Table: aws_iam_server_certificate - Query AWS IAM Server Certificates using SQL
The AWS IAM Server Certificate is a resource in AWS Identity and Access Management (IAM) that you upload to deploy an SSL/TLS-based app on AWS. It contains a public key certificate, a private key, and an optional certificate chain, which is an ordered list of certificates that includes the root certificate and intermediate certificates. This enables secure connections from a client, such as a web browser, to an AWS service like a load balancer.
Table Usage Guide
The aws_iam_server_certificate
table in Steampipe provides you with information about server certificates within AWS Identity and Access Management (IAM). This table allows you, as a DevOps engineer, to query certificate-specific details, including the certificate body, certificate chain, and associated metadata. You can utilize this table to gather insights on certificates, such as certificates' expiration dates, the path of the certificate, and more. The schema outlines the various attributes of the IAM server certificate for you, including the server certificate name, certificate ID, creation date, and associated tags.
Examples
Basic info
Gain insights into your AWS server certificates, including their names, ARNs, and IDs, as well as their upload and expiration dates. This can help manage your certificates, ensuring they're up-to-date and preventing potential security issues.
select name, arn, server_certificate_id, upload_date, expirationfrom aws_iam_server_certificate;
select name, arn, server_certificate_id, upload_date, expirationfrom aws_iam_server_certificate;
List expired certificates
Determine the areas in which your AWS IAM server certificates have expired. This is useful to ensure your system's security by replacing or renewing those certificates promptly.
select name, arn, expirationfrom aws_iam_server_certificatewhere expiration < now() :: timestamp;
select name, arn, expirationfrom aws_iam_server_certificatewhere expiration < datetime('now');
Schema for aws_iam_server_certificate
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
arn | text | The Amazon Resource Name (ARN) specifying the server certificate. | |
certificate_body | text | The contents of the public key certificate. | |
certificate_chain | text | The contents of the public key certificate chain. | |
expiration | timestamp with time zone | The date on which the certificate is set to expire. | |
name | text | = | The name that identifies the server certificate. |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
path | text | = | The path to the server certificate. |
region | text | The AWS Region in which the resource is located. | |
server_certificate_id | text | The stable and unique string identifying the server certificate. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
tags | jsonb | A map of tags for the resource. | |
tags_src | jsonb | A list of tags attached with the resource. | |
title | text | Title of the resource. | |
upload_date | timestamp with time zone | The Amazon Resource Name (ARN) of the account that is designated as the management account for the organization |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_iam_server_certificate