steampipe plugin install aws

Table: aws_ec2_launch_configuration - Query AWS EC2 Launch Configurations using SQL

The AWS EC2 Launch Configuration is a template that an AWS Auto Scaling group uses to launch EC2 instances. When you create a launch configuration, you specify information for the instances such as the ID of the Amazon Machine Image (AMI), the instance type, a key pair, security groups, and block device mapping. This information allows EC2 instances to be consistently launched with your chosen configurations.

Table Usage Guide

The aws_ec2_launch_configuration table in Steampipe provides you with information about EC2 Launch Configurations within AWS Elastic Compute Cloud (EC2). This table allows you, as a DevOps engineer, to query configuration-specific details, including associated instances, security groups, and metadata. You can utilize this table to gather insights on launch configurations, such as the instance type specified, kernel id, ram disk id, and more. The schema outlines the various attributes of the EC2 Launch Configuration for you, including the launch configuration name, creation date, image id, and associated key pairs.

Examples

Basic launch configuration info

Determine the areas in which specific configurations were launched in your AWS EC2 environment. This can help in auditing and optimizing your cloud resources for better performance and cost management.

select
name,
created_time,
associate_public_ip_address,
ebs_optimized,
image_id,
instance_monitoring_enabled,
instance_type,
key_name
from
aws_ec2_launch_configuration;
select
name,
created_time,
associate_public_ip_address,
ebs_optimized,
image_id,
instance_monitoring_enabled,
instance_type,
key_name
from
aws_ec2_launch_configuration;

Get IAM role attached to each launch configuration

Identify the specific IAM role attached to each EC2 launch configuration. This can be useful for understanding the permissions each configuration has, helping to ensure security and access control in your AWS environment.

select
name,
iam_instance_profile
from
aws_ec2_launch_configuration;
select
name,
iam_instance_profile
from
aws_ec2_launch_configuration;

List launch configurations with public IPs

Identify the launch configurations that are associated with public IP addresses. This is useful for auditing your AWS EC2 instances to ensure secure and controlled access.

select
name,
associate_public_ip_address
from
aws_ec2_launch_configuration
where
associate_public_ip_address;
select
name,
associate_public_ip_address
from
aws_ec2_launch_configuration
where
associate_public_ip_address = 1;

Security groups attached to each launch configuration

Determine the areas in which security groups are linked to each launch configuration in your AWS EC2 instances. This allows for better management of security configurations and ensures appropriate security measures are in place.

select
name,
jsonb_array_elements_text(security_groups) as security_groups
from
aws_ec2_launch_configuration;
select
name,
json_extract(json_each.value, '$') as security_groups
from
aws_ec2_launch_configuration,
json_each(security_groups);

List launch configurations with secrets in user data

Discover the segments that contain sensitive information within the launch configurations, such as passwords or tokens. This query is particularly useful in identifying potential security risks and ensuring data protection standards are met.

select
name,
user_data
from
aws_ec2_launch_configuration
where
user_data like any (array [ '%pass%', '%secret%', '%token%', '%key%' ])
or user_data ~ '(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]';
select
name,
user_data
from
aws_ec2_launch_configuration
where
user_data like '%pass%'
or user_data like '%secret%'
or user_data like '%token%'
or user_data like '%key%'
or (
user_data GLOB '*[a-z]*'
and user_data GLOB '*[A-Z]*'
and user_data GLOB '*[0-9]*'
and user_data GLOB '*[@$!%*?&]*'
);

Schema for aws_ec2_launch_configuration

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
associate_public_ip_addressbooleanFor Auto Scaling groups that are running in a VPC, specifies whether to assign a public IP address to the group's instances.
block_device_mappingsjsonbA block device mapping, which specifies the block devices for the instance.
classic_link_vpc_idtextThe ID of a ClassicLink-enabled VPC to link EC2-Classic instances to.
classic_link_vpc_security_groupsjsonbThe IDs of one or more security groups for the VPC specified in ClassicLinkVPCId.
created_timetimestamp with time zoneThe creation date and time for the launch configuration.
ebs_optimizedbooleanSpecifies whether the launch configuration is optimized for EBS I/O (true) or not (false).
iam_instance_profiletextThe name or the Amazon Resource Name (ARN) of the instance profile associated with the IAM role for the instance.
image_idtextThe ID of the Amazon Machine Image (AMI) to use to launch EC2 instances.
instance_monitoring_enabledbooleanDescribes whether detailed monitoring is enabled for the Auto Scaling instances.
instance_typetextThe instance type for the instances.
kernel_idtextThe ID of the kernel associated with the AMI.
key_nametextThe name of the key pair to be associated with instances.
launch_configuration_arntextThe Amazon Resource Name (ARN) of the launch configuration.
metadata_options_http_endpointtextThis parameter enables or disables the HTTP metadata endpoint on instances. If the parameter is not specified, the default state is enabled.
metadata_options_http_tokenstextThe state of token usage for your instance metadata requests. If the parameter is not specified in the request, the default state is optional.
metadata_options_put_response_hop_limitbigintThe desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel.
nametext=The name of the launch configuration.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
placement_tenancytextThe tenancy of the instance, either default or dedicated. An instance with dedicated tenancy runs on isolated, single-tenant hardware and can only be launched into a VPC.
ramdisk_idtextThe ID of the RAM disk associated with the AMI.
regiontextThe AWS Region in which the resource is located.
security_groupsjsonbA list that contains the security groups to assign to the instances in the Auto Scaling group.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
spot_pricetextThe maximum hourly price to be paid for any Spot Instance launched to fulfill the request. Spot Instances are launched when the price you specified exceeds the current Spot price.
titletextTitle of the resource.
user_datatextThe Base64-encoded user data to make available to the launched EC2 instances.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_ec2_launch_configuration