steampipe plugin install aws

Table: aws_mq_broker - Query AWS MQ Brokers using SQL

Amazon MQ is a managed message broker service provided by AWS (Amazon Web Services). It supports popular messaging protocols such as MQTT, AMQP, and STOMP, making it compatible with a variety of applications. Amazon MQ simplifies the setup, deployment, and maintenance of message brokers, allowing you to focus on developing your applications.

Table Usage Guide

The aws_mq_broker table in Steampipe provides you with information about MQ brokers within AWS. This table allows you, as a DevOps engineer, to query broker specific details, including the boker ARN, creation time, and associated metadata. You can utilize this table to gather insights on nrokers, such as the number of broker nodes, the version and type of the engine used, the state of the broker, and more. The schema outlines the various attributes of the MQ broker for you, including the encryption info, authentication strategy, and associated tags.

Examples

Basic Info

Explore the status and details of your AWS MQ broker to understand their configuration and operational state.

select
arn,
broker_name,
broker_state,
deployment_mode,
created,
host_instance_type,
engine_type,
engine_version tags
from
aws_mq_broker;
select
arn,
broker_name,
broker_state,
deployment_mode,
created,
host_instance_type,
engine_type,
engine_version tags
from
aws_mq_broker;

List brokers that are in rebooting state

Identify certain brokers within AWS MQ service that are in reboot state. This could be useful for system administrators who need to manage resources.

select
arn,
broker_name,
broker_state,
created data_replication_mode,
authentication_strategy
from
aws_mq_broker
where
broker_state = 'REBOOT_IN_PROGRESS';
select
arn,
broker_name,
broker_state,
created data_replication_mode,
authentication_strategy
from
aws_mq_broker
where
broker_state = 'REBOOT_IN_PROGRESS';

List brokers that allow public access

Determine the areas in which public access is allowed for broker. This is useful for identifying potential security risks and ensuring that access to sensitive data is appropriately restricted.

select
arn,
broker_name,
broker_state,
created
from
aws_mq_broker
where
publicly_accessible;
select
arn,
broker_name,
broker_state,
created
from
aws_mq_broker
where
publicly_accessible;

List brokers that encrypted with customer managed key

Identify the specific domains or components within the system where data is secured through encryption using keys managed by the customer.

select
arn,
broker_name,
encryption_options ->> 'UseAwsOwnedKey' as use_aws_owned_key,
created
from
aws_mq_broker
where
encryption_options ->> 'UseAwsOwnedKey' = 'false';
select
arn,
broker_name,
json_extract(
encryption_options,
'$.EncryptionInfo.EncryptionAtRest'
) as use_aws_owned_key,
created
from
aws_mq_broker
where
json_extract(encryption_options, '$.UseAwsOwnedKey') = 'false';

Get maintenance window details of brokers

During the Maintenance Window, the broker instances might be briefly unavailable or experience reduced capacity as updates are applied. This scheduled approach helps minimize the impact on your applications and users, as these activities are carried out during a designated time frame, allowing for predictability and coordination.

select
arn,
broker_name,
maintenance_window_start_time -> 'DayOfWeek' as day_of_week,
maintenance_window_start_time -> 'TimeOfDay' as time_of_day,
maintenance_window_start_time -> 'TimeZone' as time_zone
from
aws_mq_broker;
select
arn,
broker_name,
json_extract(maintenance_window_start_time, '$.DayOfWeek') as day_of_week,
json_extract(maintenance_window_start_time, '$.TimeOfDay') as time_of_day,
json_extract(maintenance_window_start_time, '$.TimeZone') as time_zone
from
aws_mq_broker;

Schema for aws_mq_broker

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
actions_requiredjsonbActions required for a broker.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntextThe Amazon Resource Name (ARN) of the broker.
authentication_strategytextThe authentication strategy used to secure the broker. The default is SIMPLE.
auto_minor_version_upgradebooleanEnables automatic upgrades to new minor versions for brokers, as new versions are released and supported by Amazon MQ.
broker_idtext=The unique ID that Amazon MQ generates for the broker.
broker_instancesjsonbA list of information about allocated brokers.
broker_nametextThe broker's name.
broker_statetextThe broker's status.
configurationsjsonbThe list of all revisions for the specified configuration.
createdtimestamp with time zoneThe time when the broker was created.
data_replication_metadatajsonbThe replication details of the data replication-enabled broker. Only returned if dataReplicationMode is set to CRDR.
data_replication_modetextDescribes whether this broker is a part of a data replication pair.
deployment_modetextThe broker's deployment mode.
encryption_optionsjsonbEncryption options for the broker.
engine_typetextThe type of broker engine. Currently, Amazon MQ supports ACTIVEMQ and RABBITMQ.
engine_versiontextThe broker engine's version.
host_instance_typetextThe broker's instance type.
ldap_server_metadatajsonbThe metadata of the LDAP server used to authenticate and authorize connections to the broker.
logsjsonbThe list of information about logs currently enabled and pending to be deployed for the specified broker.
maintenance_window_start_timejsonbThe parameters that determine the WeeklyStartTime.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
pending_authentication_strategytextThe authentication strategy that will be applied when the broker is rebooted. The default is SIMPLE.
pending_data_replication_metadatajsonbThe pending replication details of the data replication-enabled broker. Only returned if pendingDataReplicationMode is set to CRDR.
pending_data_replication_modetextDescribes whether this broker will be a part of a data replication pair after reboot.
pending_engine_versiontextThe broker engine version to upgrade to.
pending_host_instance_typetextThe broker's host instance type to upgrade to.
pending_ldap_server_metadatajsonbThe metadata of the LDAP server that will be used to authenticate and authorize connections to the broker after it is rebooted.
pending_security_groupsjsonbThe list of pending security groups to authorize connections to brokers.
publicly_accessiblebooleanEnables connections from applications outside of the VPC that hosts the broker's subnets.
regiontextThe AWS Region in which the resource is located.
security_groupsjsonbThe list of rules (1 minimum, 125 maximum) that authorize connections to brokers.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
storage_typetextThe broker's storage type.
subnet_idsjsonbThe list of groups that define which subnets and IP ranges the broker can use from different Availability Zones.
tagsjsonbA list of tags attached to the broker.
titletextTitle of the resource.
usersjsonbThe list of all broker usernames for the specified broker.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_mq_broker