steampipe plugin install awssteampipe plugin install aws

Table: aws_ec2_key_pair - Query AWS EC2 Key Pairs using SQL

The AWS EC2 Key Pair is a security feature utilized within Amazon's Elastic Compute Cloud (EC2). It provides a simple, secure way to log into your instances using SSH. The key pair is composed of a public key that AWS stores, and a private key file that you store, enabling an encrypted connection to your instance.

Table Usage Guide

The aws_ec2_key_pair table in Steampipe provides you with information about Key Pairs within AWS EC2 (Elastic Compute Cloud). This table allows you, as a DevOps engineer, security team member, or system administrator, to query key pair-specific details, including key fingerprints, key material, and associated tags. You can utilize this table to gather insights on key pairs, such as verifying key fingerprints, checking the existence of specific key pairs, and more. The schema outlines the various attributes of the EC2 key pair for you, including the key pair name, key pair ID, key type, public key, and associated tags.

Examples

Basic keypair info

Analyze the settings to understand the distribution of your EC2 key pairs across various regions. This can help in managing your AWS resources efficiently and ensuring balanced utilization.

select
  key_name,
  key_pair_id,
  region
from
  aws_ec2_key_pair;

select
  key_name,
  key_pair_id,
  region
from
  aws_ec2_key_pair;

List of keypairs without owner tag key

Identify instances where AWS EC2 key pairs are not tagged with an owner. This is useful for maintaining efficient tag management and ensuring accountability for key pair usage.

select
  key_name,
  tags
from
  aws_ec2_key_pair
where
  not tags :: JSONB ? 'owner';

select
  key_name,
  tags
from
  aws_ec2_key_pair
where
  json_extract(tags, '$.owner') IS NULL;

Schema for aws_ec2_key_pair

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
account_id	text	=, !=, ~~, ~~, !~~, !~~	The AWS Account ID in which the resource is located.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
key_fingerprint	text	=	If key pair was created using CreateKeyPair, this is the SHA-1 digest of the DER encoded private key. If key pair was created using ImportKeyPair to provide AWS the public key, this is the MD5 public key fingerprint as specified in section 4 of RFC4716
key_name	text	=	The name of the key pair
key_pair_id	text	=	The ID of the key pair
partition	text		The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
region	text		The AWS Region in which the resource is located.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
tags	jsonb		A map of tags for the resource.
tags_src	jsonb		A list of tags assigned to the key pair
title	text		Title of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_ec2_key_pair