and the engine details.

select
  db_cluster_snapshot_identifier,
  cluster_create_time,
  engine,
  engine_version
from
  aws_docdb_cluster_snapshot;

select
  db_cluster_snapshot_identifier,
  cluster_create_time,
  engine,
  engine_version
from
  aws_docdb_cluster_snapshot;

Cluster snapshot count per cluster

Determine the number of snapshots taken for each cluster to help manage snapshot policies and storage.

select
  db_cluster_identifier,
  count(db_cluster_snapshot_identifier) as snapshot_count
from
  aws_docdb_cluster_snapshot
group by
  db_cluster_identifier;

select
  db_cluster_identifier,
  count(db_cluster_snapshot_identifier) as snapshot_count
from
  aws_docdb_cluster_snapshot
group by
  db_cluster_identifier;

List of manual cluster snapshots

Filter for manually created cluster snapshots to distinguish them from automatic backups.

select
  db_cluster_snapshot_identifier,
  engine,
  snapshot_type
from
  aws_docdb_cluster_snapshot
where
  snapshot_type = 'manual';

select
  db_cluster_snapshot_identifier,
  engine,
  snapshot_type
from
  aws_docdb_cluster_snapshot
where
  snapshot_type = 'manual';

Control examples

Schema for aws_docdb_cluster_snapshot

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
account_id	text	=, !=, ~~, ~~, !~~, !~~	The AWS Account ID in which the resource is located.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
arn	text		The Amazon Resource Name (ARN) for the cluster snapshot.
availability_zones	jsonb		A list of Availability Zones (AZs) where instances in the cluster snapshot can be restored.
cluster_create_time	timestamp with time zone		Specifies the time when the cluster was created.
db_cluster_identifier	text	=	The friendly name to identify the cluster, that the snapshot snapshot was created from.
db_cluster_snapshot_attributes	jsonb		A list of DB cluster snapshot attribute names and values for a manual cluster snapshot.
db_cluster_snapshot_identifier	text	=	The friendly name to identify the cluster snapshot.
engine	text		Specifies the name of the database engine.
engine_version	text		Specifies the version of the database engine for this cluster snapshot.
include_public	boolean	=	Set to true to include manual cluster snapshots that are public and can be copied or restored by any Amazon Web Services account, and otherwise false.
include_shared	boolean	=	Set to true to include shared manual cluster snapshots from other Amazon Web Services accounts that this Amazon Web Services account has been given permission to copy or restore, and otherwise false.
kms_key_id	text		The AWS KMS key identifier for the AWS KMS customer master key (CMK).
master_user_name	text		Provides the master username for the cluster snapshot.
partition	text		The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
percent_progress	bigint		Specifies the percentage of the estimated data that has been transferred.
port	bigint		Specifies the port that the cluster was listening on at the time of the snapshot.
region	text		The AWS Region in which the resource is located.
snapshot_create_time	timestamp with time zone		The time when the snapshot was taken.
snapshot_type	text	=	The type of the cluster snapshot.
source_db_cluster_snapshot_arn	text		The Amazon Resource Name (ARN) for the source cluster snapshot, if the cluster snapshot was copied from a source cluster snapshot.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
status	text		Specifies the status of this cluster snapshot.
storage_encrypted	boolean		Specifies whether the cluster snapshot is encrypted, or not.
tags	jsonb		A map of tags for the resource.
tags_src	jsonb		A list of tags attached to the cluster snapshot.
title	text		Title of the resource.
vpc_id	text		Provides the VPC ID associated with the cluster snapshot.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_docdb_cluster_snapshot