Mod Dependencies

Steampipe mods may depend on other mods, allowing you to quickly and easily extend them with additional features and functionality.

To add a dependency, run steampipe mod install from the root directory of your mod, specifying the path to the mod's Github repo:

cd my-mod
steampipe mod install github.com/turbot/steampipe-mod-aws-compliance

This will install the mod into the .steampipe sub-directory, and will add the dependency to the require block of your mod.sp file:

mod "local" {
title = "my-mod"
require {
mod "github.com/turbot/steampipe-mod-aws-compliance" {
version = "latest"
}
}
}

You can then create new .sp files in your mod that reference the resources in the dependency mods. You can create your own controls that use query resources from the dependency mod:

control "my_mod_public_ec2" {
title = "EC2 instances should not have a public IP address"
description = "This control checks whether EC2 instances have a public IPv4 address."
severity = "high"
sql = aws_compliance.query.ec2_instance_not_publicly_accessible.sql
}

Or create your own dashboards or benchmarks that reference resources from your own mod or any dependencies:

benchmark "my_mod_public_resources" {
title = "Public Resources"
description = "Resources that are public."
children = [
aws_compliance.control.dms_replication_instance_not_publicly_accessible,
aws_compliance.control.redshift_cluster_prohibit_public_access,
aws_compliance.control.s3_bucket_restrict_public_read_access,
aws_compliance.control.s3_bucket_restrict_public_write_access,
control.my_mod_public_ec2,
]
}

You can add, remove, and update your dependencies with the steampipe mod command.

You can run all the benchmarks in your mod:

steampipe check all

When in a mod folder, steampipe check all will only run benchmarks defined in the mod, however you can run the dependent controls and benchmarks by qualifying them with the mod name:

steampipe check aws_compliance.benchmark.cis_v140

Or you can run all benchmarks in a dependency mod by specifying only the mod name:

steampipe check aws_compliance

When running steampipe dashboard from a mod, all dashboards in your mod and its direct dependencies will be available to run.