steampipe plugin install aws

Table: aws_vpc_route - Query AWS VPC Routes using SQL

The AWS VPC Route is a component of Amazon Virtual Private Cloud (VPC) that allows network traffic to be directed from a subnet route table to a specific network gateway or instance. It provides the ability to control the navigational path for outbound traffic. This is crucial for managing the accessibility of network interfaces and ensuring the secure transmission of data within your AWS environment.

Table Usage Guide

The aws_vpc_route table in Steampipe gives you information about each route in a route table within a VPC. This table allows you, as a DevOps engineer, to query route-specific details, including the destination CIDR block, the ID of the route table the route is in, and the type of target (e.g., internet gateway, virtual private gateway, etc.). You can utilize this table to gather insights on routes, such as verifying route configurations, checking route targets, and examining route propagation. The schema outlines the various attributes of the route for you, including the destination CIDR block, route table ID, and associated targets.

Examples

List of route tables whose routes are directed to the internet

Discover the segments of your network that are directly connected to the internet. This is useful for identifying potential security risks and ensuring that your network configuration aligns with your company's policies.

select
route_table_id,
gateway_id
from
aws_vpc_route
where
gateway_id ilike 'igw%'
and destination_cidr_block = '0.0.0.0/0';
select
route_table_id,
gateway_id
from
aws_vpc_route
where
gateway_id like 'igw%'
and destination_cidr_block = '0.0.0.0/0';

List of route tables whose route target is not available

Determine the areas in which certain route tables are in a 'blackhole' state, indicating that their route target is not available. This query can be useful in identifying potential network connectivity issues within your AWS Virtual Private Cloud (VPC).

select
route_table_id,
state
from
aws_vpc_route
where
state = 'blackhole';
select
route_table_id,
state
from
aws_vpc_route
where
state = 'blackhole';

Routing details for each route table

Explore the routing configurations for each route within your network to gain insights into their status and associated destinations. This can be helpful in assessing network traffic paths and identifying any potential bottlenecks or issues.

select
route_table_id,
state,
destination_cidr_block,
destination_ipv6_cidr_block,
carrier_gateway_id,
destination_prefix_list_id,
egress_only_internet_gateway_id,
gateway_id,
instance_id,
nat_gateway_id,
network_interface_id,
transit_gateway_id,
vpc_peering_connection_id
from
aws_vpc_route;
select
route_table_id,
state,
destination_cidr_block,
destination_ipv6_cidr_block,
carrier_gateway_id,
destination_prefix_list_id,
egress_only_internet_gateway_id,
gateway_id,
instance_id,
nat_gateway_id,
network_interface_id,
transit_gateway_id,
vpc_peering_connection_id
from
aws_vpc_route;

Schema for aws_vpc_route

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
account_idtextThe AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
carrier_gateway_idtextThe ID of the carrier gateway.
destination_cidr_blockcidrThe IPv4 CIDR block used for the destination match.
destination_ipv6_cidr_blockcidrThe IPv6 CIDR block used for the destination match.
destination_prefix_list_idtextThe prefix of the AWS service.
egress_only_internet_gateway_idtextThe ID of the egress-only internet gateway.
gateway_idtextThe ID of a gateway attached to your VPC.
instance_idtextThe ID of a NAT instance in your VPC.
instance_owner_idtextThe AWS account ID of the owner of the instance.
local_gateway_idtextThe ID of the local gateway.
nat_gateway_idtextThe ID of a NAT gateway.
network_interface_idtextThe ID of the network interface.
origintextDescribes how the route was created. CreateRouteTable - The route was automatically created when the route table was created. CreateRoute - The route was manually added to the route table. EnableVgwRoutePropagation - The route was propagated by route propagation.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
route_table_idtextThe ID of the route table containing the route.
statetextThe state of the route. The blackhole state indicates that the route's target isn't available (for example, the specified gateway isn't attached to the VPC, or the specified NAT instance has been terminated).
titletextTitle of the resource.
transit_gateway_idtextThe ID of a transit gateway.
vpc_peering_connection_idtextThe ID of a VPC peering connection.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_vpc_route