v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Steampipe logo 
Hub
Plugins
turbot/aws
Overview
496Tables
Versions
PowerpipeMods
GitHub
steampipe plugin install aws

Table: aws_rds_db_snapshot - Query Amazon RDS DB Snapshots using SQL

The AWS RDS DB Snapshot is a feature of Amazon RDS that enables you to create backups of your database instances. These snapshots are point-in-time copies of your databases that can be used for disaster recovery, database migration, and improving backup compliance. The DB Snapshot captures the entire DB instance and not just individual databases, ensuring a consistent snapshot of all your databases at a specific time.

Table Usage Guide

The aws_rds_db_snapshot table in Steampipe provides you with information about manual and automatic snapshots of an Amazon RDS DB instance. This table allows you as a DevOps engineer to query snapshot-specific details, such as snapshot type, creation time, allocated storage, and associated metadata. You can utilize this table to gather insights into snapshot details, including whether a snapshot is shared, public, or encrypted, its engine version, and more. The schema outlines the various attributes of the DB snapshot for you, including the snapshot ARN, DB instance identifier, snapshot status, and associated tags.

Examples

DB snapshot basic info

Explore which database snapshots in your AWS RDS service are not encrypted. This can help you identify potential security risks and ensure compliance with encryption policies.

select
  db_snapshot_identifier,
  encrypted
from
  aws_rds_db_snapshot
where
  not encrypted;
select
  db_snapshot_identifier,
  encrypted
from
  aws_rds_db_snapshot
where
  encrypted = 0;

List of all manual DB snapshots

Discover the segments that consist of all manually created database snapshots, which can help in tracking and managing your backups effectively. This is particularly useful in scenarios where you want to ensure that all your important data is being manually backed up as per your organization's policies.

select
  db_snapshot_identifier,
  type
from
  aws_rds_db_snapshot
where
  type = 'manual';
select
  db_snapshot_identifier,
  type
from
  aws_rds_db_snapshot
where
  type = 'manual';

List of snapshots which are not encrypted

Determine the areas in which your AWS RDS database snapshots are lacking encryption. This is useful for identifying potential security vulnerabilities and ensuring compliance with data protection policies.

select
  db_snapshot_identifier,
  encrypted
from
  aws_rds_db_snapshot
where
  not encrypted;
select
  db_snapshot_identifier,
  encrypted
from
  aws_rds_db_snapshot
where
  encrypted = 0;

DB instance info of each db snapshot

Determine the areas in which specific database snapshots are associated with their respective database instances. This query can be beneficial for understanding the storage and engine details of each snapshot, helping in efficient resource management and optimization.

select
  db_snapshot_identifier,
  db_instance_identifier,
  engine,
  engine_version,
  allocated_storage,
  storage_type
from
  aws_rds_db_snapshot;
select
  db_snapshot_identifier,
  db_instance_identifier,
  engine,
  engine_version,
  allocated_storage,
  storage_type
from
  aws_rds_db_snapshot;

Query examples

Control examples

Schema for aws_rds_db_snapshot

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
allocated_storagebigintSpecifies the allocated storage size in gibibytes(GiB).
arntextThe Amazon Resource Name (ARN) for the DB snapshot.
availability_zonetextSpecifies the name of the Availability Zone the DB instance was located in, at the time of the DB snapshot.
create_timetimestamp with time zoneSpecifies when the snapshot was taken.
db_instance_identifiertext=Specifies the DB instance identifier of the DB instance this DB snapshot was created from.
db_snapshot_attributesjsonbA list of DB snapshot attribute names and values for a manual DB snapshot.
db_snapshot_identifiertext=The friendly name to identify the DB snapshot.
db_system_idtextThe Oracle system identifier (SID), which is the name of the Oracle database instance that manages your database files. The Oracle SID is also the name of your CDB.
dbi_resource_idtext=The identifier for the source DB instance, which can't be changed and which is unique to an AWS Region.
dedicated_log_volumebooleanIndicates whether the DB instance has a dedicated log volume (DLV) enabled.
encryptedbooleanSpecifies whether the DB snapshot is encrypted, or not.
enginetext=Specifies the name of the database engine.
engine_versiontextSpecifies the version of the database engine.
iam_database_authentication_enabledbooleanSpecifies whether the mapping of AWS IAM accounts to database accounts is enabled, or not.
instance_create_timetimestamp with time zoneSpecifies the time when the DB instance, from which the snapshot was taken, was created.
iopsbigintSpecifies the Provisioned IOPS (I/O operations per second) value of the DB instance at the time of the snapshot.
kms_key_idtextSpecifies the AWS KMS key identifier for the encrypted DB snapshot.
license_modeltextSpecifies the License model information for the restored DB instance.
master_user_nametextProvides the master username for the DB snapshot.
multi_tenantbooleanIndicates whether the snapshot is of a DB instance using the multi-tenant configuration (TRUE) or the single-tenant configuration (FALSE).
option_group_nametextProvides the option group name for the DB snapshot.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
percent_progressbigintThe percentage of the estimated data that has been transferred.
portbigintSpecifies the port that the database engine was listening on at the time of the snapshot.
processor_featuresjsonbThe number of CPU cores and the number of threads per core for the DB instance class of the DB instance when the DB snapshot was created.
regiontextThe AWS Region in which the resource is located.
snapshot_database_timetimestamp with time zoneThe timestamp of the most recent transaction applied to the database that you're backing up.
snapshot_targettextSpecifies where manual snapshots are stored: Amazon Web Services Outposts or the Amazon Web Services Region.
source_db_snapshot_identifiertextThe DB snapshot ARN that the DB snapshot was copied from.
source_regiontextThe AWS Region that the DB snapshot was created in or copied from.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statustextSpecifies the status of this DB snapshot.
storage_typetextSpecifies the storage type associated with DB snapshot.
tagsjsonbA map of tags for the resource.
tags_srcjsonbA list of tags attached to the DB snapshot.
tde_credential_arntextThe ARN from the key store with which to associate the instance for TDE encryption.
timezonetextThe time zone of the DB snapshot.
titletextTitle of the resource.
typetext=Provides the type of the DB snapshot.
vpc_idtextProvides the VPC ID associated with the DB snapshot.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_rds_db_snapshot