Table: aws_ec2_launch_configuration - Query AWS EC2 Launch Configurations using SQL
The AWS EC2 Launch Configuration is a template that an AWS Auto Scaling group uses to launch EC2 instances. When you create a launch configuration, you specify information for the instances such as the ID of the Amazon Machine Image (AMI), the instance type, a key pair, security groups, and block device mapping. This information allows EC2 instances to be consistently launched with your chosen configurations.
Table Usage Guide
The aws_ec2_launch_configuration
table in Steampipe provides you with information about EC2 Launch Configurations within AWS Elastic Compute Cloud (EC2). This table allows you, as a DevOps engineer, to query configuration-specific details, including associated instances, security groups, and metadata. You can utilize this table to gather insights on launch configurations, such as the instance type specified, kernel id, ram disk id, and more. The schema outlines the various attributes of the EC2 Launch Configuration for you, including the launch configuration name, creation date, image id, and associated key pairs.
Examples
Basic launch configuration info
Determine the areas in which specific configurations were launched in your AWS EC2 environment. This can help in auditing and optimizing your cloud resources for better performance and cost management.
select name, created_time, associate_public_ip_address, ebs_optimized, image_id, instance_monitoring_enabled, instance_type, key_namefrom aws_ec2_launch_configuration;
select name, created_time, associate_public_ip_address, ebs_optimized, image_id, instance_monitoring_enabled, instance_type, key_namefrom aws_ec2_launch_configuration;
Get IAM role attached to each launch configuration
Identify the specific IAM role attached to each EC2 launch configuration. This can be useful for understanding the permissions each configuration has, helping to ensure security and access control in your AWS environment.
select name, iam_instance_profilefrom aws_ec2_launch_configuration;
select name, iam_instance_profilefrom aws_ec2_launch_configuration;
List launch configurations with public IPs
Identify the launch configurations that are associated with public IP addresses. This is useful for auditing your AWS EC2 instances to ensure secure and controlled access.
select name, associate_public_ip_addressfrom aws_ec2_launch_configurationwhere associate_public_ip_address;
select name, associate_public_ip_addressfrom aws_ec2_launch_configurationwhere associate_public_ip_address = 1;
Security groups attached to each launch configuration
Determine the areas in which security groups are linked to each launch configuration in your AWS EC2 instances. This allows for better management of security configurations and ensures appropriate security measures are in place.
select name, jsonb_array_elements_text(security_groups) as security_groupsfrom aws_ec2_launch_configuration;
select name, json_extract(json_each.value, '$') as security_groupsfrom aws_ec2_launch_configuration, json_each(security_groups);
List launch configurations with secrets in user data
Discover the segments that contain sensitive information within the launch configurations, such as passwords or tokens. This query is particularly useful in identifying potential security risks and ensuring data protection standards are met.
select name, user_datafrom aws_ec2_launch_configurationwhere user_data like any (array [ '%pass%', '%secret%', '%token%', '%key%' ]) or user_data ~ '(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]';
select name, user_datafrom aws_ec2_launch_configurationwhere user_data like '%pass%' or user_data like '%secret%' or user_data like '%token%' or user_data like '%key%' or ( user_data GLOB '*[a-z]*' and user_data GLOB '*[A-Z]*' and user_data GLOB '*[0-9]*' and user_data GLOB '*[@$!%*?&]*' );
Schema for aws_ec2_launch_configuration
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
associate_public_ip_address | boolean | For Auto Scaling groups that are running in a VPC, specifies whether to assign a public IP address to the group's instances. | |
block_device_mappings | jsonb | A block device mapping, which specifies the block devices for the instance. | |
classic_link_vpc_id | text | The ID of a ClassicLink-enabled VPC to link EC2-Classic instances to. | |
classic_link_vpc_security_groups | jsonb | The IDs of one or more security groups for the VPC specified in ClassicLinkVPCId. | |
created_time | timestamp with time zone | The creation date and time for the launch configuration. | |
ebs_optimized | boolean | Specifies whether the launch configuration is optimized for EBS I/O (true) or not (false). | |
iam_instance_profile | text | The name or the Amazon Resource Name (ARN) of the instance profile associated with the IAM role for the instance. | |
image_id | text | The ID of the Amazon Machine Image (AMI) to use to launch EC2 instances. | |
instance_monitoring_enabled | boolean | Describes whether detailed monitoring is enabled for the Auto Scaling instances. | |
instance_type | text | The instance type for the instances. | |
kernel_id | text | The ID of the kernel associated with the AMI. | |
key_name | text | The name of the key pair to be associated with instances. | |
launch_configuration_arn | text | The Amazon Resource Name (ARN) of the launch configuration. | |
metadata_options_http_endpoint | text | This parameter enables or disables the HTTP metadata endpoint on instances. If the parameter is not specified, the default state is enabled. | |
metadata_options_http_tokens | text | The state of token usage for your instance metadata requests. If the parameter is not specified in the request, the default state is optional. | |
metadata_options_put_response_hop_limit | bigint | The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. | |
name | text | = | The name of the launch configuration. |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
placement_tenancy | text | The tenancy of the instance, either default or dedicated. An instance with dedicated tenancy runs on isolated, single-tenant hardware and can only be launched into a VPC. | |
ramdisk_id | text | The ID of the RAM disk associated with the AMI. | |
region | text | The AWS Region in which the resource is located. | |
security_groups | jsonb | A list that contains the security groups to assign to the instances in the Auto Scaling group. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
spot_price | text | The maximum hourly price to be paid for any Spot Instance launched to fulfill the request. Spot Instances are launched when the price you specified exceeds the current Spot price. | |
title | text | Title of the resource. | |
user_data | text | The Base64-encoded user data to make available to the launched EC2 instances. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_ec2_launch_configuration