Table: aws_iam_server_certificate - Query AWS IAM Server Certificates using SQL

The AWS IAM Server Certificate is a resource in AWS Identity and Access Management (IAM) that you upload to deploy an SSL/TLS-based app on AWS. It contains a public key certificate, a private key, and an optional certificate chain, which is an ordered list of certificates that includes the root certificate and intermediate certificates. This enables secure connections from a client, such as a web browser, to an AWS service like a load balancer.

Table Usage Guide

The aws_iam_server_certificate table in Steampipe provides you with information about server certificates within AWS Identity and Access Management (IAM). This table allows you, as a DevOps engineer, to query certificate-specific details, including the certificate body, certificate chain, and associated metadata. You can utilize this table to gather insights on certificates, such as certificates' expiration dates, the path of the certificate, and more. The schema outlines the various attributes of the IAM server certificate for you, including the server certificate name, certificate ID, creation date, and associated tags.

Examples

Basic info

Gain insights into your AWS server certificates, including their names, ARNs, and IDs, as well as their upload and expiration dates. This can help manage your certificates, ensuring they're up-to-date and preventing potential security issues.

select
  name,
  arn,
  server_certificate_id,
  upload_date,
  expiration
from
  aws_iam_server_certificate;

select
  name,
  arn,
  server_certificate_id,
  upload_date,
  expiration
from
  aws_iam_server_certificate;

List expired certificates

Determine the areas in which your AWS IAM server certificates have expired. This is useful to ensure your system's security by replacing or renewing those certificates promptly.

select
  name,
  arn,
  expiration
from
  aws_iam_server_certificate
where
  expiration < now() :: timestamp;

select
  name,
  arn,
  expiration
from
  aws_iam_server_certificate
where
  expiration < datetime('now');

Control examples

Schema for aws_iam_server_certificate

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
account_id	text	=, !=, ~~, ~~, !~~, !~~	The AWS Account ID in which the resource is located.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
arn	text		The Amazon Resource Name (ARN) specifying the server certificate.
certificate_body	text		The contents of the public key certificate.
certificate_chain	text		The contents of the public key certificate chain.
expiration	timestamp with time zone		The date on which the certificate is set to expire.
name	text	=	The name that identifies the server certificate.
partition	text		The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
path	text	=	The path to the server certificate.
region	text		The AWS Region in which the resource is located.
server_certificate_id	text		The stable and unique string identifying the server certificate.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
tags	jsonb		A map of tags for the resource.
tags_src	jsonb		A list of tags attached with the resource.
title	text		Title of the resource.
upload_date	timestamp with time zone		The Amazon Resource Name (ARN) of the account that is designated as the management account for the organization

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_iam_server_certificate