Table: aws_rds_db_snapshots

This table shows data for Amazon Relational Database Service (RDS) DB Snapshots.

https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DBSnapshot.html (opens in a new tab)

The primary key for this table is arn.

Columns

NameType
_cq_iduuid
_cq_parent_iduuid
account_idutf8
regionutf8
arn (PK)utf8
tagsjson
attributesjson
allocated_storageint64
availability_zoneutf8
db_instance_identifierutf8
db_snapshot_arnutf8
db_snapshot_identifierutf8
db_system_idutf8
dbi_resource_idutf8
encryptedbool
engineutf8
engine_versionutf8
iam_database_authentication_enabledbool
instance_create_timetimestamp[us, tz=UTC]
iopsint64
kms_key_idutf8
license_modelutf8
master_usernameutf8
option_group_nameutf8
original_snapshot_create_timetimestamp[us, tz=UTC]
percent_progressint64
portint64
processor_featuresjson
snapshot_create_timetimestamp[us, tz=UTC]
snapshot_database_timetimestamp[us, tz=UTC]
snapshot_targetutf8
snapshot_typeutf8
source_db_snapshot_identifierutf8
source_regionutf8
statusutf8
storage_throughputint64
storage_typeutf8
tde_credential_arnutf8
timezoneutf8
vpc_idutf8

Example Queries

These SQL queries are sampled from CloudQuery policies and are compatible with PostgreSQL.

RDS cluster snapshots and database snapshots should be encrypted at rest

(
  SELECT
    'RDS cluster snapshots and database snapshots should be encrypted at rest'
      AS title,
    account_id,
    arn AS resource_id,
    CASE
    WHEN storage_encrypted IS NOT true THEN 'fail'
    ELSE 'pass'
    END
      AS status
  FROM
    aws_rds_cluster_snapshots
)
UNION
  (
    SELECT
      'RDS cluster snapshots and database snapshots should be encrypted at rest'
        AS title,
      account_id,
      arn AS resource_id,
      CASE WHEN encrypted IS NOT true THEN 'fail' ELSE 'pass' END AS status
    FROM
      aws_rds_db_snapshots
  );