Table: fastly_token - Query Fastly API Tokens using SQL
Fastly API Tokens are a resource within the Fastly API service. They are used to authenticate and authorize requests made to the Fastly API. Each token is associated with specific user and service IDs, and has a defined access level that determines what actions can be performed using the token.
Table Usage Guide
The fastly_token table provides insights into API tokens within Fastly's API service. As a DevOps engineer, explore token-specific details through this table, including the associated user and service IDs, and the access level of each token. Utilize it to manage and monitor the use of API tokens, ensuring that each token has the appropriate access level for its intended use.
Examples
Basic info
Discover the segments that have been created, their expiration date, their last used date and associated user details within Fastly, to better manage and monitor access. This could be particularly useful for enhancing security and ensuring optimal utilization of resources.
select id, name, created_at, expires_at, ip, last_used_at, user_idfrom fastly_token;select id, name, created_at, expires_at, ip, last_used_at, user_idfrom fastly_token;List Tokens created in the last 30 days
Explore which tokens have been created in the past 30 days. This can be useful for auditing purposes, allowing you to keep track of newly generated tokens and their associated user activity.
select id, name, created_at, expires_at, ip, last_used_at, user_idfrom fastly_tokenwhere created_at >= now() - interval '30 days';select id, name, created_at, expires_at, ip, last_used_at, user_idfrom fastly_tokenwhere created_at >= datetime('now', '-30 days');List Tokens expiring in the next 30 days
Discover the tokens that are due to expire in the next 30 days. This can be useful for proactive management and renewal of these tokens to prevent any service disruptions.
select id, name, created_at, expires_at, ip, last_used_at, user_idfrom fastly_tokenwhere expires_at < current_timestamp + interval '30 days';select id, name, created_at, expires_at, ip, last_used_at, user_idfrom fastly_tokenwhere expires_at < datetime('now', '+30 days');List Tokens that will never expire
Identify all Fastly tokens that have been set to never expire. This can be useful for managing security risks and ensuring appropriate access control.
select id, name, created_at, expires_at, ip, last_used_at, user_idfrom fastly_tokenwhere expires_at is null;select id, name, created_at, expires_at, ip, last_used_at, user_idfrom fastly_tokenwhere expires_at is null;List Tokens that have never been used
Discover the segments that contain unused tokens, which can be instrumental in identifying potential security risks or optimizing resource allocation. This provides a way to assess your system's efficiency and security by pinpointing unused tokens.
select id, name, created_at, expires_at, ip, last_used_at, user_idfrom fastly_tokenwhere last_used_at is null;select id, name, created_at, expires_at, ip, last_used_at, user_idfrom fastly_tokenwhere last_used_at is null;List Tokens with access to a given service
Discover the tokens that have access to a specific service. This is useful for managing access control and ensuring only the appropriate tokens have access to certain services.
select id, name, scopes, servicesfrom fastly_tokenwhere jsonb_array_length(services) = 0 or services ? '1crAFFWV5PmZEzbiZ9FsJT';select id, name, scopes, servicesfrom fastly_tokenwhere json_array_length(services) = 0 or json_extract(services, '$.1crAFFWV5PmZEzbiZ9FsJT') is not null;List Tokens used from an IP outside the expected range
Discover the instances where tokens have been used from an IP address outside of an expected range. This is beneficial in identifying potential security breaches or unauthorized access.
select id, name, last_used_at, ip, user_idfrom fastly_tokenwhere not (ip << '123.0.0.0/8');Error: SQLite does not support CIDR operations.List Tokens with full access
Explore which tokens have full access across your network. This can be used to monitor and manage security by identifying potentially risky permissions.
select name, created_at, expires_at, ip, last_used_at, user_idfrom fastly_tokenwhere scopes ? 'global';Error: SQLite does not support '?' operator for JSON data.Schema for fastly_token
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| created_at | timestamp with time zone | Time-stamp (UTC) of when the token was created. | |
| expires_at | timestamp with time zone | Time-stamp (UTC) of when the token will expire (optional). | |
| id | text | Alphanumeric string identifying a token. | |
| ip | inet | IP Address of the client that last used the token. | |
| last_used_at | timestamp with time zone | Time-stamp (UTC) of when the token was last used. | |
| name | text | Name of the token. | |
| scopes | jsonb | List of authorization scopes. | |
| service_id | text | =, !=, ~~, ~~*, !~~, !~~* | Alphanumeric string identifying the service. |
| services | jsonb | List of alphanumeric strings identifying services (optional). If no services are specified, the token will have access to all services on the account. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| title | text | Title of the resource. | |
| user_id | text | Alphanumeric string identifying the user. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- fastlyYou can pass the configuration to the command with the --config argument:
steampipe_export_fastly --config '<your_config>' fastly_token