steampipe plugin install aws

Table: aws_ram_resource_association - Query AWS RAM Resource Associations using SQL

The AWS RAM (Resource Access Manager) Resource Associations allow you to share your resources with any AWS account or within your AWS Organization. It simplifies the sharing process of AWS Transit Gateways, Subnets, and AWS License Manager configurations. This allows you to share resources across accounts to reduce operational overhead.

Table Usage Guide

The aws_ram_resource_association table in Steampipe provides you with information about resource associations within AWS Resource Access Manager (RAM). This table lets you, as a DevOps engineer, query association-specific details, including the associated resource ARN, resource share ARN, association type, and status. You can utilize this table to gather insights on resource associations, such as resources associated with a specific resource share, status of the association, and more. The schema outlines the various attributes of the resource association for you, including the resource ARN, resource share ARN, association type, status, and creation time.

Examples

Basic info

Analyze the settings to understand the status and associations of your shared AWS resources. This can help in managing access and resource allocation, ensuring optimal resource utilization.

select
resource_share_name,
resource_share_arn,
associated_entity,
status
from
aws_ram_resource_association;
select
resource_share_name,
resource_share_arn,
associated_entity,
status
from
aws_ram_resource_association;

List permissions attached with each shared resource associated

Determine the areas in which shared resources are associated with specific permissions. This is useful for managing access control and ensuring proper resource allocation within your AWS environment.

select
resource_share_name,
resource_share_arn,
associated_entity,
p ->> 'Arn' as resource_share_permission_arn,
p ->> 'Status' as resource_share_permission_status
from
aws_ram_resource_association,
jsonb_array_elements(resource_share_permission) p;
select
resource_share_name,
resource_share_arn,
associated_entity,
json_extract(p.value, '$.Arn') as resource_share_permission_arn,
json_extract(p.value, '$.Status') as resource_share_permission_status
from
aws_ram_resource_association,
json_each(resource_share_permission) as p;

Get resources that failed association

Identify instances where resource sharing has failed within your AWS environment. This can be useful for troubleshooting and maintaining efficient resource allocation.

select
resource_share_name,
resource_share_arn,
associated_entity,
status
from
aws_ram_resource_association
where
status = 'FAILED';
select
resource_share_name,
resource_share_arn,
associated_entity,
status
from
aws_ram_resource_association
where
status = 'FAILED';

Schema for aws_ram_resource_association

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
associated_entitytextThe Amazon Resoure Name (ARN) of the associated resource.
association_typetextThe type of entity included in this association.
creation_timetimestamp with time zoneThe date and time when the association was created.
externalbooleanIndicates whether the principal belongs to the same organization in Organizations as the Amazon Web Services account that owns the resource share.
last_updated_timetimestamp with time zoneThe date and time when the association was last updated..
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
resource_share_arntextThe Amazon Resoure Name (ARN) of the resource share.
resource_share_nametextThe name of the resource share.
resource_share_permissionjsonbInformation about an RAM permission that is associated with a resource share and any of its resources of a specified type.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statustextThe current status of the association.
status_messagetextA message about the status of the association.
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_ram_resource_association