steampipe plugin install aws

Table: aws_vpc - Query AWS VPC using SQL

The AWS Virtual Private Cloud (VPC) allows you to launch AWS resources in a virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS. It provides advanced security features, such as security groups and network access control lists, to enable inbound and outbound filtering at the instance and subnet level.

Table Usage Guide

The aws_vpc table in Steampipe provides you with information about Virtual Private Clouds (VPCs) within Amazon Web Services (AWS). This table allows you, as a network administrator or DevOps engineer, to query VPC-specific details, including its ID, state, CIDR block, and whether it is the default VPC. You can utilize this table to gather insights on VPCs, such as their networking configuration, security settings, and associated resources. The schema outlines the various attributes of the VPC for you, including the VPC ID, state, CIDR block, default VPC status, and associated tags.

Examples

Find default VPCs

Explore which Virtual Private Clouds (VPCs) are set as default within your AWS account. This is beneficial to understand your network configuration and to identify any potential security issues related to default settings.

select
vpc_id,
is_default,
cidr_block,
state,
account_id,
region
from
aws_vpc
where
is_default;
select
vpc_id,
is_default,
cidr_block,
state,
account_id,
region
from
aws_vpc
where
is_default = 1;

Show CIDR details

Explore the details of your virtual private cloud (VPC) to gain insights into its network characteristics such as host addresses, broadcast addresses, and network masks. This can be useful in understanding the structure and scope of your VPC's network for better resource allocation and network planning.

select
vpc_id,
cidr_block,
host(cidr_block),
broadcast(cidr_block),
netmask(cidr_block),
network(cidr_block)
from
aws_vpc;
Error: SQLite does not support CIDR operations.

List VPCs with public CIDR blocks

Explore VPCs that are configured with public IP ranges instead of the recommended private ranges. This query can be used to identify potential security risks in your AWS environment.

select
vpc_id,
cidr_block,
state,
region
from
aws_vpc
where
not cidr_block << = '10.0.0.0/8'
and not cidr_block << = '192.168.0.0/16'
and not cidr_block << = '172.16.0.0/12';
Error: SQLite does not support CIDR operations

Schema for aws_vpc

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
account_idtextThe AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntextThe Amazon Resource Name (ARN) specifying the vpc.
cidr_blockcidr=The primary IPv4 CIDR block for the VPC.
cidr_block_association_setjsonbInformation about the IPv4 CIDR blocks associated with the VPC.
dhcp_options_idtext=Contains the ID of the set of DHCP options, associated with the VPC.
instance_tenancytextThe allowed tenancy of instances launched into the VPC.
ipv6_cidr_block_association_setjsonbInformation about the IPv6 CIDR blocks associated with the VPC.
is_defaultboolean=, !=Indicates whether the VPC is the default VPC.
owner_idtext=Contains ID of the AWS account that owns the VPC.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
statetext=Contains the current state of the VPC.
tagsjsonbA map of tags for the resource.
tags_srcjsonbA list of tags that are attached with the VPC.
titletextTitle of the resource.
vpc_idtext=The ID of the VPC.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_vpc