aws_accessanalyzer_analyzeraws_accountaws_account_alternate_contactaws_account_contactaws_acm_certificateaws_amplify_appaws_api_gateway_api_authorizeraws_api_gateway_api_keyaws_api_gateway_authorizeraws_api_gateway_domain_nameaws_api_gateway_rest_apiaws_api_gateway_stageaws_api_gateway_usage_planaws_api_gatewayv2_apiaws_api_gatewayv2_domain_nameaws_api_gatewayv2_integrationaws_api_gatewayv2_routeaws_api_gatewayv2_stageaws_appautoscaling_policyaws_appautoscaling_targetaws_appconfig_applicationaws_appstream_fleetaws_appstream_imageaws_athena_query_executionaws_athena_workgroupaws_auditmanager_assessmentaws_auditmanager_controlaws_auditmanager_evidenceaws_auditmanager_evidence_folderaws_auditmanager_frameworkaws_availability_zoneaws_backup_frameworkaws_backup_legal_holdaws_backup_planaws_backup_protected_resourceaws_backup_recovery_pointaws_backup_report_planaws_backup_selectionaws_backup_vaultaws_cloudcontrol_resourceaws_cloudformation_stackaws_cloudformation_stack_resourceaws_cloudformation_stack_setaws_cloudfront_cache_policyaws_cloudfront_distributionaws_cloudfront_functionaws_cloudfront_origin_access_identityaws_cloudfront_origin_request_policyaws_cloudfront_response_headers_policyaws_cloudsearch_domainaws_cloudtrail_channelaws_cloudtrail_event_data_storeaws_cloudtrail_importaws_cloudtrail_queryaws_cloudtrail_trailaws_cloudtrail_trail_eventaws_cloudwatch_alarmaws_cloudwatch_log_eventaws_cloudwatch_log_groupaws_cloudwatch_log_metric_filteraws_cloudwatch_log_resource_policyaws_cloudwatch_log_streamaws_cloudwatch_log_subscription_filteraws_cloudwatch_metricaws_cloudwatch_metric_data_pointaws_cloudwatch_metric_statistic_data_pointaws_codeartifact_domainaws_codeartifact_repositoryaws_codebuild_buildaws_codebuild_projectaws_codebuild_source_credentialaws_codecommit_repositoryaws_codedeploy_appaws_codedeploy_deployment_configaws_codedeploy_deployment_groupaws_codepipeline_pipelineaws_cognito_identity_poolaws_cognito_identity_provideraws_cognito_user_poolaws_config_aggregate_authorizationaws_config_configuration_recorderaws_config_conformance_packaws_config_retention_configurationaws_config_ruleaws_cost_by_account_dailyaws_cost_by_account_monthlyaws_cost_by_record_type_dailyaws_cost_by_record_type_monthlyaws_cost_by_service_dailyaws_cost_by_service_monthlyaws_cost_by_service_usage_type_dailyaws_cost_by_service_usage_type_monthlyaws_cost_by_tagaws_cost_forecast_dailyaws_cost_forecast_monthlyaws_cost_usageaws_dax_clusteraws_dax_parameteraws_dax_parameter_groupaws_dax_subnet_groupaws_directory_service_certificateaws_directory_service_directoryaws_directory_service_log_subscriptionaws_directory_servicelog_subscriptionaws_dlm_lifecycle_policyaws_dms_replication_instanceaws_docdb_clusteraws_docdb_cluster_instanceaws_drs_jobaws_drs_recovery_instanceaws_drs_recovery_snapshotaws_drs_source_serveraws_dynamodb_backupaws_dynamodb_global_tableaws_dynamodb_metric_account_provisioned_read_capacity_utilaws_dynamodb_metric_account_provisioned_write_capacity_utilaws_dynamodb_tableaws_dynamodb_table_exportaws_ebs_snapshotaws_ebs_volumeaws_ebs_volume_metric_read_opsaws_ebs_volume_metric_read_ops_dailyaws_ebs_volume_metric_read_ops_hourlyaws_ebs_volume_metric_write_opsaws_ebs_volume_metric_write_ops_dailyaws_ebs_volume_metric_write_ops_hourlyaws_ec2_amiaws_ec2_ami_sharedaws_ec2_application_load_balanceraws_ec2_application_load_balancer_metric_request_countaws_ec2_application_load_balancer_metric_request_count_dailyaws_ec2_autoscaling_groupaws_ec2_capacity_reservationaws_ec2_classic_load_balanceraws_ec2_client_vpn_endpointaws_ec2_gateway_load_balanceraws_ec2_instanceaws_ec2_instance_availabilityaws_ec2_instance_metric_cpu_utilizationaws_ec2_instance_metric_cpu_utilization_dailyaws_ec2_instance_metric_cpu_utilization_hourlyaws_ec2_instance_typeaws_ec2_key_pairaws_ec2_launch_configurationaws_ec2_launch_templateaws_ec2_launch_template_versionaws_ec2_load_balancer_listeneraws_ec2_managed_prefix_listaws_ec2_managed_prefix_list_entryaws_ec2_network_interfaceaws_ec2_network_load_balanceraws_ec2_network_load_balancer_metric_net_flow_countaws_ec2_network_load_balancer_metric_net_flow_count_dailyaws_ec2_regional_settingsaws_ec2_reserved_instanceaws_ec2_spot_priceaws_ec2_ssl_policyaws_ec2_target_groupaws_ec2_transit_gatewayaws_ec2_transit_gateway_routeaws_ec2_transit_gateway_route_tableaws_ec2_transit_gateway_vpc_attachmentaws_ecr_imageaws_ecr_image_scan_findingaws_ecr_repositoryaws_ecrpublic_repositoryaws_ecs_clusteraws_ecs_cluster_metric_cpu_utilizationaws_ecs_cluster_metric_cpu_utilization_dailyaws_ecs_cluster_metric_cpu_utilization_hourlyaws_ecs_container_instanceaws_ecs_serviceaws_ecs_taskaws_ecs_task_definitionaws_efs_access_pointaws_efs_file_systemaws_efs_mount_targetaws_eks_addonaws_eks_addon_versionaws_eks_clusteraws_eks_fargate_profileaws_eks_identity_provider_configaws_eks_node_groupaws_elastic_beanstalk_applicationaws_elastic_beanstalk_environmentaws_elasticache_clusteraws_elasticache_parameter_groupaws_elasticache_redis_metric_cache_hits_hourlyaws_elasticache_redis_metric_curr_connections_hourlyaws_elasticache_redis_metric_engine_cpu_utilization_dailyaws_elasticache_redis_metric_engine_cpu_utilization_hourlyaws_elasticache_redis_metric_get_type_cmds_hourlyaws_elasticache_redis_metric_list_based_cmds_hourlyaws_elasticache_redis_metric_new_connections_hourlyaws_elasticache_replication_groupaws_elasticache_reserved_cache_nodeaws_elasticache_subnet_groupaws_elasticsearch_domainaws_emr_block_public_access_configurationaws_emr_clusteraws_emr_cluster_metric_is_idleaws_emr_instanceaws_emr_instance_fleetaws_emr_instance_groupaws_eventbridge_busaws_eventbridge_ruleaws_fsx_file_systemaws_glacier_vaultaws_globalaccelerator_acceleratoraws_globalaccelerator_endpoint_groupaws_globalaccelerator_listeneraws_glue_catalog_databaseaws_glue_catalog_tableaws_glue_connectionaws_glue_crawleraws_glue_data_catalog_encryption_settingsaws_glue_data_quality_rulesetaws_glue_dev_endpointaws_glue_jobaws_glue_security_configurationaws_guardduty_detectoraws_guardduty_filteraws_guardduty_findingaws_guardduty_ipsetaws_guardduty_memberaws_guardduty_publishing_destinationaws_guardduty_threat_intel_setaws_health_affected_entityaws_health_eventaws_iam_access_advisoraws_iam_access_keyaws_iam_account_password_policyaws_iam_account_summaryaws_iam_actionaws_iam_credential_reportaws_iam_groupaws_iam_open_id_connect_provideraws_iam_policyaws_iam_policy_attachmentaws_iam_policy_simulatoraws_iam_roleaws_iam_saml_provideraws_iam_server_certificateaws_iam_service_specific_credentialaws_iam_useraws_iam_virtual_mfa_deviceaws_identitystore_groupaws_identitystore_group_membershipaws_identitystore_useraws_inspector2_coverageaws_inspector2_coverage_statisticsaws_inspector2_findingaws_inspector2_memberaws_inspector_assessment_runaws_inspector_assessment_targetaws_inspector_assessment_templateaws_inspector_exclusionaws_inspector_findingaws_kinesis_consumeraws_kinesis_firehose_delivery_streamaws_kinesis_streamaws_kinesis_video_streamaws_kinesisanalyticsv2_applicationaws_kms_aliasaws_kms_keyaws_lambda_aliasaws_lambda_functionaws_lambda_function_metric_duration_dailyaws_lambda_function_metric_errors_dailyaws_lambda_function_metric_invocations_dailyaws_lambda_layeraws_lambda_layer_versionaws_lambda_versionaws_lightsail_instanceaws_macie2_classification_jobaws_media_store_containeraws_mgn_applicationaws_msk_clusteraws_msk_serverless_clusteraws_neptune_db_clusteraws_neptune_db_cluster_snapshotaws_networkfirewall_firewallaws_networkfirewall_firewall_policyaws_networkfirewall_rule_groupaws_oam_linkaws_oam_sinkaws_opensearch_domainaws_organizations_accountaws_organizations_policyaws_organizations_policy_targetaws_pinpoint_appaws_pipes_pipeaws_pricing_productaws_pricing_service_attributeaws_ram_principal_associationaws_ram_resource_associationaws_rds_db_clusteraws_rds_db_cluster_parameter_groupaws_rds_db_cluster_snapshotaws_rds_db_event_subscriptionaws_rds_db_instanceaws_rds_db_instance_automated_backupaws_rds_db_instance_metric_connectionsaws_rds_db_instance_metric_connections_dailyaws_rds_db_instance_metric_connections_hourlyaws_rds_db_instance_metric_cpu_utilizationaws_rds_db_instance_metric_cpu_utilization_dailyaws_rds_db_instance_metric_cpu_utilization_hourlyaws_rds_db_instance_metric_read_iopsaws_rds_db_instance_metric_read_iops_dailyaws_rds_db_instance_metric_read_iops_hourlyaws_rds_db_instance_metric_write_iopsaws_rds_db_instance_metric_write_iops_dailyaws_rds_db_instance_metric_write_iops_hourlyaws_rds_db_option_groupaws_rds_db_parameter_groupaws_rds_db_proxyaws_rds_db_snapshotaws_rds_db_subnet_groupaws_rds_reserved_db_instanceaws_redshift_clusteraws_redshift_cluster_metric_cpu_utilization_dailyaws_redshift_event_subscriptionaws_redshift_parameter_groupaws_redshift_snapshotaws_redshift_subnet_groupaws_redshiftserverless_namespaceaws_redshiftserverless_workgroupaws_regionaws_resource_explorer_indexaws_resource_explorer_searchaws_resource_explorer_supported_resource_typeaws_route53_domainaws_route53_health_checkaws_route53_query_logaws_route53_recordaws_route53_resolver_endpointaws_route53_resolver_query_log_configaws_route53_resolver_ruleaws_route53_traffic_policyaws_route53_traffic_policy_instanceaws_route53_zoneaws_s3_access_pointaws_s3_account_settingsaws_s3_bucketaws_s3_bucket_intelligent_tiering_configurationaws_s3_multi_region_access_pointaws_s3_objectaws_sagemaker_appaws_sagemaker_domainaws_sagemaker_endpoint_configurationaws_sagemaker_modelaws_sagemaker_notebook_instanceaws_sagemaker_training_jobaws_secretsmanager_secretaws_securityhub_action_targetaws_securityhub_findingaws_securityhub_finding_aggregatoraws_securityhub_hubaws_securityhub_insightaws_securityhub_memberaws_securityhub_productaws_securityhub_standards_controlaws_securityhub_standards_subscriptionaws_securitylake_data_lakeaws_securitylake_subscriberaws_serverlessapplicationrepository_applicationaws_service_discovery_instanceaws_service_discovery_namespaceaws_service_discovery_serviceaws_servicecatalog_portfolioaws_servicecatalog_productaws_servicequotas_default_service_quotaaws_servicequotas_service_quotaaws_servicequotas_service_quota_change_requestaws_ses_domain_identityaws_ses_email_identityaws_sfn_state_machineaws_sfn_state_machine_executionaws_sfn_state_machine_execution_historyaws_simspaceweaver_simulationaws_sns_topicaws_sns_topic_subscriptionaws_sqs_queueaws_ssm_associationaws_ssm_documentaws_ssm_document_permissionaws_ssm_inventoryaws_ssm_inventory_entryaws_ssm_maintenance_windowaws_ssm_managed_instanceaws_ssm_managed_instance_complianceaws_ssm_managed_instance_patch_stateaws_ssm_parameteraws_ssm_patch_baselineaws_ssoadmin_account_assignmentaws_ssoadmin_instanceaws_ssoadmin_managed_policy_attachmentaws_ssoadmin_permission_setaws_sts_caller_identityaws_tagging_resourceaws_vpcaws_vpc_customer_gatewayaws_vpc_dhcp_optionsaws_vpc_egress_only_internet_gatewayaws_vpc_eipaws_vpc_eip_address_transferaws_vpc_endpointaws_vpc_endpoint_serviceaws_vpc_flow_logaws_vpc_flow_log_eventaws_vpc_internet_gatewayaws_vpc_nat_gatewayaws_vpc_nat_gateway_metric_bytes_out_to_destinationaws_vpc_network_aclaws_vpc_peering_connectionaws_vpc_routeaws_vpc_route_tableaws_vpc_security_groupaws_vpc_security_group_ruleaws_vpc_subnetaws_vpc_verified_access_endpointaws_vpc_verified_access_groupaws_vpc_verified_access_instanceaws_vpc_verified_access_trust_provideraws_vpc_vpn_connectionaws_vpc_vpn_gatewayaws_waf_rate_based_ruleaws_waf_ruleaws_waf_rule_groupaws_waf_web_aclaws_wafregional_ruleaws_wafregional_rule_groupaws_wafregional_web_aclaws_wafv2_ip_setaws_wafv2_regex_pattern_setaws_wafv2_rule_groupaws_wafv2_web_aclaws_wellarchitected_answeraws_wellarchitected_check_detailaws_wellarchitected_check_summaryaws_wellarchitected_consolidated_reportaws_wellarchitected_lensaws_wellarchitected_lens_reviewaws_wellarchitected_lens_review_improvementaws_wellarchitected_lens_review_reportaws_wellarchitected_lens_shareaws_wellarchitected_milestoneaws_wellarchitected_notificationaws_wellarchitected_share_invitationaws_wellarchitected_workloadaws_wellarchitected_workload_shareaws_workspaces_directoryaws_workspaces_workspace
Table: aws_rds_db_cluster
An Amazon Aurora DB cluster consists of one or more DB instances and a cluster volume that manages the data for those DB instances.
Note: This table only returns RDS DB clusters, e.g., Aurora, MySQL, Postgres, not DocumentDB or Neptune DB clusters.
Examples
List of DB clusters which are not encrypted
select db_cluster_identifier, allocated_storage, kms_key_idfrom aws_rds_db_clusterwhere kms_key_id is null;
List of DB clusters where backup retention period is greater than 7 days
select db_cluster_identifier, backup_retention_periodfrom aws_rds_db_clusterwhere backup_retention_period > 7;
Avalability zone count for each db instance
select db_cluster_identifier, jsonb_array_length(availability_zones) availability_zones_countfrom aws_rds_db_cluster;
DB cluster Members info
select db_cluster_identifier, member ->> 'DBClusterParameterGroupStatus' as db_cluster_parameter_group_status, member ->> 'DBInstanceIdentifier' as db_instance_identifier, member ->> 'IsClusterWriter' as is_cluster_writer, member ->> 'PromotionTier' as promotion_tierfrom aws_rds_db_cluster cross join jsonb_array_elements(members) as member;
List DB cluster pending maintenance actions
select actions ->> 'ResourceIdentifier' as db_cluster_identifier, details ->> 'Action' as action, details ->> 'OptInStatus' as opt_in_status, details ->> 'ForcedApplyDate' as forced_apply_date, details ->> 'CurrentApplyDate' as current_apply_date, details ->> 'AutoAppliedAfterDate' as auto_applied_after_datefrom aws_rds_db_cluster, jsonb_array_elements(pending_maintenance_actions) as actions, jsonb_array_elements(actions -> 'PendingMaintenanceActionDetails') as details;
Query examples
- iam_roles_for_rds_db_cluster
- kms_keys_for_rds_db_cluster
- rds_clusters_for_rds_db_cluster_snapshot
- rds_db_cluster_1_year_count
- rds_db_cluster_24_hours_count
- rds_db_cluster_30_90_days_count
- rds_db_cluster_30_days_count
- rds_db_cluster_by_account
- rds_db_cluster_by_creation_month
- rds_db_cluster_by_engine_type
- rds_db_cluster_by_region
- rds_db_cluster_count
- rds_db_cluster_encryption_table
- rds_db_cluster_input
- rds_db_cluster_logging_disabled
- rds_db_cluster_logging_disabled_count
- rds_db_cluster_logging_table
- rds_db_cluster_no_deletion_protection
- rds_db_cluster_no_deletion_protection_count
- rds_db_cluster_overview
- rds_db_cluster_snapshots_for_rds_db_cluster
- rds_db_cluster_tags
- rds_db_cluster_unencrypted
- rds_db_cluster_unencrypted_count
- rds_db_clustere_90_365_days_count
- rds_db_clusters_for_kms_key
- rds_db_clusters_for_rds_db_instance
- rds_db_clusters_for_vpc_security_group
- rds_db_instances_for_rds_db_cluster
- rds_db_subnet_groups_for_rds_db_cluster
- sns_topics_for_rds_db_cluster
- vpc_security_group_assoc
- vpc_security_group_egress_rule_sankey
- vpc_security_group_ingress_rule_sankey
- vpc_security_groups_for_rds_db_cluster
- vpc_subnets_for_rds_db_cluster
- vpc_vpcs_for_rds_db_cluster
Control examples
- rds_db_cluster_expected_tag_values
- rds_db_cluster_mandatory
- rds_db_cluster_prohibited
- rds_db_cluster_tag_limit
- rds_db_cluster_untagged
- rds_db_cluster_aurora_backtracking_enabled
- rds_db_cluster_aurora_protected_by_backup_plan
- rds_db_cluster_copy_tags_to_snapshot_enabled
- rds_db_cluster_deletion_protection_enabled
- rds_db_cluster_encryption_at_rest_enabled
- rds_db_cluster_iam_authentication_enabled
- rds_db_cluster_multiple_az_enabled
- rds_db_cluster_no_default_admin_name
- rds_db_instance_and_cluster_enhanced_monitoring_enabled
- rds_db_instance_and_cluster_no_default_port
- rds_db_cluster_age_table
- rds_db_cluster_by_encryption_status
- rds_db_cluster_by_state
- rds_db_cluster_deletion_protection_status
- rds_db_cluster_logging_status
- rds_db_cluster_multiple_az_status
- rds_db_cluster_status
.inspect aws_rds_db_cluster
AWS RDS DB Cluster
Name | Type | Description |
---|---|---|
_ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. |
account_id | text | The AWS Account ID in which the resource is located. |
activity_stream_kinesis_stream_name | text | The name of the Amazon Kinesis data stream used for the database activity stream. |
activity_stream_kms_key_id | text | The AWS KMS key identifier used for encrypting messages in the database activity stream. |
activity_stream_mode | text | The mode of the database activity stream. |
activity_stream_status | text | The status of the database activity stream. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. |
allocated_storage | bigint | Specifies the allocated storage size in gibibytes (GiB). |
arn | text | The Amazon Resource Name (ARN) for the DB Cluster. |
associated_roles | jsonb | A list of AWS IAM roles that are associated with the DB cluster. |
availability_zones | jsonb | A list of Availability Zones (AZs) where instances in the DB cluster can be created. |
backtrack_consumed_change_records | bigint | The number of change records stored for Backtrack. |
backtrack_window | bigint | The target backtrack window, in seconds. |
backup_retention_period | bigint | Specifies the number of days for which automatic DB snapshots are retained. |
capacity | bigint | The current capacity of an Aurora Serverless DB cluster. |
character_set_name | text | Specifies the name of the character set that this cluster is associated with. |
clone_group_id | text | Identifies the clone group to which the DB cluster is associated. |
copy_tags_to_snapshot | boolean | Specifies whether tags are copied from the DB cluster to snapshots of the DB cluster, or not. |
create_time | timestamp with time zone | Specifies the time when the DB cluster was created. |
cross_account_clone | boolean | Specifies whether the DB cluster is a clone of a DB cluster owned by a different AWS account, or not. |
custom_endpoints | jsonb | A list of all custom endpoints associated with the cluster. |
database_name | text | Contains the name of the initial database of this DB cluster that was provided at create time. |
db_cluster_identifier | text | The friendly name to identify the DB Cluster. |
db_cluster_parameter_group | text | Specifies the name of the DB cluster parameter group for the DB cluster. |
db_subnet_group | text | Specifies information on the subnet group associated with the DB cluster. |
deletion_protection | boolean | Specifies whether the DB cluster has deletion protection enabled, or not. |
domain_memberships | jsonb | A list of Active Directory Domain membership records associated with the DB cluster. |
earliest_backtrack_time | timestamp with time zone | The earliest time to which a DB cluster can be backtracked. |
earliest_restorable_time | timestamp with time zone | The earliest time to which a database can be restored with point-in-time restore. |
enabled_cloudwatch_logs_exports | jsonb | A list of log types that this DB cluster is configured to export to CloudWatch Logs. |
endpoint | text | Specifies the connection endpoint for the primary instance of the DB cluster. |
engine | text | The name of the database engine to be used for this DB cluster. |
engine_mode | text | The DB engine mode of the DB cluster. |
engine_version | text | Indicates the database engine version. |
global_write_forwarding_requested | boolean | Specifies whether you have requested to enable write forwarding for a secondary cluster in an Aurora global database, or not. |
global_write_forwarding_status | text | Specifies whether a secondary cluster in an Aurora global database has write forwarding enabled, or not. |
hosted_zone_id | text | Specifies the ID that Amazon Route 53 assigns when you create a hosted zone. |
http_endpoint_enabled | boolean | Specifies whether the HTTP endpoint for an Aurora Serverless DB cluster is enabled, or not. |
iam_database_authentication_enabled | boolean | Specifies whether the the mapping of AWS IAM accounts to database accounts is enabled, or not. |
kms_key_id | text | The AWS KMS key identifier for the encrypted DB cluster. |
latest_restorable_time | timestamp with time zone | Specifies the latest time to which a database can be restored with point-in-time restore. |
master_user_name | text | Contains the master username for the DB cluster. |
members | jsonb | A list of instances that make up the DB cluster. |
multi_az | boolean | Specifies whether the DB cluster has instances in multiple Availability Zones, or not. |
option_group_memberships | jsonb | A list of option group memberships for this DB cluster. |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). |
pending_maintenance_actions | jsonb | A list that provides details about the pending maintenance actions for the resource. |
percent_progress | text | Specifies the progress of the operation as a percentage. |
port | bigint | Specifies the port that the database engine is listening on. |
preferred_backup_window | text | Specifies the daily time range during which automated backups are created. |
preferred_maintenance_window | text | Specifies the weekly time range during which system maintenance can occur |
read_replica_identifiers | jsonb | A list of identifiers of the read replicas associated with this DB cluster. |
reader_endpoint | text | The reader endpoint for the DB cluster. |
region | text | The AWS Region in which the resource is located. |
resource_id | text | The AWS Region-unique, immutable identifier for the DB cluster. |
status | text | Specifies the status of this DB Cluster. |
storage_encrypted | boolean | Specifies whether the DB cluster is encrypted, or not. |
tags | jsonb | A map of tags for the resource. |
tags_src | jsonb | A list of tags attached to the DB Cluster. |
title | text | Title of the resource. |
vpc_security_groups | jsonb | A list of VPC security groups that the DB cluster belongs to. |