Table: aws_elasticsearch_domain - Query AWS Elasticsearch Service Domain using SQL

The AWS Elasticsearch Service Domain is a fully managed service that makes it easy for you to deploy, secure, operate, and scale Elasticsearch to search, analyze, and visualize data in real-time. With the service, you get direct access to the Elasticsearch APIs and can seamlessly scale your workloads to hundreds of thousands of events per second. It offers built-in integrations with Kibana, Logstash, AWS services including Amazon Kinesis Data Firehose, AWS Lambda, and Amazon CloudWatch, so you can go from raw data to actionable insights quickly.

Table Usage Guide

The aws_elasticsearch_domain table in Steampipe provides you with information about Elasticsearch domains within AWS Elasticsearch Service. This table enables you, as a DevOps engineer, to query domain-specific details, including configuration settings, access policies, and associated metadata. You can utilize this table to gather insights on domains, such as the domain's configuration, access and security settings, and more. The schema outlines the various attributes of the Elasticsearch domain for you, including the domain name, domain ID, ARN, created and deleted status, and associated tags.

Examples

Basic info

select
  domain_name,
  domain_id,
  arn,
  elasticsearch_version,
  created
from
  aws_elasticsearch_domain;

select
  domain_name,
  domain_id,
  arn,
  elasticsearch_version,
  created
from
  aws_elasticsearch_domain;

List domains that are not encrypted at rest

select
  domain_name,
  domain_id,
  encryption_at_rest_options ->> 'Enabled' as enabled,
  encryption_at_rest_options ->> 'KmsKeyId' as kms_key_id
from
  aws_elasticsearch_domain
where
  encryption_at_rest_options ->> 'Enabled' = 'false';

select
  domain_name,
  domain_id,
  json_extract(encryption_at_rest_options, '$.Enabled') as enabled,
  json_extract(encryption_at_rest_options, '$.KmsKeyId') as kms_key_id
from
  aws_elasticsearch_domain
where
  json_extract(encryption_at_rest_options, '$.Enabled') = 'false';

Get storage details for domains that are using EBS storage type

select
  domain_name,
  domain_id,
  ebs_options ->> 'VolumeSize' as volume_size,
  ebs_options ->> 'VolumeType' as volume_type,
  ebs_options ->> 'EBSEnabled' as ebs_enabled
from
  aws_elasticsearch_domain
where
  ebs_options ->> 'EBSEnabled' = 'true';

select
  domain_name,
  domain_id,
  json_extract(ebs_options, '$.VolumeSize') as volume_size,
  json_extract(ebs_options, '$.VolumeType') as volume_type,
  json_extract(ebs_options, '$.EBSEnabled') as ebs_enabled
from
  aws_elasticsearch_domain
where
  json_extract(ebs_options, '$.EBSEnabled') = 'true';

Get network details for each domain

select
  domain_name,
  vpc_options ->> 'AvailabilityZones' as availability_zones,
  vpc_options ->> 'SecurityGroupIds' as security_group_ids,
  vpc_options ->> 'SubnetIds' as subnet_ids,
  vpc_options ->> 'VPCId' as vpc_id
from
  aws_elasticsearch_domain
where
  vpc_options ->> 'AvailabilityZones' is not null;

select
  domain_name,
  json_extract(vpc_options.value, '$.AvailabilityZones') as availability_zones,
  json_extract(vpc_options.value, '$.SecurityGroupIds') as security_group_ids,
  json_extract(vpc_options.value, '$.SubnetIds') as subnet_ids,
  json_extract(vpc_options.value, '$.VPCId') as vpc_id
from
  aws_elasticsearch_domain,
  json_each(vpc_options) as vpc_options
where
  json_extract(vpc_options.value, '$.AvailabilityZones') is not null;

Get the instance details for each domain

select
  domain_name,
  domain_id,
  elasticsearch_cluster_config ->> 'InstanceType' as instance_type,
  elasticsearch_cluster_config ->> 'InstanceCount' as instance_count
from
  aws_elasticsearch_domain;

select
  domain_name,
  domain_id,
  json_extract(elasticsearch_cluster_config, '$.InstanceType') as instance_type,
  json_extract(elasticsearch_cluster_config, '$.InstanceCount') as instance_count
from
  aws_elasticsearch_domain;

List domains that grant anonymous access

select
  domain_name,
  p as principal,
  a as action,
  s ->> 'Effect' as effect
from
  aws_elasticsearch_domain,
  jsonb_array_elements(policy_std -> 'Statement') as s,
  jsonb_array_elements_text(s -> 'Principal' -> 'AWS') as p,
  jsonb_array_elements_text(s -> 'Action') as a
where
  p = '*'
  and s ->> 'Effect' = 'Allow';

select
  domain_name,
  p.value as principal,
  a.value as action,
  json_extract(s.value, '$.Effect') as effect
from
  aws_elasticsearch_domain,
  json_each(policy_std, '$.Statement') as s,
  json_each(s.value, '$.Principal.AWS') as p,
  json_each(s.value, '$.Action') as a
where
  p.value = '*'
  and json_extract(s.value, '$.Effect') = 'Allow';

List domain log publishing options

select
  domain_name,
  domain_id,
  log_publishing_options
from
  aws_elasticsearch_domain;

select
  domain_name,
  domain_id,
  log_publishing_options
from
  aws_elasticsearch_domain;

List domain Search slow logs details

select
  domain_name,
  domain_id,
  log_publishing_options -> 'SEARCH_SLOW_LOGS' -> 'Enabled' as enabled,
  log_publishing_options -> 'SEARCH_SLOW_LOGS' -> 'CloudWatchLogsLogGroupArn' as cloud_watch_logs_log_group_arn
from
  aws_elasticsearch_domain;

select
  domain_name,
  domain_id,
  json_extract(
    json_extract(log_publishing_options, '$.SEARCH_SLOW_LOGS'),
    '$.Enabled'
  ) as enabled,
  json_extract(
    json_extract(log_publishing_options, '$.SEARCH_SLOW_LOGS'),
    '$.CloudWatchLogsLogGroupArn'
  ) as cloud_watch_logs_log_group_arn
from
  aws_elasticsearch_domain;

Schema for aws_elasticsearch_domain

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
access_policies	text		IAM access policy as a JSON-formatted string.
account_id	text	=, !=, ~~, ~~, !~~, !~~	The AWS Account ID in which the resource is located.
advanced_options	jsonb		Specifies the status of the AdvancedOptions.
advanced_security_options	jsonb		Specifies The current status of the Elasticsearch domain's advanced security options.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
arn	text		The Amazon Resource Name (ARN) of the domain.
auto_tune_options	jsonb		The current status of the Elasticsearch domain's Auto-Tune options.
change_progress_details	jsonb		Specifies change details of the domain configuration change.
cognito_options	jsonb		The CognitoOptions for the specified domain.
created	boolean		The domain creation status.
deleted	boolean		The domain deletion status.
domain_endpoint_options	jsonb		The current status of the Elasticsearch domain's endpoint options.
domain_id	text		The id of the domain.
domain_name	text	=	The name of the domain.
domain_processing_status	text		The status of any changes that are currently in progress for the domain.
ebs_options	jsonb		Specifies whether EBS-based storage is enabled.
elasticsearch_cluster_config	jsonb		The type and number of instances in the domain cluster.
elasticsearch_version	text		The version for the Elasticsearch domain.
enabled	boolean		Specifies the status of the NodeToNodeEncryptionOptions.
encryption_at_rest_options	jsonb		Specifies the status of the EncryptionAtRestOptions.
endpoint	text		The Elasticsearch domain endpoint that use to submit index and search requests.
endpoints	jsonb		Map containing the Elasticsearch domain endpoints used to submit index and search requests.
engine_type	text		Specifies the EngineType of the domain.
log_publishing_options	jsonb		Log publishing options for the given domain.
modifying_properties	jsonb		Information about the domain properties that are currently being modified.
partition	text		The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
policy_std	jsonb		Contains the policy in a canonical form for easier searching.
processing	boolean		The status of the Elasticsearch domain configuration.
region	text		The AWS Region in which the resource is located.
service_software_options	jsonb		The current status of the Elasticsearch domain's service software.
snapshot_options	jsonb		Specifies the status of the SnapshotOptions.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
tags	jsonb		A map of tags for the resource.
tags_src	jsonb		A list of tags assigned to the domain.
title	text		Title of the resource.
upgrade_processing	boolean		The status of an Elasticsearch domain version upgrade.
vpc_options	jsonb		The VPCOptions for the specified domain.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_elasticsearch_domain