steampipe plugin install aws

Table: aws_vpc_nat_gateway - Query AWS VPC NAT Gateways using SQL

An AWS VPC NAT Gateway is a highly available, managed Network Address Translation (NAT) service for your resources in a private subnet to access the internet. It is designed to automatically scale up to the bandwidth you need, and you only pay for the amount of traffic processed. The NAT gateway handles all traffic leaving your VPC and routes it to the internet.

Table Usage Guide

The aws_vpc_nat_gateway table in Steampipe provides you with information about each NAT Gateway within Amazon Virtual Private Cloud (VPC). This table allows you, as a DevOps engineer, to query NAT Gateway-specific details, including its current state, the subnet it is associated with, and any associated Elastic IP addresses. You can utilize this table to verify the configuration and status of NAT Gateways, ensuring they are properly connected and functioning within your VPC. The schema outlines the various attributes of the NAT Gateway for you, including the NAT Gateway ID, creation time, state, subnet ID, and associated IP addresses.

Examples

IP address details of the NAT gateway

Determine the private and public IP addresses associated with your NAT gateway to manage network traffic and enhance security. This can also help in identifying the network interface and allocation IDs for better resource management.

select
nat_gateway_id,
address ->> 'PrivateIp' as private_ip,
address ->> 'PublicIp' as public_ip,
address ->> 'NetworkInterfaceId' as nic_id,
address ->> 'AllocationId' as allocation_id
from
aws_vpc_nat_gateway
cross join jsonb_array_elements(nat_gateway_addresses) as address;
select
nat_gateway_id,
json_extract(address.value, '$.PrivateIp') as private_ip,
json_extract(address.value, '$.PublicIp') as public_ip,
json_extract(address.value, '$.NetworkInterfaceId') as nic_id,
json_extract(address.value, '$.AllocationId') as allocation_id
from
aws_vpc_nat_gateway,
json_each(nat_gateway_addresses) as address;

VPC details associated with the NAT gateway

Explore the relationship between your NAT gateway and associated VPC details to understand the network architecture better. This can be particularly useful in managing and optimizing your cloud resources.

select
nat_gateway_id,
vpc_id,
subnet_id
from
aws_vpc_nat_gateway;
select
nat_gateway_id,
vpc_id,
subnet_id
from
aws_vpc_nat_gateway;

List NAT gateways without application tags key

Discover the segments of your network that lack application tags on their NAT gateways. This can help ensure comprehensive tagging, improving network management and cost allocation.

select
nat_gateway_id,
tags
from
aws_vpc_nat_gateway
where
not tags :: JSONB ? 'application';
select
nat_gateway_id,
tags
from
aws_vpc_nat_gateway
where
json_extract(tags, '$.application') IS NULL;

Count of NAT gateways by VPC Id

Determine the number of Network Address Translation (NAT) gateways associated with each Virtual Private Cloud (VPC) to better manage and optimize your network resources.

select
vpc_id,
count(nat_gateway_id) as nat_gateway_id
from
aws_vpc_nat_gateway
group by
vpc_id;
select
vpc_id,
count(nat_gateway_id) as nat_gateway_id
from
aws_vpc_nat_gateway
group by
vpc_id;

Schema for aws_vpc_nat_gateway

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntextThe Amazon Resource Name (ARN) specifying the NAT gateway.
create_timetimestamp with time zoneThe date and time the NAT gateway was created.
delete_timetimestamp with time zoneThe date and time the NAT gateway was deleted, if applicable.
failure_codetextIf the NAT gateway could not be created, specifies the error code for the failure. (InsufficientFreeAddressesInSubnet | Gateway.NotAttached | InvalidAllocationID.NotFound | Resource.AlreadyAssociated | InternalError | InvalidSubnetID.NotFound).
failure_messagetextIf the NAT gateway could not be created, specifies the error message for the failure.
nat_gateway_addressesjsonbInformation about the IP addresses and network interface associated with the NAT gateway.
nat_gateway_idtext=The ID of the NAT gateway.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
provisioned_bandwidthjsonbReserved. If you need to sustain traffic greater than the documented limits (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html).
regiontextThe AWS Region in which the resource is located.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statetext=The current state of the NAT gateway (pending | failed | available | deleting | deleted).
subnet_idtext=The ID of the subnet in which the NAT gateway is located.
tagsjsonbA map of tags for the resource.
tags_srcjsonbA list of tags that are attached to NAT gateway.
titletextTitle of the resource.
vpc_idtext=The ID of the VPC in which the NAT gateway is located.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_vpc_nat_gateway