Table: aws_elasticache_cluster - Query Amazon ElastiCache Cluster using SQL
The Amazon ElastiCache Cluster is a part of AWS's ElastiCache service that offers fully managed in-memory data store and cache services. This resource is designed to improve the performance of web applications by allowing you to retrieve information from fast, managed, in-memory caches, instead of relying solely on slower disk-based databases. ElastiCache supports two open-source in-memory caching engines: Memcached and Redis.
Table Usage Guide
The aws_elasticache_cluster
table in Steampipe provides you with information about each ElastiCache Cluster within your AWS account. This table enables you, as a DevOps engineer, database administrator, or other IT professional, to query cluster-specific details, including configuration, status, and associated metadata. You can utilize this table to gather insights on clusters, such as their availability zones, cache node types, engine versions, and more. The schema outlines the various attributes of the ElastiCache Cluster for you, including the cluster ID, creation date, current status, and associated tags.
Examples
List clusters that are not encrypted at rest
Determine the areas in which data clusters are lacking proper encryption at rest. This is essential for identifying potential security vulnerabilities and ensuring data protection compliance.
select cache_cluster_id, cache_node_type, at_rest_encryption_enabledfrom aws_elasticache_clusterwhere not at_rest_encryption_enabled;
select cache_cluster_id, cache_node_type, at_rest_encryption_enabledfrom aws_elasticache_clusterwhere at_rest_encryption_enabled = 0;
List clusters whose availability zone count is less than 2
Determine the areas in which your AWS ElastiCache clusters are potentially vulnerable due to having less than two availability zones. This could be useful for improving disaster recovery strategies and ensuring high availability.
select cache_cluster_id, preferred_availability_zonefrom aws_elasticache_clusterwhere preferred_availability_zone <> 'Multiple';
select cache_cluster_id, preferred_availability_zonefrom aws_elasticache_clusterwhere preferred_availability_zone <> 'Multiple';
List clusters that do not enforce encryption in transit
Determine the areas in your system where encryption in transit is not enforced. This is useful for identifying potential security risks and ensuring that all data is properly protected during transmission.
select cache_cluster_id, cache_node_type, transit_encryption_enabledfrom aws_elasticache_clusterwhere not transit_encryption_enabled;
select cache_cluster_id, cache_node_type, transit_encryption_enabledfrom aws_elasticache_clusterwhere transit_encryption_enabled = 0;
List clusters provisioned with undesired (for example, cache.m5.large and cache.m4.4xlarge are desired) node types
Identify instances where clusters have been provisioned with undesired node types, enabling you to streamline your resources and align with your preferred configurations. This is particularly useful for maintaining consistency and optimizing performance across your infrastructure.
select cache_node_type, count(*) as countfrom aws_elasticache_clusterwhere cache_node_type not in ('cache.m5.large', 'cache.m4.4xlarge')group by cache_node_type;
select cache_node_type, count(*) as countfrom aws_elasticache_clusterwhere cache_node_type not in ('cache.m5.large', 'cache.m4.4xlarge')group by cache_node_type;
List clusters with inactive notification configuration topics
Determine the areas in which clusters have inactive notification configurations to assess the elements within your system that may not be receiving important updates or alerts.
select cache_cluster_id, cache_cluster_status, notification_configuration ->> 'TopicArn' as topic_arn, notification_configuration ->> 'TopicStatus' as topic_statusfrom aws_elasticache_clusterwhere notification_configuration ->> 'TopicStatus' = 'inactive';
select cache_cluster_id, cache_cluster_status, json_extract(notification_configuration, '$.TopicArn') as topic_arn, json_extract(notification_configuration, '$.TopicStatus') as topic_statusfrom aws_elasticache_clusterwhere json_extract(notification_configuration, '$.TopicStatus') = 'inactive';
Get security group details for each cluster
Determine the security status of each cluster by examining the associated security group details. This can help in evaluating the security posture of your clusters and identifying any potential vulnerabilities.
select cache_cluster_id, sg ->> 'SecurityGroupId' as security_group_id, sg ->> 'Status' as statusfrom aws_elasticache_cluster, jsonb_array_elements(security_groups) as sg;
select cache_cluster_id, json_extract(sg.value, '$.SecurityGroupId') as security_group_id, json_extract(sg.value, '$.Status') as statusfrom aws_elasticache_cluster, json_each(security_groups) as sg;
List clusters with automatic backup disabled
Determine the areas in which automatic backups are disabled for your clusters. This is useful for ensuring data safety and minimizing the risk of data loss.
select cache_cluster_id, cache_node_type, cache_cluster_status, snapshot_retention_limitfrom aws_elasticache_clusterwhere snapshot_retention_limit is null;
select cache_cluster_id, cache_node_type, cache_cluster_status, snapshot_retention_limitfrom aws_elasticache_clusterwhere snapshot_retention_limit is null;
Schema for aws_elasticache_cluster
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
arn | text | The ARN (Amazon Resource Name) of the cache cluster. | |
at_rest_encryption_enabled | boolean | A flag that enables encryption at-rest when set to true. | |
auth_token_enabled | boolean | A flag that enables using an AuthToken (password) when issuing Redis commands. | |
auth_token_last_modified_date | timestamp with time zone | The date the auth token was last modified. | |
auto_minor_version_upgrade | boolean | This parameter is currently disabled. | |
cache_cluster_create_time | timestamp with time zone | The date and time when the cluster was created. | |
cache_cluster_id | text | = | An unique identifier for ElastiCache cluster. |
cache_cluster_status | text | The current state of this cluster, one of the following values: available, creating, deleted, deleting, incompatible-network, modifying, rebooting cluster nodes, restore-failed, or snapshotting. | |
cache_node_type | text | The name of the compute and memory capacity node type for the cluster. | |
cache_nodes | jsonb | A list of cache nodes that are members of the cluster. | |
cache_parameter_group | jsonb | Status of the cache parameter group. | |
cache_security_groups | jsonb | A list of cache security group elements, composed of name and status sub-elements. | |
cache_subnet_group_name | text | The name of the cache subnet group associated with the cluster. | |
client_download_landing_page | text | The URL of the web page where you can download the latest ElastiCache client library. | |
configuration_endpoint | jsonb | Represents a Memcached cluster endpoint which can be used by an application to connect to any node in the cluster. | |
engine | text | The name of the cache engine (memcached or redis) to be used for this cluster. | |
engine_version | text | The version of the cache engine that is used in this cluster. | |
ip_discovery | text | The network type associated with the cluster, either ipv4 | ipv6. | |
log_delivery_configurations | jsonb | Returns the destination, format, and type of the logs. | |
network_type | text | Must be either ipv4 | ipv6 | dual_stack. | |
notification_configuration | jsonb | Describes a notification topic and its status. | |
num_cache_nodes | bigint | The number of cache nodes in the cluster. | |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
pending_modified_values | jsonb | A group of settings that are applied to the cluster in the future, or that are currently being applied. | |
preferred_availability_zone | text | The name of the Availability Zone in which the cluster is located or 'Multiple' if the cache nodes are located in different Availability Zones. | |
preferred_maintenance_window | text | Specifies the weekly time range during which maintenance on the cluster is performed. | |
preferred_outpost_arn | text | The outpost ARN in which the cache cluster is created. | |
region | text | The AWS Region in which the resource is located. | |
replication_group_id | text | The replication group to which this cluster belongs. | |
replication_group_log_delivery_enabled | boolean | A boolean value indicating whether log delivery is enabled for the replication group. | |
security_groups | jsonb | A list of VPC Security Groups associated with the cluster. | |
snapshot_retention_limit | bigint | The number of days for which ElastiCache retains automatic cluster snapshots before deleting them. | |
snapshot_window | text | The daily time range (in UTC) during which ElastiCache begins taking a daily snapshot of your cluster. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
tags | jsonb | A map of tags for the resource. | |
tags_src | jsonb | A list of tags associated with the cluster. | |
title | text | Title of the resource. | |
transit_encryption_enabled | boolean | A flag that enables in-transit encryption when set to true. | |
transit_encryption_mode | text | A setting that allows you to migrate your clients to use in-transit encryption, with no downtime. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_elasticache_cluster