v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Steampipe logo 
Hub
Plugins
turbot/aws
Overview
496Tables
Versions
PowerpipeMods
GitHub
steampipe plugin install aws

Table: aws_eks_cluster - Query AWS Elastic Kubernetes Service Cluster using SQL

The AWS Elastic Kubernetes Service (EKS) Cluster is a managed service that simplifies the deployment, management, and scaling of containerized applications using Kubernetes, an open-source system. EKS runs Kubernetes control plane instances across multiple AWS availability zones to ensure high availability, automatically detects and replaces unhealthy control plane instances, and provides on-demand, zero downtime upgrades and patching. It integrates with AWS services to provide scalability and security for your applications, including Elastic Load Balancing for load distribution, IAM for authentication, and Amazon VPC for isolation.

Table Usage Guide

The aws_eks_cluster table in Steampipe provides you with information about EKS clusters within AWS Elastic Kubernetes Service (EKS). This table enables you, as a DevOps engineer, to query cluster-specific details, including cluster name, status, endpoint, and associated metadata. You can utilize this table to gather insights on clusters, such as their current status, role ARN, VPC configurations, and more. The schema outlines the various attributes of the EKS cluster, including the cluster ARN, creation date, attached security groups, and associated tags for you.

Examples

Basic info

Determine the status and identity of your Amazon EKS clusters to assess their operational condition and identify any potential issues. This can help maintain optimal performance and security within your AWS environment.

select
  name,
  arn,
  endpoint,
  identity,
  status
from
  aws_eks_cluster;
select
  name,
  arn,
  endpoint,
  identity,
  status
from
  aws_eks_cluster;

Get the VPC configuration for each cluster

This query helps to assess the configuration of each cluster's Virtual Private Cloud (VPC) in an AWS EKS setup. It can be used to gain insights into the cluster's security group ID, endpoint access details, CIDR blocks for public access, associated security group IDs, subnet IDs, and the VPC ID, which can be crucial for managing network accessibility and security.

select
  name,
  resources_vpc_config ->> 'ClusterSecurityGroupId' as cluster_security_group_id,
  resources_vpc_config ->> 'EndpointPrivateAccess' as endpoint_private_access,
  resources_vpc_config ->> 'EndpointPublicAccess' as endpoint_public_access,
  resources_vpc_config ->> 'PublicAccessCidrs' as public_access_cidrs,
  resources_vpc_config ->> 'SecurityGroupIds' as security_group_ids,
  resources_vpc_config -> 'SubnetIds' as subnet_ids,
  resources_vpc_config ->> 'VpcId' as vpc_id
from
  aws_eks_cluster;
select
  name,
  json_extract(resources_vpc_config, '$.ClusterSecurityGroupId') as cluster_security_group_id,
  json_extract(resources_vpc_config, '$.EndpointPrivateAccess') as endpoint_private_access,
  json_extract(resources_vpc_config, '$.EndpointPublicAccess') as endpoint_public_access,
  json_extract(resources_vpc_config, '$.PublicAccessCidrs') as public_access_cidrs,
  json_extract(resources_vpc_config, '$.SecurityGroupIds') as security_group_ids,
  json_extract(resources_vpc_config, '$.SubnetIds') as subnet_ids,
  json_extract(resources_vpc_config, '$.VpcId') as vpc_id
from
  aws_eks_cluster;

List disabled log types for each cluster

Determine the areas in which log types are disabled for each cluster in AWS EKS service. This is useful for identifying potential gaps in your logging strategy, ensuring comprehensive coverage for effective monitoring and debugging.

select
  name,
  i ->> 'Enabled' as enabled,
  i ->> 'Types' as types
from
  aws_eks_cluster,
  jsonb_array_elements(logging -> 'ClusterLogging') as i
where
  i ->> 'Enabled' = 'false';
select
  name,
  json_extract(i.value, '$.Enabled') as enabled,
  json_extract(i.value, '$.Types') as types
from
  aws_eks_cluster,
  json_each(logging, 'ClusterLogging') as i
where
  json_extract(i.value, '$.Enabled') = 'false';

List clusters not running Kubernetes version 1.19

Identify those clusters within your AWS EKS environment that are not operating on Kubernetes version 1.19. This can be useful to ensure compliance with specific version requirements or to plan for necessary upgrades.

select
  name,
  arn,
  version
from
  aws_eks_cluster
where
  version <> '1.19';
select
  name,
  arn,
  version
from
  aws_eks_cluster
where
  version != '1.19';

Query examples

Control examples

Schema for aws_eks_cluster

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
access_configjsonbThe access configuration for the cluster.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntextThe Amazon Resource Name (ARN) of the cluster.
certificate_authorityjsonbThe certificate-authority-data for the cluster.
client_request_tokentextA unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
connector_configjsonbThe configuration used to connect to a cluster for registration.
created_attimestamp with time zoneThe Unix epoch timestamp in seconds for when the cluster was created.
encryption_configjsonbThe encryption configuration for the cluster.
endpointtextThe endpoint for your Kubernetes API server.
idtextThe ID of your local Amazon EKS cluster on an Amazon Web Services Outpost.
identityjsonbThe identity provider information for the cluster.
kubernetes_network_configjsonbThe Kubernetes network configuration for the cluster.
loggingjsonbThe logging configuration for the cluster.
nametext=The name of the cluster.
outpost_configjsonbAn object representing the configuration of your local Amazon EKS cluster on an Amazon Web Services Outpost.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
platform_versiontextThe platform version of your Amazon EKS cluster.
regiontextThe AWS Region in which the resource is located.
resources_vpc_configjsonbThe VPC configuration used by the cluster control plane.
role_arntextThe Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statustextThe current status of the cluster.
tagsjsonbA list of tags assigned to the table
titletextTitle of the resource.
versiontextThe Kubernetes server version for the cluster.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_eks_cluster