Table: aws_ec2_target_group - Query AWS EC2 Target Groups using SQL

An AWS EC2 Target Group is a component of the Elastic Load Balancing service. It is used to route requests to one or more registered targets, such as EC2 instances, as part of a load balancing configuration. This allows the distribution of network traffic to multiple resources, improving availability and fault tolerance in your applications.

Table Usage Guide

The aws_ec2_target_group table in Steampipe provides you with information about each Target Group within your AWS account. This table allows you, as a DevOps engineer, security auditor, or other technical professional, to query Target Group-specific details, including the associated load balancer, health check configuration, and attributes. You can utilize this table to gather insights on Target Groups, such as their configurations, associated resources, and more. The schema outlines the various attributes of the Target Group for you, including the ARN, Health Check parameters, and associated tags.

Examples

Basic target group info

Explore the different target groups within your AWS EC2 instances to understand their associated load balancer resources and the virtual private cloud (VPC) they belong to. This can help in managing and optimizing your cloud resources effectively.

select
  target_group_name,
  target_type,
  load_balancer_arns,
  vpc_id
from
  aws_ec2_target_group;

select
  target_group_name,
  target_type,
  load_balancer_arns,
  vpc_id
from
  aws_ec2_target_group;

Health check info of target groups

This query is used to gain insights into the health check configurations of target groups within an AWS EC2 environment. Its practical application lies in its ability to help identify potential issues or vulnerabilities in the system, ensuring optimal performance and security.

select
  health_check_enabled,
  protocol,
  matcher_http_code,
  healthy_threshold_count,
  unhealthy_threshold_count,
  health_check_enabled,
  health_check_interval_seconds,
  health_check_path,
  health_check_port,
  health_check_protocol,
  health_check_timeout_seconds
from
  aws_ec2_target_group;

select
  health_check_enabled,
  protocol,
  matcher_http_code,
  healthy_threshold_count,
  unhealthy_threshold_count,
  health_check_enabled,
  health_check_interval_seconds,
  health_check_path,
  health_check_port,
  health_check_protocol,
  health_check_timeout_seconds
from
  aws_ec2_target_group;

Registered target for each target group

Determine the areas in which each registered target is located for a specific target group. This can be useful for identifying potential issues with load balancing or for optimizing resource allocation across different availability zones.

select
  target_group_name,
  target_type,
  target -> 'Target' ->> 'AvailabilityZone' as availability_zone,
  target -> 'Target' ->> 'Id' as id,
  target -> 'Target' ->> 'Port' as port
from
  aws_ec2_target_group
  cross join jsonb_array_elements(target_health_descriptions) as target;

select
  target_group_name,
  target_type,
  json_extract(target.value, '$.Target.AvailabilityZone') as availability_zone,
  json_extract(target.value, '$.Target.Id') as id,
  json_extract(target.value, '$.Target.Port') as port
from
  aws_ec2_target_group,
  json_each(target_health_descriptions) as target;

Health status of registered targets

Identify instances where the health status of registered targets in EC2 instances can be assessed. This allows for proactive management of resources by pinpointing potential issues or disruptions in the target groups.

select
  target_group_name,
  target_type,
  target -> 'TargetHealth' ->> 'Description' as description,
  target -> 'TargetHealth' ->> 'Reason' reason,
  target -> 'TargetHealth' ->> 'State' as state
from
  aws_ec2_target_group
  cross join jsonb_array_elements(target_health_descriptions) as target;

select
  target_group_name,
  target_type,
  json_extract(target.value, '$.TargetHealth.Description') as description,
  json_extract(target.value, '$.TargetHealth.Reason') as reason,
  json_extract(target.value, '$.TargetHealth.State') as state
from
  aws_ec2_target_group,
  json_each(target_health_descriptions) as target;

Query examples

Schema for aws_ec2_target_group

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
account_id	text	=, !=, ~~, ~~, !~~, !~~	The AWS Account ID in which the resource is located.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
health_check_enabled	boolean		Indicates whether health checks are enabled.
health_check_interval_seconds	bigint		The approximate amount of time, in seconds, between health checks of an individual target.
health_check_path	text		The destination for health checks on the target.
health_check_port	text		The port to use to connect with the target.
health_check_protocol	text		The protocol to use to connect with the target. The GENEVE, TLS, UDP, and TCP_UDP protocols are not supported for health checks.
health_check_timeout_seconds	bigint		The amount of time, in seconds, during which no response means a failed health check.
healthy_threshold_count	bigint		The number of consecutive health checks successes required before considering an unhealthy target healthy.
ip_address_type	text		The type of IP address used for this target group.
load_balancer_arns	jsonb		The Amazon Resource Names (ARN) of the load balancers that route traffic to this target group.
matcher_grpc_code	text		The gRPC codes to use when checking for a successful response from a target.
matcher_http_code	text		The HTTP codes to use when checking for a successful response from a target.
partition	text		The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
port	bigint		The port on which the targets are listening. Not used if the target is a Lambda function.
protocol	text		The protocol to use for routing traffic to the target.
protocol_version	text		The protocol version. The possible values are GRPC , HTTP1 , and HTTP2 .
region	text		The AWS Region in which the resource is located.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
tags	jsonb		A map of tags for the resource.
tags_src	jsonb		A list of tags associated with target group.
target_group_arn	text	=	The Amazon Resource Name (ARN) of the target group.
target_group_name	text	=	The name of the target group.
target_health_descriptions	jsonb		Contains information about the health of the target.
target_type	text		The type of target that is specified when registering targets with this target group. The possible values are instance (register targets by instance ID), ip (register targets by IP address), or lambda (register a single Lambda function as a target).
title	text		Title of the resource.
unhealthy_threshold_count	bigint		The number of consecutive health checks successes required before considering an unhealthy target healthy.
vpc_id	text		The ID of the VPC for the target.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_ec2_target_group