Table: aws_vpc_nat_gateway - Query AWS VPC NAT Gateways using SQL
An AWS VPC NAT Gateway is a highly available, managed Network Address Translation (NAT) service for your resources in a private subnet to access the internet. It is designed to automatically scale up to the bandwidth you need, and you only pay for the amount of traffic processed. The NAT gateway handles all traffic leaving your VPC and routes it to the internet.
Table Usage Guide
The aws_vpc_nat_gateway
table in Steampipe provides you with information about each NAT Gateway within Amazon Virtual Private Cloud (VPC). This table allows you, as a DevOps engineer, to query NAT Gateway-specific details, including its current state, the subnet it is associated with, and any associated Elastic IP addresses. You can utilize this table to verify the configuration and status of NAT Gateways, ensuring they are properly connected and functioning within your VPC. The schema outlines the various attributes of the NAT Gateway for you, including the NAT Gateway ID, creation time, state, subnet ID, and associated IP addresses.
Examples
IP address details of the NAT gateway
Determine the private and public IP addresses associated with your NAT gateway to manage network traffic and enhance security. This can also help in identifying the network interface and allocation IDs for better resource management.
select nat_gateway_id, address ->> 'PrivateIp' as private_ip, address ->> 'PublicIp' as public_ip, address ->> 'NetworkInterfaceId' as nic_id, address ->> 'AllocationId' as allocation_idfrom aws_vpc_nat_gateway cross join jsonb_array_elements(nat_gateway_addresses) as address;
select nat_gateway_id, json_extract(address.value, '$.PrivateIp') as private_ip, json_extract(address.value, '$.PublicIp') as public_ip, json_extract(address.value, '$.NetworkInterfaceId') as nic_id, json_extract(address.value, '$.AllocationId') as allocation_idfrom aws_vpc_nat_gateway, json_each(nat_gateway_addresses) as address;
VPC details associated with the NAT gateway
Explore the relationship between your NAT gateway and associated VPC details to understand the network architecture better. This can be particularly useful in managing and optimizing your cloud resources.
select nat_gateway_id, vpc_id, subnet_idfrom aws_vpc_nat_gateway;
select nat_gateway_id, vpc_id, subnet_idfrom aws_vpc_nat_gateway;
List NAT gateways without application tags key
Discover the segments of your network that lack application tags on their NAT gateways. This can help ensure comprehensive tagging, improving network management and cost allocation.
select nat_gateway_id, tagsfrom aws_vpc_nat_gatewaywhere not tags :: JSONB ? 'application';
select nat_gateway_id, tagsfrom aws_vpc_nat_gatewaywhere json_extract(tags, '$.application') IS NULL;
Count of NAT gateways by VPC Id
Determine the number of Network Address Translation (NAT) gateways associated with each Virtual Private Cloud (VPC) to better manage and optimize your network resources.
select vpc_id, count(nat_gateway_id) as nat_gateway_idfrom aws_vpc_nat_gatewaygroup by vpc_id;
select vpc_id, count(nat_gateway_id) as nat_gateway_idfrom aws_vpc_nat_gatewaygroup by vpc_id;
Schema for aws_vpc_nat_gateway
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
arn | text | The Amazon Resource Name (ARN) specifying the NAT gateway. | |
create_time | timestamp with time zone | The date and time the NAT gateway was created. | |
delete_time | timestamp with time zone | The date and time the NAT gateway was deleted, if applicable. | |
failure_code | text | If the NAT gateway could not be created, specifies the error code for the failure. (InsufficientFreeAddressesInSubnet | Gateway.NotAttached | InvalidAllocationID.NotFound | Resource.AlreadyAssociated | InternalError | InvalidSubnetID.NotFound). | |
failure_message | text | If the NAT gateway could not be created, specifies the error message for the failure. | |
nat_gateway_addresses | jsonb | Information about the IP addresses and network interface associated with the NAT gateway. | |
nat_gateway_id | text | = | The ID of the NAT gateway. |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
provisioned_bandwidth | jsonb | Reserved. If you need to sustain traffic greater than the documented limits (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html). | |
region | text | The AWS Region in which the resource is located. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
state | text | = | The current state of the NAT gateway (pending | failed | available | deleting | deleted). |
subnet_id | text | = | The ID of the subnet in which the NAT gateway is located. |
tags | jsonb | A map of tags for the resource. | |
tags_src | jsonb | A list of tags that are attached to NAT gateway. | |
title | text | Title of the resource. | |
vpc_id | text | = | The ID of the VPC in which the NAT gateway is located. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_vpc_nat_gateway