v0.10.0: Better concurrency and caching →
Announcement

v0.8.0: Mod Variables, Tags & Syntax Highlighting

Discover the great new features in Steampipe's open source v0.8.0 release!

Steampipe Team
7 min. read - September 9, 2021

What is Steampipe?

Steampipe is open source software for interrogating your cloud. Run SQL queries, compliance controls and full governance benchmarks from the comfort of your CLI.

Steampipe’s codified operations framework gives you the power to test your cloud resources against security, compliance and cost benchmarks, and to build your own custom control frameworks.

Our multi-threaded Golang CLI makes your custom SQL controls blazing fast with unlimited integration options via our embedded PostgreSQL database.

steampipe cli
>
select
region,
instance_state as state,
instance_type as type
from
aws_ec2_instance;

+-----------+---------+-----------+
| region    | state   | type      |
+-----------+---------+-----------+
| eu-west-1 | running | t3.medium |
| eu-west-2 | running | m5a.large |
| us-east-1 | running | t3.large  |
+-----------+---------+-----------+
        

tl;dr

Variables & Query Parameters in Mods.
Tags, Tags, Tags!
Syntax highlighting in the CLI.
12 new plugins and mods.
Even more goodies in the full release notes.


Variables & Query Parameters in Mods

Variables allow values to be passed to mods at run time, for customization of queries, controls and more. Variables can be set via the .spvar files, CLI options and environment variables.

Query parameters are a safe way (no SQL injection here!) to pass values to queries. They are typically combined with variables to support a range of queries based on user input.

Here is a simple variable definition for instance_state. It is a string with a default value of stopped:

variable "instance_state" {
type = string
default = "stopped"
}

Here is a query with a single parameter called state. Queries are compiled into Postgres prepared statements so they use the positional argument syntax of $1. Because state is the first param block, it will be automatically mapped to $1. The default value for state uses the variable defined above.

query "instances_in_state" {
sql = "select instance_id, instance_state from aws_ec2_instance where instance_state = $1;"
param "state" {
default = var.instance_state
}
}

We can run this query as normal (using default values):

$ steampipe query query.instances_in_state
+-------------+----------------+
| instance_id | instance_state |
+-------------+----------------+
| i-aaaa1111 | stopped |
+-------------+----------------+

Or pass in the instance_state parameter to modify the query:

$ steampipe query query.instances_in_state --var=instance_state="running"
+-------------+----------------+
| instance_id | instance_state |
+-------------+----------------+
| i-bbbb2222 | running |
+-------------+----------------+

This combination makes brings a huge amount of new flexibility to mods, check out the docs to learn about:

Tags, Tags, Tags!

We've published tagging control mods for AWS, Azure and GCP - leveraging the new variables so you can easily customize the checks to your local requirements.

Each mod has benchmarks for:

  • Find untagged resources.
  • Ensure mandatory tags are set (e.g. Owner).
  • Find prohibited tags (e.g. Password).
  • Detect when the tag limit is nearly reached.

Find untagged resources in your AWS account:

git clone https://github.com/turbot/steampipe-mod-aws-tags
cd steampipe-mod-aws-tags
steampipe check benchmark.untagged

Using variables, tagging controls can be easily customized to your needs. For example, check for mandatory tags relevant to your environment:

steampipe check benchmark.mandatory --var 'mandatory_tags=["Application", "Environment", "Department", "Owner"]'

Syntax highlighting

The Steampipe CLI now includes syntax highlighting, making queries even easier to read and edit:

New plugins and mods

Beyond the CLI, since our last release, we've added 6 new plugins:

We've also expanded our mods, including:

Let’s get building!

Steampipe now delivers a full suite of tools to build, execute and share cloud configuration, compliance, and security frameworks using SQL, HCL and a little elbow grease! We would love your help to expand the open source documentation and control coverage for CIS, PCI, HIPAA, NIST… and the best way to get started is to join our new Slack workspace and raise your hand; we would love to talk to you!

For even more good stuff in v0.8.0, checkout the full release notes on GitHub.