steampipe plugin install aws

Table: aws_rds_db_cluster - Query AWS RDS DB Clusters using SQL

The AWS RDS DB Cluster is a component of Amazon Relational Database Service (RDS). It is a virtual database where multiple DB instances are associated under a single endpoint. This allows for efficient scaling and management of databases, providing high availability and failover support for DB instances.

Table Usage Guide

The aws_rds_db_cluster table in Steampipe provides you with information about DB clusters within Amazon Relational Database Service (RDS). This table allows you, as a DevOps engineer, to query DB cluster-specific details, including configuration, status, and security settings. You can utilize this table to gather insights on DB clusters, such as their availability, backup settings, encryption status, and more. The schema outlines the various attributes of the DB cluster for you, including the DB cluster identifier, creation time, DB cluster members, and associated tags.


List of DB clusters which are not encrypted

Discover the segments of your database clusters that lack encryption. This is crucial for identifying potential security vulnerabilities within your AWS RDS database clusters.

kms_key_id is null;
kms_key_id is null;

List of DB clusters where backup retention period is greater than 7 days

Explore which database clusters have a backup retention period set for more than a week. This can be useful for identifying databases that have longer data retention policies, potentially indicating important or sensitive data.

backup_retention_period > 7;
backup_retention_period > 7;

Avalability zone count for each db instance

Determine the areas in which each database cluster is available by counting the availability zones. This can be useful for understanding the spread and redundancy of your databases across different geographical zones.

jsonb_array_length(availability_zones) availability_zones_count
json_array_length(json(availability_zones)) as availability_zones_count

DB cluster Members info

Explore the configuration of your database clusters to understand the status of each member, their roles, and their promotion tiers. This can help optimize the performance and reliability of your cloud databases.

member ->> 'DBClusterParameterGroupStatus' as db_cluster_parameter_group_status,
member ->> 'DBInstanceIdentifier' as db_instance_identifier,
member ->> 'IsClusterWriter' as is_cluster_writer,
member ->> 'PromotionTier' as promotion_tier
cross join jsonb_array_elements(members) as member;
json_extract(member.value, '$.DBClusterParameterGroupStatus') as db_cluster_parameter_group_status,
json_extract(member.value, '$.DBInstanceIdentifier') as db_instance_identifier,
json_extract(member.value, '$.IsClusterWriter') as is_cluster_writer,
json_extract(member.value, '$.PromotionTier') as promotion_tier
json_each(members) as member;

List DB cluster pending maintenance actions

Discover the segments that require pending maintenance actions in your database clusters. This is useful in planning and prioritizing maintenance schedules, by understanding which actions are due and their respective timelines.

actions ->> 'ResourceIdentifier' as db_cluster_identifier,
details ->> 'Action' as action,
details ->> 'OptInStatus' as opt_in_status,
details ->> 'ForcedApplyDate' as forced_apply_date,
details ->> 'CurrentApplyDate' as current_apply_date,
details ->> 'AutoAppliedAfterDate' as auto_applied_after_date
jsonb_array_elements(pending_maintenance_actions) as actions,
jsonb_array_elements(actions -> 'PendingMaintenanceActionDetails') as details;
json_extract(actions.value, '$.ResourceIdentifier') as db_cluster_identifier,
json_extract(details.value, '$.Action') as action,
json_extract(details.value, '$.OptInStatus') as opt_in_status,
json_extract(details.value, '$.ForcedApplyDate') as forced_apply_date,
json_extract(details.value, '$.CurrentApplyDate') as current_apply_date,
json_extract(details.value, '$.AutoAppliedAfterDate') as auto_applied_after_date
json_each(pending_maintenance_actions) as actions,
) as details;

Control examples

Schema for aws_rds_db_cluster

_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
activity_stream_kinesis_stream_nametextThe name of the Amazon Kinesis data stream used for the database activity stream.
activity_stream_kms_key_idtextThe AWS KMS key identifier used for encrypting messages in the database activity stream.
activity_stream_modetextThe mode of the database activity stream.
activity_stream_statustextThe status of the database activity stream.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
allocated_storagebigintSpecifies the allocated storage size in gibibytes (GiB).
arntextThe Amazon Resource Name (ARN) for the DB Cluster.
associated_rolesjsonbA list of AWS IAM roles that are associated with the DB cluster.
auto_minor_version_upgradebooleanA value that indicates that minor version patches are applied automatically. This setting is only for non-Aurora Multi-AZ DB clusters.
availability_zonesjsonbA list of Availability Zones (AZs) where instances in the DB cluster can be created.
backtrack_consumed_change_recordsbigintThe number of change records stored for Backtrack.
backtrack_windowbigintThe target backtrack window, in seconds.
backup_retention_periodbigintSpecifies the number of days for which automatic DB snapshots are retained.
capacitybigintThe current capacity of an Aurora Serverless DB cluster.
character_set_nametextSpecifies the name of the character set that this cluster is associated with.
clone_group_idtext=Identifies the clone group to which the DB cluster is associated.
copy_tags_to_snapshotbooleanSpecifies whether tags are copied from the DB cluster to snapshots of the DB cluster, or not.
create_timetimestamp with time zoneSpecifies the time when the DB cluster was created.
cross_account_clonebooleanSpecifies whether the DB cluster is a clone of a DB cluster owned by a different AWS account, or not.
custom_endpointsjsonbA list of all custom endpoints associated with the cluster.
database_nametextContains the name of the initial database of this DB cluster that was provided at create time.
db_cluster_identifiertext=The friendly name to identify the DB Cluster.
db_cluster_parameter_grouptextSpecifies the name of the DB cluster parameter group for the DB cluster.
db_subnet_grouptextSpecifies information on the subnet group associated with the DB cluster.
deletion_protectionbooleanSpecifies whether the DB cluster has deletion protection enabled, or not.
domain_membershipsjsonbA list of Active Directory Domain membership records associated with the DB cluster.
earliest_backtrack_timetimestamp with time zoneThe earliest time to which a DB cluster can be backtracked.
earliest_restorable_timetimestamp with time zoneThe earliest time to which a database can be restored with point-in-time restore.
enabled_cloudwatch_logs_exportsjsonbA list of log types that this DB cluster is configured to export to CloudWatch Logs.
endpointtextSpecifies the connection endpoint for the primary instance of the DB cluster.
enginetext=The name of the database engine to be used for this DB cluster.
engine_modetextThe DB engine mode of the DB cluster.
engine_versiontextIndicates the database engine version.
global_write_forwarding_requestedbooleanSpecifies whether you have requested to enable write forwarding for a secondary cluster in an Aurora global database, or not.
global_write_forwarding_statustextSpecifies whether a secondary cluster in an Aurora global database has write forwarding enabled, or not.
hosted_zone_idtextSpecifies the ID that Amazon Route 53 assigns when you create a hosted zone.
http_endpoint_enabledbooleanSpecifies whether the HTTP endpoint for an Aurora Serverless DB cluster is enabled, or not.
iam_database_authentication_enabledbooleanSpecifies whether the the mapping of AWS IAM accounts to database accounts is enabled, or not.
kms_key_idtextThe AWS KMS key identifier for the encrypted DB cluster.
latest_restorable_timetimestamp with time zoneSpecifies the latest time to which a database can be restored with point-in-time restore.
master_user_nametextContains the master username for the DB cluster.
membersjsonbA list of instances that make up the DB cluster.
multi_azbooleanSpecifies whether the DB cluster has instances in multiple Availability Zones, or not.
option_group_membershipsjsonbA list of option group memberships for this DB cluster.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
pending_maintenance_actionsjsonbA list that provides details about the pending maintenance actions for the resource.
percent_progresstextSpecifies the progress of the operation as a percentage.
portbigintSpecifies the port that the database engine is listening on.
preferred_backup_windowtextSpecifies the daily time range during which automated backups are created.
preferred_maintenance_windowtextSpecifies the weekly time range during which system maintenance can occur
read_replica_identifiersjsonbA list of identifiers of the read replicas associated with this DB cluster.
reader_endpointtextThe reader endpoint for the DB cluster.
regiontextThe AWS Region in which the resource is located.
resource_idtextThe AWS Region-unique, immutable identifier for the DB cluster.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statustextSpecifies the status of this DB Cluster.
storage_encryptedbooleanSpecifies whether the DB cluster is encrypted, or not.
tagsjsonbA map of tags for the resource.
tags_srcjsonbA list of tags attached to the DB Cluster.
titletextTitle of the resource.
vpc_security_groupsjsonbA list of VPC security groups that the DB cluster belongs to.


This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the script:

/bin/sh -c "$(curl -fsSL" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_rds_db_cluster