What is Steampipe?

Steampipe is open source software for interrogating your cloud. Run SQL queries, compliance controls and full governance benchmarks from the comfort of your CLI.

Steampipe’s codified operations framework gives you the power to test your cloud resources against security, compliance and cost benchmarks, and to build your own custom control frameworks.

Our multi-threaded Golang CLI makes your custom SQL controls blazing fast with unlimited integration options via our embedded PostgreSQL database.

{` select region, instance_state as state, instance_type as type from aws_ec2_instance; `} {` +-----------+---------+-----------+ | region | state | type | +-----------+---------+-----------+ | eu-west-1 | running | t3.medium | | eu-west-2 | running | m5a.large | | us-east-1 | running | t3.large | +-----------+---------+-----------+ `}

## tl;dr ** → ** **[Variables & Query Parameters](#variables--query-parameters-in-mods)** in Mods.
** → ** **[Tags, Tags, Tags!](#tags-tags-tags)**
** → ** **[Syntax highlighting](#syntax-highlighting)** in the CLI.
** → ** **[12 new plugins and mods](#new-plugins-and-mods)**.
** → ** Even more goodies in the [full release notes](https://github.com/turbot/steampipe/blob/main/CHANGELOG.md#v080-2021-09-09).
## Variables & Query Parameters in Mods **Variables** allow values to be passed to mods at runtime, for customization of queries, controls and more. Variables can be set via the `.spvar` files, CLI options and environment variables. **Query parameters** are a safe way (no SQL injection here!) to pass values to queries. They are typically combined with variables to support a range of queries based on user input. Here is a simple variable definition for `instance_state`. It is a string with a default value of `stopped`: ```hcl variable "instance_state" { type = string default = "stopped" } ``` Here is a query with a single parameter called `state`. Queries are compiled into Postgres prepared statements so they use the positional argument syntax of `$1`. Because `state` is the first `param` block, it will be automatically mapped to `$1`. The default value for `state` uses the variable defined above. ```hcl query "instances_in_state" { sql = "select instance_id, instance_state from aws_ec2_instance where instance_state = $1;" param "state" { default = var.instance_state } } ``` We can run this query as normal (using default values): ```shell $ steampipe query query.instances_in_state +-------------+----------------+ | instance_id | instance_state | +-------------+----------------+ | i-aaaa1111 | stopped | +-------------+----------------+ ``` Or pass in the `instance_state` parameter to modify the query: ```shell $ steampipe query query.instances_in_state --var=instance_state="running" +-------------+----------------+ | instance_id | instance_state | +-------------+----------------+ | i-bbbb2222 | running | +-------------+----------------+ ``` This combination makes brings a huge amount of new flexibility to mods, check out the docs to learn about: * [Using Variables](/docs/using-steampipe/mod-variables) * [Passing Parameters](/docs/using-steampipe/param-query) ## Tags, Tags, Tags! We've published [tagging control mods](https://hub.steampipe.io/mods?objectives=tags) for [AWS](https://hub.steampipe.io/mods/turbot/aws_tags), [Azure](https://hub.steampipe.io/mods/turbot/azure_tags) and [GCP](https://hub.steampipe.io/mods/turbot/gcp_labels) - leveraging the new variables so you can easily customize the checks to your local requirements. Each mod has benchmarks for: - Find **untagged** resources. - Ensure **mandatory tags** are set (e.g. Owner). - Find **prohibited** tags (e.g. Password). - Detect when the **tag limit** is nearly reached. Find untagged resources in your AWS account: ```shell git clone https://github.com/turbot/steampipe-mod-aws-tags cd steampipe-mod-aws-tags steampipe check benchmark.untagged ``` Using variables, tagging controls can be easily customized to your needs. For example, check for mandatory tags relevant to your environment: ```shell steampipe check benchmark.mandatory --var 'mandatory_tags=["Application", "Environment", "Department", "Owner"]' ``` ## Syntax highlighting The Steampipe CLI now includes syntax highlighting, making queries even easier to read and edit:

## New plugins and mods Beyond the CLI, since [our last release](/blog/release-0-7-0), we've added 6 new plugins: - [Azure Active Directory](https://hub.steampipe.io/plugins/turbot/azuread) - query groups, service principals, users, etc - [GitLab](https://hub.steampipe.io/plugins/theapsgroup/gitlab) - query projects, issues, branches, etc - [Google Directory](https://hub.steampipe.io/plugins/turbot/googledirectory) - query users, domains, groups, etc - [Google Workspace](https://hub.steampipe.io/plugins/turbot/googleworkspace) - query calendar events, drive files, gmail messages, etc - [Linode](https://hub.steampipe.io/plugins/turbot/linode) - query instances, domains, users, etc - [Okta](https://hub.steampipe.io/plugins/turbot/okta) - query users, groups, applications, etc We've also expanded our mods, including: - [Alibaba Cloud Thrifty mod](https://hub.steampipe.io/mods/turbot/alicloud_thrifty) - [AWS Tags mod](https://hub.steampipe.io/mods/turbot/aws_tags) - [Azure Tags mod](https://hub.steampipe.io/mods/turbot/azure_tags) - [DigitalOcean Thrifty mod](https://hub.steampipe.io/mods/turbot/digitalocean_thrifty) - [GCP Labels mod](https://hub.steampipe.io/mods/turbot/gcp_labels) - [Oracle Cloud Thrifty mod](https://hub.steampipe.io/mods/turbot/oci_thrifty) ## Let’s get building! Steampipe now delivers a full suite of tools to build, execute and share cloud configuration, compliance, and security frameworks using SQL, HCL and a little elbow grease! We would love your help to expand the open source documentation and control coverage for CIS, PCI, HIPAA, NIST… and the best way to get started is to [join our new Slack workspace](https://steampipe.io/community/join) and raise your hand; we would love to talk to you! For even more good stuff in v0.8.0, checkout the [full release notes on GitHub](https://github.com/turbot/steampipe/blob/main/CHANGELOG.md#v080-2021-09-09).

v0.8.0: Mod Variables, Tags & Syntax Highlighting