Learn Steampipe

Steampipe provides zero-ETL tools for fetching data directly from APIs and services. Steampipe is offered in several distributions:

  • The Steampipe CLI exposes APIs and services as a high-performance relational database, enabling you to write SQL-based queries to explore dynamic data. The Steampipe CLI is a turnkey solution that includes its own PostgreSQL database including plugin management.
  • Steampipe Postgres FDWs are native Postgres Foreign Data Wrappers that translate APIs to foreign tables. Unlike Steampipe CLI, which ships with its own Postgres server instance, the Steampipe Postgres FDWs can be installed in any supported Postgres database version.
  • Steampipe SQLite Extensions provide SQLite virtual tables that translate your queries into API calls, transparently fetching information from your API or service as you request it.
  • Steampipe Export CLIs provide a flexible mechanism for exporting information from cloud services and APIs. Each exporter is a stand-alone binary that allows you to extract data using Steampipe plugins without a database.
  • Turbot Pipes is the only intelligence, automation & security platform built specifically for DevOps. Pipes provides hosted Steampipe database instances, shared dashboards, snapshots, and more!

This tutorial uses the Steampipe CLI. Let's dive in...

Install the AWS plugin

This tutorial uses the AWS plugin. To get started, download and install Steampipe, and then install the plugin:

Steampipe will download and install additional components the first time you run steampipe query so it may take a few seconds to load initially.

Out of the box, Steampipe will use your default AWS credentials from your credential file and/or environment variables, so you'll need to make sure those are set up as well. If you can run aws ec2 describe-vpcs, you're good to go. (The AWS plugin provides additional examples to configure your credentials, and even configure steampipe to query multiple accounts and multiple regions.)

Explore

Steampipe provides commands that allow you to discover and explore the tables and data without leaving the query shell. (Of course, this information is all available in the hub if online docs are more your speed...)

Let's fire up Steampipe! Run steampipe query to open an interactive query session:

Now run the .tables meta-command to list the available tables:

As you can see, there are quite a few tables available in the AWS plugin!

It looks like there's an aws_iam_role table - let's run .inspect to see what's in that table:

Query

Now that we know what columns are available in the aws_iam_role table, let's run a simple query to list the roles:

Now let's ask a more interesting question. Let's find roles that have no boundary policy applied:

Like any database, we can join tables together as well. For instance, we can find all the roles that have AWS-managed policies attached:

What's Next?

We've merely scratched the surface of what you can do with Steampipe!