steampipe plugin install aws

Table: aws_eks_identity_provider_config - Query Amazon EKS Identity Provider Configurations using SQL

The Amazon EKS Identity Provider Configurations is a feature of Amazon Elastic Kubernetes Service (EKS). It allows you to integrate and manage third-party identity providers for authentication with your EKS clusters. This ensures secure access and identity management for your Kubernetes workloads.

Table Usage Guide

The aws_eks_identity_provider_config table in Steampipe provides you with information about the identity provider configurations for Amazon EKS clusters. This table allows you, as a DevOps engineer, to query configuration-specific details, including the type of identity provider, client ID, issuer URL, and associated metadata. You can utilize this table to gather insights on configurations, such as the type of identity provider, the client ID, and the issuer URL. The schema outlines the various attributes of the identity provider configuration, including the cluster name, creation time, tags, and status for you.

Examples

Basic info

Explore which AWS EKS identity provider configurations are in use and their current status. This can help you manage and monitor your AWS EKS resources more effectively.

select
name,
arn,
cluster_name,
tags,
status
from
aws_eks_identity_provider_config;
select
name,
arn,
cluster_name,
tags,
status
from
aws_eks_identity_provider_config;

List OIDC type Identity provider config

Determine the areas in which OpenID Connect (OIDC) type identity provider configurations are used within your AWS Elastic Kubernetes Service (EKS) clusters. This is useful for understanding your security setup and ensuring that it aligns with your organization's policies.

select
name,
arn,
cluster_name,
type
from
aws_eks_identity_provider_config
where
type = 'oidc';
select
name,
arn,
cluster_name,
type
from
aws_eks_identity_provider_config
where
type = 'oidc';

Schema for aws_eks_identity_provider_config

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntextThe Amazon Resource Name (ARN) of the configuration.
client_idtextThis is also known as audience. The ID of the client application that makes authentication requests to the OIDC identity provider.
cluster_nametext=The name of the cluster.
groups_claimtextThe JSON web token (JWT) claim that the provider uses to return your groups.
groups_prefixtextThe prefix that is prepended to group claims to prevent clashes with existing names (such as system: groups).
issuer_urltextThe URL of the OIDC identity provider that allows the API server to discover public signing keys for verifying tokens.
nametext=The name of the identity provider configuration.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
required_claimsjsonbThe key-value pairs that describe required claims in the identity token.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statustextThe status of the OIDC identity provider.
tagsjsonbA map of tags for the resource.
tags_srcjsonbThe metadata to apply to the provider configuration to assist with categorization and organization.
titletextTitle of the resource.
typetext=The type of the identity provider configuration.
username_claimtextThe JSON Web token (JWT) claim that is used as the username.
username_prefixtextThe prefix that is prepended to username claims to prevent clashes with existing names.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_eks_identity_provider_config