steampipe plugin install aws

Table: aws_elasticache_cluster - Query Amazon ElastiCache Cluster using SQL

The Amazon ElastiCache Cluster is a part of AWS's ElastiCache service that offers fully managed in-memory data store and cache services. This resource is designed to improve the performance of web applications by allowing you to retrieve information from fast, managed, in-memory caches, instead of relying solely on slower disk-based databases. ElastiCache supports two open-source in-memory caching engines: Memcached and Redis.

Table Usage Guide

The aws_elasticache_cluster table in Steampipe provides you with information about each ElastiCache Cluster within your AWS account. This table enables you, as a DevOps engineer, database administrator, or other IT professional, to query cluster-specific details, including configuration, status, and associated metadata. You can utilize this table to gather insights on clusters, such as their availability zones, cache node types, engine versions, and more. The schema outlines the various attributes of the ElastiCache Cluster for you, including the cluster ID, creation date, current status, and associated tags.

Examples

List clusters that are not encrypted at rest

Determine the areas in which data clusters are lacking proper encryption at rest. This is essential for identifying potential security vulnerabilities and ensuring data protection compliance.

select
cache_cluster_id,
cache_node_type,
at_rest_encryption_enabled
from
aws_elasticache_cluster
where
not at_rest_encryption_enabled;
select
cache_cluster_id,
cache_node_type,
at_rest_encryption_enabled
from
aws_elasticache_cluster
where
at_rest_encryption_enabled = 0;

List clusters whose availability zone count is less than 2

Determine the areas in which your AWS ElastiCache clusters are potentially vulnerable due to having less than two availability zones. This could be useful for improving disaster recovery strategies and ensuring high availability.

select
cache_cluster_id,
preferred_availability_zone
from
aws_elasticache_cluster
where
preferred_availability_zone <> 'Multiple';
select
cache_cluster_id,
preferred_availability_zone
from
aws_elasticache_cluster
where
preferred_availability_zone <> 'Multiple';

List clusters that do not enforce encryption in transit

Determine the areas in your system where encryption in transit is not enforced. This is useful for identifying potential security risks and ensuring that all data is properly protected during transmission.

select
cache_cluster_id,
cache_node_type,
transit_encryption_enabled
from
aws_elasticache_cluster
where
not transit_encryption_enabled;
select
cache_cluster_id,
cache_node_type,
transit_encryption_enabled
from
aws_elasticache_cluster
where
transit_encryption_enabled = 0;

List clusters provisioned with undesired (for example, cache.m5.large and cache.m4.4xlarge are desired) node types

Identify instances where clusters have been provisioned with undesired node types, enabling you to streamline your resources and align with your preferred configurations. This is particularly useful for maintaining consistency and optimizing performance across your infrastructure.

select
cache_node_type,
count(*) as count
from
aws_elasticache_cluster
where
cache_node_type not in ('cache.m5.large', 'cache.m4.4xlarge')
group by
cache_node_type;
select
cache_node_type,
count(*) as count
from
aws_elasticache_cluster
where
cache_node_type not in ('cache.m5.large', 'cache.m4.4xlarge')
group by
cache_node_type;

List clusters with inactive notification configuration topics

Determine the areas in which clusters have inactive notification configurations to assess the elements within your system that may not be receiving important updates or alerts.

select
cache_cluster_id,
cache_cluster_status,
notification_configuration ->> 'TopicArn' as topic_arn,
notification_configuration ->> 'TopicStatus' as topic_status
from
aws_elasticache_cluster
where
notification_configuration ->> 'TopicStatus' = 'inactive';
select
cache_cluster_id,
cache_cluster_status,
json_extract(notification_configuration, '$.TopicArn') as topic_arn,
json_extract(notification_configuration, '$.TopicStatus') as topic_status
from
aws_elasticache_cluster
where
json_extract(notification_configuration, '$.TopicStatus') = 'inactive';

Get security group details for each cluster

Determine the security status of each cluster by examining the associated security group details. This can help in evaluating the security posture of your clusters and identifying any potential vulnerabilities.

select
cache_cluster_id,
sg ->> 'SecurityGroupId' as security_group_id,
sg ->> 'Status' as status
from
aws_elasticache_cluster,
jsonb_array_elements(security_groups) as sg;
select
cache_cluster_id,
json_extract(sg.value, '$.SecurityGroupId') as security_group_id,
json_extract(sg.value, '$.Status') as status
from
aws_elasticache_cluster,
json_each(security_groups) as sg;

List clusters with automatic backup disabled

Determine the areas in which automatic backups are disabled for your clusters. This is useful for ensuring data safety and minimizing the risk of data loss.

select
cache_cluster_id,
cache_node_type,
cache_cluster_status,
snapshot_retention_limit
from
aws_elasticache_cluster
where
snapshot_retention_limit is null;
select
cache_cluster_id,
cache_node_type,
cache_cluster_status,
snapshot_retention_limit
from
aws_elasticache_cluster
where
snapshot_retention_limit is null;

Schema for aws_elasticache_cluster

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntextThe ARN (Amazon Resource Name) of the cache cluster.
at_rest_encryption_enabledbooleanA flag that enables encryption at-rest when set to true.
auth_token_enabledbooleanA flag that enables using an AuthToken (password) when issuing Redis commands.
auth_token_last_modified_datetimestamp with time zoneThe date the auth token was last modified.
auto_minor_version_upgradebooleanThis parameter is currently disabled.
cache_cluster_create_timetimestamp with time zoneThe date and time when the cluster was created.
cache_cluster_idtext=An unique identifier for ElastiCache cluster.
cache_cluster_statustextThe current state of this cluster, one of the following values: available, creating, deleted, deleting, incompatible-network, modifying, rebooting cluster nodes, restore-failed, or snapshotting.
cache_node_typetextThe name of the compute and memory capacity node type for the cluster.
cache_nodesjsonbA list of cache nodes that are members of the cluster.
cache_parameter_groupjsonbStatus of the cache parameter group.
cache_security_groupsjsonbA list of cache security group elements, composed of name and status sub-elements.
cache_subnet_group_nametextThe name of the cache subnet group associated with the cluster.
client_download_landing_pagetextThe URL of the web page where you can download the latest ElastiCache client library.
configuration_endpointjsonbRepresents a Memcached cluster endpoint which can be used by an application to connect to any node in the cluster.
enginetextThe name of the cache engine (memcached or redis) to be used for this cluster.
engine_versiontextThe version of the cache engine that is used in this cluster.
ip_discoverytextThe network type associated with the cluster, either ipv4 | ipv6.
log_delivery_configurationsjsonbReturns the destination, format, and type of the logs.
network_typetextMust be either ipv4 | ipv6 | dual_stack.
notification_configurationjsonbDescribes a notification topic and its status.
num_cache_nodesbigintThe number of cache nodes in the cluster.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
pending_modified_valuesjsonbA group of settings that are applied to the cluster in the future, or that are currently being applied.
preferred_availability_zonetextThe name of the Availability Zone in which the cluster is located or 'Multiple' if the cache nodes are located in different Availability Zones.
preferred_maintenance_windowtextSpecifies the weekly time range during which maintenance on the cluster is performed.
preferred_outpost_arntextThe outpost ARN in which the cache cluster is created.
regiontextThe AWS Region in which the resource is located.
replication_group_idtextThe replication group to which this cluster belongs.
replication_group_log_delivery_enabledbooleanA boolean value indicating whether log delivery is enabled for the replication group.
security_groupsjsonbA list of VPC Security Groups associated with the cluster.
snapshot_retention_limitbigintThe number of days for which ElastiCache retains automatic cluster snapshots before deleting them.
snapshot_windowtextThe daily time range (in UTC) during which ElastiCache begins taking a daily snapshot of your cluster.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
tagsjsonbA map of tags for the resource.
tags_srcjsonbA list of tags associated with the cluster.
titletextTitle of the resource.
transit_encryption_enabledbooleanA flag that enables in-transit encryption when set to true.
transit_encryption_modetextA setting that allows you to migrate your clients to use in-transit encryption, with no downtime.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_elasticache_cluster