v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →

Plugins

turbot/aws

steampipe plugin install awssteampipe plugin install aws

Table: aws_vpc_peering_connection - Query AWS VPC Peering Connections using SQL

The AWS VPC Peering Connection is a networking connection between two Virtual Private Clouds (VPCs) that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. It's a one-to-one relationship, and doesn't require a gateway, VPN connection, or separate network hardware. This connection can be made between your own VPCs, or with a VPC in another AWS account within a single region.

Table Usage Guide

The aws_vpc_peering_connection table in Steampipe provides you with information about VPC Peering Connections within Amazon Virtual Private Cloud (VPC). This table allows you, as a DevOps engineer, security team member, or system administrator, to query peering connection-specific details, including peering statuses, VPC IDs, region, and associated metadata. You can utilize this table to gather insights on peering connections, such as connection status, verification of peering options, and more. The schema outlines the various attributes of the VPC peering connection for you, including the peering connection ID, creation date, requester VPC info, accepter VPC info, and associated tags.

Examples

Basic Info

Determine the areas in which Virtual Private Cloud (VPC) peering connections are established between different AWS accounts and regions. This information can help you manage network access, improve security, and optimize resource allocation.

select
  id,
  accepter_owner_id,
  accepter_region,
  accepter_vpc_id,
  expiration_time,
  requester_owner_id,
  requester_region,
  requester_vpc_id
from
  aws_vpc_peering_connection;

select
  id,
  accepter_owner_id,
  accepter_region,
  accepter_vpc_id,
  expiration_time,
  requester_owner_id,
  requester_region,
  requester_vpc_id
from
  aws_vpc_peering_connection;

List VPC peering connections by approval status

Determine the areas in which Virtual Private Cloud (VPC) peering connections are still awaiting approval. This is particularly useful in managing network accessibility and ensuring secure and efficient data transfer between different VPCs.

select
  id,
  accepter_vpc_id,
  requester_vpc_id,
  status_code,
  status_message
from
  aws_vpc_peering_connection
where
  status_code = 'pending-acceptance';

select
  id,
  accepter_vpc_id,
  requester_vpc_id,
  status_code,
  status_message
from
  aws_vpc_peering_connection
where
  status_code = 'pending-acceptance';

List requester VPC connection details

Discover the segments that involve details of VPC connections requested in an AWS environment, enabling you to understand who is requesting connections, from which regions, and what their specific peering options are.

select
  id,
  requester_cidr_block,
  requester_owner_id,
  requester_region,
  requester_vpc_id,
  jsonb_pretty(requester_cidr_block_set) as requester_cidr_block_set,
  jsonb_pretty(requester_ipv6_cidr_block_set) as requester_ipv6_cidr_block_set,
  jsonb_pretty(requester_peering_options) as requester_peering_options
from
  aws_vpc_peering_connection;

select
  id,
  requester_cidr_block,
  requester_owner_id,
  requester_region,
  requester_vpc_id,
  requester_cidr_block_set,
  requester_ipv6_cidr_block_set,
  requester_peering_options
from
  aws_vpc_peering_connection;

List accepter VPC connection details

Explore the details of accepted VPC connections to understand their configurations, ownership, and regional distribution. This can aid in managing network access and ensuring secure data transfers within your AWS environment.

select
  id,
  accepter_cidr_block,
  accepter_owner_id,
  accepter_region,
  accepter_vpc_id,
  jsonb_pretty(accepter_cidr_block_set) as accepter_cidr_block_set,
  jsonb_pretty(accepter_ipv6_cidr_block_set) as accepter_ipv6_cidr_block_set,
  jsonb_pretty(accepter_peering_options) as accepter_peering_options
from
  aws_vpc_peering_connection;

select
  id,
  accepter_cidr_block,
  accepter_owner_id,
  accepter_region,
  accepter_vpc_id,
  accepter_cidr_block_set,
  accepter_ipv6_cidr_block_set,
  accepter_peering_options
from
  aws_vpc_peering_connection;

List VPC peering connections by specific VPC peering connection IDs

This query is useful to identify specific VPC peering connections by their IDs. It allows you to gain insights into the ownership, region, and associated VPC details of both the accepter and requester, which can be beneficial for network management and troubleshooting tasks.

select
  id,
  accepter_owner_id,
  accepter_region,
  accepter_vpc_id,
  expiration_time,
  requester_owner_id,
  requester_region,
  requester_vpc_id
from
  aws_vpc_peering_connection
where
  id in ('pcx-0a0403619dd2f3b24', 'pcx-048825e2c43ffd99e');

select
  id,
  accepter_owner_id,
  accepter_region,
  accepter_vpc_id,
  expiration_time,
  requester_owner_id,
  requester_region,
  requester_vpc_id
from
  aws_vpc_peering_connection
where
  id in ('pcx-0a0403619dd2f3b24', 'pcx-048825e2c43ffd99e');

List VPC peering connections with tag details

Discover the segments that have VPC peering connections along with their respective tags. This can be beneficial for gaining insights into the connections between different VPCs and their associated metadata, aiding in network management and security audits.

select
  id,
  jsonb_pretty(tags) as tags,
  jsonb_pretty(tags_src) as tags_src
from
  aws_vpc_peering_connection;

select
  id,
  tags,
  tags_src
from
  aws_vpc_peering_connection;

select
  id,
  tags ->> 'Name' as name
from
  aws_vpc_peering_connection;

select
  id,
  json_extract(tags, '$.Name') as name
from
  aws_vpc_peering_connection;

List VPC peering connections by specific tag's key

Explore which Virtual Private Cloud (VPC) peering connections have been specifically marked with the 'turbot:TurbotCreatedPeeringConnection' tag. This could be useful in understanding and managing connections that were automatically created by Turbot, a cloud governance platform.

select
  v.id,
  jsonb_pretty(tags) as tags
from
  aws_vpc_peering_connection as v,
  jsonb_each(tags)
where
  key = 'turbot:TurbotCreatedPeeringConnection';

select
  v.id,
  json_extract(t.value, '$') as tags
from
  aws_vpc_peering_connection as v,
  json_each(tags) as t
where
  json_extract(t.value, '$.key') = 'turbot:TurbotCreatedPeeringConnection';

List VPC peering connections by specific tag's key & value

Discover the segments that have specific peering connections within a virtual private cloud (VPC) network using specific tags. This is useful for managing and organizing your network connections based on their assigned tags.

select
  id,
  jsonb_pretty(tags) as tags
from
  aws_vpc_peering_connection
where
  tags @> '{"Name": "vpc-0639e12347e5b6bfb <=> vpc-8e1234f5"}';

Error: The corresponding SQLite query is unavailable.

Control examples

Schema for aws_vpc_peering_connection

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
accepter_cidr_block	cidr	=	The IPv4 CIDR block for the accepter VPC.
accepter_cidr_block_set	jsonb		Information about the IPv4 CIDR blocks for the accepter VPC.
accepter_ipv6_cidr_block_set	jsonb		The IPv6 CIDR block for the accepter VPC.
accepter_owner_id	text	=	The ID of the Amazon Web Services account that owns the accepter VPC.
accepter_peering_options	jsonb		Information about the VPC peering connection options for the accepter VPC.
accepter_region	text		The Region in which the accepter VPC is located.
accepter_vpc_id	text	=	The ID of the accepter VPC.
account_id	text	=, !=, ~~, ~~, !~~, !~~	The AWS Account ID in which the resource is located.
expiration_time	timestamp with time zone	=	The time that an unaccepted VPC peering connection will expire.
id	text	=	The ID of the VPC peering connection.
partition	text		The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
region	text		The AWS Region in which the resource is located.
requester_cidr_block	cidr	=	The IPv4 CIDR block for the requester VPC.
requester_cidr_block_set	jsonb		Information about the IPv4 CIDR blocks for the requester VPC.
requester_ipv6_cidr_block_set	jsonb		The IPv6 CIDR block for the requester VPC.
requester_owner_id	text	=	The ID of the Amazon Web Services account that owns the requester VPC.
requester_peering_options	jsonb		Information about the VPC peering connection options for the requester VPC.
requester_region	text		The Region in which the requester VPC is located.
requester_vpc_id	text	=	The ID of the requester VPC.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
status_code	text		The status of the VPC peering connection. Possible values include: 'pending-acceptance', 'failed', 'expired', 'provisioning', 'active', 'deleting', 'deleted' or 'rejected'.
status_message	text	=	A message that provides more information about the status, if applicable.
tags	jsonb		A map of tags for the resource.
tags_src	jsonb		The tags assigned to the resource.
title	text		Title of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_vpc_peering_connection