steampipe plugin install aws

Table: aws_ssm_managed_instance - Query AWS SSM Managed Instances using SQL

The AWS Systems Manager Managed Instance is a compute resource in your environment that is configured for use with AWS Systems Manager. These can be Amazon EC2 instances or servers and virtual machines (VMs) in your on-premises environment. They provide secure and scalable configuration and automation management, enabling you to automate administrative tasks, apply compliance policies, and manage resources across your environment.

Table Usage Guide

The aws_ssm_managed_instance table in Steampipe provides you with information about managed instances within AWS Systems Manager (SSM). This table allows you, as a DevOps engineer, to query managed instance-specific details, including instance ID, name, platform type, platform version, and associated metadata. You can utilize this table to gather insights on instances, such as their operational status, last ping time, agent version, and more. The schema outlines the various attributes of the managed instance for you, including the instance ARN, registration date, resource type, and associated tags.

Examples

Basic info

Gain insights into the status and characteristics of managed instances in AWS Simple Systems Manager (SSM). This can help in monitoring and managing resources effectively, identifying any issues with association status or outdated agent versions, and understanding the distribution of resources across different platform types.

select
instance_id,
arn,
resource_type,
association_status,
agent_version,
platform_type
from
aws_ssm_managed_instance;
select
instance_id,
arn,
resource_type,
association_status,
agent_version,
platform_type
from
aws_ssm_managed_instance;

List managed instances with no associations

Determine the areas in which managed instances lack associations. This could be useful in identifying potential gaps in your resource management, allowing for more efficient allocation and utilization of resources.

select
instance_id,
arn,
resource_type,
association_status
from
aws_ssm_managed_instance
where
association_status is null;
select
instance_id,
arn,
resource_type,
association_status
from
aws_ssm_managed_instance
where
association_status is null;

List EC2 instances not managed by SSM

Determine the areas in which EC2 instances are not managed by the Systems Manager (SSM) to identify potential gaps in your management strategy. This query is useful for ensuring all instances are appropriately managed and can highlight areas needing attention.

select
i.instance_id,
i.arn,
m.instance_id is not null as ssm_managed
from
aws_ec2_instance i
left join aws_ssm_managed_instance m on m.instance_id = i.instance_id
where
m.instance_id is null;
select
i.instance_id,
i.arn,
case
when m.instance_id is not null then 1
else 0
end as ssm_managed
from
aws_ec2_instance i
left join aws_ssm_managed_instance m on m.instance_id = i.instance_id
where
m.instance_id is null;

Schema for aws_ssm_managed_instance

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
activation_idtext=The activation ID created by Systems Manager when the server or VM was registered.
agent_versiontext=The version of SSM Agent running on your Linux instance.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntextThe Amazon Resource Name (ARN) specifying the instance.
association_overviewjsonbInformation about the association.
association_statustext=The status of the association.
computer_nametextThe fully qualified host name of the managed instance.
iam_roletextThe Identity and Access Management (IAM) role assigned to the on-premises Systems Manager managed node.
instance_idtext=The ID of the instance.
ip_addressinetThe IP address of the managed instance.
is_latest_versionbooleanIndicates whether the latest version of SSM Agent is running on your Linux Managed Instance.
last_association_execution_datetimestamp with time zoneThe date the association was last run.
last_ping_date_timetimestamp with time zoneThe date and time when the agent last pinged the Systems Manager service.
last_successful_association_execution_datetimestamp with time zoneThe last date the association was successfully run.
nametextThe name assigned to an on-premises server or virtual machine (VM) when it is activated as a Systems Manager managed instance.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
ping_statustext=Connection status of SSM Agent.
platform_nametextThe name of the operating system platform running on your instance.
platform_typetext=The operating system platform type.
platform_versiontextThe version of the OS platform running on your instance.
regiontextThe AWS Region in which the resource is located.
registration_datetimestamp with time zoneThe date the server or VM was registered with AWS as a managed instance.
resource_typetext=The type of instance. Instances are either EC2 instances or managed instances.
source_idtextThe ID of the source resource. For IoT Greengrass devices, SourceId is the Thing name.
source_typetextThe type of the source resource.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_ssm_managed_instance