steampipe plugin install awssteampipe plugin install aws

Table: aws_redshift_cluster - Query AWS Redshift Clusters using SQL

The AWS Redshift Cluster is a fully managed, petabyte-scale data warehouse service in the cloud. It enables users to analyze all their data using their existing business intelligence tools by leveraging SQL and existing business intelligence tools. It provides a cost-effective solution for analyzing large-scale data sets as it uses columnar storage technology and parallel query execution.

Table Usage Guide

The aws_redshift_cluster table in Steampipe provides you with information about Redshift clusters within Amazon Web Services. This table allows you, as a DevOps engineer, to query cluster-specific details, such as cluster status, node type, number of nodes, and associated metadata. You can utilize this table to gather insights on clusters, including their availability, performance, and security settings. The schema outlines the various attributes of the Redshift cluster for you, including the cluster identifier, creation time, database name, and associated tags.

Examples

Basic info

Analyze the settings to understand the different types of nodes and their geographical distribution in your AWS Redshift clusters. This can help optimize resource allocation and improve data management across different regions.

select
  cluster_identifier,
  arn,
  node_type,
  region
from
  aws_redshift_cluster;

select
  cluster_identifier,
  arn,
  node_type,
  region
from
  aws_redshift_cluster;

List clusters that are publicly accessible

Determine the areas in which your clusters are publicly accessible, enabling you to identify potential security risks and take necessary precautions.

select
  cluster_identifier,
  node_type,
  number_of_nodes,
  publicly_accessible
from
  aws_redshift_cluster
where
  publicly_accessible;

select
  cluster_identifier,
  node_type,
  number_of_nodes,
  publicly_accessible
from
  aws_redshift_cluster
where
  publicly_accessible = 1;

List clusters that are not in a VPC

Discover the segments that are not part of any Virtual Private Cloud (VPC) in your AWS Redshift clusters. This can be useful in identifying potential security risks or compliance issues, as clusters not in a VPC may be more exposed to external threats.

select
  cluster_identifier,
  node_type,
  number_of_nodes,
  vpc_id
from
  aws_redshift_cluster
where
  vpc_id is null;

select
  cluster_identifier,
  node_type,
  number_of_nodes,
  vpc_id
from
  aws_redshift_cluster
where
  vpc_id is null;

List clusters whose storage is not encrypted

Identify the instances where your clusters' storage is not encrypted. This can help enhance your data security by pinpointing areas that need encryption.

select
  cluster_identifier,
  node_type,
  number_of_nodes,
  encrypted
from
  aws_redshift_cluster
where
  not encrypted;

select
  cluster_identifier,
  node_type,
  number_of_nodes,
  encrypted
from
  aws_redshift_cluster
where
  encrypted = 0;

Get logging status for each cluster

Determine the logging status for each cluster in your AWS Redshift environment to ensure proper logging practices are being followed for data security and compliance purposes.

select
  cluster_identifier,
  logging_status -> 'LoggingEnabled' as LoggingEnabled
from
  aws_redshift_cluster

select
  cluster_identifier,
  json_extract(logging_status, '$.LoggingEnabled') as LoggingEnabled
from
  aws_redshift_cluster

Query examples

Control examples

Schema for aws_redshift_cluster

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
account_id	text	=, !=, ~~, ~~, !~~, !~~	The AWS Account ID in which the resource is located.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
allow_version_upgrade	boolean		A boolean value that, if true, indicates that major version upgrades will be applied automatically to the cluster during the maintenance window.
aqua_configuration	jsonb		This field is retired. Amazon Redshift automatically determines whether to use AQUA (Advanced Query Accelerator).
arn	text		The Amazon Resource Name (ARN) specifying the cluster.
automated_snapshot_retention_period	bigint		The number of days that automatic cluster snapshots are retained.
availability_zone	text		The name of the Availability Zone in which the cluster is located.
availability_zone_relocation_status	text		Describes the status of the Availability Zone relocation operation.
cluster_availability_status	text		The availability status of the cluster for queries.
cluster_create_time	timestamp with time zone		The date and time that the cluster was created.
cluster_identifier	text	=	The unique identifier of the cluster.
cluster_namespace_arn	text		The namespace Amazon Resource Name (ARN) of the cluster.
cluster_nodes	jsonb		The nodes in the cluster.
cluster_parameter_groups	jsonb		The list of cluster parameter groups that are associated with this cluster. Each parameter group in the list is returned with its status.
cluster_public_key	text		The public key for the cluster.
cluster_revision_number	text		The specific revision number of the database in the cluster.
cluster_security_groups	jsonb		A list of cluster security group that are associated with the cluster. Each security group is represented by an element that contains ClusterSecurityGroup.Name and ClusterSecurityGroup.Status subelements. Cluster security groups are used when the cluster is not created in an Amazon Virtual Private Cloud (VPC). Clusters that are created in a VPC use VPC security groups, which are listed by the VpcSecurityGroups parameter.
cluster_snapshot_copy_status	jsonb		A value that returns the destination region and retention period that are configured for cross-region snapshot copy.
cluster_status	text		The current state of the cluster.
cluster_subnet_group_name	text		The name of the subnet group that is associated with the cluster. This parameter is valid only when the cluster is in a VPC.
cluster_version	text		The version ID of the Amazon Redshift engine that is running on the cluster.
custom_domain_certificate_arn	text		The certificate Amazon Resource Name (ARN) for the custom domain name.
custom_domain_certificate_expiry_date	timestamp with time zone		The expiration date for the certificate associated with the custom domain name.
custom_domain_name	text		The custom domain name associated with the cluster.
data_transfer_progress	jsonb		Describes the status of a cluster while it is in the process of resizing with an incremental resize.
db_name	text		The name of the initial database that was created when the cluster was created. This same name is returned for the life of the cluster. If an initial database was not specified, a database named devdev was created by default.
default_iam_role_arn	text		The Amazon Resource Name (ARN) for the IAM role set as default for the cluster.
deferred_maintenance_windows	jsonb		Describes a group of DeferredMaintenanceWindow objects.
elastic_ip_status	jsonb		The status of the elastic IP (EIP) address.
elastic_resize_number_of_node_options	text		The number of nodes that you can resize the cluster to with the elastic resize method.
encrypted	boolean		A boolean value that, if true, indicates that data in the cluster is encrypted at rest.
endpoint	jsonb		The connection endpoint.
enhanced_vpc_routing	boolean		An option that specifies whether to create the cluster with enhanced VPC routing enabled. To create a cluster that uses enhanced VPC routing, the cluster must be in a VPC. If this option is true, enhanced VPC routing is enabled.
expected_next_snapshot_schedule_time	timestamp with time zone		The date and time when the next snapshot is expected to be taken for clusters with a valid snapshot schedule and backups enabled.
expected_next_snapshot_schedule_time_status	text		The status of next expected snapshot for clusters having a valid snapshot schedule and backups enabled.
hsm_status	jsonb		A value that reports whether the Amazon Redshift cluster has finished applying any hardware security module (HSM) settings changes specified in a modify cluster command.
iam_roles	jsonb		A list of AWS Identity and Access Management (IAM) roles that can be used by the cluster to access other AWS services.
kms_key_id	text		The AWS Key Management Service (AWS KMS) key ID of the encryption key used to encrypt data in the cluster.
logging_status	jsonb		Describes the status of logging for a cluster.
maintenance_track_name	text		The name of the maintenance track for the cluster.
manual_snapshot_retention_period	bigint		The default number of days to retain a manual snapshot. If the value is -1, the snapshot is retained indefinitely. This setting doesn't change the retention period of existing snapshots. The value must be either -1 or an integer between 1 and 3,653.
master_password_secret_arn	text		The Amazon Resource Name (ARN) for the cluster's admin user credentials secret.
master_password_secret_kms_key_id	text		The ID of the Key Management Service (KMS) key used to encrypt and store the cluster's admin credentials secret.
master_username	text		The master user name for the cluster. This name is used to connect to the database that is specified in the DBName parameter.
modify_status	text		The status of a modify operation, if any, initiated for the cluster.
next_maintenance_window_start_time	timestamp with time zone		The date and time in UTC when system maintenance can begin.
node_type	text		The node type for the nodes in the cluster.
number_of_nodes	bigint		The number of compute nodes in the cluster.
partition	text		The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
pending_actions	jsonb		Cluster operations that are waiting to be started.
pending_modified_values	jsonb		A value that, if present, indicates that changes to the cluster are pending. Specific pending changes are identified by subelements.
preferred_maintenance_window	text		The weekly time range, in Universal Coordinated Time (UTC), during which system maintenance can occur.
publicly_accessible	boolean		A boolean value that, if true, indicates that the cluster can be accessed from a public network.
region	text		The AWS Region in which the resource is located.
reserved_node_exchange_status	jsonb		The status of the reserved-node exchange request. Statuses include in-progress and requested.
resize_info	jsonb		Describes a resize operation.
restore_status	jsonb		A value that describes the status of a cluster restore action. This parameter returns null if the cluster was not created by restoring a snapshot.
scheduled_actions	jsonb		A list of scheduled actions for specified cluster.
snapshot_schedule_identifier	text		A unique identifier for the cluster snapshot schedule.
snapshot_schedule_state	text		The current state of the cluster snapshot schedule.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
tags	jsonb		A map of tags for the resource.
tags_src	jsonb		The list of tags for the cluster.
title	text		Title of the resource.
total_storage_capacity_in_mega_bytes	bigint		The total storage capacity of the cluster in megabytes.
vpc_id	text		The identifier of the VPC the cluster is in, if the cluster is in a VPC.
vpc_security_groups	jsonb		A list of Amazon Virtual Private Cloud (Amazon VPC) security groups that are associated with the cluster. This parameter is returned only if the cluster is in a VPC.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_redshift_cluster