Index ¦ Archives ¦ Atom

select * from cloud; with Steampipe

A SQL-like abstraction over all your cloudy things

I worked on Abridge in its current form for a while, then got busy with work / life, ran out of steam, and could see others making much quicker ground than I was. It'll probably be refreshed in some other form at some point in future.

Like I said, others were making quicker ground than I was. Turbot was one of those others, particularly with their Steampipe project.

This thing is cool! To get started:

  • Download the CLI from here.

  • Install the plugin/s you're interested in (there are quite a few). Here we're experimenting with GitHub, Terraform Cloud, and AWS so do steampipe plugin install github, steampipe plugin install tfe, and steampipe plugin install aws.

  • Edit the relevant ~/.steampipe/config/*.spc file/s, creating and adding the tokens for each service in question. (The templates for each file have commented guidance on what you need.)

That's it. Once you've got the plugins configured, you can just start the interactive CLI query tool by running steampipe query.

Start with a simple .inspect to see what plugins you have available:

~ $ steampipe query
Welcome to Steampipe v0.13.4
For more information, type .help
> .inspect
+------------+-----------------------------------------------+
| connection | plugin                                        |
+------------+-----------------------------------------------+
| aws        | hub.steampipe.io/plugins/turbot/aws@latest    |
| github     | hub.steampipe.io/plugins/turbot/github@latest |
| tfe        | hub.steampipe.io/plugins/turbot/tfe@latest    |
+------------+-----------------------------------------------+

Then a .tables to see what views you can query:

> .tables
 ==> aws
+--------------------------------------------------------------+------------------------------------+
| table                                                        | description                        |
+--------------------------------------------------------------+------------------------------------+
| aws_accessanalyzer_analyzer                                  | AWS Access Analyzer                |
| aws_account                                                  | AWS Account                        |
| aws_acm_certificate                                          | AWS ACM Certificate                |
| aws_api_gateway_api_key                                      | AWS API Gateway API Key            |
| aws_api_gateway_authorizer                                   | AWS API Gateway Authorizer         |
[snip]

The autocomplete within the CLI is helpful, and plugins are also generally well documented. For example, https://hub.steampipe.io/plugins/turbot/aws.

Want to see what Lambda runtimes you're using within your AWS account? Try this:

> select runtime, count(*) from aws_lambda_function group by runtime
+------------+-------+
| runtime    | count |
+------------+-------+
| nodejs12.x | 2     |
| python3.8  | 5     |
+------------+-------+

What about the count of EC2 instances across regions in your acccount? Try this:

> select region, count(*) from aws_ec2_instance group by region
+--------+-------+
| region | count |
+--------+-------+
+--------+-------+

(Haha, I guess I don't have any... serverless is the new hotness.)

Want to see what GitHub (docs) repositories you have access to, ordered by star count? That is:

> select full_name, stargazers_count from github_my_repository order by stargazers_count desc
+---------------------------------------------------+------------------+
| full_name                                         | stargazers_count |
+---------------------------------------------------+------------------+
| xntrik/hcltm                                      | 249              |
| chair6/madness                                    | 34               |
| chair6/varnish-wrapper                            | 24               |
| chair6/ecsroll                                    | 20               |
[snip]

Lastly, let's look at the Terraform Cloud (docs) workspaces I have access to ordered along with their creation date:

> select name, created_at from tfe_workspace
+---------+---------------------------+
| name    | created_at                |
+---------+---------------------------+
| testws2 | 2022-03-31T20:32:08-07:00 |
| testws1 | 2022-03-31T20:31:56-07:00 |
+---------+---------------------------+

That was all in the interactive CLI. You can also call pass a query in as an CLI argument, and ask for JSON output:

~ $ steampipe query "select name from aws_iam_role order by name" --output json
[
 {
  "name": "AWSServiceRoleForAPIGateway"
 },
 {
  "name": "AWSServiceRoleForAmazonGuardDuty"
 },
 {
  "name": "AWSServiceRoleForCloudFrontLogger"
 },
 [snip]

... which obviously you can then write to file and pass on to other tools as necessary.

This is just the basics, and only starting to scratch the surface. The Steampipe mods are collections of queries etc for different use cases, and dashboards are essentially flexible pre-packaged and customizable visualizations.

There's all sorts of security use cases for this , and it's all OSS at https://github.com/turbot/steampipe. I can definitely see this being useful in future...

© Jamie Finnigan; opinions my own and not my employers. Built using Pelican. Modified from theme by Giulio Fidente on github.