steampipe plugin install aws

Table: aws_vpc_flow_log - Query AWS VPC Flow Logs using SQL

The AWS VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your Virtual Private Cloud (VPC). This service helps you to monitor and troubleshoot connectivity issues, and it also allows you to track how your network is being used. By using VPC Flow Logs, you can achieve operational and security insights to meet compliance and auditing requirements.

Table Usage Guide

The aws_vpc_flow_log table in Steampipe provides you with information about AWS VPC Flow Logs within Amazon Virtual Private Cloud (VPC). This table lets you, as a network administrator or security analyst, query flow log-specific details, including source and destination IP addresses, traffic volume, and associated metadata. You can utilize this table to gather insights on network traffic, such as identifying patterns of data transfer, monitoring network performance, diagnosing overly restrictive security group rules, and more. The schema outlines the various attributes of the VPC Flow Log for you, including the log status, creation time, log destination, and associated tags.

Examples

List flow logs with their corresponding VPC Ids, subnet Ids, or network interface Ids

Explore which flow logs are associated with specific Virtual Private Clouds, subnets, or network interfaces. This can assist in identifying potential network issues or analyzing traffic patterns within your AWS environment.

select
flow_log_id,
resource_id
from
aws_vpc_flow_log;
select
flow_log_id,
resource_id
from
aws_vpc_flow_log;

List of flow logs whose logs delivery has failed

Identify instances where the delivery of flow logs has failed in AWS Virtual Private Cloud (VPC). This can aid in diagnosing and rectifying issues related to log delivery, thereby ensuring seamless logging and monitoring.

select
flow_log_id,
resource_id,
deliver_logs_error_message,
deliver_logs_status
from
aws_vpc_flow_log
where
deliver_logs_status = 'FAILED';
select
flow_log_id,
resource_id,
deliver_logs_error_message,
deliver_logs_status
from
aws_vpc_flow_log
where
deliver_logs_status = 'FAILED';

Log group or destination bucket information to which the flow log is published

Identify the destination type and location where your Virtual Private Cloud (VPC) flow logs are being published. This is useful for managing and auditing your AWS network traffic logs.

select
flow_log_id,
log_destination_type,
log_destination,
log_group_name,
bucket_name
from
aws_vpc_flow_log;
select
flow_log_id,
log_destination_type,
log_destination,
log_group_name,
bucket_name
from
aws_vpc_flow_log;

Type of traffic captured by each flow log

Explore the types of network traffic monitored by each flow log to gain insights into your network's communication patterns and improve your security posture. This can be particularly useful in identifying potential security threats or troubleshooting network issues.

select
flow_log_id,
traffic_type
from
aws_vpc_flow_log;
select
flow_log_id,
traffic_type
from
aws_vpc_flow_log;

Schema for aws_vpc_flow_log

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
account_idtextThe AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
bucket_nametextThe name of the destination bucket to which the flow log data is published.
creation_timetimestamp with time zoneThe date and time the flow log was created.
deliver_logs_error_messagetextInformation about the error that occurred.
deliver_logs_permission_arntextThe ARN of the IAM role that posts logs to CloudWatch Logs.
deliver_logs_statustext=The status of the logs delivery (SUCCESS | FAILED).
flow_log_idtext=The ID of the flow log.
flow_log_statustextThe status of the flow log (ACTIVE).
log_destinationtextSpecifies the destination to which the flow log data is published.
log_destination_typetext=Specifies the type of destination to which the flow log data is published.
log_formattextThe format of the flow log record.
log_group_nametext=The name of the flow log group.
max_aggregation_intervalbigintThe maximum interval of time, in seconds, during which a flow of packets is captured and aggregated into a flow log record.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
resource_idtext=The ID of the VPC, subnet, or network interface.
tagsjsonbA map of tags for the resource.
tags_srcjsonbA list of tags assigned to the VPC flowlog.
titletextTitle of the resource.
traffic_typetext=The type of traffic. Valid values are: 'ACCEPT', 'REJECT', 'ALL'.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_vpc_flow_log