steampipe plugin install aws

Table: aws_ec2_network_load_balancer - Query AWS EC2 Network Load Balancer using SQL

The AWS EC2 Network Load Balancer is a high-performance load balancer that operates at the transport layer (Layer 4) and is designed to handle millions of requests per second while maintaining ultra-low latencies. It is best suited for load balancing of TCP traffic and capable of handling volatile workloads and traffic patterns. It also supports long-lived TCP connections, which are ideal for WebSocket type of applications.

Table Usage Guide

The aws_ec2_network_load_balancer table in Steampipe provides you with information about Network Load Balancers within AWS Elastic Compute Cloud (EC2). This table allows you, as a cloud administrator or DevOps engineer, to query load balancer-specific details, including type, state, availability zones, and associated metadata. You can utilize this table to gather insights on load balancers, such as their current status, associated subnets, and more. The schema outlines the various attributes of the Network Load Balancer for you, including the load balancer name, ARN, creation date, DNS name, scheme, and associated tags.

Examples

Count of AZs registered with network load balancers

Analyze the distribution of network load balancers across various availability zones to optimize resource allocation and ensure a balanced load. This can help in enhancing the application's performance and availability.

select
name,
count(az ->> 'ZoneName') as zone_count
from
aws_ec2_network_load_balancer
cross join jsonb_array_elements(availability_zones) as az
group by
name;
select
name,
count(json_extract(az.value, '$.ZoneName')) as zone_count
from
aws_ec2_network_load_balancer,
json_each(availability_zones) as az
group by
name;

List of network load balancers where Cross-Zone Load Balancing is enabled

Determine the areas in which Cross-Zone Load Balancing is enabled for network load balancers. This can be particularly useful to identify potential areas of network inefficiency or to optimize load balancing across zones.

select
name,
lb ->> 'Key' as cross_zone,
lb ->> 'Value' as cross_zone_value
from
aws_ec2_network_load_balancer
cross join jsonb_array_elements(load_balancer_attributes) as lb
where
lb ->> 'Key' = 'load_balancing.cross_zone.enabled'
and lb ->> 'Value' = 'false';
select
name,
json_extract(lb.value, '$.Key') as cross_zone,
json_extract(lb.value, '$.Value') as cross_zone_value
from
aws_ec2_network_load_balancer,
json_each(load_balancer_attributes) as lb
where
json_extract(lb.value, '$.Key') = 'load_balancing.cross_zone.enabled'
and json_extract(lb.value, '$.Value') = 'false';

List of network load balancers where logging is not enabled

Determine the areas in your network load balancers where logging is not enabled. This is essential for identifying potential security risks and ensuring compliance with data governance policies.

select
name,
lb ->> 'Key' as logging_key,
lb ->> 'Value' as logging_value
from
aws_ec2_network_load_balancer
cross join jsonb_array_elements(load_balancer_attributes) as lb
where
lb ->> 'Key' = 'access_logs.s3.enabled'
and lb ->> 'Value' = 'false';
select
name,
json_extract(lb.value, '$.Key') as logging_key,
json_extract(lb.value, '$.Value') as logging_value
from
aws_ec2_network_load_balancer,
json_each(load_balancer_attributes) as lb
where
json_extract(lb.value, '$.Key') = 'access_logs.s3.enabled'
and json_extract(lb.value, '$.Value') = 'false';

List of network load balancers where deletion protection is not enabled

Determine the areas in your network where load balancers are potentially vulnerable due to deletion protection not being enabled. This is particularly useful for identifying potential risks and ensuring the security and stability of your network.

select
name,
lb ->> 'Key' as deletion_protection_key,
lb ->> 'Value' as deletion_protection_value
from
aws_ec2_network_load_balancer
cross join jsonb_array_elements(load_balancer_attributes) as lb
where
lb ->> 'Key' = 'deletion_protection.enabled'
and lb ->> 'Value' = 'false';
select
name,
json_extract(lb.value, '$.Key') as deletion_protection_key,
json_extract(lb.value, '$.Value') as deletion_protection_value
from
aws_ec2_network_load_balancer,
json_each(load_balancer_attributes) as lb
where
json_extract(lb.value, '$.Key') = 'deletion_protection.enabled'
and json_extract(lb.value, '$.Value') = 'false';

Schema for aws_ec2_network_load_balancer

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntext=The Amazon Resource Name (ARN) of the load balancer
availability_zonesjsonbThe subnets for the load balancer
canonical_hosted_zone_idtextThe ID of the Amazon Route 53 hosted zone associated with the load balancer
created_timetimestamp with time zoneThe date and time the load balancer was created
customer_owned_ipv4_pooltextThe ID of the customer-owned address pool
dns_nametextThe public DNS name of the load balancer
enforce_security_group_inbound_rules_on_private_link_traffictextIndicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through Amazon Web Services PrivateLink.
ip_address_typetextThe type of IP addresses used by the subnets for your load balancer
load_balancer_attributesjsonbThe AWS account ID of the image owner
nametext=The friendly name of the Load Balancer
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
schemetextThe load balancing scheme of load balancer
security_groupsjsonbThe IDs of the security groups for the load balancer
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
state_codetextCurrent state of the load balancer
state_reasontextA description of the state
tagsjsonbA map of tags for the resource.
tags_srcjsonbA list of tags attached to the load balancer
titletextTitle of the resource.
typetextThe type of load balancer
vpc_idtextThe ID of the VPC for the load balancer

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_ec2_network_load_balancer