aws_accessanalyzer_analyzeraws_accessanalyzer_findingaws_accountaws_account_alternate_contactaws_account_contactaws_acm_certificateaws_acmpca_certificate_authorityaws_amplify_appaws_api_gateway_api_keyaws_api_gateway_authorizeraws_api_gateway_domain_nameaws_api_gateway_methodaws_api_gateway_rest_apiaws_api_gateway_stageaws_api_gateway_usage_planaws_api_gatewayv2_apiaws_api_gatewayv2_domain_nameaws_api_gatewayv2_integrationaws_api_gatewayv2_routeaws_api_gatewayv2_stageaws_app_runner_serviceaws_appautoscaling_policyaws_appautoscaling_targetaws_appconfig_applicationaws_appstream_fleetaws_appstream_imageaws_appsync_graphql_apiaws_athena_query_executionaws_athena_workgroupaws_auditmanager_assessmentaws_auditmanager_controlaws_auditmanager_evidenceaws_auditmanager_evidence_folderaws_auditmanager_frameworkaws_availability_zoneaws_backup_frameworkaws_backup_jobaws_backup_legal_holdaws_backup_planaws_backup_protected_resourceaws_backup_recovery_pointaws_backup_report_planaws_backup_selectionaws_backup_vaultaws_cloudcontrol_resourceaws_cloudformation_stackaws_cloudformation_stack_resourceaws_cloudformation_stack_setaws_cloudfront_cache_policyaws_cloudfront_distributionaws_cloudfront_functionaws_cloudfront_origin_access_identityaws_cloudfront_origin_request_policyaws_cloudfront_response_headers_policyaws_cloudsearch_domainaws_cloudtrail_channelaws_cloudtrail_event_data_storeaws_cloudtrail_importaws_cloudtrail_lookup_eventaws_cloudtrail_queryaws_cloudtrail_trailaws_cloudtrail_trail_eventaws_cloudwatch_alarmaws_cloudwatch_log_eventaws_cloudwatch_log_groupaws_cloudwatch_log_metric_filteraws_cloudwatch_log_resource_policyaws_cloudwatch_log_streamaws_cloudwatch_log_subscription_filteraws_cloudwatch_metricaws_cloudwatch_metric_data_pointaws_cloudwatch_metric_statistic_data_pointaws_codeartifact_domainaws_codeartifact_repositoryaws_codebuild_buildaws_codebuild_projectaws_codebuild_source_credentialaws_codecommit_repositoryaws_codedeploy_appaws_codedeploy_deployment_configaws_codedeploy_deployment_groupaws_codepipeline_pipelineaws_codestar_notification_ruleaws_cognito_identity_poolaws_cognito_identity_provideraws_cognito_user_poolaws_config_aggregate_authorizationaws_config_configuration_recorderaws_config_conformance_packaws_config_retention_configurationaws_config_ruleaws_cost_by_account_dailyaws_cost_by_account_monthlyaws_cost_by_record_type_dailyaws_cost_by_record_type_monthlyaws_cost_by_service_dailyaws_cost_by_service_monthlyaws_cost_by_service_usage_type_dailyaws_cost_by_service_usage_type_monthlyaws_cost_by_tagaws_cost_forecast_dailyaws_cost_forecast_monthlyaws_cost_usageaws_dax_clusteraws_dax_parameteraws_dax_parameter_groupaws_dax_subnet_groupaws_directory_service_certificateaws_directory_service_directoryaws_directory_service_log_subscriptionaws_directory_servicelog_subscriptionaws_dlm_lifecycle_policyaws_dms_certificateaws_dms_endpointaws_dms_replication_instanceaws_dms_replication_taskaws_docdb_clusteraws_docdb_cluster_instanceaws_docdb_cluster_snapshotaws_drs_jobaws_drs_recovery_instanceaws_drs_recovery_snapshotaws_drs_source_serveraws_dynamodb_backupaws_dynamodb_global_tableaws_dynamodb_metric_account_provisioned_read_capacity_utilaws_dynamodb_metric_account_provisioned_write_capacity_utilaws_dynamodb_tableaws_dynamodb_table_exportaws_ebs_snapshotaws_ebs_volumeaws_ebs_volume_metric_read_opsaws_ebs_volume_metric_read_ops_dailyaws_ebs_volume_metric_read_ops_hourlyaws_ebs_volume_metric_write_opsaws_ebs_volume_metric_write_ops_dailyaws_ebs_volume_metric_write_ops_hourlyaws_ec2_amiaws_ec2_ami_sharedaws_ec2_application_load_balanceraws_ec2_application_load_balancer_metric_request_countaws_ec2_application_load_balancer_metric_request_count_dailyaws_ec2_autoscaling_groupaws_ec2_capacity_reservationaws_ec2_classic_load_balanceraws_ec2_client_vpn_endpointaws_ec2_gateway_load_balanceraws_ec2_instanceaws_ec2_instance_availabilityaws_ec2_instance_metric_cpu_utilizationaws_ec2_instance_metric_cpu_utilization_dailyaws_ec2_instance_metric_cpu_utilization_hourlyaws_ec2_instance_typeaws_ec2_key_pairaws_ec2_launch_configurationaws_ec2_launch_templateaws_ec2_launch_template_versionaws_ec2_load_balancer_listeneraws_ec2_load_balancer_listener_ruleaws_ec2_managed_prefix_listaws_ec2_managed_prefix_list_entryaws_ec2_network_interfaceaws_ec2_network_load_balanceraws_ec2_network_load_balancer_metric_net_flow_countaws_ec2_network_load_balancer_metric_net_flow_count_dailyaws_ec2_regional_settingsaws_ec2_reserved_instanceaws_ec2_spot_priceaws_ec2_ssl_policyaws_ec2_target_groupaws_ec2_transit_gatewayaws_ec2_transit_gateway_routeaws_ec2_transit_gateway_route_tableaws_ec2_transit_gateway_vpc_attachmentaws_ecr_imageaws_ecr_image_scan_findingaws_ecr_registry_scanning_configurationaws_ecr_repositoryaws_ecrpublic_repositoryaws_ecs_clusteraws_ecs_cluster_metric_cpu_utilizationaws_ecs_cluster_metric_cpu_utilization_dailyaws_ecs_cluster_metric_cpu_utilization_hourlyaws_ecs_container_instanceaws_ecs_serviceaws_ecs_taskaws_ecs_task_definitionaws_efs_access_pointaws_efs_file_systemaws_efs_mount_targetaws_eks_addonaws_eks_addon_versionaws_eks_clusteraws_eks_fargate_profileaws_eks_identity_provider_configaws_eks_node_groupaws_elastic_beanstalk_applicationaws_elastic_beanstalk_application_versionaws_elastic_beanstalk_environmentaws_elasticache_clusteraws_elasticache_parameter_groupaws_elasticache_redis_metric_cache_hits_hourlyaws_elasticache_redis_metric_curr_connections_hourlyaws_elasticache_redis_metric_engine_cpu_utilization_dailyaws_elasticache_redis_metric_engine_cpu_utilization_hourlyaws_elasticache_redis_metric_get_type_cmds_hourlyaws_elasticache_redis_metric_list_based_cmds_hourlyaws_elasticache_redis_metric_new_connections_hourlyaws_elasticache_replication_groupaws_elasticache_reserved_cache_nodeaws_elasticache_subnet_groupaws_elasticsearch_domainaws_emr_block_public_access_configurationaws_emr_clusteraws_emr_cluster_metric_is_idleaws_emr_instanceaws_emr_instance_fleetaws_emr_instance_groupaws_emr_security_configurationaws_eventbridge_busaws_eventbridge_ruleaws_fms_app_listaws_fms_policyaws_fsx_file_systemaws_glacier_vaultaws_globalaccelerator_acceleratoraws_globalaccelerator_endpoint_groupaws_globalaccelerator_listeneraws_glue_catalog_databaseaws_glue_catalog_tableaws_glue_connectionaws_glue_crawleraws_glue_data_catalog_encryption_settingsaws_glue_data_quality_rulesetaws_glue_dev_endpointaws_glue_jobaws_glue_security_configurationaws_guardduty_detectoraws_guardduty_filteraws_guardduty_findingaws_guardduty_ipsetaws_guardduty_memberaws_guardduty_publishing_destinationaws_guardduty_threat_intel_setaws_health_affected_entityaws_health_eventaws_iam_access_advisoraws_iam_access_keyaws_iam_account_password_policyaws_iam_account_summaryaws_iam_actionaws_iam_credential_reportaws_iam_groupaws_iam_open_id_connect_provideraws_iam_policyaws_iam_policy_attachmentaws_iam_policy_simulatoraws_iam_roleaws_iam_saml_provideraws_iam_server_certificateaws_iam_service_specific_credentialaws_iam_useraws_iam_virtual_mfa_deviceaws_identitystore_groupaws_identitystore_group_membershipaws_identitystore_useraws_inspector2_coverageaws_inspector2_coverage_statisticsaws_inspector2_findingaws_inspector2_memberaws_inspector_assessment_runaws_inspector_assessment_targetaws_inspector_assessment_templateaws_inspector_exclusionaws_inspector_findingaws_iot_fleet_metricaws_iot_thingaws_iot_thing_groupaws_iot_thing_typeaws_kinesis_consumeraws_kinesis_firehose_delivery_streamaws_kinesis_streamaws_kinesis_video_streamaws_kinesisanalyticsv2_applicationaws_kms_aliasaws_kms_keyaws_kms_key_rotationaws_lambda_aliasaws_lambda_event_source_mappingaws_lambda_functionaws_lambda_function_metric_duration_dailyaws_lambda_function_metric_errors_dailyaws_lambda_function_metric_invocations_dailyaws_lambda_layeraws_lambda_layer_versionaws_lambda_versionaws_lightsail_bucketaws_lightsail_instanceaws_macie2_classification_jobaws_media_store_containeraws_memorydb_clusteraws_mgn_applicationaws_mq_brokeraws_msk_clusteraws_msk_serverless_clusteraws_neptune_db_clusteraws_neptune_db_cluster_snapshotaws_networkfirewall_firewallaws_networkfirewall_firewall_policyaws_networkfirewall_rule_groupaws_oam_linkaws_oam_sinkaws_opensearch_domainaws_organizations_accountaws_organizations_organizational_unitaws_organizations_policyaws_organizations_policy_targetaws_organizations_rootaws_pinpoint_appaws_pipes_pipeaws_pricing_productaws_pricing_service_attributeaws_ram_principal_associationaws_ram_resource_associationaws_rds_db_clusteraws_rds_db_cluster_parameter_groupaws_rds_db_cluster_snapshotaws_rds_db_engine_versionaws_rds_db_event_subscriptionaws_rds_db_instanceaws_rds_db_instance_automated_backupaws_rds_db_instance_metric_connectionsaws_rds_db_instance_metric_connections_dailyaws_rds_db_instance_metric_connections_hourlyaws_rds_db_instance_metric_cpu_utilizationaws_rds_db_instance_metric_cpu_utilization_dailyaws_rds_db_instance_metric_cpu_utilization_hourlyaws_rds_db_instance_metric_read_iopsaws_rds_db_instance_metric_read_iops_dailyaws_rds_db_instance_metric_read_iops_hourlyaws_rds_db_instance_metric_write_iopsaws_rds_db_instance_metric_write_iops_dailyaws_rds_db_instance_metric_write_iops_hourlyaws_rds_db_option_groupaws_rds_db_parameter_groupaws_rds_db_proxyaws_rds_db_recommendationaws_rds_db_snapshotaws_rds_db_subnet_groupaws_rds_reserved_db_instanceaws_redshift_clusteraws_redshift_cluster_metric_cpu_utilization_dailyaws_redshift_event_subscriptionaws_redshift_parameter_groupaws_redshift_snapshotaws_redshift_subnet_groupaws_redshiftserverless_namespaceaws_redshiftserverless_workgroupaws_regionaws_resource_explorer_indexaws_resource_explorer_searchaws_resource_explorer_supported_resource_typeaws_route53_domainaws_route53_health_checkaws_route53_query_logaws_route53_recordaws_route53_resolver_endpointaws_route53_resolver_query_log_configaws_route53_resolver_ruleaws_route53_traffic_policyaws_route53_traffic_policy_instanceaws_route53_vpc_association_authorizationaws_route53_zoneaws_s3_access_pointaws_s3_account_settingsaws_s3_bucketaws_s3_bucket_intelligent_tiering_configurationaws_s3_multi_region_access_pointaws_s3_objectaws_s3_object_versionaws_sagemaker_appaws_sagemaker_domainaws_sagemaker_endpoint_configurationaws_sagemaker_modelaws_sagemaker_notebook_instanceaws_sagemaker_training_jobaws_secretsmanager_secretaws_securityhub_action_targetaws_securityhub_enabled_product_subscriptionaws_securityhub_findingaws_securityhub_finding_aggregatoraws_securityhub_hubaws_securityhub_insightaws_securityhub_memberaws_securityhub_productaws_securityhub_standards_controlaws_securityhub_standards_subscriptionaws_securitylake_data_lakeaws_securitylake_subscriberaws_serverlessapplicationrepository_applicationaws_service_discovery_instanceaws_service_discovery_namespaceaws_service_discovery_serviceaws_servicecatalog_portfolioaws_servicecatalog_productaws_servicecatalog_provisioned_productaws_servicequotas_default_service_quotaaws_servicequotas_serviceaws_servicequotas_service_quotaaws_servicequotas_service_quota_change_requestaws_ses_domain_identityaws_ses_email_identityaws_sfn_state_machineaws_sfn_state_machine_executionaws_sfn_state_machine_execution_historyaws_simspaceweaver_simulationaws_sns_subscriptionaws_sns_topicaws_sns_topic_subscriptionaws_sqs_queueaws_ssm_associationaws_ssm_documentaws_ssm_document_permissionaws_ssm_inventoryaws_ssm_inventory_entryaws_ssm_maintenance_windowaws_ssm_managed_instanceaws_ssm_managed_instance_complianceaws_ssm_managed_instance_patch_stateaws_ssm_parameteraws_ssm_patch_baselineaws_ssmincidents_response_planaws_ssoadmin_account_assignmentaws_ssoadmin_instanceaws_ssoadmin_managed_policy_attachmentaws_ssoadmin_permission_setaws_sts_caller_identityaws_tagging_resourceaws_timestreamwrite_databaseaws_timestreamwrite_tableaws_transfer_serveraws_transfer_useraws_trusted_advisor_check_summaryaws_vpcaws_vpc_customer_gatewayaws_vpc_dhcp_optionsaws_vpc_egress_only_internet_gatewayaws_vpc_eipaws_vpc_eip_address_transferaws_vpc_endpointaws_vpc_endpoint_serviceaws_vpc_flow_logaws_vpc_flow_log_eventaws_vpc_internet_gatewayaws_vpc_nat_gatewayaws_vpc_nat_gateway_metric_bytes_out_to_destinationaws_vpc_network_aclaws_vpc_peering_connectionaws_vpc_routeaws_vpc_route_tableaws_vpc_security_groupaws_vpc_security_group_ruleaws_vpc_subnetaws_vpc_verified_access_endpointaws_vpc_verified_access_groupaws_vpc_verified_access_instanceaws_vpc_verified_access_trust_provideraws_vpc_vpn_connectionaws_vpc_vpn_gatewayaws_waf_rate_based_ruleaws_waf_ruleaws_waf_rule_groupaws_waf_web_aclaws_wafregional_ruleaws_wafregional_rule_groupaws_wafregional_web_aclaws_wafv2_ip_setaws_wafv2_regex_pattern_setaws_wafv2_rule_groupaws_wafv2_web_aclaws_wellarchitected_answeraws_wellarchitected_check_detailaws_wellarchitected_check_summaryaws_wellarchitected_consolidated_reportaws_wellarchitected_lensaws_wellarchitected_lens_reviewaws_wellarchitected_lens_review_improvementaws_wellarchitected_lens_review_reportaws_wellarchitected_lens_shareaws_wellarchitected_milestoneaws_wellarchitected_notificationaws_wellarchitected_share_invitationaws_wellarchitected_workloadaws_wellarchitected_workload_shareaws_workspaces_directoryaws_workspaces_workspace
Table: aws_ec2_network_interface - Query AWS EC2 Network Interfaces using SQL
An AWS EC2 Network Interface is a virtual network interface that you can attach to an instance in a VPC. Network interfaces are the point of networking for any instance that is attached to a Virtual Private Cloud (VPC). They can include a primary private IPv4 address, one or more secondary private IPv4 addresses, one Elastic IP address per private IPv4 address, one public IPv4 address, one or more IPv6 addresses, a MAC address, one or more security groups, a source/destination check flag, and a description.
Table Usage Guide
The aws_ec2_network_interface table in Steampipe provides you with information about Network Interfaces within AWS Elastic Compute Cloud (EC2). This table allows you, as a DevOps engineer, to query network interface-specific details, including the attached instances, associated security groups, subnet information, and more. You can utilize this table to gather insights on network interfaces, such as their status, type, private and public IP addresses, and the associated subnet and VPC details. The schema outlines for you the various attributes of the EC2 network interface, including the interface ID, description, owner ID, availability zone, and associated tags.
Examples
Basic IP address info
Determine the areas in which your AWS EC2 network interfaces are operating by exploring the type of interface, its corresponding private and public IP addresses, and its MAC address. This can be particularly useful for managing network connectivity and troubleshooting network issues within your AWS environment.
select network_interface_id, interface_type, description, private_ip_address, association_public_ip, mac_addressfrom aws_ec2_network_interface;select network_interface_id, interface_type, description, private_ip_address, association_public_ip, mac_addressfrom aws_ec2_network_interface;Find all ENIs with private IPs that are in a given subnet (10.66.0.0/16)
Discover the segments that have private IPs within a specific subnet. This is useful for identifying network interfaces within a particular subnet, which can aid in network management and security assessment.
select network_interface_id, interface_type, description, private_ip_address, association_public_ip, mac_addressfrom aws_ec2_network_interfacewhere private_ip_address :: cidr << = '10.66.0.0/16';Error: SQLite does not support CIDR operations.Count of ENIs by interface type
Discover the segments that have the most network interfaces in your AWS EC2 environment, helping you understand your network configuration and potentially optimize resource allocation.
select interface_type, count(interface_type) as countfrom aws_ec2_network_interfacegroup by interface_typeorder by count desc;select interface_type, count(interface_type) as countfrom aws_ec2_network_interfacegroup by interface_typeorder by count desc;Security groups attached to each ENI
Determine the areas in which certain security groups are attached to each network interface within your Amazon EC2 instances. This can help in managing security and access controls effectively.
select network_interface_id as eni, sg ->> 'GroupId' as "security group id", sg ->> 'GroupName' as "security group name"from aws_ec2_network_interface cross join jsonb_array_elements(groups) as sgorder by eni;select network_interface_id as eni, json_extract(sg, '$.GroupId') as "security group id", json_extract(sg, '$.GroupName') as "security group name"from ( select network_interface_id, json_each.value as sg from aws_ec2_network_interface, json_each(groups) )order by eni;Get network details for each ENI
Discover the segments that are common between your network interfaces and virtual private clouds (VPCs) to better understand your network structure. This can assist in identifying areas for potential consolidation or optimization.
select e.network_interface_id, v.vpc_id, v.is_default, v.cidr_block, v.state, v.account_id, v.regionfrom aws_ec2_network_interface e, aws_vpc vwhere e.vpc_id = v.vpc_id;select e.network_interface_id, v.vpc_id, v.is_default, v.cidr_block, v.state, v.account_id, v.regionfrom aws_ec2_network_interface e join aws_vpc v on e.vpc_id = v.vpc_id;Query examples
- ec2_network_interface_association_details
- ec2_network_interface_delete_on_termination
- ec2_network_interface_overview
- ec2_network_interface_private_ip
- ec2_network_interface_public_ip
- ec2_network_interface_tags
- ec2_network_interface_type
- ec2_network_interfaces_for_vpc
- ec2_network_interfaces_for_vpc_subnet
- network_interface_id
- vpc_security_attached_enis_count
- vpc_security_group_assoc
- vpc_security_group_unassociated_count
- vpc_security_groups_for_ec2_network_interface
- vpc_subnets_for_ec2_network_interface
- vpc_vpcs_for_ec2_network_interface
Control examples
- All Controls > EC2 > Ensure unused ENIs are removed
- All Controls > VPC > Unused EC2 security groups should be removed
- All Controls > VPC > VPC security groups should restrict uses of 'launch-wizard' security groups.
- CIS AWS Compute Services Benchmark v1.0.0 > 2 Elastic Cloud Compute (EC2) > 2.10 Ensure unused ENIs are removed
- VPC security groups should be associated with at least one ENI
Schema for aws_ec2_network_interface
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| association_allocation_id | text | = | Allocation id for the association. Association can be an Elastic IP address (IPv4 only), or a Carrier IP address. |
| association_carrier_ip | inet | The carrier IP address associated with the network interface. | |
| association_customer_owned_ip | inet | The customer-owned IP address associated with the network interface. | |
| association_id | text | = | The association ID. |
| association_ip_owner_id | text | = | The ID of the Elastic IP address owner. |
| association_public_dns_name | text | = | The public DNS name of the association. |
| association_public_ip | inet | = | The address of the Elastic IP address bound to the network interface. |
| attached_instance_id | text | = | The ID of the attached instance. |
| attached_instance_owner_id | text | = | The AWS account ID of the owner of the attached instance. |
| attachment_id | text | = | The ID of the network interface attachment. |
| attachment_status | text | = | The attachment state. |
| attachment_time | timestamp with time zone | = | The timestamp indicating when the attachment initiated. |
| availability_zone | text | = | The Availability Zone. |
| connection_tracking_configuration | jsonb | A security group connection tracking configuration that enables you to set the timeout for connection tracking on an Elastic network interface. | |
| delete_on_instance_termination | boolean | =, != | Indicates whether the network interface is deleted when the instance is terminated. |
| deny_all_igw_traffic | boolean | Indicates whether a network interface with an IPv6 address is unreachable from the public internet. | |
| description | text | = | A description. |
| device_index | bigint | The device index of the network interface attachment on the instance. | |
| groups | jsonb | Any security groups for the network interface. | |
| interface_type | text | The type of network interface. | |
| ipv4_prefixes | jsonb | The IPv4 prefixes associated with the network interface. | |
| ipv6_address | text | The IPv6 globally unique address associated with the network interface. | |
| ipv6_addresses | jsonb | The IPv6 addresses associated with the network interface. | |
| ipv6_native | boolean | Indicates whether this is an IPv6 only network interface. | |
| ipv6_prefixes | jsonb | The IPv6 prefixes that are assigned to the network interface. | |
| mac_address | text | = | The MAC address of the interface. |
| network_interface_id | text | = | The ID of the network interface. |
| outpost_arn | text | The Amazon Resource Name (ARN) of the Outpost, if applicable. | |
| owner_id | text | = | The AWS account ID of the owner of the network interface. |
| partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
| private_dns_name | text | = | The private DNS name |
| private_ip_address | inet | = | The IPv4 address of the network interface within the subnet. |
| private_ip_addresses | jsonb | The IPv4 address of the network interface within the subnet. | |
| region | text | The AWS Region in which the resource is located. | |
| requester_id | text | = | The ID of the entity that launched the instance on your behalf (for example, AWS Management Console or Auto Scaling). |
| requester_managed | boolean | =, != | Indicates whether the network interface is being managed by AWS. |
| source_dest_check | boolean | =, != | Indicates whether traffic to or from the instance is validated. |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| status | text | = | The status of the network interface. |
| subnet_id | text | The ID of the subnet. | |
| tags | jsonb | A map of tags for the resource. | |
| tags_src | jsonb | A list of tags that are attached to the network interface. | |
| title | text | Title of the resource. | |
| vpc_id | text | The ID of the VPC. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- awsYou can pass the configuration to the command with the --config argument:
steampipe_export_aws --config '<your_config>' aws_ec2_network_interface