v0.12.0: Templates for control outputs, two new formats →

Steampipe Mods

A Steampipe mod is a portable, versioned collection of related Steampipe resources such as queries, controls, and benchmarks. Steampipe mods and mod resources are defined in HCL, and distributed as simple text files. Modules can be found on the Steampipe Hub, and may be shared with others from any public git repository.

Mods provide an easy way to share Steampipe queries, controls, and benchmarks.

You can install a mod by cloning the repository:

git clone https://github.com/turbot/steampipe-mod-aws-compliance.git

Unlike plugins which are installed to the ~/.steampipe directory, mods are installed into (and loaded from) the current working directory. Alternatively, you may specify a path with the --workspace--chdir argument:

steampipe query --workspace-chdir steampipe-mod-aws-compliance

Notice that when running steampipe query from the workspace directory, the mod's queries and controls appear in the auto-complete, and you can run them by name:

> query.s3_bucket_versioning_enabled
+--------------------------------------------------------------+--------+---------------------------------------------------------------------+----------------+--------------+
| resource | status | reason | region | account_id |
+--------------------------------------------------------------+--------+---------------------------------------------------------------------+----------------+--------------+
| arn:aws:s3:::vandelay-industries-georges-bucket01 | ok | vandelay-industries-georges-bucket01 versioning enabled. | us-east-1 | 876515858155 |
| arn:aws:s3:::aws-cloudtrail-logs-876515858155-8592de2c | ok | aws-cloudtrail-logs-876515858155-8592de2c versioning enabled. | us-east-1 | 876515858155 |
| arn:aws:s3:::vandelay-industries-cosmos-bucket | ok | vandelay-industries-cosmos-bucket versioning enabled. | us-east-1 | 876515858155 |
| arn:aws:s3:::vanedaly-replicated-bucket-01 | ok | vanedaly-replicated-bucket-01 versioning enabled. | us-east-1 | 876515858155 |
| arn:aws:s3:::vandelay-industries-elaines-bucket | ok | vandelay-industries-elaines-bucket versioning enabled. | us-east-1 | 876515858155 |
| arn:aws:s3:::vandelay-industries-vandelay01 | ok | vandelay-industries-vandelay01 versioning enabled. | us-east-1 | 876515858155 |
| arn:aws:s3:::vandelay-industries-darins-bucket | ok | vandelay-industries-darins-bucket versioning enabled. | us-east-1 | 876515858155 |
+--------------------------------------------------------------+--------+---------------------------------------------------------------------+----------------+--------------+

You can also run steampipe check to run controls and benchmarks defined in the active workspace:

steampipe check all

When steampipe runs, it loads all the mods in the workspace and makes their queries, controls, and benchmarks available to steampipe query and steampipe check. In addition, steampipe creates a set of reflection tables that allow you to introspect the resources in the workspace. For example, you can list all the benchmarks in the workspace:

> select resource_name from steampipe_benchmark order by resource_name
+----------------------+
| resource_name |
+----------------------+
| cis_v130 |
| cis_v130_1 |
| cis_v130_2 |
| cis_v130_2_1 |
| cis_v130_2_2 |
| cis_v130_3 |
| cis_v130_4 |
| cis_v130_5 |
| pci_v321 |
| pci_v321_autoscaling |
| pci_v321_cloudtrail |
| pci_v321_kms |
+----------------------+

You can explore the available mods on the Steampipe Hub, and you can create your own with SQL and HCL!