Table: aws_wellarchitected_workload - Query AWS Well-Architected Tool Workloads using SQL
The AWS Well-Architected Tool is a service that helps you review the state of your workloads and compares them to the latest AWS architectural best practices. The tool measures your workloads across five pillars of a well-architected framework: operational excellence, security, reliability, performance efficiency, and cost optimization. It provides a consistent approach for customers and partners to evaluate architectures, and implement designs that can scale over time.
Table Usage Guide
The aws_wellarchitected_workload
table in Steampipe provides you with information about workloads within AWS Well-Architected Tool. This table allows you, as a DevOps engineer, to query workload-specific details, including workload name, ARN, risk count, and improvement status. You can utilize this table to gather insights on workloads, such as identifying workloads with high risk counts, tracking improvement status, and more. The schema outlines the various attributes of the workload for you, including the workload ARN, creation date, risk count, improvement status, and associated tags.
Examples
Basic info
select workload_name, workload_id, environment, industry, ownerfrom aws_wellarchitected_workload;
select workload_name, workload_id, environment, industry, ownerfrom aws_wellarchitected_workload;
List production workloads
select workload_name, workload_id, environmentfrom aws_wellarchitected_workloadwhere environment = 'PRODUCTION';
select workload_name, workload_id, environmentfrom aws_wellarchitected_workloadwhere environment = 'PRODUCTION';
Get high risk issue counts for each workload
select workload_name, workload_id, risk_counts -> 'HIGH' as high_risk_countsfrom aws_wellarchitected_workload;
select workload_name, workload_id, json_extract(risk_counts, '$.HIGH') as high_risk_countsfrom aws_wellarchitected_workload;
List workloads that do not require a review owner
select workload_name, workload_id, is_review_owner_update_acknowledgedfrom aws_wellarchitected_workloadwhere not is_review_owner_update_acknowledged;
select workload_name, workload_id, is_review_owner_update_acknowledgedfrom aws_wellarchitected_workloadwhere is_review_owner_update_acknowledged is not 1;
Schema for aws_wellarchitected_workload
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
account_ids | jsonb | The list of AWS account IDs associated with the workload. | |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
architectural_design | text | The URL of the architectural design for the workload. | |
aws_regions | jsonb | The list of AWS Regions associated with the workload, for example, us-east-2, or ca-central-1. | |
description | text | The description for the workload. | |
environment | text | The environment for the workload. | |
improvement_status | text | The improvement status for a workload. | |
industry | text | The industry for the workload. | |
industry_type | text | The industry type for the workload. | |
is_review_owner_update_acknowledged | boolean | Flag indicating whether the workload owner has acknowledged that the review owner field is required. | |
lenses | jsonb | The list of lenses associated with the workload. Each lens is identified by its LensSummary$LensAlias. | |
non_aws_regions | jsonb | The list of non-AWS Regions associated with the workload. | |
notes | text | The notes associated with the workload. | |
owner | text | An AWS account ID. | |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
pillar_priorities | jsonb | The priorities of the pillars, which are used to order items in the improvement plan. | |
region | text | The AWS Region in which the resource is located. | |
review_owner | text | The review owner of the workload. | |
review_restriction_date | timestamp with time zone | The date and time recorded. | |
risk_counts | jsonb | A map from risk names to the count of how questions have that rating. | |
share_invitation_id | text | The ID assigned to the share invitation. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
tags | jsonb | A map of tags for the resource. | |
title | text | Title of the resource. | |
updated_at | timestamp with time zone | The date and time recorded. | |
workload_arn | text | The ARN for the workload. | |
workload_id | text | = | The ID assigned to the workload. |
workload_name | text | = | The name of the workload. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_wellarchitected_workload