Table: aws_rds_db_cluster - Query AWS RDS DB Clusters using SQL
The AWS RDS DB Cluster is a component of Amazon Relational Database Service (RDS). It is a virtual database where multiple DB instances are associated under a single endpoint. This allows for efficient scaling and management of databases, providing high availability and failover support for DB instances.
Table Usage Guide
The aws_rds_db_cluster
table in Steampipe provides you with information about DB clusters within Amazon Relational Database Service (RDS). This table allows you, as a DevOps engineer, to query DB cluster-specific details, including configuration, status, and security settings. You can utilize this table to gather insights on DB clusters, such as their availability, backup settings, encryption status, and more. The schema outlines the various attributes of the DB cluster for you, including the DB cluster identifier, creation time, DB cluster members, and associated tags.
Examples
List of DB clusters which are not encrypted
Discover the segments of your database clusters that lack encryption. This is crucial for identifying potential security vulnerabilities within your AWS RDS database clusters.
select db_cluster_identifier, allocated_storage, kms_key_idfrom aws_rds_db_clusterwhere kms_key_id is null;
select db_cluster_identifier, allocated_storage, kms_key_idfrom aws_rds_db_clusterwhere kms_key_id is null;
List of DB clusters where backup retention period is greater than 7 days
Explore which database clusters have a backup retention period set for more than a week. This can be useful for identifying databases that have longer data retention policies, potentially indicating important or sensitive data.
select db_cluster_identifier, backup_retention_periodfrom aws_rds_db_clusterwhere backup_retention_period > 7;
select db_cluster_identifier, backup_retention_periodfrom aws_rds_db_clusterwhere backup_retention_period > 7;
Avalability zone count for each db instance
Determine the areas in which each database cluster is available by counting the availability zones. This can be useful for understanding the spread and redundancy of your databases across different geographical zones.
select db_cluster_identifier, jsonb_array_length(availability_zones) availability_zones_countfrom aws_rds_db_cluster;
select db_cluster_identifier, json_array_length(json(availability_zones)) as availability_zones_countfrom aws_rds_db_cluster;
DB cluster Members info
Explore the configuration of your database clusters to understand the status of each member, their roles, and their promotion tiers. This can help optimize the performance and reliability of your cloud databases.
select db_cluster_identifier, member ->> 'DBClusterParameterGroupStatus' as db_cluster_parameter_group_status, member ->> 'DBInstanceIdentifier' as db_instance_identifier, member ->> 'IsClusterWriter' as is_cluster_writer, member ->> 'PromotionTier' as promotion_tierfrom aws_rds_db_cluster cross join jsonb_array_elements(members) as member;
select db_cluster_identifier, json_extract(member.value, '$.DBClusterParameterGroupStatus') as db_cluster_parameter_group_status, json_extract(member.value, '$.DBInstanceIdentifier') as db_instance_identifier, json_extract(member.value, '$.IsClusterWriter') as is_cluster_writer, json_extract(member.value, '$.PromotionTier') as promotion_tierfrom aws_rds_db_cluster, json_each(members) as member;
List DB cluster pending maintenance actions
Discover the segments that require pending maintenance actions in your database clusters. This is useful in planning and prioritizing maintenance schedules, by understanding which actions are due and their respective timelines.
select actions ->> 'ResourceIdentifier' as db_cluster_identifier, details ->> 'Action' as action, details ->> 'OptInStatus' as opt_in_status, details ->> 'ForcedApplyDate' as forced_apply_date, details ->> 'CurrentApplyDate' as current_apply_date, details ->> 'AutoAppliedAfterDate' as auto_applied_after_datefrom aws_rds_db_cluster, jsonb_array_elements(pending_maintenance_actions) as actions, jsonb_array_elements(actions -> 'PendingMaintenanceActionDetails') as details;
select json_extract(actions.value, '$.ResourceIdentifier') as db_cluster_identifier, json_extract(details.value, '$.Action') as action, json_extract(details.value, '$.OptInStatus') as opt_in_status, json_extract(details.value, '$.ForcedApplyDate') as forced_apply_date, json_extract(details.value, '$.CurrentApplyDate') as current_apply_date, json_extract(details.value, '$.AutoAppliedAfterDate') as auto_applied_after_datefrom aws_rds_db_cluster, json_each(pending_maintenance_actions) as actions, json_each( json_extract( actions.value, '$.PendingMaintenanceActionDetails' ) ) as details;
Schema for aws_rds_db_cluster
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
activity_stream_kinesis_stream_name | text | The name of the Amazon Kinesis data stream used for the database activity stream. | |
activity_stream_kms_key_id | text | The AWS KMS key identifier used for encrypting messages in the database activity stream. | |
activity_stream_mode | text | The mode of the database activity stream. | |
activity_stream_status | text | The status of the database activity stream. | |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
allocated_storage | bigint | Specifies the allocated storage size in gibibytes (GiB). | |
arn | text | The Amazon Resource Name (ARN) for the DB Cluster. | |
associated_roles | jsonb | A list of AWS IAM roles that are associated with the DB cluster. | |
auto_minor_version_upgrade | boolean | A value that indicates that minor version patches are applied automatically. This setting is only for non-Aurora Multi-AZ DB clusters. | |
automatic_restart_time | timestamp with time zone | The time when a stopped DB cluster is restarted automatically. | |
availability_zones | jsonb | A list of Availability Zones (AZs) where instances in the DB cluster can be created. | |
aws_backup_recovery_point_arn | text | The Amazon Resource Name (ARN) of the recovery point in Amazon Web Services Backup. | |
backtrack_consumed_change_records | bigint | The number of change records stored for Backtrack. | |
backtrack_window | bigint | The target backtrack window, in seconds. | |
backup_retention_period | bigint | Specifies the number of days for which automatic DB snapshots are retained. | |
capacity | bigint | The current capacity of an Aurora Serverless DB cluster. | |
certificate_details | jsonb | The details of the DB instance’s server certificate. | |
character_set_name | text | Specifies the name of the character set that this cluster is associated with. | |
clone_group_id | text | = | Identifies the clone group to which the DB cluster is associated. |
copy_tags_to_snapshot | boolean | Specifies whether tags are copied from the DB cluster to snapshots of the DB cluster, or not. | |
create_time | timestamp with time zone | Specifies the time when the DB cluster was created. | |
cross_account_clone | boolean | Specifies whether the DB cluster is a clone of a DB cluster owned by a different AWS account, or not. | |
custom_endpoints | jsonb | A list of all custom endpoints associated with the cluster. | |
database_name | text | Contains the name of the initial database of this DB cluster that was provided at create time. | |
db_cluster_identifier | text | = | The friendly name to identify the DB Cluster. |
db_cluster_instance_class | text | The name of the compute and memory capacity class of the DB instance. | |
db_cluster_parameter_group | text | Specifies the name of the DB cluster parameter group for the DB cluster. | |
db_subnet_group | text | Specifies information on the subnet group associated with the DB cluster. | |
deletion_protection | boolean | Specifies whether the DB cluster has deletion protection enabled, or not. | |
domain_memberships | jsonb | A list of Active Directory Domain membership records associated with the DB cluster. | |
earliest_backtrack_time | timestamp with time zone | The earliest time to which a DB cluster can be backtracked. | |
earliest_restorable_time | timestamp with time zone | The earliest time to which a database can be restored with point-in-time restore. | |
enabled_cloudwatch_logs_exports | jsonb | A list of log types that this DB cluster is configured to export to CloudWatch Logs. | |
endpoint | text | Specifies the connection endpoint for the primary instance of the DB cluster. | |
engine | text | = | The name of the database engine to be used for this DB cluster. |
engine_mode | text | The DB engine mode of the DB cluster. | |
engine_version | text | Indicates the database engine version. | |
global_write_forwarding_requested | boolean | Specifies whether you have requested to enable write forwarding for a secondary cluster in an Aurora global database, or not. | |
global_write_forwarding_status | text | Specifies whether a secondary cluster in an Aurora global database has write forwarding enabled, or not. | |
hosted_zone_id | text | Specifies the ID that Amazon Route 53 assigns when you create a hosted zone. | |
http_endpoint_enabled | boolean | Specifies whether the HTTP endpoint for an Aurora Serverless DB cluster is enabled, or not. | |
iam_database_authentication_enabled | boolean | Specifies whether the the mapping of AWS IAM accounts to database accounts is enabled, or not. | |
io_optimized_next_allowed_modification_time | timestamp with time zone | The next time you can modify the DB cluster to use the aurora-iopt1 storage type. This setting is only for Aurora DB clusters. | |
kms_key_id | text | The AWS KMS key identifier for the encrypted DB cluster. | |
latest_restorable_time | timestamp with time zone | Specifies the latest time to which a database can be restored with point-in-time restore. | |
limitless_database | jsonb | The details for Aurora Limitless Database. | |
local_write_forwarding_status | text | Indicates whether an Aurora DB cluster has in-cluster write forwarding enabled, not enabled, requested, or is in the process of enabling it. | |
master_user_name | text | Contains the master username for the DB cluster. | |
master_user_secret | jsonb | The secret managed by RDS in Amazon Web Services Secrets Manager for the master user password. | |
members | jsonb | A list of instances that make up the DB cluster. | |
monitoring_interval | bigint | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB cluster. | |
monitoring_role_arn | text | The ARN for the IAM role that permits RDS to send Enhanced Monitoring metrics to Amazon CloudWatch Logs. | |
multi_az | boolean | Specifies whether the DB cluster has instances in multiple Availability Zones, or not. | |
network_type | text | The network type of the DB instance. | |
option_group_memberships | jsonb | A list of option group memberships for this DB cluster. | |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
pending_maintenance_actions | jsonb | A list that provides details about the pending maintenance actions for the resource. | |
pending_modified_values | jsonb | Information about pending changes to the DB cluster. | |
percent_progress | text | Specifies the progress of the operation as a percentage. | |
performance_insights_enabled | boolean | Indicates whether Performance Insights is enabled for the DB cluster. | |
performance_insights_kms_key_id | text | The Amazon Web Services KMS key identifier for encryption of Performance Insights data. | |
performance_insights_retention_period | bigint | The number of days to retain Performance Insights data. | |
port | bigint | Specifies the port that the database engine is listening on. | |
preferred_backup_window | text | Specifies the daily time range during which automated backups are created. | |
preferred_maintenance_window | text | Specifies the weekly time range during which system maintenance can occur | |
publicly_accessible | boolean | Indicates whether the DB cluster is publicly accessible. | |
read_replica_identifiers | jsonb | A list of identifiers of the read replicas associated with this DB cluster. | |
reader_endpoint | text | The reader endpoint for the DB cluster. | |
region | text | The AWS Region in which the resource is located. | |
resource_id | text | The AWS Region-unique, immutable identifier for the DB cluster. | |
scaling_configuration_info | jsonb | The scaling configuration for an Aurora DB cluster in serverless DB engine mode. | |
serverless_v2_scaling_configuration | jsonb | The scaling configuration for an Aurora Serverless v2 DB cluster. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
status | text | Specifies the status of this DB Cluster. | |
storage_encrypted | boolean | Specifies whether the DB cluster is encrypted, or not. | |
storage_throughput | bigint | The storage throughput for the DB cluster. | |
storage_type | text | The storage type associated with the DB cluster. | |
tags | jsonb | A map of tags for the resource. | |
tags_src | jsonb | A list of tags attached to the DB Cluster. | |
title | text | Title of the resource. | |
vpc_security_groups | jsonb | A list of VPC security groups that the DB cluster belongs to. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_rds_db_cluster