New! Filter and export controls, plus lots of new mods and plugins. →

Managing Mods

A Steampipe mod is a portable, versioned collection of related Steampipe resources such as queries, controls, and benchmarks. Steampipe mods and mod resources are defined in HCL, and distributed as simple text files. Modules can be found on the Steampipe Hub, and may be shared with others from any public git repository.

Mods provide an easy way to share Steampipe queries, controls, and benchmarks.

You can install a mod by cloning the repository:

git clone git@github.com:turbot/steampipe-mod-aws-compliance.git

Mods are installed into a Steampipe workspace. A workspace is an OS filesystem directory treated as a single, autonomous, isolated Steampipe execution domain. When you run Steampipe, the active working directory becomes the active workspace. Alternatively, you may specify a path with the --workspace argument:

steampipe query --workspace steampipe-mod-aws-compliance

Notice that when running steampipe query from the workspace, the mod's queries and controls appear in the auto-complete, and you can run them by name:

> query.s3_bucket_versioning_enabled
+--------------------------------------------------------------+--------+---------------------------------------------------------------------+----------------+--------------+
| resource | status | reason | region | account_id |
+--------------------------------------------------------------+--------+---------------------------------------------------------------------+----------------+--------------+
| arn:aws:s3:::vandelay-industries-georges-bucket01 | ok | vandelay-industries-georges-bucket01 versioning enabled. | us-east-1 | 876515858155 |
| arn:aws:s3:::aws-cloudtrail-logs-876515858155-8592de2c | ok | aws-cloudtrail-logs-876515858155-8592de2c versioning enabled. | us-east-1 | 876515858155 |
| arn:aws:s3:::vandelay-industries-cosmos-bucket | ok | vandelay-industries-cosmos-bucket versioning enabled. | us-east-1 | 876515858155 |
| arn:aws:s3:::vanedaly-replicated-bucket-01 | ok | vanedaly-replicated-bucket-01 versioning enabled. | us-east-1 | 876515858155 |
| arn:aws:s3:::vandelay-industries-elaines-bucket | ok | vandelay-industries-elaines-bucket versioning enabled. | us-east-1 | 876515858155 |
| arn:aws:s3:::vandelay-industries-vandelay01 | ok | vandelay-industries-vandelay01 versioning enabled. | us-east-1 | 876515858155 |
| arn:aws:s3:::vandelay-industries-darins-bucket | ok | vandelay-industries-darins-bucket versioning enabled. | us-east-1 | 876515858155 |
+--------------------------------------------------------------+--------+---------------------------------------------------------------------+----------------+--------------+

You can also run steampipe check to run controls and benchmarks defined in the active workspace:

steampipe check all

When steampipe runs, it loads all the mods in the workspace and makes their queries, controls, and benchmarks available to steampipe query and steampipe check. In addition, steampipe creates a set of reflection tables that allow you to introspect the resources in the workspace. For example, you can list all the benchmarks in the workspace:

> select resource_name from steampipe_benchmark order by resource_name
+----------------------+
| resource_name |
+----------------------+
| cis_v130 |
| cis_v130_1 |
| cis_v130_2 |
| cis_v130_2_1 |
| cis_v130_2_2 |
| cis_v130_3 |
| cis_v130_4 |
| cis_v130_5 |
| pci_v321 |
| pci_v321_autoscaling |
| pci_v321_cloudtrail |
| pci_v321_kms |
+----------------------+

You can explore the available mods on the Steampipe Hub, and you can create your own with SQL and HCL!