steampipe plugin install awssteampipe plugin install aws
aws_accessanalyzer_analyzeraws_accountaws_acm_certificateaws_api_gateway_api_authorizeraws_api_gateway_api_keyaws_api_gateway_authorizeraws_api_gateway_rest_apiaws_api_gateway_stageaws_api_gateway_usage_planaws_api_gatewayv2_apiaws_api_gatewayv2_domain_nameaws_api_gatewayv2_integrationaws_api_gatewayv2_stageaws_appautoscaling_targetaws_auditmanager_assessmentaws_auditmanager_controlaws_auditmanager_evidenceaws_auditmanager_evidence_folderaws_auditmanager_frameworkaws_availability_zoneaws_backup_planaws_backup_protected_resourceaws_backup_recovery_pointaws_backup_selectionaws_backup_vaultaws_cloudcontrol_resourceaws_cloudformation_stackaws_cloudfront_cache_policyaws_cloudfront_distributionaws_cloudfront_origin_access_identityaws_cloudfront_origin_request_policyaws_cloudtrail_trailaws_cloudtrail_trail_eventaws_cloudwatch_alarmaws_cloudwatch_log_eventaws_cloudwatch_log_groupaws_cloudwatch_log_metric_filteraws_cloudwatch_log_resource_policyaws_cloudwatch_log_streamaws_codebuild_projectaws_codebuild_source_credentialaws_codecommit_repositoryaws_codepipeline_pipelineaws_config_configuration_recorderaws_config_conformance_packaws_config_ruleaws_cost_by_account_dailyaws_cost_by_account_monthlyaws_cost_by_service_dailyaws_cost_by_service_monthlyaws_cost_by_service_usage_type_dailyaws_cost_by_service_usage_type_monthlyaws_cost_forecast_dailyaws_cost_forecast_monthlyaws_cost_usageaws_dax_clusteraws_directory_service_directoryaws_dms_replication_instanceaws_dynamodb_backupaws_dynamodb_global_tableaws_dynamodb_metric_account_provisioned_read_capacity_utilaws_dynamodb_metric_account_provisioned_write_capacity_utilaws_dynamodb_tableaws_ebs_snapshotaws_ebs_volumeaws_ebs_volume_metric_read_opsaws_ebs_volume_metric_read_ops_dailyaws_ebs_volume_metric_read_ops_hourlyaws_ebs_volume_metric_write_opsaws_ebs_volume_metric_write_ops_dailyaws_ebs_volume_metric_write_ops_hourlyaws_ec2_amiaws_ec2_ami_sharedaws_ec2_application_load_balanceraws_ec2_application_load_balancer_metric_request_countaws_ec2_application_load_balancer_metric_request_count_dailyaws_ec2_autoscaling_groupaws_ec2_capacity_reservationaws_ec2_classic_load_balanceraws_ec2_gateway_load_balanceraws_ec2_instanceaws_ec2_instance_availabilityaws_ec2_instance_metric_cpu_utilizationaws_ec2_instance_metric_cpu_utilization_dailyaws_ec2_instance_metric_cpu_utilization_hourlyaws_ec2_instance_typeaws_ec2_key_pairaws_ec2_launch_configurationaws_ec2_load_balancer_listeneraws_ec2_network_interfaceaws_ec2_network_load_balanceraws_ec2_network_load_balancer_metric_net_flow_countaws_ec2_network_load_balancer_metric_net_flow_count_dailyaws_ec2_regional_settingsaws_ec2_reserved_instanceaws_ec2_ssl_policyaws_ec2_target_groupaws_ec2_transit_gatewayaws_ec2_transit_gateway_routeaws_ec2_transit_gateway_route_tableaws_ec2_transit_gateway_vpc_attachmentaws_ecr_repositoryaws_ecrpublic_repositoryaws_ecs_clusteraws_ecs_cluster_metric_cpu_utilizationaws_ecs_cluster_metric_cpu_utilization_dailyaws_ecs_cluster_metric_cpu_utilization_hourlyaws_ecs_container_instanceaws_ecs_serviceaws_ecs_taskaws_ecs_task_definitionaws_efs_access_pointaws_efs_file_systemaws_efs_mount_targetaws_eks_addonaws_eks_addon_versionaws_eks_clusteraws_eks_identity_provider_configaws_elastic_beanstalk_applicationaws_elastic_beanstalk_environmentaws_elasticache_clusteraws_elasticache_parameter_groupaws_elasticache_redis_metric_cache_hits_hourlyaws_elasticache_redis_metric_curr_connections_hourlyaws_elasticache_redis_metric_engine_cpu_utilization_hourlyaws_elasticache_redis_metric_get_type_cmds_hourlyaws_elasticache_redis_metric_list_based_cmds_hourlyaws_elasticache_redis_metric_new_connections_hourlyaws_elasticache_replication_groupaws_elasticache_subnet_groupaws_elasticsearch_domainaws_emr_clusteraws_emr_cluster_metric_is_idleaws_emr_instance_groupaws_eventbridge_busaws_eventbridge_ruleaws_fsx_file_systemaws_glacier_vaultaws_glue_catalog_databaseaws_guardduty_detectoraws_guardduty_findingaws_guardduty_ipsetaws_guardduty_threat_intel_setaws_iam_access_advisoraws_iam_access_keyaws_iam_account_password_policyaws_iam_account_summaryaws_iam_actionaws_iam_credential_reportaws_iam_groupaws_iam_policyaws_iam_policy_simulatoraws_iam_roleaws_iam_server_certificateaws_iam_useraws_iam_virtual_mfa_deviceaws_identitystore_groupaws_identitystore_useraws_inspector_assessment_targetaws_inspector_assessment_templateaws_kinesis_consumeraws_kinesis_firehose_delivery_streamaws_kinesis_streamaws_kinesis_video_streamaws_kinesisanalyticsv2_applicationaws_kms_keyaws_lambda_aliasaws_lambda_functionaws_lambda_function_metric_duration_dailyaws_lambda_function_metric_errors_dailyaws_lambda_function_metric_invocations_dailyaws_lambda_layeraws_lambda_layer_versionaws_lambda_versionaws_macie2_classification_jobaws_media_store_containeraws_organizations_accountaws_rds_db_clusteraws_rds_db_cluster_parameter_groupaws_rds_db_cluster_snapshotaws_rds_db_event_subscriptionaws_rds_db_instanceaws_rds_db_instance_metric_connectionsaws_rds_db_instance_metric_connections_dailyaws_rds_db_instance_metric_connections_hourlyaws_rds_db_instance_metric_cpu_utilizationaws_rds_db_instance_metric_cpu_utilization_dailyaws_rds_db_instance_metric_cpu_utilization_hourlyaws_rds_db_instance_metric_read_iopsaws_rds_db_instance_metric_read_iops_dailyaws_rds_db_instance_metric_read_iops_hourlyaws_rds_db_instance_metric_write_iopsaws_rds_db_instance_metric_write_iops_dailyaws_rds_db_instance_metric_write_iops_hourlyaws_rds_db_option_groupaws_rds_db_parameter_groupaws_rds_db_snapshotaws_rds_db_subnet_groupaws_redshift_clusteraws_redshift_cluster_metric_cpu_utilization_dailyaws_redshift_event_subscriptionaws_redshift_parameter_groupaws_redshift_snapshotaws_redshift_subnet_groupaws_regionaws_route53_domainaws_route53_recordaws_route53_resolver_endpointaws_route53_resolver_ruleaws_route53_zoneaws_s3_access_pointaws_s3_account_settingsaws_s3_bucketaws_sagemaker_endpoint_configurationaws_sagemaker_modelaws_sagemaker_notebook_instanceaws_sagemaker_training_jobaws_secretsmanager_secretaws_securityhub_hubaws_securityhub_productaws_securityhub_standards_subscriptionaws_serverlessapplicationrepository_applicationaws_sfn_state_machineaws_sfn_state_machine_executionaws_sfn_state_machine_execution_historyaws_sns_topicaws_sns_topic_subscriptionaws_sqs_queueaws_ssm_associationaws_ssm_documentaws_ssm_maintenance_windowaws_ssm_managed_instanceaws_ssm_managed_instance_complianceaws_ssm_parameteraws_ssm_patch_baselineaws_ssoadmin_instanceaws_ssoadmin_managed_policy_attachmentaws_ssoadmin_permission_setaws_tagging_resourceaws_vpcaws_vpc_customer_gatewayaws_vpc_dhcp_optionsaws_vpc_egress_only_internet_gatewayaws_vpc_eipaws_vpc_endpointaws_vpc_endpoint_serviceaws_vpc_flow_logaws_vpc_flow_log_eventaws_vpc_internet_gatewayaws_vpc_nat_gatewayaws_vpc_network_aclaws_vpc_routeaws_vpc_route_tableaws_vpc_security_groupaws_vpc_security_group_ruleaws_vpc_subnetaws_vpc_vpn_connectionaws_vpc_vpn_gatewayaws_waf_rate_based_ruleaws_waf_ruleaws_wafv2_ip_setaws_wafv2_regex_pattern_setaws_wafv2_rule_groupaws_wafv2_web_aclaws_wellarchitected_workloadaws_workspaces_workspace

Table: aws_elasticsearch_domain

Amazon ES is a managed service that helps to deploy, operate, and scale Elasticsearch clusters in the AWS Cloud. Domains are clusters with the settings, instance types, instance counts, and storage resources that you specify.

Example

Basic info

select
domain_name,
domain_id,
arn,
elasticsearch_version,
created
from
aws_elasticsearch_domain;

List domains that are not encrypted at rest

select
domain_name,
domain_id,
encryption_at_rest_options ->> 'Enabled' as enabled,
encryption_at_rest_options ->> 'KmsKeyId' as kms_key_id
from
aws_elasticsearch_domain
where
encryption_at_rest_options ->> 'Enabled' = 'false';

Get storage details for domains that are using EBS storage type

select
domain_name,
domain_id,
ebs_options ->> 'VolumeSize' as volume_size,
ebs_options ->> 'VolumeType' as volume_type,
ebs_options ->> 'EBSEnabled' as ebs_enabled
from
aws_elasticsearch_domain
where
ebs_options ->> 'EBSEnabled' = 'true';

Get network details for each domain

select
domain_name,
vpc_options ->> 'AvailabilityZones' as availability_zones,
vpc_options ->> 'SecurityGroupIds' as security_group_ids,
vpc_options ->> 'SubnetIds' as subnet_ids,
vpc_options ->> 'VPCId' as vpc_id
from
aws_elasticsearch_domain
where
vpc_options ->> 'AvailabilityZones' is not null;

Get the instance details for each domain

select
domain_name,
domain_id,
elasticsearch_cluster_config ->> 'InstanceType' as instance_type,
elasticsearch_cluster_config ->> 'InstanceCount' as instance_count
from
aws_elasticsearch_domain;

List domains that grant anonymous access

select
domain_name,
p as principal,
a as action,
s ->> 'Effect' as effect
from
aws_elasticsearch_domain,
jsonb_array_elements(policy_std -> 'Statement') as s,
jsonb_array_elements_text(s -> 'Principal' -> 'AWS') as p,
jsonb_array_elements_text(s -> 'Action') as a
where
p = '*'
and s ->> 'Effect' = 'Allow';

List domain log publishing options

select
domain_name,
domain_id,
log_publishing_options
from
aws_elasticsearch_domain;

List domain Search slow logs details

select
domain_name,
domain_id,
log_publishing_options -> 'SEARCH_SLOW_LOGS' -> 'Enabled' as enabled,
log_publishing_options -> 'SEARCH_SLOW_LOGS' -> 'CloudWatchLogsLogGroupArn' as cloud_watch_logs_log_group_arn
from
aws_elasticsearch_domain;

Control examples

.inspect aws_elasticsearch_domain

AWS Elasticsearch Domain

NameTypeDescription
access_policiestextIAM access policy as a JSON-formatted string.
account_idtextThe AWS Account ID in which the resource is located.
advanced_optionsjsonbSpecifies the status of the AdvancedOptions.
advanced_security_optionsjsonbSpecifies The current status of the Elasticsearch domain's advanced security options.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntextThe Amazon Resource Name (ARN) of the domain.
auto_tune_optionsjsonbThe current status of the Elasticsearch domain's Auto-Tune options.
cognito_optionsjsonbThe CognitoOptions for the specified domain.
createdbooleanThe domain creation status.
deletedbooleanThe domain deletion status.
domain_endpoint_optionsjsonbThe current status of the Elasticsearch domain's endpoint options.
domain_idtextThe id of the domain.
domain_nametextThe name of the domain.
ebs_optionsjsonbSpecifies whether EBS-based storage is enabled.
elasticsearch_cluster_configjsonbThe type and number of instances in the domain cluster.
elasticsearch_versiontextThe version for the Elasticsearch domain.
enabledbooleanSpecifies the status of the NodeToNodeEncryptionOptions.
encryption_at_rest_optionsjsonbSpecifies the status of the EncryptionAtRestOptions.
endpointtextThe Elasticsearch domain endpoint that use to submit index and search requests.
log_publishing_optionsjsonbLog publishing options for the given domain.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
policy_stdjsonbContains the policy in a canonical form for easier searching.
processingbooleanThe status of the Elasticsearch domain configuration.
regiontextThe AWS Region in which the resource is located.
service_software_optionsjsonbThe current status of the Elasticsearch domain's service software.
snapshot_optionsjsonbSpecifies the status of the SnapshotOptions.
tagsjsonbA map of tags for the resource.
tags_srcjsonbA list of tags assigned to the domain.
titletextTitle of the resource.
upgrade_processingbooleanThe status of an Elasticsearch domain version upgrade.
vpc_optionsjsonbThe VPCOptions for the specified domain.