steampipe plugin install aws

Table: aws_vpc_endpoint_service - Query AWS VPC Endpoint Services using SQL

The AWS VPC Endpoint Service is a feature that allows private connectivity between your VPC and the service of another AWS account, without requiring access over the internet or through a VPN connection. This service enables you to expose your application or service behind load balancers inside your VPC to other AWS accounts. It also supports private connectivity over AWS Direct Connect, providing a more reliable and consistent network experience than internet-based connections.

Table Usage Guide

The aws_vpc_endpoint_service table in Steampipe provides you with information about AWS VPC Endpoint Services. This table allows you, as a DevOps engineer, to query service-specific details, including service type, service name, and whether or not the service is private. You can utilize this table to gather insights on services, such as identifying private services, understanding the types of services available, and more. The schema outlines the various attributes of the VPC Endpoint Service for you, including the service id, service name, service type, and whether or not the service is private.

Examples

Basic info

Explore the various services within your AWS VPC by identifying their names, IDs, and associated DNS details. This can be useful for understanding the structure and connectivity of your VPC, particularly when troubleshooting or optimizing network configurations.

select
service_name,
service_id,
base_endpoint_dns_names,
private_dns_name
from
aws_vpc_endpoint_service;
select
service_name,
service_id,
base_endpoint_dns_names,
private_dns_name
from
aws_vpc_endpoint_service;

Get availability zone count for each VPC endpoint service

Discover the number of availability zones associated with each VPC endpoint service. This is useful in understanding the distribution and availability of services across different zones.

select
service_name,
jsonb_array_length(availability_zones) as availability_zone_count
from
aws_vpc_endpoint_service;
select
service_name,
json_array_length(
json_extract(
availability_zones,
'

Get DNS information for each VPC endpoint service

Discover the segments that consist of DNS details for each VPC endpoint service. This could be useful in managing network traffic and ensuring secure and efficient communication within your AWS environment.

select
service_name,
service_id,
base_endpoint_dns_names,
private_dns_name
from
aws_vpc_endpoint_service;
select
service_name,
service_id,
base_endpoint_dns_names,
private_dns_name
from
aws_vpc_endpoint_service;

List VPC endpoint services with their corresponding service types

Explore which VPC endpoint services are linked with their corresponding types. This can be useful in managing and optimizing your AWS VPC environment by understanding the association between services and their types.

select
service_name,
service_id,
type ->> 'ServiceType' as service_type
from
aws_vpc_endpoint_service
cross join jsonb_array_elements(service_type) as type;
select
service_name,
service_id,
json_extract(type, '$.ServiceType') as service_type
from
aws_vpc_endpoint_service,
json_each(service_type) as type;

List VPC endpoint services which do not support endpoint policies

Discover the segments that are not supported by VPC endpoint policies. This is useful to identify potential vulnerabilities and ensure compliance with security standards.

select
service_name,
service_id,
vpc_endpoint_policy_supported
from
aws_vpc_endpoint_service
where
not vpc_endpoint_policy_supported;
select
service_name,
service_id,
vpc_endpoint_policy_supported
from
aws_vpc_endpoint_service
where
vpc_endpoint_policy_supported = 0;

List allowed principals for each VPC endpoint services

Determine the areas in which specific permissions are allowed for each VPC endpoint service within your AWS environment. This can be especially useful for understanding and managing access control and security configurations.

select
service_name,
service_id,
jsonb_pretty(vpc_endpoint_service_permissions) as allowed_principals
from
aws_vpc_endpoint_service;
select
service_name,
service_id,
vpc_endpoint_service_permissions as allowed_principals
from
aws_vpc_endpoint_service;

Get VPC endpoint connection info for each VPC endpoint service

Explore the connection details for each VPC endpoint service to gain insights into their network load balancer associations and status. This can help in assessing the health and configuration of your VPC endpoint services.

select
service_name,
service_id,
c ->> 'VpcEndpointId' as vpc_endpoint_id,
c ->> 'VpcEndpointOwner' as vpc_endpoint_owner,
c ->> 'VpcEndpointState' as vpc_endpoint_state,
jsonb_array_elements_text(c -> 'NetworkLoadBalancerArns') as network_loadBalancer_arns
from
aws_vpc_endpoint_service,
jsonb_array_elements(vpc_endpoint_connections) as c
select
service_name,
service_id,
json_extract(c.value, '$.VpcEndpointId') as vpc_endpoint_id,
json_extract(c.value, '$.VpcEndpointOwner') as vpc_endpoint_owner,
json_extract(c.value, '$.VpcEndpointState') as vpc_endpoint_state,
json_each.value as network_loadBalancer_arns
from
aws_vpc_endpoint_service,
json_each(vpc_endpoint_connections) as c,
json_each(
json_extract(c.value, '$.NetworkLoadBalancerArns')
)

Schema for aws_vpc_endpoint_service

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
acceptance_requiredbooleanIndicates whether VPC endpoint connection requests to the service must be accepted by the service owner.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
availability_zonesjsonbThe Availability Zones in which the service is available.
base_endpoint_dns_namesjsonbThe DNS names for the service.
manages_vpc_endpointsbooleanIndicates whether the service manages its VPC endpoints. Management of the service VPC endpoints using the VPC endpoint API is restricted.
ownertextThe AWS account ID of the service owner.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
private_dns_nametextThe private DNS name for the service.
private_dns_name_verification_statetextThe verification state of the VPC endpoint service. Consumers of the endpoint service cannot use the private name when the state is not verified.
regiontextThe AWS Region in which the resource is located.
service_idtextThe ID of the endpoint service.
service_nametext=The Amazon Resource Name (ARN) of the service.
service_typejsonbThe type of service.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
tagsjsonbA map of tags for the resource.
tags_srcjsonbA list of tags assigned to the service.
titletextTitle of the resource.
vpc_endpoint_connectionsjsonbInformation about one or more VPC endpoint connections.
vpc_endpoint_policy_supportedbooleanIndicates whether the service supports endpoint policies.
vpc_endpoint_service_permissionsjsonbInformation about one or more allowed principals.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_vpc_endpoint_service