steampipe plugin install awssteampipe plugin install aws

Table: aws_rds_db_cluster - Query AWS RDS DB Clusters using SQL

The AWS RDS DB Cluster is a component of Amazon Relational Database Service (RDS). It is a virtual database where multiple DB instances are associated under a single endpoint. This allows for efficient scaling and management of databases, providing high availability and failover support for DB instances.

Table Usage Guide

The aws_rds_db_cluster table in Steampipe provides you with information about DB clusters within Amazon Relational Database Service (RDS). This table allows you, as a DevOps engineer, to query DB cluster-specific details, including configuration, status, and security settings. You can utilize this table to gather insights on DB clusters, such as their availability, backup settings, encryption status, and more. The schema outlines the various attributes of the DB cluster for you, including the DB cluster identifier, creation time, DB cluster members, and associated tags.

Examples

List of DB clusters which are not encrypted

Discover the segments of your database clusters that lack encryption. This is crucial for identifying potential security vulnerabilities within your AWS RDS database clusters.

select
  db_cluster_identifier,
  allocated_storage,
  kms_key_id
from
  aws_rds_db_cluster
where
  kms_key_id is null;

select
  db_cluster_identifier,
  allocated_storage,
  kms_key_id
from
  aws_rds_db_cluster
where
  kms_key_id is null;

List of DB clusters where backup retention period is greater than 7 days

Explore which database clusters have a backup retention period set for more than a week. This can be useful for identifying databases that have longer data retention policies, potentially indicating important or sensitive data.

select
  db_cluster_identifier,
  backup_retention_period
from
  aws_rds_db_cluster
where
  backup_retention_period > 7;

select
  db_cluster_identifier,
  backup_retention_period
from
  aws_rds_db_cluster
where
  backup_retention_period > 7;

Avalability zone count for each db instance

Determine the areas in which each database cluster is available by counting the availability zones. This can be useful for understanding the spread and redundancy of your databases across different geographical zones.

select
  db_cluster_identifier,
  jsonb_array_length(availability_zones) availability_zones_count
from
  aws_rds_db_cluster;

select
  db_cluster_identifier,
  json_array_length(json(availability_zones)) as availability_zones_count
from
  aws_rds_db_cluster;

DB cluster Members info

Explore the configuration of your database clusters to understand the status of each member, their roles, and their promotion tiers. This can help optimize the performance and reliability of your cloud databases.

select
  db_cluster_identifier,
  member ->> 'DBClusterParameterGroupStatus' as db_cluster_parameter_group_status,
  member ->> 'DBInstanceIdentifier' as db_instance_identifier,
  member ->> 'IsClusterWriter' as is_cluster_writer,
  member ->> 'PromotionTier' as promotion_tier
from
  aws_rds_db_cluster
  cross join jsonb_array_elements(members) as member;

select
  db_cluster_identifier,
  json_extract(member.value, '$.DBClusterParameterGroupStatus') as db_cluster_parameter_group_status,
  json_extract(member.value, '$.DBInstanceIdentifier') as db_instance_identifier,
  json_extract(member.value, '$.IsClusterWriter') as is_cluster_writer,
  json_extract(member.value, '$.PromotionTier') as promotion_tier
from
  aws_rds_db_cluster,
  json_each(members) as member;

List DB cluster pending maintenance actions

Discover the segments that require pending maintenance actions in your database clusters. This is useful in planning and prioritizing maintenance schedules, by understanding which actions are due and their respective timelines.

select
  actions ->> 'ResourceIdentifier' as db_cluster_identifier,
  details ->> 'Action' as action,
  details ->> 'OptInStatus' as opt_in_status,
  details ->> 'ForcedApplyDate' as forced_apply_date,
  details ->> 'CurrentApplyDate' as current_apply_date,
  details ->> 'AutoAppliedAfterDate' as auto_applied_after_date
from
  aws_rds_db_cluster,
  jsonb_array_elements(pending_maintenance_actions) as actions,
  jsonb_array_elements(actions -> 'PendingMaintenanceActionDetails') as details;

select
  json_extract(actions.value, '$.ResourceIdentifier') as db_cluster_identifier,
  json_extract(details.value, '$.Action') as action,
  json_extract(details.value, '$.OptInStatus') as opt_in_status,
  json_extract(details.value, '$.ForcedApplyDate') as forced_apply_date,
  json_extract(details.value, '$.CurrentApplyDate') as current_apply_date,
  json_extract(details.value, '$.AutoAppliedAfterDate') as auto_applied_after_date
from
  aws_rds_db_cluster,
  json_each(pending_maintenance_actions) as actions,
  json_each(
    json_extract(
      actions.value,
      '$.PendingMaintenanceActionDetails'
    )
  ) as details;

Query examples

Control examples

Schema for aws_rds_db_cluster

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
account_id	text	=, !=, ~~, ~~, !~~, !~~	The AWS Account ID in which the resource is located.
activity_stream_kinesis_stream_name	text		The name of the Amazon Kinesis data stream used for the database activity stream.
activity_stream_kms_key_id	text		The AWS KMS key identifier used for encrypting messages in the database activity stream.
activity_stream_mode	text		The mode of the database activity stream.
activity_stream_status	text		The status of the database activity stream.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
allocated_storage	bigint		Specifies the allocated storage size in gibibytes (GiB).
arn	text		The Amazon Resource Name (ARN) for the DB Cluster.
associated_roles	jsonb		A list of AWS IAM roles that are associated with the DB cluster.
auto_minor_version_upgrade	boolean		A value that indicates that minor version patches are applied automatically. This setting is only for non-Aurora Multi-AZ DB clusters.
automatic_restart_time	timestamp with time zone		The time when a stopped DB cluster is restarted automatically.
availability_zones	jsonb		A list of Availability Zones (AZs) where instances in the DB cluster can be created.
aws_backup_recovery_point_arn	text		The Amazon Resource Name (ARN) of the recovery point in Amazon Web Services Backup.
backtrack_consumed_change_records	bigint		The number of change records stored for Backtrack.
backtrack_window	bigint		The target backtrack window, in seconds.
backup_retention_period	bigint		Specifies the number of days for which automatic DB snapshots are retained.
capacity	bigint		The current capacity of an Aurora Serverless DB cluster.
certificate_details	jsonb		The details of the DB instance’s server certificate.
character_set_name	text		Specifies the name of the character set that this cluster is associated with.
clone_group_id	text	=	Identifies the clone group to which the DB cluster is associated.
copy_tags_to_snapshot	boolean		Specifies whether tags are copied from the DB cluster to snapshots of the DB cluster, or not.
create_time	timestamp with time zone		Specifies the time when the DB cluster was created.
cross_account_clone	boolean		Specifies whether the DB cluster is a clone of a DB cluster owned by a different AWS account, or not.
custom_endpoints	jsonb		A list of all custom endpoints associated with the cluster.
database_name	text		Contains the name of the initial database of this DB cluster that was provided at create time.
db_cluster_identifier	text	=	The friendly name to identify the DB Cluster.
db_cluster_instance_class	text		The name of the compute and memory capacity class of the DB instance.
db_cluster_parameter_group	text		Specifies the name of the DB cluster parameter group for the DB cluster.
db_subnet_group	text		Specifies information on the subnet group associated with the DB cluster.
deletion_protection	boolean		Specifies whether the DB cluster has deletion protection enabled, or not.
domain_memberships	jsonb		A list of Active Directory Domain membership records associated with the DB cluster.
earliest_backtrack_time	timestamp with time zone		The earliest time to which a DB cluster can be backtracked.
earliest_restorable_time	timestamp with time zone		The earliest time to which a database can be restored with point-in-time restore.
enabled_cloudwatch_logs_exports	jsonb		A list of log types that this DB cluster is configured to export to CloudWatch Logs.
endpoint	text		Specifies the connection endpoint for the primary instance of the DB cluster.
engine	text	=	The name of the database engine to be used for this DB cluster.
engine_mode	text		The DB engine mode of the DB cluster.
engine_version	text		Indicates the database engine version.
global_write_forwarding_requested	boolean		Specifies whether you have requested to enable write forwarding for a secondary cluster in an Aurora global database, or not.
global_write_forwarding_status	text		Specifies whether a secondary cluster in an Aurora global database has write forwarding enabled, or not.
hosted_zone_id	text		Specifies the ID that Amazon Route 53 assigns when you create a hosted zone.
http_endpoint_enabled	boolean		Specifies whether the HTTP endpoint for an Aurora Serverless DB cluster is enabled, or not.
iam_database_authentication_enabled	boolean		Specifies whether the the mapping of AWS IAM accounts to database accounts is enabled, or not.
io_optimized_next_allowed_modification_time	timestamp with time zone		The next time you can modify the DB cluster to use the aurora-iopt1 storage type. This setting is only for Aurora DB clusters.
kms_key_id	text		The AWS KMS key identifier for the encrypted DB cluster.
latest_restorable_time	timestamp with time zone		Specifies the latest time to which a database can be restored with point-in-time restore.
limitless_database	jsonb		The details for Aurora Limitless Database.
local_write_forwarding_status	text		Indicates whether an Aurora DB cluster has in-cluster write forwarding enabled, not enabled, requested, or is in the process of enabling it.
master_user_name	text		Contains the master username for the DB cluster.
master_user_secret	jsonb		The secret managed by RDS in Amazon Web Services Secrets Manager for the master user password.
members	jsonb		A list of instances that make up the DB cluster.
monitoring_interval	bigint		The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB cluster.
monitoring_role_arn	text		The ARN for the IAM role that permits RDS to send Enhanced Monitoring metrics to Amazon CloudWatch Logs.
multi_az	boolean		Specifies whether the DB cluster has instances in multiple Availability Zones, or not.
network_type	text		The network type of the DB instance.
option_group_memberships	jsonb		A list of option group memberships for this DB cluster.
partition	text		The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
pending_maintenance_actions	jsonb		A list that provides details about the pending maintenance actions for the resource.
pending_modified_values	jsonb		Information about pending changes to the DB cluster.
percent_progress	text		Specifies the progress of the operation as a percentage.
performance_insights_enabled	boolean		Indicates whether Performance Insights is enabled for the DB cluster.
performance_insights_kms_key_id	text		The Amazon Web Services KMS key identifier for encryption of Performance Insights data.
performance_insights_retention_period	bigint		The number of days to retain Performance Insights data.
port	bigint		Specifies the port that the database engine is listening on.
preferred_backup_window	text		Specifies the daily time range during which automated backups are created.
preferred_maintenance_window	text		Specifies the weekly time range during which system maintenance can occur
publicly_accessible	boolean		Indicates whether the DB cluster is publicly accessible.
read_replica_identifiers	jsonb		A list of identifiers of the read replicas associated with this DB cluster.
reader_endpoint	text		The reader endpoint for the DB cluster.
region	text		The AWS Region in which the resource is located.
resource_id	text		The AWS Region-unique, immutable identifier for the DB cluster.
scaling_configuration_info	jsonb		The scaling configuration for an Aurora DB cluster in serverless DB engine mode.
serverless_v2_scaling_configuration	jsonb		The scaling configuration for an Aurora Serverless v2 DB cluster.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
status	text		Specifies the status of this DB Cluster.
storage_encrypted	boolean		Specifies whether the DB cluster is encrypted, or not.
storage_throughput	bigint		The storage throughput for the DB cluster.
storage_type	text		The storage type associated with the DB cluster.
tags	jsonb		A map of tags for the resource.
tags_src	jsonb		A list of tags attached to the DB Cluster.
title	text		Title of the resource.
vpc_security_groups	jsonb		A list of VPC security groups that the DB cluster belongs to.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_rds_db_cluster