Table: aws_ec2_launch_configuration - Query AWS EC2 Launch Configurations using SQL

The AWS EC2 Launch Configuration is a template that an AWS Auto Scaling group uses to launch EC2 instances. When you create a launch configuration, you specify information for the instances such as the ID of the Amazon Machine Image (AMI), the instance type, a key pair, security groups, and block device mapping. This information allows EC2 instances to be consistently launched with your chosen configurations.

Table Usage Guide

The aws_ec2_launch_configuration table in Steampipe provides you with information about EC2 Launch Configurations within AWS Elastic Compute Cloud (EC2). This table allows you, as a DevOps engineer, to query configuration-specific details, including associated instances, security groups, and metadata. You can utilize this table to gather insights on launch configurations, such as the instance type specified, kernel id, ram disk id, and more. The schema outlines the various attributes of the EC2 Launch Configuration for you, including the launch configuration name, creation date, image id, and associated key pairs.

Examples

Basic launch configuration info

Determine the areas in which specific configurations were launched in your AWS EC2 environment. This can help in auditing and optimizing your cloud resources for better performance and cost management.

select
  name,
  created_time,
  associate_public_ip_address,
  ebs_optimized,
  image_id,
  instance_monitoring_enabled,
  instance_type,
  key_name
from
  aws_ec2_launch_configuration;

select
  name,
  created_time,
  associate_public_ip_address,
  ebs_optimized,
  image_id,
  instance_monitoring_enabled,
  instance_type,
  key_name
from
  aws_ec2_launch_configuration;

Get IAM role attached to each launch configuration

Identify the specific IAM role attached to each EC2 launch configuration. This can be useful for understanding the permissions each configuration has, helping to ensure security and access control in your AWS environment.

select
  name,
  iam_instance_profile
from
  aws_ec2_launch_configuration;

select
  name,
  iam_instance_profile
from
  aws_ec2_launch_configuration;

List launch configurations with public IPs

Identify the launch configurations that are associated with public IP addresses. This is useful for auditing your AWS EC2 instances to ensure secure and controlled access.

select
  name,
  associate_public_ip_address
from
  aws_ec2_launch_configuration
where
  associate_public_ip_address;

select
  name,
  associate_public_ip_address
from
  aws_ec2_launch_configuration
where
  associate_public_ip_address = 1;

Security groups attached to each launch configuration

Determine the areas in which security groups are linked to each launch configuration in your AWS EC2 instances. This allows for better management of security configurations and ensures appropriate security measures are in place.

select
  name,
  jsonb_array_elements_text(security_groups) as security_groups
from
  aws_ec2_launch_configuration;

select
  name,
  json_extract(json_each.value, '$') as security_groups
from
  aws_ec2_launch_configuration,
  json_each(security_groups);

List launch configurations with secrets in user data

Discover the segments that contain sensitive information within the launch configurations, such as passwords or tokens. This query is particularly useful in identifying potential security risks and ensuring data protection standards are met.

select
  name,
  user_data
from
  aws_ec2_launch_configuration
where
  user_data like any (array [ '%pass%', '%secret%', '%token%', '%key%' ])
  or user_data ~ '(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]';

select
  name,
  user_data
from
  aws_ec2_launch_configuration
where
  user_data like '%pass%'
  or user_data like '%secret%'
  or user_data like '%token%'
  or user_data like '%key%'
  or (
    user_data GLOB '*[a-z]*'
    and user_data GLOB '*[A-Z]*'
    and user_data GLOB '*[0-9]*'
    and user_data GLOB '*[@$!%*?&]*'
  );

Query examples

Control examples

Schema for aws_ec2_launch_configuration

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
account_id	text	=, !=, ~~, ~~, !~~, !~~	The AWS Account ID in which the resource is located.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
associate_public_ip_address	boolean		For Auto Scaling groups that are running in a VPC, specifies whether to assign a public IP address to the group's instances.
block_device_mappings	jsonb		A block device mapping, which specifies the block devices for the instance.
classic_link_vpc_id	text		The ID of a ClassicLink-enabled VPC to link EC2-Classic instances to.
classic_link_vpc_security_groups	jsonb		The IDs of one or more security groups for the VPC specified in ClassicLinkVPCId.
created_time	timestamp with time zone		The creation date and time for the launch configuration.
ebs_optimized	boolean		Specifies whether the launch configuration is optimized for EBS I/O (true) or not (false).
iam_instance_profile	text		The name or the Amazon Resource Name (ARN) of the instance profile associated with the IAM role for the instance.
image_id	text		The ID of the Amazon Machine Image (AMI) to use to launch EC2 instances.
instance_monitoring_enabled	boolean		Describes whether detailed monitoring is enabled for the Auto Scaling instances.
instance_type	text		The instance type for the instances.
kernel_id	text		The ID of the kernel associated with the AMI.
key_name	text		The name of the key pair to be associated with instances.
launch_configuration_arn	text		The Amazon Resource Name (ARN) of the launch configuration.
metadata_options_http_endpoint	text		This parameter enables or disables the HTTP metadata endpoint on instances. If the parameter is not specified, the default state is enabled.
metadata_options_http_tokens	text		The state of token usage for your instance metadata requests. If the parameter is not specified in the request, the default state is optional.
metadata_options_put_response_hop_limit	bigint		The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel.
name	text	=	The name of the launch configuration.
partition	text		The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
placement_tenancy	text		The tenancy of the instance, either default or dedicated. An instance with dedicated tenancy runs on isolated, single-tenant hardware and can only be launched into a VPC.
ramdisk_id	text		The ID of the RAM disk associated with the AMI.
region	text		The AWS Region in which the resource is located.
security_groups	jsonb		A list that contains the security groups to assign to the instances in the Auto Scaling group.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
spot_price	text		The maximum hourly price to be paid for any Spot Instance launched to fulfill the request. Spot Instances are launched when the price you specified exceeds the current Spot price.
title	text		Title of the resource.
user_data	text		The Base64-encoded user data to make available to the launched EC2 instances.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_ec2_launch_configuration