steampipe plugin install aws

Table: aws_vpc_egress_only_internet_gateway - Query AWS VPC Egress Only Internet Gateways using SQL

The AWS VPC Egress Only Internet Gateway is a resource that provides egress only access for IPv6 traffic from a Virtual Private Cloud (VPC) to the internet. It prevents inbound traffic from the internet, enhancing the security of your VPC. This feature is particularly useful when you want to allow outbound communication to the internet from your instances, but not allow any inbound traffic.

Table Usage Guide

The aws_vpc_egress_only_internet_gateway table in Steampipe provides you with information about Egress Only Internet Gateways within Amazon Virtual Private Cloud (VPC). This table allows you, as a DevOps engineer, to query gateway-specific details, including the gateway's attachments, creation time, and associated tags. You can utilize this table to gather insights on gateways, such as the gateways associated with a specific VPC, the state of the gateway's attachments, and more. The schema outlines the various attributes of the Egress Only Internet Gateway for you, including the gateway ID, VPC ID, and attachment state.

Examples

Egress only internet gateway basic info

Determine the status and associated Virtual Private Cloud (VPC) of your egress-only internet gateways across different regions. This is beneficial for managing network traffic and ensuring the secure flow of your outbound communication.

select
id,
att ->> 'State' as state,
att ->> 'VpcId' as vpc_id,
tags,
region
from
aws_vpc_egress_only_internet_gateway
cross join jsonb_array_elements(attachments) as att;
select
id,
json_extract(att.value, '$.State') as state,
json_extract(att.value, '$.VpcId') as vpc_id,
tags,
region
from
aws_vpc_egress_only_internet_gateway,
json_each(attachments) as att;

List unattached egress only gateways

Determine the areas in which egress-only internet gateways in your AWS VPC are unattached. This helps in identifying unused resources and potential cost savings.

select
id,
attachments
from
aws_vpc_egress_only_internet_gateway
where
attachments is null;
select
id,
attachments
from
aws_vpc_egress_only_internet_gateway
where
attachments is null;

List all the egress only gateways attached to default VPC

Determine the instances where egress-only internet gateways are connected to the default Virtual Private Cloud (VPC). This is useful for understanding the security configuration of your network and identifying potential areas of vulnerability.

select
vig.id,
vpc.is_default
from
aws_vpc_egress_only_internet_gateway as vig
cross join jsonb_array_elements(attachments) as i
join aws_vpc vpc on i ->> 'VpcId' = vpc.vpc_id
where
vpc.is_default = true;
select
vig.id,
vpc.is_default
from
aws_vpc_egress_only_internet_gateway as vig,
json_each(attachments) as i
join aws_vpc vpc on json_extract(i.value, '$.VpcId') = vpc.vpc_id
where
vpc.is_default = 1;

Query examples

Schema for aws_vpc_egress_only_internet_gateway

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
attachmentsjsonbInformation about the attachment of the egress-only internet gateway.
idtext=The ID of the egress-only internet gateway.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
tagsjsonbA map of tags for the resource.
tags_srcjsonbA list of tags that are attached to egress only internet gateway.
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_vpc_egress_only_internet_gateway