Table: aws_vpc - Query AWS VPC using SQL
The AWS Virtual Private Cloud (VPC) allows you to launch AWS resources in a virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS. It provides advanced security features, such as security groups and network access control lists, to enable inbound and outbound filtering at the instance and subnet level.
Table Usage Guide
The aws_vpc
table in Steampipe provides you with information about Virtual Private Clouds (VPCs) within Amazon Web Services (AWS). This table allows you, as a network administrator or DevOps engineer, to query VPC-specific details, including its ID, state, CIDR block, and whether it is the default VPC. You can utilize this table to gather insights on VPCs, such as their networking configuration, security settings, and associated resources. The schema outlines the various attributes of the VPC for you, including the VPC ID, state, CIDR block, default VPC status, and associated tags.
Examples
Find default VPCs
Explore which Virtual Private Clouds (VPCs) are set as default within your AWS account. This is beneficial to understand your network configuration and to identify any potential security issues related to default settings.
select vpc_id, is_default, cidr_block, state, account_id, regionfrom aws_vpcwhere is_default;
select vpc_id, is_default, cidr_block, state, account_id, regionfrom aws_vpcwhere is_default = 1;
Show CIDR details
Explore the details of your virtual private cloud (VPC) to gain insights into its network characteristics such as host addresses, broadcast addresses, and network masks. This can be useful in understanding the structure and scope of your VPC's network for better resource allocation and network planning.
select vpc_id, cidr_block, host(cidr_block), broadcast(cidr_block), netmask(cidr_block), network(cidr_block)from aws_vpc;
Error: SQLite does not support CIDR operations.
List VPCs with public CIDR blocks
Explore VPCs that are configured with public IP ranges instead of the recommended private ranges. This query can be used to identify potential security risks in your AWS environment.
select vpc_id, cidr_block, state, regionfrom aws_vpcwhere not cidr_block << = '10.0.0.0/8' and not cidr_block << = '192.168.0.0/16' and not cidr_block << = '172.16.0.0/12';
Error: SQLite does not support CIDR operations
Schema for aws_vpc
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
arn | text | The Amazon Resource Name (ARN) specifying the vpc. | |
cidr_block | cidr | = | The primary IPv4 CIDR block for the VPC. |
cidr_block_association_set | jsonb | Information about the IPv4 CIDR blocks associated with the VPC. | |
dhcp_options_id | text | = | Contains the ID of the set of DHCP options, associated with the VPC. |
instance_tenancy | text | The allowed tenancy of instances launched into the VPC. | |
ipv6_cidr_block_association_set | jsonb | Information about the IPv6 CIDR blocks associated with the VPC. | |
is_default | boolean | =, != | Indicates whether the VPC is the default VPC. |
owner_id | text | = | Contains ID of the AWS account that owns the VPC. |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
region | text | The AWS Region in which the resource is located. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
state | text | = | Contains the current state of the VPC. |
tags | jsonb | A map of tags for the resource. | |
tags_src | jsonb | A list of tags that are attached with the VPC. | |
title | text | Title of the resource. | |
vpc_id | text | = | The ID of the VPC. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_vpc