steampipe plugin install aws

Table: aws_organizations_account - Query AWS Organizations Account using SQL

The AWS Organizations Account is a resource within AWS Organizations service that allows you to centrally manage and govern your environment as you grow and scale your AWS resources. By using AWS Organizations Account, you can create, invite, and manage accounts, set up and apply policies, and consolidate your billing. This helps you to automate AWS account creation and management, and control access to your AWS services.

Table Usage Guide

The aws_organizations_account table in Steampipe provides you with information about each AWS account that is a member of an organization in AWS Organizations. This table allows you, as a DevOps engineer, to query account-specific details, including account status, joined method, email, and associated metadata. You can utilize this table to gather insights on accounts, such as accounts with specific statuses, the method used by the accounts to join the organization, and more. The schema outlines the various attributes of the AWS account, including the account ID, ARN, email, joined method, and status for you.

Important Notes

  • The account_id column in this table is the account ID from which the API calls are being made (often the management account). To get the described member account's ID, query the id column.

Examples

Basic info

Explore the membership details of your AWS organization accounts, including their status and the method they joined with. This can help in understanding account utilization and managing user access.

select
id,
arn,
email,
joined_method,
joined_timestamp,
name,
status,
tags
from
aws_organizations_account;
select
id,
arn,
email,
joined_method,
joined_timestamp,
name,
status,
tags
from
aws_organizations_account;

List suspended accounts

Discover the segments that are suspended within your organization's account. This is particularly useful for auditing and compliance purposes, allowing you to identify and address any potential issues or risks associated with these accounts.

select
id,
name,
arn,
email,
joined_method,
joined_timestamp,
status
from
aws_organizations_account
where
status = 'SUSPENDED';
select
id,
name,
arn,
email,
joined_method,
joined_timestamp,
status
from
aws_organizations_account
where
status = 'SUSPENDED';

Schema for aws_organizations_account

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
account_idtextThe AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntextThe Amazon Resource Name (ARN) of the account.
emailtextThe email address associated with the AWS account.
idtext=The unique identifier (account ID) of the member account.
joined_methodtextThe method by which the account joined the organization.
joined_timestamptimestamp with time zoneThe date the account became a part of the organization.
nametextThe friendly name of the account.
parent_idtext=The unique identifier (ID) for the parent root or organization unit (OU) whose accounts you want to list.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
statustextThe status of the account in the organization.
tagsjsonbA map of tags for the resource.
tags_srcjsonb
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_organizations_account