steampipe plugin install aws

Table: aws_ec2_transit_gateway - Query AWS EC2 Transit Gateway using SQL

The AWS EC2 Transit Gateway is a service that simplifies the process of networking connectivity across multiple Amazon Virtual Private Clouds (VPCs) and on-premises networks. It acts as a hub that controls how traffic is routed among all connected networks which simplifies your network architecture. With Transit Gateway, you can manage connectivity for thousands of VPCs, easily scale connectivity across multiple AWS accounts, and segregate your network traffic to improve security.

Table Usage Guide

The aws_ec2_transit_gateway table in Steampipe provides you with information about Transit Gateways within Amazon Elastic Compute Cloud (EC2). This table allows you, as a DevOps engineer, to query Transit Gateway-specific details, including its configuration, state, and associations. You can utilize this table to gather insights on Transit Gateways, such as its attached VPCs, VPN connections, Direct Connect gateways, and more. The schema outlines the various attributes of the Transit Gateway for you, including the transit gateway ID, creation time, state, and associated tags.

Examples

Basic Transit Gateway info

Gain insights into the status and ownership details of your AWS Transit Gateway configurations, along with their creation times, to better manage your network transit connectivity. This can be particularly useful for auditing, tracking changes, and troubleshooting network issues.

select
transit_gateway_id,
state,
owner_id,
creation_time
from
aws_ec2_transit_gateway;
select
transit_gateway_id,
state,
owner_id,
creation_time
from
aws_ec2_transit_gateway;

List transit gateways which automatically accepts shared account attachment

Determine the areas in which transit gateways are set to automatically accept shared account attachments. This is useful to identify potential security risks and ensure proper management of your AWS resources.

select
transit_gateway_id,
auto_accept_shared_attachments
from
aws_ec2_transit_gateway
where
auto_accept_shared_attachments = 'enable';
select
transit_gateway_id,
auto_accept_shared_attachments
from
aws_ec2_transit_gateway
where
auto_accept_shared_attachments = 'enable';

Find the number of transit gateways by default route table id

Determine the areas in which transit gateways are most commonly associated by default route table ID, which can aid in understanding network traffic distribution and optimizing resource allocation within your AWS EC2 environment.

select
association_default_route_table_id,
count(transit_gateway_id) as transit_gateway
from
aws_ec2_transit_gateway
group by
association_default_route_table_id;
select
association_default_route_table_id,
count(transit_gateway_id) as transit_gateway
from
aws_ec2_transit_gateway
group by
association_default_route_table_id;

Map all transit gateways to the application to which they belong with an application tag

Discover the segments that have transit gateways without an application tag, enabling you to identify and categorize untagged resources for better resource management and organization.

select
transit_gateway_id,
tags
from
aws_ec2_transit_gateway
where
not tags :: JSONB ? 'application';
select
transit_gateway_id,
tags
from
aws_ec2_transit_gateway
where
json_extract(tags, '$.application') IS NULL;

Schema for aws_ec2_transit_gateway

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
amazon_side_asnbigint=A private Autonomous System Number (ASN) for the Amazon side of a BGP session. The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASNs.
association_default_route_table_idtext=The ID of the default association route table.
auto_accept_shared_attachmentstext=Indicates whether attachment requests are automatically accepted.
cidr_blocksjsonbA list of transit gateway CIDR blocks.
creation_timetimestamp with time zoneThe date and time when transit gateway was created.
default_route_table_associationtext=Indicates whether resource attachments are automatically associated with the default association route table.
default_route_table_propagationtext=Indicates whether resource attachments are automatically associated with the default association route table.
descriptiontextThe description of the transit gateway.
dns_supporttext=Indicates whether DNS support is enabled.
multicast_supporttextIndicates whether multicast is enabled on the transit gateway.
owner_idtext=The ID of the AWS account ID that owns the transit gateway.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
propagation_default_route_table_idtext=The ID of the default propagation route table.
regiontextThe AWS Region in which the resource is located.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statetext=The state of the transit gateway.
tagsjsonbA map of tags for the resource.
tags_srcjsonbA list of tags that are assigned to the transit gateway.
titletextTitle of the resource.
transit_gateway_arntextThe Amazon Resource Name (ARN) of the transit gateway.
transit_gateway_idtext=The ID of the transit gateway.
vpn_ecmp_supporttext=Indicates whether Equal Cost Multipath Protocol support is enabled.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_ec2_transit_gateway