Table: aws_elasticache_cluster - Query Amazon ElastiCache Cluster using SQL

The Amazon ElastiCache Cluster is a part of AWS's ElastiCache service that offers fully managed in-memory data store and cache services. This resource is designed to improve the performance of web applications by allowing you to retrieve information from fast, managed, in-memory caches, instead of relying solely on slower disk-based databases. ElastiCache supports two open-source in-memory caching engines: Memcached and Redis.

Table Usage Guide

The aws_elasticache_cluster table in Steampipe provides you with information about each ElastiCache Cluster within your AWS account. This table enables you, as a DevOps engineer, database administrator, or other IT professional, to query cluster-specific details, including configuration, status, and associated metadata. You can utilize this table to gather insights on clusters, such as their availability zones, cache node types, engine versions, and more. The schema outlines the various attributes of the ElastiCache Cluster for you, including the cluster ID, creation date, current status, and associated tags.

Examples

List clusters that are not encrypted at rest

Determine the areas in which data clusters are lacking proper encryption at rest. This is essential for identifying potential security vulnerabilities and ensuring data protection compliance.

select
  cache_cluster_id,
  cache_node_type,
  at_rest_encryption_enabled
from
  aws_elasticache_cluster
where
  not at_rest_encryption_enabled;

select
  cache_cluster_id,
  cache_node_type,
  at_rest_encryption_enabled
from
  aws_elasticache_cluster
where
  at_rest_encryption_enabled = 0;

List clusters whose availability zone count is less than 2

Determine the areas in which your AWS ElastiCache clusters are potentially vulnerable due to having less than two availability zones. This could be useful for improving disaster recovery strategies and ensuring high availability.

select
  cache_cluster_id,
  preferred_availability_zone
from
  aws_elasticache_cluster
where
  preferred_availability_zone <> 'Multiple';

select
  cache_cluster_id,
  preferred_availability_zone
from
  aws_elasticache_cluster
where
  preferred_availability_zone <> 'Multiple';

List clusters that do not enforce encryption in transit

Determine the areas in your system where encryption in transit is not enforced. This is useful for identifying potential security risks and ensuring that all data is properly protected during transmission.

select
  cache_cluster_id,
  cache_node_type,
  transit_encryption_enabled
from
  aws_elasticache_cluster
where
  not transit_encryption_enabled;

select
  cache_cluster_id,
  cache_node_type,
  transit_encryption_enabled
from
  aws_elasticache_cluster
where
  transit_encryption_enabled = 0;

List clusters provisioned with undesired (for example, cache.m5.large and cache.m4.4xlarge are desired) node types

Identify instances where clusters have been provisioned with undesired node types, enabling you to streamline your resources and align with your preferred configurations. This is particularly useful for maintaining consistency and optimizing performance across your infrastructure.

select
  cache_node_type,
  count(*) as count
from
  aws_elasticache_cluster
where
  cache_node_type not in ('cache.m5.large', 'cache.m4.4xlarge')
group by
  cache_node_type;

select
  cache_node_type,
  count(*) as count
from
  aws_elasticache_cluster
where
  cache_node_type not in ('cache.m5.large', 'cache.m4.4xlarge')
group by
  cache_node_type;

List clusters with inactive notification configuration topics

Determine the areas in which clusters have inactive notification configurations to assess the elements within your system that may not be receiving important updates or alerts.

select
  cache_cluster_id,
  cache_cluster_status,
  notification_configuration ->> 'TopicArn' as topic_arn,
  notification_configuration ->> 'TopicStatus' as topic_status
from
  aws_elasticache_cluster
where
  notification_configuration ->> 'TopicStatus' = 'inactive';

select
  cache_cluster_id,
  cache_cluster_status,
  json_extract(notification_configuration, '$.TopicArn') as topic_arn,
  json_extract(notification_configuration, '$.TopicStatus') as topic_status
from
  aws_elasticache_cluster
where
  json_extract(notification_configuration, '$.TopicStatus') = 'inactive';

Get security group details for each cluster

Determine the security status of each cluster by examining the associated security group details. This can help in evaluating the security posture of your clusters and identifying any potential vulnerabilities.

select
  cache_cluster_id,
  sg ->> 'SecurityGroupId' as security_group_id,
  sg ->> 'Status' as status
from
  aws_elasticache_cluster,
  jsonb_array_elements(security_groups) as sg;

select
  cache_cluster_id,
  json_extract(sg.value, '$.SecurityGroupId') as security_group_id,
  json_extract(sg.value, '$.Status') as status
from
  aws_elasticache_cluster,
  json_each(security_groups) as sg;

List clusters with automatic backup disabled

Determine the areas in which automatic backups are disabled for your clusters. This is useful for ensuring data safety and minimizing the risk of data loss.

select
  cache_cluster_id,
  cache_node_type,
  cache_cluster_status,
  snapshot_retention_limit
from
  aws_elasticache_cluster
where
  snapshot_retention_limit is null;

select
  cache_cluster_id,
  cache_node_type,
  cache_cluster_status,
  snapshot_retention_limit
from
  aws_elasticache_cluster
where
  snapshot_retention_limit is null;

Query examples

Control examples

Schema for aws_elasticache_cluster

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
account_id	text	=, !=, ~~, ~~, !~~, !~~	The AWS Account ID in which the resource is located.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
arn	text		The ARN (Amazon Resource Name) of the cache cluster.
at_rest_encryption_enabled	boolean		A flag that enables encryption at-rest when set to true.
auth_token_enabled	boolean		A flag that enables using an AuthToken (password) when issuing Redis commands.
auth_token_last_modified_date	timestamp with time zone		The date the auth token was last modified.
auto_minor_version_upgrade	boolean		This parameter is currently disabled.
cache_cluster_create_time	timestamp with time zone		The date and time when the cluster was created.
cache_cluster_id	text	=	An unique identifier for ElastiCache cluster.
cache_cluster_status	text		The current state of this cluster, one of the following values: available, creating, deleted, deleting, incompatible-network, modifying, rebooting cluster nodes, restore-failed, or snapshotting.
cache_node_type	text		The name of the compute and memory capacity node type for the cluster.
cache_nodes	jsonb		A list of cache nodes that are members of the cluster.
cache_parameter_group	jsonb		Status of the cache parameter group.
cache_security_groups	jsonb		A list of cache security group elements, composed of name and status sub-elements.
cache_subnet_group_name	text		The name of the cache subnet group associated with the cluster.
client_download_landing_page	text		The URL of the web page where you can download the latest ElastiCache client library.
configuration_endpoint	jsonb		Represents a Memcached cluster endpoint which can be used by an application to connect to any node in the cluster.
engine	text		The name of the cache engine (memcached or redis) to be used for this cluster.
engine_version	text		The version of the cache engine that is used in this cluster.
ip_discovery	text		The network type associated with the cluster, either ipv4 \| ipv6.
log_delivery_configurations	jsonb		Returns the destination, format, and type of the logs.
network_type	text		Must be either ipv4 \| ipv6 \| dual_stack.
notification_configuration	jsonb		Describes a notification topic and its status.
num_cache_nodes	bigint		The number of cache nodes in the cluster.
partition	text		The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
pending_modified_values	jsonb		A group of settings that are applied to the cluster in the future, or that are currently being applied.
preferred_availability_zone	text		The name of the Availability Zone in which the cluster is located or 'Multiple' if the cache nodes are located in different Availability Zones.
preferred_maintenance_window	text		Specifies the weekly time range during which maintenance on the cluster is performed.
preferred_outpost_arn	text		The outpost ARN in which the cache cluster is created.
region	text		The AWS Region in which the resource is located.
replication_group_id	text		The replication group to which this cluster belongs.
replication_group_log_delivery_enabled	boolean		A boolean value indicating whether log delivery is enabled for the replication group.
security_groups	jsonb		A list of VPC Security Groups associated with the cluster.
snapshot_retention_limit	bigint		The number of days for which ElastiCache retains automatic cluster snapshots before deleting them.
snapshot_window	text		The daily time range (in UTC) during which ElastiCache begins taking a daily snapshot of your cluster.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
tags	jsonb		A map of tags for the resource.
tags_src	jsonb		A list of tags associated with the cluster.
title	text		Title of the resource.
transit_encryption_enabled	boolean		A flag that enables in-transit encryption when set to true.
transit_encryption_mode	text		A setting that allows you to migrate your clients to use in-transit encryption, with no downtime.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_elasticache_cluster