What is Steampipe?
Steampipe is open source software for interrogating your cloud. Run SQL queries, compliance controls and full governance benchmarks from the comfort of your CLI.
Steampipe’s codified operations framework gives you the power to test your cloud resources against security, compliance and cost benchmarks, and to build your own custom control frameworks.
Our multi-threaded Golang CLI makes your custom SQL controls blazing fast with unlimited integration options via our embedded PostgreSQL database.
select region, instance_state as state, instance_type as typefrom aws_ec2_instance;
+-----------+---------+-----------+
| region | state | type |
+-----------+---------+-----------+
| eu-west-1 | running | t3.medium |
| eu-west-2 | running | m5a.large |
| us-east-1 | running | t3.large |
+-----------+---------+-----------+
tl;dr
→ Variables & Query Parameters in Mods.
→ Tags, Tags, Tags!
→ Syntax highlighting in the CLI.
→ 12 new plugins and mods.
→ Even more goodies in the full release notes.
Variables & Query Parameters in Mods
Variables allow values to be passed to mods at runtime, for customization of queries, controls and more. Variables can be set via the .spvar files, CLI options and environment variables.
Query parameters are a safe way (no SQL injection here!) to pass values to queries. They are typically combined with variables to support a range of queries based on user input.
Here is a simple variable definition for instance_state. It is a string with a default value of stopped:
Here is a query with a single parameter called state. Queries are compiled
into Postgres prepared statements so they use the positional argument syntax of
$1. Because state is the first param block, it will be automatically
mapped to $1. The default value for state uses the variable defined above.
We can run this query as normal (using default values):
Or pass in the instance_state parameter to modify the query:
This combination makes brings a huge amount of new flexibility to mods, check out the docs to learn about:
Tags, Tags, Tags!
We've published tagging control mods for AWS, Azure and GCP - leveraging the new variables so you can easily customize the checks to your local requirements.
Each mod has benchmarks for:
- Find untagged resources.
- Ensure mandatory tags are set (e.g. Owner).
- Find prohibited tags (e.g. Password).
- Detect when the tag limit is nearly reached.
Find untagged resources in your AWS account:
Using variables, tagging controls can be easily customized to your needs. For example, check for mandatory tags relevant to your environment:
Syntax highlighting
The Steampipe CLI now includes syntax highlighting, making queries even easier to read and edit:
New plugins and mods
Beyond the CLI, since our last release, we've added 6 new plugins:
- Azure Active Directory - query groups, service principals, users, etc
- GitLab - query projects, issues, branches, etc
- Google Directory - query users, domains, groups, etc
- Google Workspace - query calendar events, drive files, gmail messages, etc
- Linode - query instances, domains, users, etc
- Okta - query users, groups, applications, etc
We've also expanded our mods, including:
- Alibaba Cloud Thrifty mod
- AWS Tags mod
- Azure Tags mod
- DigitalOcean Thrifty mod
- GCP Labels mod
- Oracle Cloud Thrifty mod
Let’s get building!
Steampipe now delivers a full suite of tools to build, execute and share cloud configuration, compliance, and security frameworks using SQL, HCL and a little elbow grease! We would love your help to expand the open source documentation and control coverage for CIS, PCI, HIPAA, NIST… and the best way to get started is to join our new Slack workspace and raise your hand; we would love to talk to you!
For even more good stuff in v0.8.0, checkout the full release notes on GitHub.